Verschlüsselungstrojaner eingefangen

cosinus · 03.06.2012, 13:25

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
MOD - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
SRV - [2011.12.14 15:58:12 | 002,051,472 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Programme\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2011.05.29 16:21:23 | 000,073,600 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\ezGOSvc.dll -- (ezGOSvc)
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl-start.computerbild.de/
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://badoo.com/startpage/ [binary data]
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.gmx.de/ [binary data]
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://badoo.com/startpage/
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\SearchScopes,DefaultScope = {8A244612-A1F7-11E0-95C0-E71F4824019B}
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\SearchScopes\{0DBD8FFD-6172-48ED-9438-C160D58430C8}: "URL" = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\SearchScopes\{1AF7DC4B-B848-4CDE-8EC7-B418844C6CBD}: "URL" = http://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}: "URL" = http://badoo.com/startpage/?source=bsb&q={searchTerms}
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\SearchScopes\{E6849E65-5DB6-4C1D-8709-6109C6C2E13C}: "URL" = http://go.web.de/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\SearchScopes\{F437599F-0241-42C1-9C0A-04997A2F19C6}: "URL" = http://go.web.de/br/ie8_search_ebay/?q={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Ask.com Search"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.order.1: "Ask.com Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://badoo.com/startpage/"
FF - prefs.js..keyword.URL: "http://badoo.com/startpage/?source=bsb&q="
FF - prefs.js..browser.startup.page: 1user_pref("keyword.enabled",true);
FF - user.js - File not found
[2012.04.22 18:18:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.05.06 19:53:09 | 000,000,000 | ---D | M] (PriceGong) -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2011.12.20 12:50:26 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.12.20 12:49:14 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\ffox@bandoo.com
[2012.03.24 23:47:47 | 000,002,306 | ---- | M] () -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\searchplugins\askcomsearch.xml
[2011.09.24 05:42:16 | 000,002,023 | ---- | M] () -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\searchplugins\badoo.xml
[2012.04.22 18:18:53 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\searchplugins\icqplugin-1.xml
[2012.04.22 18:05:29 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\searchplugins\icqplugin.xml
[2011.12.20 12:49:41 | 000,002,519 | ---- | M] () -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\searchplugins\Search_Results.xml
[2012.05.06 19:52:51 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\searchplugins\sweetim.xml
[2011.07.06 09:20:47 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2011.07.07 09:53:31 | 000,002,226 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2011.12.20 12:49:41 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll File not found
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar IE8\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WEB.DE Browser Configuration) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll File not found
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Programme\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar IE8\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar IE8\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-21-1417001333-776561741-682003330-1004..\Run: [Badoo Desktop] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe (Badoo)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f366deae-8334-11e1-947d-001966ba13f3}\Shell - "" = AutoRun
O33 - MountPoints2\{f366deae-8334-11e1-947d-001966ba13f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f366deae-8334-11e1-947d-001966ba13f3}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{ff391f2a-671f-11e1-943d-001966ba13f3}\Shell - "" = AutoRun
O33 - MountPoints2\{ff391f2a-671f-11e1-943d-001966ba13f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff391f2a-671f-11e1-943d-001966ba13f3}\Shell\AutoRun\command - "" = J:\autorun.exe
:Files
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Qnsrktb
C:\WINDOWS\system32\ezGOSvc.dll
C:\Programme\SweetIM
C:\Programme\Bandoo
C:\Programme\Ask.com
C:\Programme\Windows Searchqu Toolbar
C:\Programme\ICQ6Toolbar
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\PriceGong
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PriceGong
C:\Programme\PriceGong
C:\Programme\SweetIM
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Badoo
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bandoo
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\PriceGong
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Qnsrktb
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Saqqarah
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\searchquband
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\searchqutoolbar
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Seelenherz · 03.06.2012, 15:25

Hallo Arne,

leider scheinen jetzt die ersten Probleme aufzutauchen

Sobald ich bei OTL auf FIX klicke wird der Bildschirm bis auf das OTL-Fenster blau und kurz darauf friert der Rechner (oder das Prog?) ein.

cosinus · 03.06.2012, 15:50

Wiederhol den Fix im abgesicherten Modus bitte

Seelenherz · 03.06.2012, 16:20

*KopfTisch @ abgesicherter Modus* auf die Idee hätte ich auch selbst kommen können *schäm*

hier auf nun der Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Service Bandoo Coordinator stopped successfully!
Service Bandoo Coordinator deleted successfully!
C:\Programme\Bandoo\Bandoo.exe moved successfully.
Service ezGOSvc stopped successfully!
Service ezGOSvc deleted successfully!
C:\WINDOWS\system32\ezGOSvc.dll moved successfully.
HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0DBD8FFD-6172-48ED-9438-C160D58430C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DBD8FFD-6172-48ED-9438-C160D58430C8}\ not found.
Registry key HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{1AF7DC4B-B848-4CDE-8EC7-B418844C6CBD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AF7DC4B-B848-4CDE-8EC7-B418844C6CBD}\ not found.
Registry key HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A244612-A1F7-11E0-95C0-E71F4824019B}\ not found.
Registry key HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{E6849E65-5DB6-4C1D-8709-6109C6C2E13C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6849E65-5DB6-4C1D-8709-6109C6C2E13C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{F437599F-0241-42C1-9C0A-04997A2F19C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F437599F-0241-42C1-9C0A-04997A2F19C6}\ not found.
Prefs.js: "Ask.com Search" removed from browser.search.defaultengine
Prefs.js: "Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com Search" removed from browser.search.order.1
Prefs.js: "Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://badoo.com/startpage/" removed from browser.startup.homepage
Prefs.js: "hxxp://badoo.com/startpage/?source=bsb&q=" removed from keyword.URL
Prefs.js: 1user_pref("keyword.enabled",true); removed from browser.startup.page
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\components folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale\en-US folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\ffox@bandoo.com\content\creatives folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\ffox@bandoo.com\content folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\ffox@bandoo.com\components folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\ffox@bandoo.com folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\searchplugins\askcomsearch.xml moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\searchplugins\badoo.xml moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\searchplugins\icqplugin.xml moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\searchplugins\Search_Results.xml moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\searchplugins\sweetim.xml moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\search\engine folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\newtab\initial-thumbs folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\homebutton folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\brand folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\help\page folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\util folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\tracking folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\search\mcollect folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\hotnews folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\components folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de folder moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
C:\Programme\PriceGong\2.6.4\PriceGongIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17166733-40EA-4432-A85C-AE672FF0E236}\ deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
C:\Programme\WEB.DE Toolbar IE8\IE\uitb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D48FF4B4-E68F-47D1-8E25-81A0F0EEB341}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D48FF4B4-E68F-47D1-8E25-81A0F0EEB341}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.
C:\Programme\Bandoo\Plugins\IE\ieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C424171E-592A-415a-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}\ deleted successfully.
File C:\Programme\WEB.DE Toolbar IE8\IE\uitb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
File C:\Programme\WEB.DE Toolbar IE8\IE\uitb.dll not found.
Registry value HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Programme\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Badoo Desktop deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f366deae-8334-11e1-947d-001966ba13f3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f366deae-8334-11e1-947d-001966ba13f3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f366deae-8334-11e1-947d-001966ba13f3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f366deae-8334-11e1-947d-001966ba13f3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f366deae-8334-11e1-947d-001966ba13f3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f366deae-8334-11e1-947d-001966ba13f3}\ not found.
File J:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff391f2a-671f-11e1-943d-001966ba13f3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff391f2a-671f-11e1-943d-001966ba13f3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff391f2a-671f-11e1-943d-001966ba13f3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff391f2a-671f-11e1-943d-001966ba13f3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff391f2a-671f-11e1-943d-001966ba13f3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff391f2a-671f-11e1-943d-001966ba13f3}\ not found.
File J:\autorun.exe not found.
========== FILES ==========
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Qnsrktb folder moved successfully.
File\Folder C:\WINDOWS\system32\ezGOSvc.dll not found.
C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Programme\SweetIM\Toolbars folder moved successfully.
C:\Programme\SweetIM\Messenger\resources\sqlite folder moved successfully.
C:\Programme\SweetIM\Messenger\resources\images folder moved successfully.
C:\Programme\SweetIM\Messenger\resources folder moved successfully.
C:\Programme\SweetIM\Messenger folder moved successfully.
C:\Programme\SweetIM\Communicator\resources\sqlite folder moved successfully.
C:\Programme\SweetIM\Communicator\resources folder moved successfully.
C:\Programme\SweetIM\Communicator\Microsoft.VC90.CRT folder moved successfully.
C:\Programme\SweetIM\Communicator folder moved successfully.
C:\Programme\SweetIM folder moved successfully.
C:\Programme\Bandoo\Resources\tutorial\images folder moved successfully.
C:\Programme\Bandoo\Resources\tutorial folder moved successfully.
C:\Programme\Bandoo\Resources folder moved successfully.
C:\Programme\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images folder moved successfully.
C:\Programme\Bandoo\Plugins\Yahoo\Resources\Toolbar folder moved successfully.
C:\Programme\Bandoo\Plugins\Yahoo\Resources\HTML folder moved successfully.
C:\Programme\Bandoo\Plugins\Yahoo\Resources folder moved successfully.
C:\Programme\Bandoo\Plugins\Yahoo folder moved successfully.
C:\Programme\Bandoo\Plugins\OE\Resources\Toolbar\Images folder moved successfully.
C:\Programme\Bandoo\Plugins\OE\Resources\Toolbar folder moved successfully.
C:\Programme\Bandoo\Plugins\OE\Resources\Images folder moved successfully.
C:\Programme\Bandoo\Plugins\OE\Resources\HTML folder moved successfully.
C:\Programme\Bandoo\Plugins\OE\Resources folder moved successfully.
C:\Programme\Bandoo\Plugins\OE folder moved successfully.
C:\Programme\Bandoo\Plugins\MSN\Resources\Toolbar\Images folder moved successfully.
C:\Programme\Bandoo\Plugins\MSN\Resources\Toolbar folder moved successfully.
C:\Programme\Bandoo\Plugins\MSN\Resources\HTML folder moved successfully.
C:\Programme\Bandoo\Plugins\MSN\Resources folder moved successfully.
C:\Programme\Bandoo\Plugins\MSN folder moved successfully.
C:\Programme\Bandoo\Plugins\IE\Resources\HTML folder moved successfully.
C:\Programme\Bandoo\Plugins\IE\Resources folder moved successfully.
C:\Programme\Bandoo\Plugins\IE folder moved successfully.
C:\Programme\Bandoo\Plugins folder moved successfully.
C:\Programme\Bandoo folder moved successfully.
C:\Programme\Ask.com\Updater folder moved successfully.
C:\Programme\Ask.com\assets\oobe folder moved successfully.
C:\Programme\Ask.com\assets folder moved successfully.
C:\Programme\Ask.com folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr folder moved successfully.
C:\Programme\Windows Searchqu Toolbar folder moved successfully.
C:\Programme\ICQ6Toolbar folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\PriceGong\Data folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\PriceGong folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PriceGong folder moved successfully.
C:\Programme\PriceGong\2.6.4 folder moved successfully.
C:\Programme\PriceGong folder moved successfully.
File\Folder C:\Programme\SweetIM not found.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Toolbars\Internet Explorer\cache folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Toolbars folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\update folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\logs folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data\packages\FailDialog folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data\packages folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data\contentdb folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data\Bars\Default\400 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data\Bars\Default\200 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data\Bars\Default\100 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data\Bars\Default folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data\Bars\200\default folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data\Bars\200\bar0164 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data\Bars\200\bar0104 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data\Bars\200 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data\Bars\100\default folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data\Bars\100\bar0164 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data\Bars\100\bar0104 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data\Bars\100 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data\Bars folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\data folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\conf\users\strenge_haltung folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\conf\users\strengehaltung@hotmail.de folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\conf\users\331381842 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\conf\users folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger\conf folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Messenger folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Communicator\Logs folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Communicator\conf folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM\Communicator folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask\APN-Stub folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Badoo\Badoo Desktop\1.6.48.1082 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Badoo\Badoo Desktop folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Badoo folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bandoo\Repository folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bandoo\Flash folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bandoo folder moved successfully.
File\Folder C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\PriceGong not found.
File\Folder C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Qnsrktb not found.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Saqqarah folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\searchquband folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\searchqutoolbar\weather folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\searchqutoolbar folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Administrator.KIPPING-F34A4F
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Kipping
->Temp folder emptied: 87823869 bytes
->Temporary Internet Files folder emptied: 646226295 bytes
->Java cache emptied: 19143914 bytes
->FireFox cache emptied: 49077359 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 71191 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1410723 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2221522 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4481539 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2288598 bytes
RecycleBin emptied: 184418 bytes
 
Total Files Cleaned = 776,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: Administrator.KIPPING-F34A4F
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Kipping
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.2 log created on 06032012_170850

cosinus · 03.06.2012, 16:36

Ok, mach mal zur Kontrolle ein neues OTL-Log. Bei dir musste doch etwas mehr gefixt werden deswegen will ich lieber nochmal nachsehen ob was auf der Strecke geblieben ist

Seelenherz · 03.06.2012, 17:01

wie gewünscht

OTL.txt

Code:

ATTFilter

OTL logfile created on: 03.06.2012 17:50:05 - Run 3
OTL by OldTimer - Version 3.2.43.2     Folder = C:\Dokumente und Einstellungen\Kipping\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 66,66% Memory free
3,60 Gb Paging File | 3,12 Gb Available in Paging File | 86,66% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 1863,01 Gb Total Space | 748,86 Gb Free Space | 40,20% Space Free | Partition Type: NTFS
Drive E: | 465,75 Gb Total Space | 427,11 Gb Free Space | 91,70% Space Free | Partition Type: NTFS
Drive J: | 29,81 Gb Total Space | 29,49 Gb Free Space | 98,93% Space Free | Partition Type: FAT32
 
Computer Name: KIPPING-F34A4F | User Name: Kipping | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.28 13:25:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kipping\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.06.30 10:34:58 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.27 10:17:05 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011.06.16 07:13:25 | 001,404,008 | ---- | M] () -- C:\WINDOWS\system32\ieconfig_1und1_svc.exe
PRC - [2011.04.30 19:44:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.30 18:10:28 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\WINDOWS\starter4g.exe
PRC - [2011.03.30 18:10:20 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\WINDOWS\service4g.exe
PRC - [2011.03.30 13:20:49 | 000,327,392 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe
PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.01.05 12:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2010.07.16 10:51:34 | 000,138,584 | ---- | M] () -- C:\Programme\Mobile Partner Manager\UIExec.exe
PRC - [2010.07.16 10:49:38 | 000,252,784 | ---- | M] () -- C:\Programme\Mobile Partner Manager\AssistantServices.exe
PRC - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Browny02\BrYNSvc.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.09.23 19:17:38 | 001,058,304 | ---- | M] (Option) -- C:\Programme\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
PRC - [2008.04.30 18:52:36 | 000,200,704 | ---- | M] (OptionNV) -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe
PRC - [2006.02.28 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.02.28 14:00:00 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oobe\msoobe.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.06.16 07:13:25 | 001,404,008 | ---- | M] () -- C:\WINDOWS\system32\ieconfig_1und1_svc.exe
MOD - [2011.03.30 13:20:49 | 000,327,392 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe
MOD - [2010.11.17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2010.07.16 10:51:34 | 000,138,584 | ---- | M] () -- C:\Programme\Mobile Partner Manager\UIExec.exe
MOD - [2010.07.16 10:49:38 | 000,252,784 | ---- | M] () -- C:\Programme\Mobile Partner Manager\AssistantServices.exe
MOD - [2010.06.17 15:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008.09.23 19:17:38 | 000,079,872 | ---- | M] () -- C:\Programme\Option\GlobeTrotter Connect\custom.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.30 10:34:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.16 07:13:25 | 001,404,008 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2011.04.30 19:44:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.30 18:10:20 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\WINDOWS\service4g.exe -- (XS Stick Service)
SRV - [2011.03.30 13:20:49 | 000,327,392 | ---- | M] () [Auto | Running] -- C:\Programme\XSManager\WTGService.exe -- (WTGService)
SRV - [2011.01.05 12:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.07.16 10:49:38 | 000,252,784 | ---- | M] () [Auto | Running] -- C:\Programme\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.04.30 18:52:36 | 000,200,704 | ---- | M] (OptionNV) [Auto | Running] -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2003.07.28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.30 10:35:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 10:35:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.11 18:02:26 | 000,026,008 | ---- | M] (Telefónica I+D) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tidnet.sys -- (tidnet)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.02.22 18:33:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.02.22 18:33:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.02.22 18:33:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.12.28 16:52:40 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.12.17 12:31:42 | 000,021,504 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Ndisprot.sys -- (Ndisprot)
DRV - [2009.02.03 17:56:22 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2008.10.31 12:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.08.18 19:54:24 | 000,145,952 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008.03.25 12:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.03.25 12:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.02.18 18:14:38 | 000,106,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2008.02.08 14:00:22 | 000,059,648 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007.03.30 14:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.startup.page: 1user_pref("keyword.enabled",true);
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.27 10:17:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.04.22 18:18:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\ffox@bandoo.com
 
[2011.09.19 08:13:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Extensions
[2012.06.03 17:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions
[2012.04.22 18:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.02 17:06:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.03 17:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.04.22 18:18:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.22 18:18:39 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.22 18:18:39 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.04.22 18:18:39 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.22 18:18:39 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.22 18:18:39 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.22 18:18:39 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\Kipping\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\Kipping\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\
 
O1 HOSTS File: ([2012.06.03 17:12:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrStsMon00] C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [starter4g] C:\WINDOWS\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Programme\Mobile Partner Manager\UIExec.exe ()
O4 - HKU\S-1-5-21-1417001333-776561741-682003330-1004..\Run: [1und1Dispatcher] C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH)
O4 - HKU\S-1-5-21-1417001333-776561741-682003330-1004..\Run: [ICQ] ~"C:\Programme\ICQ7.4\ICQ.exe" silent loginmode=4 File not found
O4 - HKU\S-1-5-21-1417001333-776561741-682003330-1004..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1417001333-776561741-682003330-1004..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GlobeTrotter Connect.lnk = C:\Programme\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe (Option)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Kipping\Startmenü\Programme\Autostart\ZooskMessenger.lnk =  File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.103.78 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1942DBDE-C660-44DF-A98E-D0BC98C3790A}: DhcpNameServer = 80.69.103.78 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar IE8\IE\uitb.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.03 17:44:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012.06.01 16:10:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kipping\Desktop\OTL.exe
[2012.06.01 15:37:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2012.05.31 23:37:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.31 21:39:24 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Kipping\Desktop\esetsmartinstaller_enu.exe
[2012.05.31 19:21:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Malwarebytes
[2012.05.31 19:21:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.05.31 19:21:17 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.05.31 19:21:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.05.31 19:20:44 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Kipping\Desktop\mbam-setup-1.61.0.1400.exe
[2012.05.24 20:26:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012.05.24 19:59:30 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2012.05.24 19:59:29 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2012.05.24 19:59:29 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2012.05.24 19:59:29 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2012.05.24 19:59:28 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2012.05.24 19:59:28 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2012.05.24 19:59:27 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2012.05.24 19:59:27 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2012.05.24 19:59:26 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2012.05.24 19:59:26 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2012.05.24 19:59:26 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2012.05.24 19:59:21 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2012.05.24 19:59:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2012.05.24 19:59:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2012.05.24 19:59:19 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2012.05.24 19:59:19 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2012.05.24 19:59:19 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2012.05.24 19:59:19 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2012.05.24 19:59:18 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2012.05.24 19:59:18 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2012.05.24 19:59:18 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2012.05.24 19:59:18 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2012.05.24 19:59:15 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2012.05.24 19:59:14 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2012.05.24 19:59:13 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2012.05.24 19:59:13 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2012.05.24 19:59:13 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2012.05.24 19:59:13 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2012.05.24 19:59:13 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2012.05.24 19:59:13 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2012.05.24 19:59:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2012.05.24 19:59:13 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2012.05.24 19:59:12 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2012.05.24 19:59:12 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2012.05.24 19:59:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2012.05.24 19:59:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2012.05.24 19:59:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2012.05.24 19:59:11 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2012.05.24 19:59:11 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2012.05.24 19:59:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2012.05.24 19:59:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2012.05.24 19:59:11 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2012.05.24 19:59:11 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2012.05.24 19:59:11 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2012.05.24 19:59:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2012.05.24 19:59:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2012.05.24 19:59:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2012.05.24 19:59:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2012.05.24 19:59:11 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2012.05.24 19:59:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2012.05.24 19:59:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2012.05.24 19:59:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2012.05.24 19:59:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2012.05.24 19:59:06 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2012.05.24 19:59:06 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2012.05.24 19:59:04 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012.05.24 19:59:04 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012.05.24 19:59:04 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012.05.24 19:59:04 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2012.05.24 19:59:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2012.05.24 19:59:02 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2012.05.24 19:59:02 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012.05.24 19:59:00 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2012.05.24 19:59:00 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2012.05.24 19:59:00 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012.05.24 19:59:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012.05.24 19:58:58 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012.05.24 19:58:58 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2012.05.24 19:58:58 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2012.05.24 19:58:58 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012.05.24 19:58:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2012.05.24 19:58:57 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2012.05.24 19:58:57 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2012.05.24 19:58:57 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2012.05.24 19:58:56 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2012.05.24 19:58:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2012.05.24 19:58:56 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2012.05.24 19:58:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2012.05.24 19:58:53 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2012.05.24 19:58:49 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2012.05.24 19:58:48 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2012.05.24 19:58:45 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2012.05.24 19:58:45 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2012.05.24 19:58:37 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012.05.24 19:58:37 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012.05.24 19:58:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2012.05.24 19:58:35 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2012.05.24 19:58:35 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2012.05.24 19:58:35 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2012.05.24 19:58:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2012.05.24 19:58:30 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2012.05.24 19:58:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2012.05.24 19:58:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2012.05.24 19:58:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2012.05.24 19:58:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2012.05.24 19:58:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2012.05.24 19:58:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2012.05.24 19:58:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2012.05.24 19:58:23 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2012.05.24 19:58:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2012.05.24 19:58:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2012.05.24 19:58:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2012.05.24 19:58:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2012.05.24 19:58:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2012.05.24 19:58:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2012.05.24 19:58:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2012.05.24 19:58:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2012.05.24 19:58:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2012.05.24 19:58:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2012.05.24 19:58:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2012.05.24 19:58:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2012.05.24 19:58:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2012.05.24 19:58:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2012.05.24 19:58:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2012.05.24 19:58:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2012.05.24 19:58:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2012.05.24 19:58:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2012.05.24 19:58:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2012.05.24 19:58:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2012.05.24 19:58:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2012.05.24 19:58:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2012.05.24 19:58:20 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012.05.24 19:58:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2012.05.24 19:58:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2012.05.24 19:58:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2012.05.24 19:58:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2012.05.24 19:58:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2012.05.24 19:58:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2012.05.24 19:58:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2012.05.24 19:58:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2012.05.24 19:58:17 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2012.05.24 19:58:17 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2012.05.24 19:58:17 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2012.05.24 19:58:17 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2012.05.24 19:58:17 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2012.05.24 19:58:16 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2012.05.24 19:58:16 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2012.05.24 19:58:16 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2012.05.24 19:58:16 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2012.05.24 19:58:16 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2012.05.24 19:58:16 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2012.05.24 19:58:16 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2012.05.24 19:58:16 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2012.05.24 19:58:15 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2012.05.24 19:58:15 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2012.05.24 19:58:15 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2012.05.24 19:58:15 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2012.05.24 19:58:15 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2012.05.24 19:58:15 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2012.05.24 19:58:15 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2012.05.24 19:58:15 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2012.05.24 19:58:15 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2012.05.24 19:58:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2012.05.24 19:58:11 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2012.05.24 19:58:02 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2012.05.24 19:58:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2012.05.24 19:58:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2012.05.24 19:58:00 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2012.05.24 19:58:00 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2012.05.24 19:58:00 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2012.05.24 19:57:59 | 000,563,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2012.05.24 19:57:59 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2012.05.24 19:57:59 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2012.05.24 19:57:59 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2012.05.24 19:57:59 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2012.05.24 19:57:59 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2012.05.24 19:57:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2012.05.24 19:57:59 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2012.05.24 19:57:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2012.05.24 19:57:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2012.05.24 19:57:59 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2012.05.24 19:57:59 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2012.05.24 19:57:59 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2012.05.24 19:57:58 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2012.05.24 19:57:58 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2012.05.24 19:57:58 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2012.05.24 19:57:58 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2012.05.24 19:57:58 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2012.05.24 19:57:58 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2012.05.24 19:57:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2012.05.24 19:57:57 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2012.05.24 19:57:56 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2012.05.24 19:57:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012.05.24 19:57:55 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2012.05.24 19:57:55 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2012.05.24 19:57:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2012.05.24 19:57:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2012.05.24 19:57:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2012.05.24 19:57:54 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012.05.24 19:57:54 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012.05.24 19:57:54 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012.05.24 19:57:54 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012.05.24 19:57:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2012.05.24 19:57:45 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012.05.24 19:57:44 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2012.05.24 19:57:43 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2012.05.24 19:57:42 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2012.05.24 19:57:42 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2012.05.24 19:57:42 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2012.05.24 19:57:42 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2012.05.24 19:57:42 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2012.05.24 19:57:41 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2012.05.24 19:57:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2012.05.24 19:57:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012.05.24 19:57:40 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012.05.24 19:57:40 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012.05.24 19:57:40 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012.05.24 19:57:39 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012.05.24 19:57:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2012.05.24 19:57:38 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2012.05.24 19:57:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2012.05.24 19:57:29 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2012.05.24 19:57:29 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2012.05.24 19:57:29 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2012.05.24 19:57:29 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2012.05.24 19:57:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2012.05.24 19:57:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2012.05.24 19:57:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2012.05.24 19:57:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2012.05.24 19:57:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2012.05.24 19:54:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2012.05.24 19:54:10 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2012.05.24 19:51:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2012.05.24 19:51:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2012.05.24 19:24:40 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2012.05.24 19:24:40 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2012.05.24 19:24:40 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2012.05.24 19:24:40 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2012.05.24 18:42:13 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.05.24 11:08:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kipping\Desktop\Nicht verwendete Desktopverknüpfungen
[2012.05.17 16:47:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012.05.09 09:51:11 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Kipping\Recent
[2012.05.07 17:38:34 | 000,000,000 | ---D | C] -- C:\Programme\MSECache
[2012.03.06 22:38:04 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Programme\ccsetup316.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.03 17:53:46 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D7817404-DA80-4178-98E3-5FDA280E14C4}.job
[2012.06.03 17:53:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.06.03 17:44:57 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.03 17:44:19 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.06.03 17:42:35 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-776561741-682003330-1004.job
[2012.06.03 17:42:33 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.03 17:42:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.03 17:12:12 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012.06.03 15:56:11 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.01 16:18:04 | 000,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.01 15:37:29 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.05.31 21:12:51 | 000,115,712 | ---- | M] () -- C:\Dokumente und Einstellungen\Kipping\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.31 20:35:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-776561741-682003330-1004.job
[2012.05.31 19:52:12 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Kipping\Desktop\esetsmartinstaller_enu.exe
[2012.05.31 19:21:18 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.31 17:44:51 | 000,316,594 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.05.31 17:44:51 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.31 17:44:51 | 000,048,156 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.05.31 17:44:51 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.31 16:46:36 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Kipping\Desktop\mbam-setup-1.61.0.1400.exe
[2012.05.28 13:25:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kipping\Desktop\OTL.exe
[2012.05.24 20:00:07 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012.05.24 19:56:47 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012.05.24 19:56:46 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012.05.24 19:56:46 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012.05.24 19:56:24 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012.05.24 19:53:42 | 000,022,880 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.05.24 19:50:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012.05.24 19:04:08 | 000,034,692 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2012.05.17 21:39:11 | 000,000,250 | ---- | M] () -- C:\Dokumente und Einstellungen\Kipping\Desktop\AntiVir Desktop.lnk
[2012.05.07 20:24:09 | 000,000,283 | ---- | M] () -- C:\Dokumente und Einstellungen\Kipping\Desktop\SweetPcFix.url
 
========== Files Created - No Company Name ==========
 
[2012.05.31 19:21:18 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.24 19:58:57 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012.05.24 19:58:30 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012.05.24 19:58:17 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012.05.24 19:58:16 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012.05.24 19:58:14 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012.05.24 19:58:05 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012.05.24 19:58:01 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012.05.24 19:57:42 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012.05.24 19:52:04 | 000,000,621 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Messenger.lnk
[2012.05.24 19:29:36 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\Kipping\Startmenü\Programme\Internet Explorer.lnk
[2012.05.24 19:24:05 | 000,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2012.05.24 19:24:05 | 000,018,989 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2012.05.24 19:24:05 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2012.05.24 19:24:05 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012.05.24 19:24:05 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012.05.24 19:24:05 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012.05.24 19:24:04 | 001,899,936 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012.05.24 19:24:04 | 001,014,663 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2012.05.24 19:24:04 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012.05.24 19:24:04 | 000,523,252 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012.05.24 19:24:04 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012.05.24 19:24:04 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012.05.24 19:24:04 | 000,030,983 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012.05.24 19:24:04 | 000,014,043 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012.05.24 19:24:04 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012.05.24 19:24:04 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012.05.17 21:39:11 | 000,000,250 | ---- | C] () -- C:\Dokumente und Einstellungen\Kipping\Desktop\AntiVir Desktop.lnk
[2012.05.09 17:02:14 | 000,034,692 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2012.05.09 17:02:12 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.05.07 17:39:00 | 000,002,080 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Word Viewer 2003.lnk
[2012.05.06 19:51:21 | 000,000,283 | ---- | C] () -- C:\Dokumente und Einstellungen\Kipping\Desktop\SweetPcFix.url
[2012.05.05 22:31:11 | 000,725,815 | ---- | C] () -- C:\Dokumente und Einstellungen\Kipping\Eigene Dateien\Bescheid fes.jpg
[2012.04.20 09:52:07 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012.04.20 09:48:00 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT
[2012.02.16 10:17:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.09.19 08:13:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.08.12 14:40:51 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2011.06.18 12:55:39 | 001,524,112 | ---- | C] () -- C:\WINDOWS\System32\bandoolmx.dll
[2011.06.16 07:13:25 | 001,404,008 | ---- | C] () -- C:\WINDOWS\System32\ieconfig_1und1_svc.exe
[2011.06.16 07:13:24 | 003,406,336 | ---- | C] () -- C:\WINDOWS\System32\WEBDE-DLLUpdate1.exe
[2011.03.12 10:49:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.02.26 20:08:47 | 000,115,712 | ---- | C] () -- C:\Dokumente und Einstellungen\Kipping\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.25 12:52:35 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011.02.25 12:52:35 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011.02.25 12:52:35 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011.02.25 12:52:35 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011.02.25 12:52:35 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011.02.25 12:52:35 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011.02.25 12:52:35 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011.02.25 12:52:35 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011.02.25 12:52:35 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011.02.25 12:52:35 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011.02.25 12:52:35 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011.02.25 12:52:35 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011.02.25 12:52:35 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011.02.25 12:52:35 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011.02.25 12:52:35 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011.02.25 12:52:35 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011.02.25 12:52:35 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011.02.25 12:52:35 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011.02.25 12:52:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011.02.25 12:45:54 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2011.02.25 10:47:52 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.02.21 19:14:34 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011.02.21 18:16:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.02.21 18:11:34 | 000,022,880 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.02.21 17:52:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.02.21 17:49:06 | 000,112,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== LOP Check ==========
 
[2012.06.03 17:08:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon
[2011.12.20 12:49:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2011.07.06 09:20:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DesktopIcons
[2011.07.31 13:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2012.01.08 01:04:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2011.12.02 14:55:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FarmFrenzy-PizzaParty
[2011.10.21 12:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.06.16 07:14:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2011.10.27 11:37:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MumboJumbo
[2011.10.28 08:26:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Playrix Entertainment
[2011.12.24 14:06:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TERMINAL Studio
[2011.02.25 12:55:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2011.12.14 11:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb
[2012.05.02 01:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2011.02.23 23:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.07.19 22:50:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\1&1 Mail & Media GmbH
[2011.12.25 02:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Ancient Quest of Saqqarah__cminion
[2011.07.07 09:55:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\BabylonToolbar
[2011.06.18 12:56:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Bandoo
[2011.06.08 16:53:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.07.31 10:09:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\go
[2012.05.06 19:53:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\ICQ
[2012.05.02 09:34:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\TeamViewer
[2012.01.14 00:30:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Telefónica
[2012.04.10 20:10:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\XSManager
[2012.04.10 19:46:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\XSManager
[2012.06.03 17:53:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012.06.03 17:53:46 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D7817404-DA80-4178-98E3-5FDA280E14C4}.job
 
========== Purity Check ==========
 
 

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 03.06.2012 17:50:05 - Run 3
OTL by OldTimer - Version 3.2.43.2     Folder = C:\Dokumente und Einstellungen\Kipping\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 66,66% Memory free
3,60 Gb Paging File | 3,12 Gb Available in Paging File | 86,66% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 1863,01 Gb Total Space | 748,86 Gb Free Space | 40,20% Space Free | Partition Type: NTFS
Drive E: | 465,75 Gb Total Space | 427,11 Gb Free Space | 91,70% Space Free | Partition Type: NTFS
Drive J: | 29,81 Gb Total Space | 29,49 Gb Free Space | 98,93% Space Free | Partition Type: FAT32
 
Computer Name: KIPPING-F34A4F | User Name: Kipping | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{040FF9BD-17BE-427B-85DD-67694FB8F786}" = Badoo Desktop
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4183178B-4D4E-48A7-9257-454BA90A760E}" = SweetPacks Toolbar for Internet Explorer 4.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}" = Brother MFL-Pro Suite DCP-J515W
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{884BB5CC-108E-41a9-936D-955C999C06A1}_x" = GlobeTrotter Connect 
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF35250F-675D-4B4F-92D9-8D4C1615573A}" = GlobeTrotter Connect
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bandoo" = Bandoo
"CCleaner" = CCleaner
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"Google Chrome" = Google Chrome
"ICQToolbar" = ICQ Toolbar
"IrfanView" = IrfanView (remove only)
"Jardinains 2!_is1" = Jardinains 2!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"o2DE" = Mobile Connection Manager
"OpenAL" = OpenAL
"PriceGong" = PriceGong 2.6.4
"RealPlayer 12.0" = RealPlayer
"Searchqu 101 MediaBar" = Windows Searchqu Toolbar
"Searchqu Toolbar" = Windows Searchqu Toolbar
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XSManager" = XSManager
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZTE USB Driver" = ZTE USB Driver
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2012 11:48:09 | Computer Name = KIPPING-F34A4F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.43.2, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.06.2012 11:48:12 | Computer Name = KIPPING-F34A4F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.43.2, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.06.2012 11:48:52 | Computer Name = KIPPING-F34A4F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msfeedssync.exe, Version 8.0.6001.18702,
 fehlgeschlagenes Modul user32.dll, Version 5.1.2600.2180, Fehleradresse 0x0000bbcd.
 
Error - 03.06.2012 11:49:47 | Computer Name = KIPPING-F34A4F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.43.2, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.06.2012 11:50:09 | Computer Name = KIPPING-F34A4F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.43.2, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.06.2012 11:50:14 | Computer Name = KIPPING-F34A4F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.43.2, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.06.2012 11:50:16 | Computer Name = KIPPING-F34A4F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.43.2, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.06.2012 11:50:17 | Computer Name = KIPPING-F34A4F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.43.2, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.06.2012 11:50:18 | Computer Name = KIPPING-F34A4F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.43.2, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.06.2012 11:53:46 | Computer Name = KIPPING-F34A4F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msfeedssync.exe, Version 8.0.6001.18702,
 fehlgeschlagenes Modul user32.dll, Version 5.1.2600.2180, Fehleradresse 0x0000bbcd.
 
[ Application Events ]
Error - 03.06.2012 11:48:09 | Computer Name = KIPPING-F34A4F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.43.2, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.06.2012 11:48:12 | Computer Name = KIPPING-F34A4F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.43.2, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.06.2012 11:48:52 | Computer Name = KIPPING-F34A4F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msfeedssync.exe, Version 8.0.6001.18702,
 fehlgeschlagenes Modul user32.dll, Version 5.1.2600.2180, Fehleradresse 0x0000bbcd.
 
Error - 03.06.2012 11:49:47 | Computer Name = KIPPING-F34A4F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.43.2, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.06.2012 11:50:09 | Computer Name = KIPPING-F34A4F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.43.2, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.06.2012 11:50:14 | Computer Name = KIPPING-F34A4F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.43.2, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.06.2012 11:50:16 | Computer Name = KIPPING-F34A4F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.43.2, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.06.2012 11:50:17 | Computer Name = KIPPING-F34A4F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.43.2, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.06.2012 11:50:18 | Computer Name = KIPPING-F34A4F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.43.2, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 03.06.2012 11:53:46 | Computer Name = KIPPING-F34A4F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msfeedssync.exe, Version 8.0.6001.18702,
 fehlgeschlagenes Modul user32.dll, Version 5.1.2600.2180, Fehleradresse 0x0000bbcd.
 
[ System Events ]
Error - 03.06.2012 11:14:53 | Computer Name = KIPPING-F34A4F | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 03.06.2012 11:14:53 | Computer Name = KIPPING-F34A4F | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 03.06.2012 11:14:53 | Computer Name = KIPPING-F34A4F | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 03.06.2012 11:14:53 | Computer Name = KIPPING-F34A4F | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 03.06.2012 11:14:53 | Computer Name = KIPPING-F34A4F | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 03.06.2012 11:14:53 | Computer Name = KIPPING-F34A4F | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  avgio  avipbb  Fips  IPSec  MRxSmb  Ndisprot  NetBIOS  NetBT  Processor  RasAcd  Rdbss  ssmdrv  Tcpip
tidnet
 
Error - 03.06.2012 11:15:00 | Computer Name = KIPPING-F34A4F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 03.06.2012 11:15:05 | Computer Name = KIPPING-F34A4F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 03.06.2012 11:15:24 | Computer Name = KIPPING-F34A4F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 03.06.2012 11:45:08 | Computer Name = KIPPING-F34A4F | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
 "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem 
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
 eine Verbindung herzustellen.
 
 
< End of report >

cosinus · 03.06.2012, 18:00

Das war aber kein CustomScan

Seelenherz · 03.06.2012, 19:21

sorry, da hatte ich die Anweisung wohl nicht richtig verstanden *seufz*
Frau sollte halte nicht gleichzeitig am Computer werkeln und dabei mit dem nervenden Computereigner telefonieren

hier der, hoffentlich richtige, Log vom Customscan:

Code:

ATTFilter

OTL logfile created on: 03.06.2012 19:26:14 - Run 4
OTL by OldTimer - Version 3.2.43.2     Folder = C:\Dokumente und Einstellungen\Kipping\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 66,39% Memory free
3,60 Gb Paging File | 3,12 Gb Available in Paging File | 86,67% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 1863,01 Gb Total Space | 749,02 Gb Free Space | 40,20% Space Free | Partition Type: NTFS
Drive E: | 465,75 Gb Total Space | 427,11 Gb Free Space | 91,70% Space Free | Partition Type: NTFS
Drive J: | 29,81 Gb Total Space | 29,49 Gb Free Space | 98,92% Space Free | Partition Type: FAT32
 
Computer Name: KIPPING-F34A4F | User Name: Kipping | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.28 13:25:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kipping\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2011.06.30 10:34:58 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.27 10:17:05 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011.06.16 07:13:25 | 001,404,008 | ---- | M] () -- C:\WINDOWS\system32\ieconfig_1und1_svc.exe
PRC - [2011.04.30 19:44:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.30 18:10:28 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\WINDOWS\starter4g.exe
PRC - [2011.03.30 18:10:20 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\WINDOWS\service4g.exe
PRC - [2011.03.30 13:20:49 | 000,327,392 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe
PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.01.05 12:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2010.07.16 10:51:34 | 000,138,584 | ---- | M] () -- C:\Programme\Mobile Partner Manager\UIExec.exe
PRC - [2010.07.16 10:49:38 | 000,252,784 | ---- | M] () -- C:\Programme\Mobile Partner Manager\AssistantServices.exe
PRC - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Browny02\BrYNSvc.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.09.23 19:17:38 | 001,058,304 | ---- | M] (Option) -- C:\Programme\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
PRC - [2008.04.30 18:52:36 | 000,200,704 | ---- | M] (OptionNV) -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe
PRC - [2006.02.28 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.02.28 14:00:00 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wpabaln.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.06.16 07:13:25 | 001,404,008 | ---- | M] () -- C:\WINDOWS\system32\ieconfig_1und1_svc.exe
MOD - [2011.03.30 13:20:49 | 000,327,392 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe
MOD - [2010.11.17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2010.07.16 10:51:34 | 000,138,584 | ---- | M] () -- C:\Programme\Mobile Partner Manager\UIExec.exe
MOD - [2010.07.16 10:49:38 | 000,252,784 | ---- | M] () -- C:\Programme\Mobile Partner Manager\AssistantServices.exe
MOD - [2010.06.17 15:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008.09.23 19:17:38 | 000,079,872 | ---- | M] () -- C:\Programme\Option\GlobeTrotter Connect\custom.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.30 10:34:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.16 07:13:25 | 001,404,008 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2011.04.30 19:44:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.30 18:10:20 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\WINDOWS\service4g.exe -- (XS Stick Service)
SRV - [2011.03.30 13:20:49 | 000,327,392 | ---- | M] () [Auto | Running] -- C:\Programme\XSManager\WTGService.exe -- (WTGService)
SRV - [2011.01.05 12:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.07.16 10:49:38 | 000,252,784 | ---- | M] () [Auto | Running] -- C:\Programme\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.04.30 18:52:36 | 000,200,704 | ---- | M] (OptionNV) [Auto | Running] -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2003.07.28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.30 10:35:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 10:35:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.11 18:02:26 | 000,026,008 | ---- | M] (Telefónica I+D) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tidnet.sys -- (tidnet)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.02.22 18:33:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.02.22 18:33:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.02.22 18:33:48 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.12.28 16:52:40 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.12.17 12:31:42 | 000,021,504 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Ndisprot.sys -- (Ndisprot)
DRV - [2009.02.03 17:56:22 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2008.10.31 12:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.08.18 19:54:24 | 000,145,952 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008.03.25 12:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.03.25 12:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.02.18 18:14:38 | 000,106,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2008.02.08 14:00:22 | 000,059,648 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007.03.30 14:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.startup.page: 1user_pref("keyword.enabled",true);
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.27 10:17:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.04.22 18:18:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions\ffox@bandoo.com
 
[2011.09.19 08:13:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Extensions
[2012.06.03 17:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\extensions
[2012.04.22 18:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.02 17:06:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.03 17:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.04.22 18:18:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.22 18:18:39 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.22 18:18:39 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.04.22 18:18:39 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.22 18:18:39 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.22 18:18:39 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.22 18:18:39 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\Kipping\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\Kipping\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\
 
O1 HOSTS File: ([2012.06.03 17:12:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrStsMon00] C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [starter4g] C:\WINDOWS\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Programme\Mobile Partner Manager\UIExec.exe ()
O4 - HKU\S-1-5-21-1417001333-776561741-682003330-1004..\Run: [1und1Dispatcher] C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH)
O4 - HKU\S-1-5-21-1417001333-776561741-682003330-1004..\Run: [ICQ] ~"C:\Programme\ICQ7.4\ICQ.exe" silent loginmode=4 File not found
O4 - HKU\S-1-5-21-1417001333-776561741-682003330-1004..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1417001333-776561741-682003330-1004..\Run: [MultiScreen] C:\Programme\MultiScreen\MultiScreen.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GlobeTrotter Connect.lnk = C:\Programme\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe (Option)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Kipping\Startmenü\Programme\Autostart\ZooskMessenger.lnk =  File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.103.78 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1942DBDE-C660-44DF-A98E-D0BC98C3790A}: DhcpNameServer = 80.69.103.78 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar IE8\IE\uitb.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {222FB945-258A-4734-84EA-99E5B4EF4E00} - WEB.DE Browser Add-on
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {507E953C-3D3A-4CD3-8A96-5F0B455F2E3A} - WEB.DE Browser Toolbar
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.03 19:25:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012.06.01 16:10:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kipping\Desktop\OTL.exe
[2012.06.01 15:37:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2012.05.31 23:37:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.31 21:39:24 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Kipping\Desktop\esetsmartinstaller_enu.exe
[2012.05.31 19:21:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Malwarebytes
[2012.05.31 19:21:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.05.31 19:21:17 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.05.31 19:21:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.05.31 19:20:44 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Kipping\Desktop\mbam-setup-1.61.0.1400.exe
[2012.05.24 20:26:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012.05.24 19:59:04 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012.05.24 19:59:04 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012.05.24 19:59:04 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012.05.24 19:57:39 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012.05.24 18:42:13 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.05.24 11:08:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kipping\Desktop\Nicht verwendete Desktopverknüpfungen
[2012.05.17 16:47:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012.05.09 09:51:11 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Kipping\Recent
[2012.05.07 17:38:34 | 000,000,000 | ---D | C] -- C:\Programme\MSECache
[2012.03.06 22:38:04 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Programme\ccsetup316.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.03 19:28:30 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D7817404-DA80-4178-98E3-5FDA280E14C4}.job
[2012.06.03 19:23:31 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.06.03 19:23:31 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-776561741-682003330-1004.job
[2012.06.03 19:23:29 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.03 19:23:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.03 17:53:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.06.03 17:44:57 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.03 17:12:12 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012.06.03 15:56:11 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.01 16:18:04 | 000,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.01 15:37:29 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.05.31 21:12:51 | 000,115,712 | ---- | M] () -- C:\Dokumente und Einstellungen\Kipping\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.31 20:35:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-776561741-682003330-1004.job
[2012.05.31 19:52:12 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Kipping\Desktop\esetsmartinstaller_enu.exe
[2012.05.31 19:21:18 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.31 17:44:51 | 000,316,594 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.05.31 17:44:51 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.31 17:44:51 | 000,048,156 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.05.31 17:44:51 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.31 16:46:36 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Kipping\Desktop\mbam-setup-1.61.0.1400.exe
[2012.05.28 13:25:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kipping\Desktop\OTL.exe
[2012.05.24 20:00:07 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012.05.24 19:56:47 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012.05.24 19:56:46 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012.05.24 19:56:46 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012.05.24 19:56:24 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012.05.24 19:53:42 | 000,022,880 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.05.24 19:50:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012.05.24 19:04:08 | 000,034,692 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2012.05.17 21:39:11 | 000,000,250 | ---- | M] () -- C:\Dokumente und Einstellungen\Kipping\Desktop\AntiVir Desktop.lnk
[2012.05.07 20:24:09 | 000,000,283 | ---- | M] () -- C:\Dokumente und Einstellungen\Kipping\Desktop\SweetPcFix.url
 
========== Files Created - No Company Name ==========
 
[2012.05.31 19:21:18 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.24 19:58:57 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012.05.24 19:58:30 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012.05.24 19:58:17 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012.05.24 19:58:16 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012.05.24 19:58:14 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012.05.24 19:58:05 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012.05.24 19:58:01 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012.05.24 19:57:42 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012.05.24 19:52:04 | 000,000,621 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Messenger.lnk
[2012.05.24 19:29:36 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\Kipping\Startmenü\Programme\Internet Explorer.lnk
[2012.05.24 19:24:05 | 000,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2012.05.24 19:24:05 | 000,018,989 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2012.05.24 19:24:05 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2012.05.24 19:24:05 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012.05.24 19:24:05 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012.05.24 19:24:05 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012.05.24 19:24:04 | 001,899,936 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012.05.24 19:24:04 | 001,014,663 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2012.05.24 19:24:04 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012.05.24 19:24:04 | 000,523,252 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012.05.24 19:24:04 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012.05.24 19:24:04 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012.05.24 19:24:04 | 000,030,983 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012.05.24 19:24:04 | 000,014,043 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012.05.24 19:24:04 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012.05.24 19:24:04 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012.05.17 21:39:11 | 000,000,250 | ---- | C] () -- C:\Dokumente und Einstellungen\Kipping\Desktop\AntiVir Desktop.lnk
[2012.05.09 17:02:14 | 000,034,692 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2012.05.09 17:02:12 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.05.07 17:39:00 | 000,002,080 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Word Viewer 2003.lnk
[2012.05.06 19:51:21 | 000,000,283 | ---- | C] () -- C:\Dokumente und Einstellungen\Kipping\Desktop\SweetPcFix.url
[2012.05.05 22:31:11 | 000,725,815 | ---- | C] () -- C:\Dokumente und Einstellungen\Kipping\Eigene Dateien\Bescheid fes.jpg
[2012.04.20 09:52:07 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012.04.20 09:48:00 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT
[2012.02.16 10:17:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.09.19 08:13:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.08.12 14:40:51 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2011.06.18 12:55:39 | 001,524,112 | ---- | C] () -- C:\WINDOWS\System32\bandoolmx.dll
[2011.06.16 07:13:25 | 001,404,008 | ---- | C] () -- C:\WINDOWS\System32\ieconfig_1und1_svc.exe
[2011.06.16 07:13:24 | 003,406,336 | ---- | C] () -- C:\WINDOWS\System32\WEBDE-DLLUpdate1.exe
[2011.03.12 10:49:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.02.26 20:08:47 | 000,115,712 | ---- | C] () -- C:\Dokumente und Einstellungen\Kipping\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.25 12:52:35 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011.02.25 12:52:35 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011.02.25 12:52:35 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011.02.25 12:52:35 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011.02.25 12:52:35 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011.02.25 12:52:35 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011.02.25 12:52:35 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011.02.25 12:52:35 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011.02.25 12:52:35 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011.02.25 12:52:35 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011.02.25 12:52:35 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011.02.25 12:52:35 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011.02.25 12:52:35 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011.02.25 12:52:35 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011.02.25 12:52:35 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011.02.25 12:52:35 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011.02.25 12:52:35 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011.02.25 12:52:35 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011.02.25 12:52:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011.02.25 12:45:54 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2011.02.25 10:47:52 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.02.21 19:14:34 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011.02.21 18:16:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.02.21 18:11:34 | 000,022,880 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.02.21 17:52:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.02.21 17:49:06 | 000,112,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== LOP Check ==========
 
[2012.06.03 17:08:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon
[2011.12.20 12:49:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2011.07.06 09:20:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DesktopIcons
[2011.07.31 13:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2012.01.08 01:04:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2011.12.02 14:55:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FarmFrenzy-PizzaParty
[2011.10.21 12:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.06.16 07:14:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2011.10.27 11:37:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MumboJumbo
[2011.10.28 08:26:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Playrix Entertainment
[2011.12.24 14:06:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TERMINAL Studio
[2011.02.25 12:55:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2011.12.14 11:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb
[2012.05.02 01:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2011.02.23 23:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.07.19 22:50:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\1&1 Mail & Media GmbH
[2011.12.25 02:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Ancient Quest of Saqqarah__cminion
[2011.07.07 09:55:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\BabylonToolbar
[2011.06.18 12:56:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Bandoo
[2011.06.08 16:53:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.07.31 10:09:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\go
[2012.05.06 19:53:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\ICQ
[2012.05.02 09:34:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\TeamViewer
[2012.01.14 00:30:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Telefónica
[2012.04.10 20:10:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\XSManager
[2012.04.10 19:46:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\XSManager
[2012.06.03 17:53:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012.06.03 19:28:30 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D7817404-DA80-4178-98E3-5FDA280E14C4}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.19 22:50:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\1&1 Mail & Media GmbH
[2011.06.08 16:47:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Adobe
[2011.12.25 02:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Ancient Quest of Saqqarah__cminion
[2011.02.26 20:09:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Apple Computer
[2011.03.03 21:08:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Avira
[2011.07.07 09:55:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\BabylonToolbar
[2011.06.18 12:56:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Bandoo
[2012.04.23 09:25:12 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Brother
[2011.06.08 16:53:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011.12.01 15:13:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\dvdcss
[2011.07.31 10:09:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\go
[2011.02.23 23:50:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Google
[2012.05.06 19:53:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\ICQ
[2011.02.21 18:18:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Identities
[2011.02.25 12:52:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\InstallShield
[2011.02.23 23:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Macromedia
[2012.05.31 19:21:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Malwarebytes
[2011.08.10 23:29:42 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Microsoft
[2011.02.25 10:43:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Microsoft Web Folders
[2011.09.19 08:13:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Mozilla
[2011.06.15 20:54:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Real
[2012.04.22 18:56:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Skype
[2011.05.29 16:06:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\skypePM
[2011.02.24 20:38:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Sun
[2012.05.02 09:34:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\TeamViewer
[2012.01.14 00:30:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Telefónica
[2011.08.08 13:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\vlc
[2011.02.25 23:12:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\WinRAR
[2012.04.10 20:10:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\XSManager
[2011.02.24 20:33:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Yahoo!
 
< %APPDATA%\*.exe /s >
[2012.05.24 16:00:30 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2006.02.28 14:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: NVGTS.SYS  >
[2008.08.18 19:54:24 | 000,145,952 | R--- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- C:\WINDOWS\system32\drivers\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.02.28 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\dllcache\user32.dll
[2006.02.28 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.02.28 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2006.02.28 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2012.05.24 21:21:54 | 000,290,816 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012.05.24 19:09:34 | 000,143,360 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2012.05.24 21:21:54 | 022,282,240 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012.05.24 21:21:54 | 010,223,616 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

Edith fügt noch hinzu: Danke für deine Mühe und Geduld

cosinus · 03.06.2012, 19:25

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
SRV - File not found [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
FF - prefs.js..browser.startup.page: 1user_pref("keyword.enabled",true);
FF - user.js - File not found
O3 - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKU\S-1-5-21-1417001333-776561741-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar IE8\IE\uitb.dll File not found
[2011.07.07 09:55:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\BabylonToolbar
[2011.06.18 12:56:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Bandoo
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Seelenherz · 03.06.2012, 19:58

Der Fix hat wieder im abgesicherten Modus stattgefunden

Code:

ATTFilter

All processes killed
========== OTL ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
File C:\Programme\ICQ6Toolbar\ICQ Service.exe not found.
Prefs.js: 1user_pref("keyword.enabled",true); removed from browser.startup.page
Registry value HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
Registry value HKEY_USERS\S-1-5-21-1417001333-776561741-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\webde\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FAF0273-9CA8-4efc-9536-1E35E254D5CD}\ deleted successfully.
File {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar IE8\IE\uitb.dll File not found not found.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Dokumente und Einstellungen\Kipping\Anwendungsdaten\Bandoo folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Administrator.KIPPING-F34A4F
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kipping
->Temp folder emptied: 781617 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
RecycleBin emptied: 252632 bytes
 
Total Files Cleaned = 1,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: Administrator.KIPPING-F34A4F
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Kipping
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.2 log created on 06032012_204324

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 03.06.2012, 21:05

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Seelenherz · 03.06.2012, 21:47

Ich hoffe ich hab alles richtig gemacht

TDSS-Killer-Log:

Code:

ATTFilter

22:37:30.0500 3104	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:37:30.0593 3104	============================================================
22:37:30.0593 3104	Current date / time: 2012/06/03 22:37:30.0593
22:37:30.0593 3104	SystemInfo:
22:37:30.0593 3104	
22:37:30.0593 3104	OS Version: 5.1.2600 ServicePack: 2.0
22:37:30.0593 3104	Product type: Workstation
22:37:30.0593 3104	ComputerName: KIPPING-F34A4F
22:37:30.0593 3104	UserName: Kipping
22:37:30.0593 3104	Windows directory: C:\WINDOWS
22:37:30.0593 3104	System windows directory: C:\WINDOWS
22:37:30.0593 3104	Processor architecture: Intel x86
22:37:30.0593 3104	Number of processors: 2
22:37:30.0593 3104	Page size: 0x1000
22:37:30.0593 3104	Boot type: Normal boot
22:37:30.0593 3104	============================================================
22:37:33.0546 3104	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:37:33.0578 3104	Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:37:33.0609 3104	Drive \Device\Harddisk6\DR12 - Size: 0x775000000 (29.83 Gb), SectorSize: 0x200, Cylinders: 0xF35, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:37:33.0609 3104	============================================================
22:37:33.0609 3104	\Device\Harddisk0\DR0:
22:37:33.0609 3104	MBR partitions:
22:37:33.0609 3104	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
22:37:33.0609 3104	\Device\Harddisk1\DR1:
22:37:33.0609 3104	MBR partitions:
22:37:33.0609 3104	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E035C1
22:37:33.0609 3104	\Device\Harddisk6\DR12:
22:37:33.0609 3104	MBR partitions:
22:37:33.0609 3104	\Device\Harddisk6\DR12\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x3BA6080
22:37:33.0609 3104	============================================================
22:37:33.0671 3104	C: <-> \Device\Harddisk1\DR1\Partition0
22:37:33.0671 3104	E: <-> \Device\Harddisk0\DR0\Partition0
22:37:33.0671 3104	============================================================
22:37:33.0671 3104	Initialize success
22:37:33.0671 3104	============================================================
22:39:40.0984 2664	============================================================
22:39:40.0984 2664	Scan started
22:39:40.0984 2664	Mode: Manual; SigCheck; TDLFS; 
22:39:40.0984 2664	============================================================
22:39:44.0828 2664	Abiosdsk - ok
22:39:44.0843 2664	abp480n5 - ok
22:39:44.0953 2664	ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:39:45.0312 2664	ACPI - ok
22:39:45.0343 2664	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:39:45.0421 2664	ACPIEC - ok
22:39:45.0437 2664	adpu160m - ok
22:39:45.0500 2664	aec             (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
22:39:45.0609 2664	aec - ok
22:39:45.0640 2664	AFD             (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
22:39:45.0765 2664	AFD - ok
22:39:45.0765 2664	Aha154x - ok
22:39:45.0765 2664	aic78u2 - ok
22:39:45.0781 2664	aic78xx - ok
22:39:45.0968 2664	Alerter         (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll
22:39:46.0312 2664	Alerter - ok
22:39:46.0390 2664	ALG             (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe
22:39:46.0453 2664	ALG - ok
22:39:46.0468 2664	AliIde - ok
22:39:46.0468 2664	amsint - ok
22:39:46.0593 2664	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
22:39:46.0609 2664	AntiVirSchedulerService - ok
22:39:46.0671 2664	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
22:39:46.0687 2664	AntiVirService - ok
22:39:46.0703 2664	Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:39:46.0703 2664	Apple Mobile Device - ok
22:39:46.0718 2664	AppMgmt - ok
22:39:46.0718 2664	asc - ok
22:39:46.0734 2664	asc3350p - ok
22:39:46.0734 2664	asc3550 - ok
22:39:46.0890 2664	AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:39:47.0109 2664	AsyncMac - ok
22:39:47.0343 2664	atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:39:47.0640 2664	atapi - ok
22:39:47.0640 2664	Atdisk - ok
22:39:47.0750 2664	Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:39:47.0921 2664	Atmarpc - ok
22:39:47.0984 2664	AudioSrv        (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll
22:39:48.0109 2664	AudioSrv - ok
22:39:48.0187 2664	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:39:48.0296 2664	audstub - ok
22:39:48.0312 2664	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
22:39:48.0312 2664	avgio - ok
22:39:48.0328 2664	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:39:48.0484 2664	avgntflt - ok
22:39:48.0500 2664	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:39:48.0500 2664	avipbb - ok
22:39:48.0546 2664	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:39:48.0671 2664	Beep - ok
22:39:48.0828 2664	BITS            (3a5e54a9ab96ef2d273b58136fb58efe) C:\WINDOWS\system32\qmgr.dll
22:39:49.0015 2664	BITS - ok
22:39:49.0203 2664	Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Programme\Bonjour\mDNSResponder.exe
22:39:49.0250 2664	Bonjour Service - ok
22:39:49.0312 2664	Browser         (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll
22:39:49.0437 2664	Browser - ok
22:39:49.0562 2664	BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
22:39:49.0593 2664	BrScnUsb - ok
22:39:49.0671 2664	BrYNSvc         (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Programme\Browny02\BrYNSvc.exe
22:39:49.0671 2664	BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
22:39:49.0671 2664	BrYNSvc - detected UnsignedFile.Multi.Generic (1)
22:39:49.0718 2664	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:39:49.0859 2664	cbidf2k - ok
22:39:49.0953 2664	CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:39:50.0187 2664	CCDECODE - ok
22:39:50.0203 2664	cd20xrnt - ok
22:39:50.0250 2664	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:39:50.0375 2664	Cdaudio - ok
22:39:50.0468 2664	Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:39:50.0593 2664	Cdfs - ok
22:39:50.0671 2664	Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:39:50.0781 2664	Cdrom - ok
22:39:50.0796 2664	Changer - ok
22:39:50.0875 2664	CiSvc           (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\system32\cisvc.exe
22:39:50.0984 2664	CiSvc - ok
22:39:51.0000 2664	ClipSrv         (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe
22:39:51.0109 2664	ClipSrv - ok
22:39:51.0125 2664	CmdIde - ok
22:39:51.0125 2664	COMSysApp - ok
22:39:51.0140 2664	Cpqarray - ok
22:39:51.0156 2664	CryptSvc        (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll
22:39:51.0281 2664	CryptSvc - ok
22:39:51.0281 2664	dac2w2k - ok
22:39:51.0281 2664	dac960nt - ok
22:39:51.0343 2664	DcomLaunch      (9f28ff58d6d67b123272869d89d14004) C:\WINDOWS\system32\rpcss.dll
22:39:51.0453 2664	DcomLaunch - ok
22:39:51.0531 2664	Dhcp            (69f986b2688ba95a0d9362b0e233d5ff) C:\WINDOWS\System32\dhcpcsvc.dll
22:39:51.0640 2664	Dhcp - ok
22:39:51.0687 2664	Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:39:51.0828 2664	Disk - ok
22:39:51.0828 2664	dmadmin - ok
22:39:51.0953 2664	dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
22:39:52.0093 2664	dmboot - ok
22:39:52.0515 2664	dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
22:39:52.0718 2664	dmio - ok
22:39:52.0796 2664	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:39:52.0921 2664	dmload - ok
22:39:52.0984 2664	dmserver        (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll
22:39:53.0109 2664	dmserver - ok
22:39:53.0171 2664	DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
22:39:53.0296 2664	DMusic - ok
22:39:53.0390 2664	Dnscache        (d1f5b71bbaeee07b78980dbd878c0bc7) C:\WINDOWS\System32\dnsrslvr.dll
22:39:53.0515 2664	Dnscache - ok
22:39:53.0625 2664	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
22:39:53.0625 2664	Dot3svc ( UnsignedFile.Multi.Generic ) - warning
22:39:53.0625 2664	Dot3svc - detected UnsignedFile.Multi.Generic (1)
22:39:53.0640 2664	dpti2o - ok
22:39:53.0656 2664	drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
22:39:53.0750 2664	drmkaud - ok
22:39:53.0968 2664	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
22:39:53.0968 2664	EapHost ( UnsignedFile.Multi.Generic ) - warning
22:39:53.0968 2664	EapHost - detected UnsignedFile.Multi.Generic (1)
22:39:54.0000 2664	ERSvc           (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll
22:39:54.0109 2664	ERSvc - ok
22:39:54.0171 2664	Eventlog        (edb6b81761bd60f32f740bbc40afb676) C:\WINDOWS\system32\services.exe
22:39:54.0296 2664	Eventlog - ok
22:39:54.0312 2664	EventSystem     (4e1a8645ee77cb9454ffe53c59620a25) C:\WINDOWS\system32\es.dll
22:39:54.0421 2664	EventSystem - ok
22:39:54.0468 2664	Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:39:54.0578 2664	Fastfat - ok
22:39:54.0625 2664	FastUserSwitchingCompatibility (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
22:39:54.0734 2664	FastUserSwitchingCompatibility - ok
22:39:54.0828 2664	Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:39:54.0937 2664	Fdc - ok
22:39:55.0046 2664	Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
22:39:55.0156 2664	Fips - ok
22:39:55.0203 2664	Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:39:55.0296 2664	Flpydisk - ok
22:39:55.0328 2664	FltMgr          (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:39:55.0468 2664	FltMgr - ok
22:39:55.0468 2664	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:39:55.0578 2664	Fs_Rec - ok
22:39:55.0609 2664	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:39:55.0718 2664	Ftdisk - ok
22:39:55.0890 2664	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:39:55.0921 2664	GEARAspiWDM - ok
22:39:56.0312 2664	Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:39:56.0671 2664	Gpc - ok
22:39:56.0906 2664	GT72NDISIPXP    (20a940d96e69be65f9b6e4695baac6dc) C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys
22:39:57.0234 2664	GT72NDISIPXP - ok
22:39:57.0312 2664	GT72UBUS        (1678d49ea3e76ccabde89d7b26d5061c) C:\WINDOWS\system32\DRIVERS\gt72ubus.sys
22:39:57.0359 2664	GT72UBUS - ok
22:39:57.0546 2664	GtDetectSc      (7bb49662d16e8528399668a95f4bbc28) C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe
22:39:57.0562 2664	GtDetectSc ( UnsignedFile.Multi.Generic ) - warning
22:39:57.0562 2664	GtDetectSc - detected UnsignedFile.Multi.Generic (1)
22:39:57.0562 2664	GTPTSER         (346ddaefa04e49ad804ee12d4baa0ed3) C:\WINDOWS\system32\DRIVERS\gtptser.sys
22:39:57.0656 2664	GTPTSER - ok
22:39:57.0906 2664	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
22:39:57.0937 2664	gupdate - ok
22:39:57.0937 2664	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
22:39:57.0968 2664	gupdatem - ok
22:39:58.0156 2664	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
22:39:58.0171 2664	gusvc - ok
22:39:58.0265 2664	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:39:58.0281 2664	HDAudBus ( UnsignedFile.Multi.Generic ) - warning
22:39:58.0281 2664	HDAudBus - detected UnsignedFile.Multi.Generic (1)
22:39:58.0296 2664	helpsvc         (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:39:58.0546 2664	helpsvc - ok
22:39:58.0562 2664	HidServ         (b647ca198b9c73056abfb0a9d8f4916d) C:\WINDOWS\System32\hidserv.dll
22:39:58.0703 2664	HidServ - ok
22:39:58.0734 2664	HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:39:58.0890 2664	HidUsb - ok
22:39:59.0000 2664	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
22:39:59.0000 2664	hkmsvc ( UnsignedFile.Multi.Generic ) - warning
22:39:59.0000 2664	hkmsvc - detected UnsignedFile.Multi.Generic (1)
22:39:59.0015 2664	hpn - ok
22:39:59.0062 2664	HTTP            (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
22:39:59.0171 2664	HTTP - ok
22:39:59.0234 2664	HTTPFilter      (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll
22:39:59.0359 2664	HTTPFilter - ok
22:39:59.0359 2664	i2omgmt - ok
22:39:59.0359 2664	i2omp - ok
22:39:59.0406 2664	i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:39:59.0515 2664	i8042prt - ok
22:39:59.0531 2664	Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:39:59.0671 2664	Imapi - ok
22:39:59.0765 2664	ImapiService    (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\system32\imapi.exe
22:39:59.0890 2664	ImapiService - ok
22:39:59.0906 2664	ini910u - ok
22:40:01.0000 2664	IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:40:01.0281 2664	IntcAzAudAddService - ok
22:40:02.0093 2664	IntelIde - ok
22:40:02.0250 2664	Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:40:02.0390 2664	Ip6Fw - ok
22:40:02.0484 2664	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:40:02.0640 2664	IpFilterDriver - ok
22:40:02.0687 2664	IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:40:02.0812 2664	IpInIp - ok
22:40:02.0828 2664	IpNat           (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:40:03.0046 2664	IpNat - ok
22:40:03.0156 2664	iPod Service    (8e5e5a8cc84da3f683e3bbc045138d52) C:\Programme\iPod\bin\iPodService.exe
22:40:03.0187 2664	iPod Service - ok
22:40:03.0265 2664	IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:40:03.0437 2664	IPSec - ok
22:40:03.0500 2664	IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:40:03.0562 2664	IRENUM - ok
22:40:03.0640 2664	isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:40:03.0750 2664	isapnp - ok
22:40:03.0875 2664	JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
22:40:03.0890 2664	JavaQuickStarterService - ok
22:40:03.0906 2664	Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:40:04.0015 2664	Kbdclass - ok
22:40:04.0062 2664	kbdhid          (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:40:04.0171 2664	kbdhid - ok
22:40:04.0375 2664	kmixer          (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
22:40:04.0609 2664	kmixer - ok
22:40:04.0718 2664	KSecDD          (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
22:40:04.0890 2664	KSecDD - ok
22:40:04.0906 2664	LanmanServer    (f8170aa51cd202bc062b8a0983f361b7) C:\WINDOWS\System32\srvsvc.dll
22:40:05.0031 2664	LanmanServer - ok
22:40:05.0046 2664	lanmanworkstation (36d74668f5448d55887fa3958488dc06) C:\WINDOWS\System32\wkssvc.dll
22:40:05.0140 2664	lanmanworkstation - ok
22:40:05.0218 2664	lbrtfdc - ok
22:40:05.0375 2664	LmHosts         (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll
22:40:05.0515 2664	LmHosts - ok
22:40:05.0546 2664	massfilter      (d5673785903639d186dc345ff86f423f) C:\WINDOWS\system32\drivers\massfilter.sys
22:40:05.0625 2664	massfilter - ok
22:40:05.0671 2664	massfilter_hs   (38bfa8fa6d838cbab58a1c2b49ebf96b) C:\WINDOWS\system32\drivers\massfilter_hs.sys
22:40:05.0750 2664	massfilter_hs - ok
22:40:05.0812 2664	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
22:40:05.0828 2664	MBAMProtector - ok
22:40:06.0250 2664	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
22:40:06.0328 2664	MBAMService - ok
22:40:06.0390 2664	Messenger       (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll
22:40:06.0656 2664	Messenger - ok
22:40:06.0687 2664	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:40:06.0812 2664	mnmdd - ok
22:40:07.0265 2664	mnmsrvc         (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\system32\mnmsrvc.exe
22:40:07.0546 2664	mnmsrvc - ok
22:40:07.0609 2664	Modem           (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
22:40:07.0718 2664	Modem - ok
22:40:07.0953 2664	Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:40:08.0078 2664	Mouclass - ok
22:40:08.0234 2664	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:40:08.0453 2664	mouhid - ok
22:40:08.0781 2664	MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:40:08.0921 2664	MountMgr - ok
22:40:08.0921 2664	mraid35x - ok
22:40:08.0953 2664	MRxDAV          (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:40:09.0109 2664	MRxDAV - ok
22:40:09.0140 2664	MRxSmb          (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:40:09.0250 2664	MRxSmb - ok
22:40:09.0312 2664	MSDTC           (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\system32\msdtc.exe
22:40:09.0406 2664	MSDTC - ok
22:40:09.0406 2664	Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:40:09.0578 2664	Msfs - ok
22:40:09.0578 2664	MSIServer - ok
22:40:09.0687 2664	MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:40:09.0781 2664	MSKSSRV - ok
22:40:09.0828 2664	MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:40:09.0937 2664	MSPCLOCK - ok
22:40:09.0984 2664	MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
22:40:11.0015 2664	MSPQM - ok
22:40:11.0421 2664	mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:40:11.0562 2664	mssmbios - ok
22:40:11.0921 2664	MSTEE           (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
22:40:12.0140 2664	MSTEE - ok
22:40:12.0671 2664	Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
22:40:12.0781 2664	Mup - ok
22:40:12.0828 2664	NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:40:12.0937 2664	NABTSFEC - ok
22:40:13.0703 2664	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
22:40:14.0093 2664	napagent ( UnsignedFile.Multi.Generic ) - warning
22:40:14.0093 2664	napagent - detected UnsignedFile.Multi.Generic (1)
22:40:14.0109 2664	NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:40:14.0250 2664	NDIS - ok
22:40:14.0281 2664	NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:40:14.0375 2664	NdisIP - ok
22:40:14.0718 2664	Ndisprot        (e94265636d893314463cb650e43c3eb5) C:\WINDOWS\system32\DRIVERS\ndisprot.sys
22:40:14.0750 2664	Ndisprot ( UnsignedFile.Multi.Generic ) - warning
22:40:14.0750 2664	Ndisprot - detected UnsignedFile.Multi.Generic (1)
22:40:14.0875 2664	NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:40:14.0984 2664	NdisTapi - ok
22:40:15.0218 2664	Ndisuio         (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:40:15.0375 2664	Ndisuio - ok
22:40:15.0437 2664	NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:40:15.0625 2664	NdisWan - ok
22:40:15.0984 2664	NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:40:16.0109 2664	NDProxy - ok
22:40:16.0125 2664	NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:40:16.0218 2664	NetBIOS - ok
22:40:16.0312 2664	NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:40:16.0406 2664	NetBT - ok
22:40:16.0609 2664	NetDDE          (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
22:40:16.0703 2664	NetDDE - ok
22:40:16.0718 2664	NetDDEdsdm      (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
22:40:16.0828 2664	NetDDEdsdm - ok
22:40:16.0953 2664	Netlogon        (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
22:40:17.0203 2664	Netlogon - ok
22:40:17.0312 2664	Netman          (cdf4da6b518105343fe9e8afbbf8fbf4) C:\WINDOWS\System32\netman.dll
22:40:17.0421 2664	Netman - ok
22:40:17.0781 2664	Nla             (b36e08f680bae4dfc5c24d00a2dfc9e7) C:\WINDOWS\System32\mswsock.dll
22:40:17.0906 2664	Nla - ok
22:40:18.0000 2664	Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:40:18.0109 2664	Npfs - ok
22:40:18.0437 2664	Ntfs            (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
22:40:18.0546 2664	Ntfs - ok
22:40:18.0546 2664	NtLmSsp         (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
22:40:18.0656 2664	NtLmSsp - ok
22:40:19.0406 2664	NtmsSvc         (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll
22:40:19.0812 2664	NtmsSvc - ok
22:40:19.0875 2664	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:40:20.0078 2664	Null - ok
22:40:20.0906 2664	nv              (02e3a5cf6de77dba144550fd1c4a4cd9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:40:21.0625 2664	nv - ok
22:40:21.0734 2664	NVENETFD        (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
22:40:21.0781 2664	NVENETFD - ok
22:40:21.0796 2664	nvgts           (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
22:40:21.0812 2664	nvgts - ok
22:40:21.0812 2664	nvnetbus        (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22:40:21.0875 2664	nvnetbus - ok
22:40:22.0000 2664	NVSvc           (679b4bd1152079fb65f4a28d7e3bd5d8) C:\WINDOWS\system32\nvsvc32.exe
22:40:22.0015 2664	NVSvc - ok
22:40:22.0062 2664	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:40:22.0203 2664	NwlnkFlt - ok
22:40:22.0296 2664	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:40:22.0406 2664	NwlnkFwd - ok
22:40:22.0593 2664	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
22:40:22.0609 2664	ose - ok
22:40:22.0640 2664	Parport         (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
22:40:22.0765 2664	Parport - ok
22:40:22.0781 2664	PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:40:22.0890 2664	PartMgr - ok
22:40:22.0906 2664	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:40:23.0015 2664	ParVdm - ok
22:40:23.0015 2664	PCI             (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
22:40:23.0156 2664	PCI - ok
22:40:23.0171 2664	PCIDump - ok
22:40:23.0203 2664	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:40:23.0343 2664	PCIIde - ok
22:40:23.0468 2664	Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:40:23.0625 2664	Pcmcia - ok
22:40:23.0625 2664	PDCOMP - ok
22:40:23.0640 2664	PDFRAME - ok
22:40:23.0640 2664	PDRELI - ok
22:40:23.0656 2664	PDRFRAME - ok
22:40:23.0656 2664	perc2 - ok
22:40:23.0671 2664	perc2hib - ok
22:40:23.0734 2664	PlugPlay        (edb6b81761bd60f32f740bbc40afb676) C:\WINDOWS\system32\services.exe
22:40:23.0859 2664	PlugPlay - ok
22:40:24.0000 2664	PolicyAgent     (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
22:40:24.0125 2664	PolicyAgent - ok
22:40:24.0250 2664	PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:40:24.0343 2664	PptpMiniport - ok
22:40:24.0515 2664	Processor       (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
22:40:24.0625 2664	Processor - ok
22:40:24.0625 2664	ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
22:40:24.0718 2664	ProtectedStorage - ok
22:40:24.0718 2664	PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:40:24.0828 2664	PSched - ok
22:40:24.0843 2664	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:40:24.0937 2664	Ptilink - ok
22:40:24.0937 2664	ql1080 - ok
22:40:24.0953 2664	Ql10wnt - ok
22:40:24.0953 2664	ql12160 - ok
22:40:24.0968 2664	ql1240 - ok
22:40:24.0968 2664	ql1280 - ok
22:40:25.0031 2664	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:40:25.0109 2664	RasAcd - ok
22:40:25.0203 2664	RasAuto         (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll
22:40:25.0296 2664	RasAuto - ok
22:40:25.0328 2664	Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:40:25.0421 2664	Rasl2tp - ok
22:40:25.0546 2664	RasMan          (a5d2d745a2aefa327dca6da317b5fd70) C:\WINDOWS\System32\rasmans.dll
22:40:25.0640 2664	RasMan - ok
22:40:25.0656 2664	RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:40:25.0781 2664	RasPppoe - ok
22:40:25.0796 2664	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:40:25.0921 2664	Raspti - ok
22:40:26.0109 2664	Rdbss           (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:40:26.0265 2664	Rdbss - ok
22:40:26.0296 2664	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:40:26.0406 2664	RDPCDD - ok
22:40:26.0578 2664	RDPWD           (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
22:40:26.0656 2664	RDPWD - ok
22:40:26.0812 2664	RDSessMgr       (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe
22:40:26.0906 2664	RDSessMgr - ok
22:40:27.0000 2664	redbook         (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:40:27.0156 2664	redbook - ok
22:40:27.0234 2664	RemoteAccess    (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll
22:40:27.0359 2664	RemoteAccess - ok
22:40:27.0390 2664	RpcLocator      (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\system32\locator.exe
22:40:27.0500 2664	RpcLocator - ok
22:40:27.0578 2664	RpcSs           (9f28ff58d6d67b123272869d89d14004) C:\WINDOWS\system32\rpcss.dll
22:40:27.0671 2664	RpcSs - ok
22:40:27.0750 2664	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
22:40:27.0843 2664	RSVP - ok
22:40:27.0906 2664	SamSs           (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
22:40:27.0984 2664	SamSs - ok
22:40:28.0046 2664	SCardSvr        (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe
22:40:28.0140 2664	SCardSvr - ok
22:40:28.0234 2664	Schedule        (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll
22:40:28.0328 2664	Schedule - ok
22:40:28.0343 2664	Secdrv          (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:40:28.0406 2664	Secdrv - ok
22:40:28.0468 2664	seclogon        (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll
22:40:28.0578 2664	seclogon - ok
22:40:28.0625 2664	SENS            (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll
22:40:28.0734 2664	SENS - ok
22:40:28.0750 2664	serenum         (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:40:28.0890 2664	serenum - ok
22:40:28.0953 2664	Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
22:40:29.0062 2664	Serial - ok
22:40:29.0062 2664	serviceIEConfig - ok
22:40:29.0093 2664	Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:40:29.0234 2664	Sfloppy - ok
22:40:29.0296 2664	SharedAccess    (9245420422e409a25c1410acb4244060) C:\WINDOWS\System32\ipnathlp.dll
22:40:29.0671 2664	SharedAccess - ok
22:40:29.0843 2664	ShellHWDetection (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
22:40:29.0953 2664	ShellHWDetection - ok
22:40:29.0953 2664	Simbad - ok
22:40:29.0984 2664	SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:40:30.0375 2664	SLIP - ok
22:40:30.0375 2664	Sparrow - ok
22:40:30.0484 2664	splitter        (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
22:40:30.0609 2664	splitter - ok
22:40:30.0750 2664	Spooler         (54e7113a4bd696e430919bcaf5c65e06) C:\WINDOWS\system32\spoolsv.exe
22:40:30.0890 2664	Spooler - ok
22:40:31.0031 2664	sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
22:40:31.0093 2664	sr - ok
22:40:31.0859 2664	srservice       (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\system32\srsvc.dll
22:40:31.0921 2664	srservice - ok
22:40:32.0562 2664	Srv             (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
22:40:32.0703 2664	Srv - ok
22:40:32.0828 2664	SSDPSRV         (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll
22:40:33.0171 2664	SSDPSRV - ok
22:40:33.0234 2664	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:40:33.0234 2664	ssmdrv - ok
22:40:33.0265 2664	stisvc          (7e751068ada60fc77638622e86a7cd9e) C:\WINDOWS\system32\wiaservc.dll
22:40:33.0484 2664	stisvc - ok
22:40:33.0531 2664	streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:40:33.0625 2664	streamip - ok
22:40:33.0796 2664	swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:40:33.0921 2664	swenum - ok
22:40:34.0015 2664	swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
22:40:34.0093 2664	swmidi - ok
22:40:34.0109 2664	SwPrv - ok
22:40:34.0109 2664	symc810 - ok
22:40:34.0125 2664	symc8xx - ok
22:40:34.0125 2664	sym_hi - ok
22:40:34.0140 2664	sym_u3 - ok
22:40:35.0296 2664	sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
22:40:35.0390 2664	sysaudio - ok
22:40:35.0703 2664	SysmonLog       (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe
22:40:36.0218 2664	SysmonLog - ok
22:40:36.0281 2664	TapiSrv         (4584e2a5fe662ab3e7c32936e1449043) C:\WINDOWS\System32\tapisrv.dll
22:40:36.0406 2664	TapiSrv - ok
22:40:36.0437 2664	Tcpip           (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:40:36.0546 2664	Tcpip - ok
22:40:36.0578 2664	TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:40:36.0687 2664	TDPIPE - ok
22:40:36.0734 2664	TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:40:36.0812 2664	TDTCP - ok
22:40:36.0875 2664	TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:40:36.0953 2664	TermDD - ok
22:40:36.0984 2664	TermService     (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll
22:40:37.0078 2664	TermService - ok
22:40:37.0187 2664	TGCM_ImportWiFiSvc (8f14de79ebe73d6d717b8455e64dda86) C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
22:40:37.0203 2664	TGCM_ImportWiFiSvc - ok
22:40:37.0218 2664	Themes          (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
22:40:37.0312 2664	Themes - ok
22:40:37.0312 2664	tidnet          (e27982d1c30ae1dd7eb8eb5caf8d20c6) C:\WINDOWS\system32\DRIVERS\tidnet.sys
22:40:37.0328 2664	tidnet - ok
22:40:37.0328 2664	TosIde - ok
22:40:37.0343 2664	TrkWks          (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll
22:40:37.0484 2664	TrkWks - ok
22:40:37.0515 2664	Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:40:37.0781 2664	Udfs - ok
22:40:38.0171 2664	UI Assistant Service (ad67771ebc9c249a78bedb406d4eea64) C:\Programme\Mobile Partner Manager\AssistantServices.exe
22:40:38.0218 2664	UI Assistant Service - ok
22:40:38.0218 2664	ultra - ok
22:40:38.0437 2664	Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
22:40:38.0593 2664	Update - ok
22:40:38.0781 2664	upnphost        (09d4a2d7c5a8abec227d118765faaddf) C:\WINDOWS\System32\upnphost.dll
22:40:38.0984 2664	upnphost - ok
22:40:39.0031 2664	UPS             (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe
22:40:39.0125 2664	UPS - ok
22:40:39.0187 2664	usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:40:39.0296 2664	usbccgp - ok
22:40:39.0343 2664	usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:40:39.0421 2664	usbehci - ok
22:40:39.0562 2664	usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:40:39.0687 2664	usbhub - ok
22:40:39.0718 2664	usbohci         (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:40:39.0812 2664	usbohci - ok
22:40:40.0093 2664	usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:40:40.0171 2664	usbprint - ok
22:40:40.0234 2664	usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:40:40.0328 2664	usbscan - ok
22:40:40.0406 2664	USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:40:40.0515 2664	USBSTOR - ok
22:40:40.0609 2664	usbvideo        (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:40:40.0750 2664	usbvideo - ok
22:40:40.0750 2664	VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:40:40.0843 2664	VgaSave - ok
22:40:40.0859 2664	ViaIde - ok
22:40:40.0890 2664	VolSnap         (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
22:40:40.0968 2664	VolSnap - ok
22:40:41.0218 2664	VSS             (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe
22:40:41.0265 2664	VSS - ok
22:40:41.0312 2664	W32Time         (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\system32\w32time.dll
22:40:41.0406 2664	W32Time - ok
22:40:41.0421 2664	Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:40:41.0515 2664	Wanarp - ok
22:40:41.0531 2664	WDICA - ok
22:40:41.0593 2664	wdmaud          (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
22:40:41.0687 2664	wdmaud - ok
22:40:41.0765 2664	WebClient       (1eb51feea9d3208eae60604f4346c02e) C:\WINDOWS\System32\webclnt.dll
22:40:41.0859 2664	WebClient - ok
22:40:41.0984 2664	winmgmt         (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:40:42.0078 2664	winmgmt - ok
22:40:42.0109 2664	WmdmPmSN        (d68cc4ebf7b03fd770d5962295ad814e) C:\WINDOWS\system32\mspmsnsv.dll
22:40:42.0218 2664	WmdmPmSN - ok
22:40:42.0593 2664	WmiApSrv        (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:40:42.0718 2664	WmiApSrv - ok
22:40:42.0796 2664	wscsvc          (bd3561aae748150cf51c2ca876449ea7) C:\WINDOWS\system32\wscsvc.dll
22:40:42.0984 2664	wscsvc - ok
22:40:43.0062 2664	WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:40:43.0187 2664	WSTCODEC - ok
22:40:44.0109 2664	WTGService      (87ee458415d47f01740dd527b860beb0) C:\Programme\XSManager\WTGService.exe
22:40:44.0125 2664	WTGService - ok
22:40:44.0171 2664	wuauserv        (1eddd5c0ecf3fa6edfd8a25b2b4e7df6) C:\WINDOWS\system32\wuauserv.dll
22:40:44.0265 2664	wuauserv - ok
22:40:44.0328 2664	WZCSVC          (ae83ada96575dacf533c2bcb1fc163dc) C:\WINDOWS\System32\wzcsvc.dll
22:40:44.0562 2664	WZCSVC - ok
22:40:45.0062 2664	xmlprov         (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll
22:40:45.0156 2664	xmlprov - ok
22:40:45.0296 2664	XS Stick Service (b71f9fc5fba1f8d89528597c48132b56) C:\WINDOWS\service4g.exe
22:40:45.0312 2664	XS Stick Service - ok
22:40:45.0375 2664	YahooAUService  (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:40:45.0390 2664	YahooAUService - ok
22:40:45.0515 2664	ZTEusbmdm6k     (4dfa2777dc76e011320522d94c0d0ec3) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
22:40:45.0562 2664	ZTEusbmdm6k - ok
22:40:45.0593 2664	ZTEusbnmea      (4dfa2777dc76e011320522d94c0d0ec3) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
22:40:45.0609 2664	ZTEusbnmea - ok
22:40:45.0625 2664	ZTEusbser6k     (4dfa2777dc76e011320522d94c0d0ec3) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
22:40:45.0640 2664	ZTEusbser6k - ok
22:40:45.0671 2664	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
22:40:46.0031 2664	\Device\Harddisk0\DR0 - ok
22:40:46.0078 2664	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
22:40:47.0078 2664	\Device\Harddisk1\DR1 - ok
22:40:47.0078 2664	MBR (0x1B8)     (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk6\DR12
22:40:54.0781 2664	\Device\Harddisk6\DR12 - ok
22:40:54.0796 2664	Boot (0x1200)   (9b8bc8575ab6673933d0c2bccdfd6d5c) \Device\Harddisk0\DR0\Partition0
22:40:54.0796 2664	\Device\Harddisk0\DR0\Partition0 - ok
22:40:54.0859 2664	Boot (0x1200)   (09322260bf5d37a78abe39beec4a5880) \Device\Harddisk1\DR1\Partition0
22:40:54.0859 2664	\Device\Harddisk1\DR1\Partition0 - ok
22:40:54.0859 2664	Boot (0x1200)   (c90847830875a1ecfbd821f6ec67543e) \Device\Harddisk6\DR12\Partition0
22:40:54.0859 2664	\Device\Harddisk6\DR12\Partition0 - ok
22:40:54.0859 2664	============================================================
22:40:54.0859 2664	Scan finished
22:40:54.0859 2664	============================================================
22:40:54.0968 1268	Detected object count: 8
22:40:54.0968 1268	Actual detected object count: 8
22:41:27.0296 1268	BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:27.0296 1268	BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:41:27.0296 1268	Dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:27.0296 1268	Dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:41:27.0312 1268	EapHost ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:27.0312 1268	EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:41:27.0312 1268	GtDetectSc ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:27.0312 1268	GtDetectSc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:41:27.0312 1268	HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:27.0312 1268	HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:41:27.0312 1268	hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:27.0312 1268	hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:41:27.0312 1268	napagent ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:27.0312 1268	napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:41:27.0312 1268	Ndisprot ( UnsignedFile.Multi.Generic ) - skipped by user
22:41:27.0312 1268	Ndisprot ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 04.06.2012, 10:04

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Seelenherz · 04.06.2012, 11:32

Der ComboFix-Log:

Code:

ATTFilter

ComboFix 12-06-03.05 - Kipping 04.06.2012  12:15:49.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.49.1031.18.1791.1043 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Kipping\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\de_sres.data
c:\dokumente und einstellungen\Kipping\4.0
C:\Install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-04 bis 2012-06-04  ))))))))))))))))))))))))))))))
.
.
2012-05-24 18:21 . 2012-05-24 18:21	--------	d-----w-	c:\dokumente und einstellungen\Administrator
2012-05-24 17:58 . 2006-02-28 12:00	70144	-c--a-w-	c:\windows\system32\dllcache\pintlphr.exe
2012-05-24 17:57 . 2006-02-28 12:00	8704	-c--a-w-	c:\windows\system32\dllcache\fxsperf.dll
2012-05-24 17:54 . 2006-02-28 12:00	16384	-c--a-w-	c:\windows\system32\dllcache\isignup.exe
2012-05-24 17:54 . 2006-02-28 12:00	16384	----a-w-	c:\programme\Internet Explorer\Connection Wizard\isignup.exe
2012-05-24 17:54 . 2006-02-28 12:00	32768	-c--a-w-	c:\windows\system32\dllcache\icwdl.dll
2012-05-24 17:54 . 2006-02-28 12:00	32768	----a-w-	c:\programme\Internet Explorer\Connection Wizard\icwdl.dll
2012-05-24 17:51 . 2006-02-28 12:00	44544	-c--a-w-	c:\windows\system32\dllcache\tscupgrd.exe
2012-05-24 17:51 . 2006-02-28 12:00	44544	----a-w-	c:\windows\system32\tscupgrd.exe
2012-05-24 17:24 . 2006-02-28 12:00	24661	-c--a-w-	c:\windows\system32\dllcache\spxcoins.dll
2012-05-24 17:24 . 2006-02-28 12:00	24661	----a-w-	c:\windows\system32\spxcoins.dll
2012-05-24 17:24 . 2006-02-28 12:00	13824	-c--a-w-	c:\windows\system32\dllcache\irclass.dll
2012-05-24 17:24 . 2006-02-28 12:00	13824	----a-w-	c:\windows\system32\irclass.dll
2012-05-24 16:42 . 2012-05-24 18:18	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2012-05-17 15:43 . 2012-05-17 15:43	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-05-07 15:38 . 2012-05-07 15:38	--------	d-----w-	c:\programme\MSECache
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-10 17:46 . 2012-04-10 17:47	52128	----a-w-	c:\windows\system32\drivers\smsbda.sys
2012-04-10 17:46 . 2012-04-10 17:47	133120	----a-w-	c:\windows\system32\drivers\cm_netamd.sys
2012-04-10 17:46 . 2012-04-10 17:47	118272	----a-w-	c:\windows\system32\drivers\cm_seramd.sys
2012-04-10 17:46 . 2012-04-10 17:47	112640	----a-w-	c:\windows\system32\drivers\cm_net32.sys
2012-04-10 17:46 . 2012-04-10 17:47	103680	----a-w-	c:\windows\system32\drivers\cm_ser32.sys
2012-04-10 17:46 . 2012-04-10 17:47	103424	----a-w-	c:\windows\system32\drivers\cmnsusbser.sys
2012-03-24 21:47 . 2012-03-24 21:47	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-03-24 21:47 . 2011-02-24 18:39	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-06 20:38 . 2012-03-06 20:38	3628016	----a-w-	c:\programme\ccsetup316.exe
2012-04-22 16:18 . 2012-03-02 18:28	97208	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-27 39408]
"1und1Dispatcher"="c:\programme\1und1Softwareaktualisierung\SchedDispatcher.exe" [2011-07-13 223600]
"MultiScreen"="c:\programme\MultiScreen\MultiScreen.exe" [2009-08-11 303104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13684736]
"nwiz"="nwiz.exe" [2009-04-14 1657376]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"UIExec"="c:\programme\Mobile Partner Manager\UIExec.exe" [2010-07-16 138584]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2011-06-27 273544]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"starter4g"="c:\windows\starter4g.exe" [2011-03-30 160424]
"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\programme\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
.
c:\dokumente und einstellungen\Kipping\Startmenü\Programme\Autostart\
ZooskMessenger.lnk - c:\programme\ZooskMessenger\ZooskMessenger.exe [N/A]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
GlobeTrotter Connect.lnk - c:\programme\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-9-23 1058304]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programme\\ICQ7.5\\ICQ.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
R1 Ndisprot;GreenPacket NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [22.03.2011 10:40 21504]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [11.11.2010 18:02 26008]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [23.02.2011 22:57 136360]
R2 GtDetectSc;GtDetectSc;c:\programme\Option\GlobeTrotter Connect\GtDetectSc.exe [30.04.2008 18:52 200704]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [31.05.2012 19:21 654408]
R2 serviceIEConfig;IEConfig 1und1/WEB.DE/GMX Edition;c:\windows\system32\ieconfig_1und1_svc.exe [16.06.2011 07:13 1404008]
R2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe [11.11.2010 18:07 199600]
R2 UI Assistant Service;UI Assistant Service;c:\programme\Mobile Partner Manager\AssistantServices.exe [22.03.2011 10:40 252784]
R2 WTGService;WTGService;c:\programme\XSManager\WTGService.exe [10.04.2012 19:46 327392]
R2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [10.04.2012 19:46 145064]
R3 BrYNSvc;BrYNSvc;c:\programme\Browny02\BrYNSvc.exe [20.04.2012 09:47 245760]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31.05.2012 19:21 22344]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [27.06.2011 10:16 136176]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [18.02.2008 18:14 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [08.02.2008 14:00 59648]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [27.06.2011 10:16 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [22.03.2011 10:40 10240]
S3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [14.01.2012 00:30 9728]
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-06-27 08:16]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-06-27 08:16]
.
2012-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-776561741-682003330-1004.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2012-05-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-776561741-682003330-1004.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2012-06-04 c:\windows\Tasks\User_Feed_Synchronization-{D7817404-DA80-4178-98E3-5FDA280E14C4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uInternet Connection Wizard,ShellNext = iexplore
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 80.69.103.78 192.168.0.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\dokumente und einstellungen\Kipping\Anwendungsdaten\Mozilla\Firefox\Profiles\iczvrf5y.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Messenger (Yahoo!) - ~c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
HKCU-Run-ICQ - ~c:\programme\ICQ7.4\ICQ.exe
AddRemove-Bandoo - c:\programme\Bandoo\uninstaller.exe
AddRemove-ICQToolbar - c:\programme\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-PriceGong - c:\programme\PriceGong\uninst.exe
AddRemove-Searchqu 101 MediaBar - c:\programme\Windows Searchqu Toolbar\uninstall.exe
AddRemove-Searchqu Toolbar - c:\programme\Windows Searchqu Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-04 12:23
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\serviceIEConfig]
"ImagePath"="c:\windows\system32\ieconfig_1und1_svc.exe /startedbyscm:016FE01B-40E31F2D-serviceIEConfig"
.
Zeit der Fertigstellung: 2012-06-04  12:27:46
ComboFix-quarantined-files.txt  2012-06-04 10:27
.
Vor Suchlauf: 9 Verzeichnis(se), 803.665.252.352 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 803.667.300.352 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 24F65A80F7973D4036248E7A70912E6C

cosinus · 04.06.2012, 16:08

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

03.06.2012, 15:50	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Verschlüsselungstrojaner eingefangen Wiederhol den Fix im abgesicherten Modus bitte __________________ __________________

03.06.2012, 16:36	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Verschlüsselungstrojaner eingefangen Ok, mach mal zur Kontrolle ein neues OTL-Log. Bei dir musste doch etwas mehr gefixt werden deswegen will ich lieber nochmal nachsehen ob was auf der Strecke geblieben ist __________________ Logfiles bitte immer in CODE-Tags posten

03.06.2012, 18:00	#22
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Verschlüsselungstrojaner eingefangen Das war aber kein CustomScan __________________ Logfiles bitte immer in CODE-Tags posten

Verschlüsselungstrojaner eingefangen

Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner eingefangen