Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Aus Sicherheitsgründen wurde ihr windows....

Aus Sicherheitsgründen wurde ihr windows....


Plagegeister aller Art und deren Bekämpfung: Aus Sicherheitsgründen wurde ihr windows....

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.04.2012, 18:51   #1
netbookie
 
Aus Sicherheitsgründen wurde ihr windows.... - Standard

Aus Sicherheitsgründen wurde ihr windows....


Am Sonntag abend erschien plötzlich diese bekannte Meldung auf meinem Bildschirm. Ich habe daraufhin ein früheres Systemwiederherstellungsdatum hergestellt. Seitdem taucht der Bildschirm nicht mehr auf. Bin ich jetzt auf der sicheren Seite? In den Autostarteinträgen taucht eine PLFSetI.exe Datei auf, die einen unbekannten Hersteller hat. Ich habe ein Acer netbook aspire one. Vielen Dank für Eure Hilfe.

habe inzwischen Malwarebytes drüber laufen lassen. Beim Quickscan wurde pup.bundle offer gefunden, was ich gelöscht habe.
Würde mich über eine Rückmeldung freuen.

Alt 04.04.2012, 14:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Aus Sicherheitsgründen wurde ihr windows.... - Standard

Aus Sicherheitsgründen wurde ihr windows....


Ohne die Logs von Malwarebytes und Co wird das hier nichts.
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________

__________________
Alt 04.04.2012, 19:59   #3
netbookie
 
Aus Sicherheitsgründen wurde ihr windows.... - Standard

Aus Sicherheitsgründen wurde ihr windows....


Hallo Arne,
kannst Du mir das erklären, wie lade ich die logs hoch?
__________________
Alt 04.04.2012, 22:34   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Aus Sicherheitsgründen wurde ihr windows.... - Standard

Aus Sicherheitsgründen wurde ihr windows....


Hast du es mal mit Lesen meines Beitrages probiert? Nichts hochladen, hier kopieren und einfügen! Mit CODE-Tags!

Hochladen nur wenn zu groß! Dann vorher die Logs in eine Datei zippen und dann hier => File-Upload.net - Ihr kostenloser File Hoster! hoachladen und in deinem nächsten Beitrag verlinken
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.04.2012, 21:15   #5
netbookie
 
Aus Sicherheitsgründen wurde ihr windows.... - Standard

Aus Sicherheitsgründen wurde ihr windows....


hier steht das Log

Hallo, bin erst erst jetzt wieder mit dem computer ins netz. Hier ist das OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.04.2012 21:29:30 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\viaggio2\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,10 Mb Total Physical Memory | 551,52 Mb Available Physical Memory | 54,44% Memory free
1,99 Gb Paging File | 1,56 Gb Available in Paging File | 78,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,78 Gb Total Space | 131,57 Gb Free Space | 59,87% Space Free | Partition Type: NTFS
 
Computer Name: VIAGGIO | User Name: viaggio2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.03 21:29:10 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\viaggio2\Downloads\OTL.exe
PRC - [2011.11.22 18:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- c:\Programme\mcafee.com\agent\mcagent.exe
PRC - [2011.10.18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011.10.18 15:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\mcafee\SystemCore\mfefire.exe
PRC - [2011.04.09 00:58:57 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\mcafee\mcsvchost\McSvHost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.03 19:45:07 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.03 23:56:20 | 000,287,616 | ---- | M] (medatixx GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\medatixx\ixx.downloadservice\ixx.downloadservice.exe -- (ixx.downloadservice)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.09 16:18:42 | 000,036,736 | ---- | M] (medatixx GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\medatixx\ixx.servicecenter\ixx.updateservice.exe -- (ixx.updateservice)
SRV - [2011.10.18 17:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\virusscan\mcods.exe -- (McODS)
SRV - [2011.10.18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011.10.18 15:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011.10.18 15:28:18 | 000,166,288 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011.05.26 11:21:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.04.01 10:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.01.05 12:31:34 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.01.05 12:31:32 | 000,988,216 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.04.23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.04.17 07:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.04.08 06:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.03.26 10:40:52 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.11.17 16:37:16 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011.11.17 16:37:16 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Uim_Vim.sys -- (Uim_Vim)
DRV - [2011.11.17 16:37:16 | 000,045,240 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2011.10.15 14:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011.10.15 14:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011.10.15 14:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011.10.15 14:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011.10.15 14:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011.10.15 14:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.10.15 14:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011.10.15 14:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011.10.15 14:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.04.21 09:47:36 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.04.13 08:16:50 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010.03.02 08:23:36 | 000,082,384 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009.10.19 09:08:08 | 000,067,072 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SPR3322K.sys -- (SPR3322K)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.03 04:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009.06.03 04:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.06.03 04:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3121230782-1022693462-554458433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKU\S-1-5-21-3121230782-1022693462-554458433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail-Adresse kostenlos, FreeMail, Nachrichten & Services
IE - HKU\S-1-5-21-3121230782-1022693462-554458433-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3121230782-1022693462-554458433-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3121230782-1022693462-554458433-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3121230782-1022693462-554458433-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-3121230782-1022693462-554458433-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3121230782-1022693462-554458433-1000\..\SearchScopes\{C0D15828-0596-4E91-988A-7494F302E5F9}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-3121230782-1022693462-554458433-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Sichere Suche"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.04.02 02:29:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011.12.10 01:23:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.04.02 11:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.18 23:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.29 14:32:23 | 000,000,000 | ---D | M]
 
[2011.06.19 23:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\viaggio2\AppData\Roaming\mozilla\Extensions
[2011.11.09 16:51:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\viaggio2\AppData\Roaming\mozilla\Firefox\Profiles\xzjgf9jx.default\extensions
[2012.03.28 18:04:07 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\viaggio2\AppData\Roaming\mozilla\Firefox\Profiles\xzjgf9jx.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011.11.09 16:51:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\viaggio2\AppData\Roaming\mozilla\Firefox\Profiles\xzjgf9jx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.23 22:14:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.02 11:17:58 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012.03.18 23:47:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012.02.13 23:12:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 23:12:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.13 23:12:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 23:12:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.09 14:44:17 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.02.13 23:12:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 23:12:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\SystemCore\ScriptSn.20111227020605.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3121230782-1022693462-554458433-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3121230782-1022693462-554458433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\viaggio2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\viaggio2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{686C5576-7248-4C50-8CA7-E1D0220D751B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF858C33-D19F-4644-8266-C4F75DD54BAF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.03 21:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.04.03 21:23:11 | 000,000,000 | ---D | C] -- C:\Users\viaggio2\AppData\Roaming\Malwarebytes
[2012.04.03 21:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.03 21:23:04 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.03 21:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.29 14:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\medatixx
[2012.03.28 18:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012.03.27 14:05:03 | 000,000,000 | ---D | C] -- C:\Users\viaggio2\AppData\Roaming\HP
[2012.03.27 10:36:10 | 000,000,000 | ---D | C] -- C:\Users\viaggio2\Desktop\Praktikanten
[2012.03.26 19:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2012.03.26 19:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2012.03.26 19:36:23 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012.03.19 14:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.19 14:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.03.16 13:41:08 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.03.16 13:41:07 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.03.14 11:57:51 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.14 11:57:44 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.14 11:56:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.03.14 11:56:57 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.03.14 11:56:56 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.03.14 11:56:42 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[1 C:\Users\viaggio2\Documents\*.tmp files -> C:\Users\viaggio2\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.03 21:23:06 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.03 21:22:46 | 000,696,832 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.03 21:22:46 | 000,652,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.03 21:22:46 | 000,148,128 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.03 21:22:46 | 000,121,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.03 21:18:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.03 21:17:59 | 796,733,440 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.03 21:15:39 | 000,015,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 21:15:37 | 000,015,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 18:52:00 | 000,001,321 | ---- | M] () -- C:\Windows\WINACS.INI
[2012.04.02 02:42:09 | 000,009,484 | ---- | M] () -- C:\Users\viaggio2\Documents\cc_20120402_024149.reg
[2012.03.20 18:12:01 | 000,027,648 | ---- | M] () -- C:\Users\viaggio2\Desktop\Ich bin da - formatiert.wbk
[2012.03.18 23:13:55 | 001,360,783 | ---- | M] () -- C:\Users\viaggio2\Desktop\Praxisinfos201121x2172seiten.pdf
[2012.03.16 13:59:06 | 000,343,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.11 00:24:22 | 000,248,084 | ---- | M] () -- C:\Users\viaggio2\Desktop\merkblatt_jobsharing.pdf
[1 C:\Users\viaggio2\Documents\*.tmp files -> C:\Users\viaggio2\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.03 21:23:06 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.02 02:42:02 | 000,009,484 | ---- | C] () -- C:\Users\viaggio2\Documents\cc_20120402_024149.reg
[2012.03.20 15:34:45 | 000,027,648 | ---- | C] () -- C:\Users\viaggio2\Desktop\Ich bin da - formatiert.wbk
[2012.03.18 23:13:55 | 001,360,783 | ---- | C] () -- C:\Users\viaggio2\Desktop\Praxisinfos201121x2172seiten.pdf
[2012.03.11 00:24:22 | 000,248,084 | ---- | C] () -- C:\Users\viaggio2\Desktop\merkblatt_jobsharing.pdf
[2011.12.10 20:41:45 | 000,071,893 | ---- | C] () -- C:\Users\viaggio2\AppData\Roaming\Photo.jpg
[2011.09.30 16:04:54 | 000,000,126 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.09.28 16:01:59 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.08.21 20:58:03 | 000,000,099 | ---- | C] () -- C:\Windows\wiso.ini
[2011.07.13 11:51:19 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.07.13 11:51:18 | 000,000,229 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.07.13 11:46:14 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
[2011.06.22 15:46:31 | 000,000,466 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.06.22 15:38:30 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2011.06.22 15:28:33 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011.06.19 23:16:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.03 20:08:13 | 000,006,144 | ---- | C] () -- C:\Users\viaggio2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.13 09:58:12 | 002,785,280 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2011.05.12 12:53:30 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011.04.27 13:56:49 | 000,000,145 | ---- | C] () -- C:\Windows\System32\EBPPORT3.DAT
[2011.04.15 14:02:23 | 000,000,268 | ---- | C] () -- C:\Users\viaggio2\AppData\Roaming\LMCPaper.dat
[2011.04.15 12:27:02 | 000,003,932 | ---- | C] () -- C:\Users\viaggio2\AppData\Roaming\LMLayout.dat
[2011.04.15 12:14:53 | 000,000,150 | ---- | C] () -- C:\Windows\System32\LM_SUPPORT.INI
[2011.04.15 12:12:19 | 000,003,932 | ---- | C] () -- C:\Windows\System32\LMLayout.dat
[2011.04.15 12:12:17 | 000,004,256 | ---- | C] () -- C:\Windows\System32\LMStatus.ini
[2011.04.15 11:03:28 | 000,000,293 | ---- | C] () -- C:\Windows\{005E2D03-8002-4574-A0E7-A63D3F2A033C}_WiseFW.ini
[2011.04.11 19:09:18 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.04.11 00:28:57 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.04.11 00:28:55 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2011.04.11 00:28:46 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2011.04.09 12:06:03 | 000,001,321 | ---- | C] () -- C:\Windows\WINACS.INI
[2011.04.09 12:04:17 | 000,000,970 | ---- | C] () -- C:\Windows\IsyPoller.ini
[2011.04.09 12:04:17 | 000,000,214 | ---- | C] () -- C:\Windows\cardterm.ini
[2011.04.09 12:04:17 | 000,000,031 | ---- | C] () -- C:\Windows\HIGHEDIT.INI
[2011.04.09 11:56:39 | 000,004,681 | ---- | C] () -- C:\Windows\System32\FoxFix5.ini
[2011.04.09 11:56:31 | 000,225,792 | ---- | C] () -- C:\Windows\System32\IMGMAN30.DLL
[2011.04.09 11:56:29 | 000,066,560 | ---- | C] () -- C:\Windows\System32\HERTF32.DLL
[2011.04.09 11:56:29 | 000,039,936 | ---- | C] () -- C:\Windows\System32\HETOOL32.DLL
[2011.04.09 11:56:28 | 000,573,952 | ---- | C] () -- C:\Windows\System32\HEKRNL32.DLL
[2011.04.09 11:56:28 | 000,155,136 | ---- | C] () -- C:\Windows\System32\HEMENU32.DLL
[2011.04.09 11:56:27 | 000,187,392 | ---- | C] () -- C:\Windows\System32\HEICON32.DLL
[2011.04.09 11:56:27 | 000,069,120 | ---- | C] () -- C:\Windows\System32\HEDLG32.DLL
[2011.04.09 11:56:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2011.04.09 11:56:24 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2011.04.09 11:56:21 | 000,368,640 | ---- | C] () -- C:\Windows\System32\QtSql4.dll
[2011.04.09 11:56:20 | 001,261,568 | ---- | C] () -- C:\Windows\System32\QtCore4.dll
[2011.04.09 11:56:19 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2011.04.09 11:56:19 | 000,081,920 | ---- | C] () -- C:\Windows\System32\pdf_edit.dll
[2011.04.09 11:56:11 | 000,045,056 | ---- | C] ( ) -- C:\Windows\System32\ct_api_com.dll
[2011.04.08 01:21:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.19 11:06:02 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.03.19 11:04:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.06.05 20:50:45 | 000,696,832 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.06.05 20:50:45 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.06.05 20:50:45 | 000,148,128 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.06.05 20:50:45 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.06.05 11:14:09 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.06.05 11:14:09 | 000,000,302 | ---- | C] () -- C:\Windows\PidList.ini
[2010.06.05 11:14:08 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010.05.04 05:36:37 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.05.04 05:34:06 | 000,361,808 | ---- | C] () -- C:\Windows\EMCRI_E.dll
[2010.05.04 05:29:13 | 000,231,056 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2010.05.04 05:29:13 | 000,030,856 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2010.05.04 05:29:13 | 000,001,352 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010.05.04 05:29:13 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010.05.04 05:29:13 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2010.05.04 05:29:13 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010.05.04 05:29:13 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010.05.04 05:29:13 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0_old.dat
[2010.05.04 05:29:13 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2010.05.04 05:29:13 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
 
========== Files - Unicode (All) ==========
[2011.04.15 15:04:26 | 000,000,000 | ---- | M] ()(C:\Windows\System32\????????h???????) -- C:\Windows\System32\췍﷽﷽�����h偵亖ࠀર˯ᰐ˓
[2011.04.15 15:04:26 | 000,000,000 | ---- | C] ()(C:\Windows\System32\????????h???????) -- C:\Windows\System32\췍﷽﷽�����h偵亖ࠀર˯ᰐ˓
[2011.04.15 13:03:19 | 000,000,000 | ---- | M] ()(C:\Windows\System32\???????) -- C:\Windows\System32\췍﷽﷽����
[2011.04.15 13:03:19 | 000,000,000 | ---- | C] ()(C:\Windows\System32\???????) -- C:\Windows\System32\췍﷽﷽����
[2011.04.15 12:27:16 | 000,000,000 | ---- | M] ()(C:\Windows\System32\???) -- C:\Windows\System32\췍﷽﷽
[2011.04.15 12:27:16 | 000,000,000 | ---- | C] ()(C:\Windows\System32\???) -- C:\Windows\System32\췍﷽﷽

< End of report >
--- --- ---

und hier die Kurzversion:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.04.2012 21:38:55 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\viaggio2\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,10 Mb Total Physical Memory | 494,15 Mb Available Physical Memory | 48,78% Memory free
1,99 Gb Paging File | 1,47 Gb Available in Paging File | 73,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,78 Gb Total Space | 131,57 Gb Free Space | 59,87% Space Free | Partition Type: NTFS
 
Computer Name: VIAGGIO | User Name: viaggio2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\viaggio2\Downloads\OTL.exe (OldTimer Tools)
PRC - c:\Programme\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\mcafee\mcsvchost\McSvHost.exe (McAfee, Inc.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ixx.downloadservice) -- C:\Programme\medatixx\ixx.downloadservice\ixx.downloadservice.exe (medatixx GmbH & Co. KG)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ixx.updateservice) -- C:\Programme\medatixx\ixx.servicecenter\ixx.updateservice.exe (medatixx GmbH & Co. KG)
SRV - (McODS) -- C:\Programme\McAfee\virusscan\mcods.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (DsiWMIService) -- C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (GREGService) -- C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (Uim_Vim) -- C:\Windows\System32\drivers\Uim_Vim.sys (Paragon)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (EUCR) -- C:\Windows\System32\drivers\EUCR6SK.sys (ENE Technology Inc.)
DRV - (SPR3322K) -- C:\Windows\System32\drivers\SPR3322K.sys (SCM Microsystems Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail-Adresse kostenlos, FreeMail, Nachrichten & Services
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{C0D15828-0596-4E91-988A-7494F302E5F9}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Sichere Suche"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.04.02 02:29:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011.12.10 01:23:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.04.02 11:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.18 23:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.29 14:32:23 | 000,000,000 | ---D | M]
 
[2011.06.19 23:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\viaggio2\AppData\Roaming\mozilla\Extensions
[2011.11.09 16:51:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\viaggio2\AppData\Roaming\mozilla\Firefox\Profiles\xzjgf9jx.default\extensions
[2012.03.28 18:04:07 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\viaggio2\AppData\Roaming\mozilla\Firefox\Profiles\xzjgf9jx.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011.11.09 16:51:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\viaggio2\AppData\Roaming\mozilla\Firefox\Profiles\xzjgf9jx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.23 22:14:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.02 11:17:58 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012.03.18 23:47:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012.02.13 23:12:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 23:12:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.13 23:12:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 23:12:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.09 14:44:17 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.02.13 23:12:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 23:12:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\SystemCore\ScriptSn.20111227020605.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\viaggio2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\viaggio2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{686C5576-7248-4C50-8CA7-E1D0220D751B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF858C33-D19F-4644-8266-C4F75DD54BAF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.03 21:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.04.03 21:23:11 | 000,000,000 | ---D | C] -- C:\Users\viaggio2\AppData\Roaming\Malwarebytes
[2012.04.03 21:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.03 21:23:04 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.03 21:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.29 14:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\medatixx
[2012.03.28 18:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012.03.27 14:05:03 | 000,000,000 | ---D | C] -- C:\Users\viaggio2\AppData\Roaming\HP
[2012.03.27 10:36:10 | 000,000,000 | ---D | C] -- C:\Users\viaggio2\Desktop\Praktikanten
[2012.03.26 19:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2012.03.26 19:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2012.03.26 19:36:23 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012.03.19 14:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.19 14:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.03.16 13:41:08 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.03.16 13:41:07 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.03.14 11:57:51 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.14 11:57:44 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.14 11:56:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.03.14 11:56:57 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.03.14 11:56:56 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.03.14 11:56:42 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[1 C:\Users\viaggio2\Documents\*.tmp files -> C:\Users\viaggio2\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.03 21:23:06 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.03 21:22:46 | 000,696,832 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.03 21:22:46 | 000,652,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.03 21:22:46 | 000,148,128 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.03 21:22:46 | 000,121,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.03 21:18:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.03 21:17:59 | 796,733,440 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.03 21:15:39 | 000,015,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 21:15:37 | 000,015,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 18:52:00 | 000,001,321 | ---- | M] () -- C:\Windows\WINACS.INI
[2012.04.02 02:42:09 | 000,009,484 | ---- | M] () -- C:\Users\viaggio2\Documents\cc_20120402_024149.reg
[2012.03.20 18:12:01 | 000,027,648 | ---- | M] () -- C:\Users\viaggio2\Desktop\Ich bin da - formatiert.wbk
[2012.03.18 23:13:55 | 001,360,783 | ---- | M] () -- C:\Users\viaggio2\Desktop\Praxisinfos201121x2172seiten.pdf
[2012.03.16 13:59:06 | 000,343,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.11 00:24:22 | 000,248,084 | ---- | M] () -- C:\Users\viaggio2\Desktop\merkblatt_jobsharing.pdf
[1 C:\Users\viaggio2\Documents\*.tmp files -> C:\Users\viaggio2\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.03 21:23:06 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.02 02:42:02 | 000,009,484 | ---- | C] () -- C:\Users\viaggio2\Documents\cc_20120402_024149.reg
[2012.03.20 15:34:45 | 000,027,648 | ---- | C] () -- C:\Users\viaggio2\Desktop\Ich bin da - formatiert.wbk
[2012.03.18 23:13:55 | 001,360,783 | ---- | C] () -- C:\Users\viaggio2\Desktop\Praxisinfos201121x2172seiten.pdf
[2012.03.11 00:24:22 | 000,248,084 | ---- | C] () -- C:\Users\viaggio2\Desktop\merkblatt_jobsharing.pdf
[2011.12.10 20:41:45 | 000,071,893 | ---- | C] () -- C:\Users\viaggio2\AppData\Roaming\Photo.jpg
[2011.09.30 16:04:54 | 000,000,126 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.09.28 16:01:59 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.08.21 20:58:03 | 000,000,099 | ---- | C] () -- C:\Windows\wiso.ini
[2011.07.13 11:51:19 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.07.13 11:51:18 | 000,000,229 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.07.13 11:46:14 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
[2011.06.22 15:46:31 | 000,000,466 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.06.22 15:38:30 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2011.06.22 15:28:33 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011.06.19 23:16:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.03 20:08:13 | 000,006,144 | ---- | C] () -- C:\Users\viaggio2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.13 09:58:12 | 002,785,280 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2011.05.12 12:53:30 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011.04.27 13:56:49 | 000,000,145 | ---- | C] () -- C:\Windows\System32\EBPPORT3.DAT
[2011.04.15 14:02:23 | 000,000,268 | ---- | C] () -- C:\Users\viaggio2\AppData\Roaming\LMCPaper.dat
[2011.04.15 12:27:02 | 000,003,932 | ---- | C] () -- C:\Users\viaggio2\AppData\Roaming\LMLayout.dat
[2011.04.15 12:14:53 | 000,000,150 | ---- | C] () -- C:\Windows\System32\LM_SUPPORT.INI
[2011.04.15 12:12:19 | 000,003,932 | ---- | C] () -- C:\Windows\System32\LMLayout.dat
[2011.04.15 12:12:17 | 000,004,256 | ---- | C] () -- C:\Windows\System32\LMStatus.ini
[2011.04.15 11:03:28 | 000,000,293 | ---- | C] () -- C:\Windows\{005E2D03-8002-4574-A0E7-A63D3F2A033C}_WiseFW.ini
[2011.04.11 19:09:18 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.04.11 00:28:57 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.04.11 00:28:55 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2011.04.11 00:28:46 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2011.04.09 12:06:03 | 000,001,321 | ---- | C] () -- C:\Windows\WINACS.INI
[2011.04.09 12:04:17 | 000,000,970 | ---- | C] () -- C:\Windows\IsyPoller.ini
[2011.04.09 12:04:17 | 000,000,214 | ---- | C] () -- C:\Windows\cardterm.ini
[2011.04.09 12:04:17 | 000,000,031 | ---- | C] () -- C:\Windows\HIGHEDIT.INI
[2011.04.09 11:56:39 | 000,004,681 | ---- | C] () -- C:\Windows\System32\FoxFix5.ini
[2011.04.09 11:56:31 | 000,225,792 | ---- | C] () -- C:\Windows\System32\IMGMAN30.DLL
[2011.04.09 11:56:29 | 000,066,560 | ---- | C] () -- C:\Windows\System32\HERTF32.DLL
[2011.04.09 11:56:29 | 000,039,936 | ---- | C] () -- C:\Windows\System32\HETOOL32.DLL
[2011.04.09 11:56:28 | 000,573,952 | ---- | C] () -- C:\Windows\System32\HEKRNL32.DLL
[2011.04.09 11:56:28 | 000,155,136 | ---- | C] () -- C:\Windows\System32\HEMENU32.DLL
[2011.04.09 11:56:27 | 000,187,392 | ---- | C] () -- C:\Windows\System32\HEICON32.DLL
[2011.04.09 11:56:27 | 000,069,120 | ---- | C] () -- C:\Windows\System32\HEDLG32.DLL
[2011.04.09 11:56:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2011.04.09 11:56:24 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2011.04.09 11:56:21 | 000,368,640 | ---- | C] () -- C:\Windows\System32\QtSql4.dll
[2011.04.09 11:56:20 | 001,261,568 | ---- | C] () -- C:\Windows\System32\QtCore4.dll
[2011.04.09 11:56:19 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2011.04.09 11:56:19 | 000,081,920 | ---- | C] () -- C:\Windows\System32\pdf_edit.dll
[2011.04.09 11:56:11 | 000,045,056 | ---- | C] ( ) -- C:\Windows\System32\ct_api_com.dll
[2011.04.08 01:21:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.19 11:06:02 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.03.19 11:04:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.06.05 20:50:45 | 000,696,832 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.06.05 20:50:45 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.06.05 20:50:45 | 000,148,128 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.06.05 20:50:45 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.06.05 11:14:09 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.06.05 11:14:09 | 000,000,302 | ---- | C] () -- C:\Windows\PidList.ini
[2010.06.05 11:14:08 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010.05.04 05:36:37 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.05.04 05:34:06 | 000,361,808 | ---- | C] () -- C:\Windows\EMCRI_E.dll
[2010.05.04 05:29:13 | 000,231,056 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2010.05.04 05:29:13 | 000,030,856 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2010.05.04 05:29:13 | 000,001,352 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010.05.04 05:29:13 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010.05.04 05:29:13 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2010.05.04 05:29:13 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010.05.04 05:29:13 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010.05.04 05:29:13 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0_old.dat
[2010.05.04 05:29:13 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2010.05.04 05:29:13 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
 
========== LOP Check ==========
 
[2011.10.28 00:19:32 | 000,000,000 | ---D | M] -- C:\Users\viaggio2\AppData\Roaming\Audacity
[2011.08.21 20:55:35 | 000,000,000 | ---D | M] -- C:\Users\viaggio2\AppData\Roaming\Buhl Data Service
[2011.11.10 01:13:39 | 000,000,000 | ---D | M] -- C:\Users\viaggio2\AppData\Roaming\DVDVideoSoft
[2011.11.09 16:57:57 | 000,000,000 | ---D | M] -- C:\Users\viaggio2\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.05 00:11:00 | 000,000,000 | ---D | M] -- C:\Users\viaggio2\AppData\Roaming\EssentialPIM
[2011.06.19 19:27:11 | 000,000,000 | ---D | M] -- C:\Users\viaggio2\AppData\Roaming\medatixx
[2011.06.19 18:33:43 | 000,000,000 | ---D | M] -- C:\Users\viaggio2\AppData\Roaming\Roaming
[2011.04.11 14:41:34 | 000,000,000 | ---D | M] -- C:\Users\viaggio2\AppData\Roaming\TeamViewer
[2011.12.10 20:40:04 | 000,000,000 | ---D | M] -- C:\Users\viaggio2\AppData\Roaming\Total Immersion
[2011.05.30 10:20:51 | 000,000,000 | ---D | M] -- C:\Users\viaggio2\AppData\Roaming\Win7codecs
[2012.01.09 20:34:51 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2011.04.15 15:04:26 | 000,000,000 | ---- | M] ()(C:\Windows\System32\????????h???????) -- C:\Windows\System32\췍﷽﷽�����h偵亖ࠀર˯ᰐ˓
[2011.04.15 15:04:26 | 000,000,000 | ---- | C] ()(C:\Windows\System32\????????h???????) -- C:\Windows\System32\췍﷽﷽�����h偵亖ࠀર˯ᰐ˓
[2011.04.15 13:03:19 | 000,000,000 | ---- | M] ()(C:\Windows\System32\???????) -- C:\Windows\System32\췍﷽﷽����
[2011.04.15 13:03:19 | 000,000,000 | ---- | C] ()(C:\Windows\System32\???????) -- C:\Windows\System32\췍﷽﷽����
[2011.04.15 12:27:16 | 000,000,000 | ---- | M] ()(C:\Windows\System32\???) -- C:\Windows\System32\췍﷽﷽
[2011.04.15 12:27:16 | 000,000,000 | ---- | C] ()(C:\Windows\System32\???) -- C:\Windows\System32\췍﷽﷽

< End of report >
--- --- ---


Vielen Dank für Eure Antwort!


Alt 11.04.2012, 12:38   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Aus Sicherheitsgründen wurde ihr windows.... - Standard

Aus Sicherheitsgründen wurde ihr windows....


Was soll das? Ich wollte die Logs von Malwarebytes sehen!
__________________
--> Aus Sicherheitsgründen wurde ihr windows....

Antwort

Themen zu Aus Sicherheitsgründen wurde ihr windows....
abend, acer, aspire, aus sicherheitsgründen, bekannte, datei, einträge, einträgen, meldung, netbook, nicht mehr, plötzlich, seitdem, seite, sichere, sicheren, sicherheitsgründe, sicherheitsgründen, sonntag, taucht, träge, unbekannte, unbekannten, wurde ihr


« Windows wurde aus Sicherheitsgründen bockiert | Bundespolizei Virus - Nichts geht mehr »


Ähnliche Themen: Aus Sicherheitsgründen wurde ihr windows....


  1. Windows wurde aus Sicherheitsgründen bockiert
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (11)
  2. Windows wurde aus Sicherheitsgründen blockiert
    Log-Analyse und Auswertung - 31.03.2012 (13)
  3. Windows 7: Achtung Ihr Windows wurde aus Sicherheitsgründen gesperrt! Bezahlen und runterladen
    Log-Analyse und Auswertung - 17.02.2012 (2)
  4. Aus Sicherheitsgründen wurde ihr Windows blockiert
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (17)
  5. Windows wurde aus Sicherheitsgründen gesperrt.....
    Plagegeister aller Art und deren Bekämpfung - 27.01.2012 (27)
  6. Aus Sicherheitsgründen wurde ihr Windows blockiert!
    Log-Analyse und Auswertung - 15.01.2012 (15)
  7. Windows wurde aus sicherheitsgründen deaktiviert
    Log-Analyse und Auswertung - 09.01.2012 (1)
  8. Windows wurde aus Sicherheitsgründen blockiert.
    Log-Analyse und Auswertung - 07.01.2012 (13)
  9. Windows wurde aus sicherheitsgründen blockiert
    Plagegeister aller Art und deren Bekämpfung - 05.01.2012 (2)
  10. Achtung Aus Sicherheitsgründen wurde ihr Windows System blockiert Windows xp
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (7)
  11. Windows (7) wurde aus Sicherheitsgründen gesperrt..... 50€ etc.
    Log-Analyse und Auswertung - 29.12.2011 (2)
  12. Windows wurde aus Sicherheitsgründen Blockiert
    Plagegeister aller Art und deren Bekämpfung - 25.12.2011 (1)
  13. Windows wurde aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 22.12.2011 (3)
  14. Gehe zum ersten neuen Beitrag Aus Sicherheitsgründen wurde ihr windows System blockiert (auf Windows
    Log-Analyse und Auswertung - 16.12.2011 (16)
  15. Windows wurde aus Sicherheitsgründen blockiert
    Log-Analyse und Auswertung - 12.12.2011 (1)
  16. Aus Sicherheitsgründen wurde Windows blockiert
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (3)
  17. Aus Sicherheitsgründen wurde Windows blockiert...
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Aus Sicherheitsgründen wurde ihr windows.... - Am Sonntag abend erschien plötzlich diese bekannte Meldung auf meinem Bildschirm. Ich habe daraufhin ein früheres Systemwiederherstellungsdatum hergestellt. Seitdem taucht der Bildschirm nicht mehr auf. Bin ich jetzt auf der - Aus Sicherheitsgründen wurde ihr windows.......
Archiv
Du betrachtest: Aus Sicherheitsgründen wurde ihr windows.... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131