Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Sparkassen Tojaner von Facebook, was tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.01.2011, 14:23   #1
Maquita
 
Sparkassen Tojaner von Facebook, was tun? - Standard

Sparkassen Tojaner von Facebook, was tun?



Hallo,

ich muss am 24.01. auf Facebook irgendeinen Link von einem Freund angeklickt haben, der die Datei FACEBOOK-PIC000934519.EXE heruntergeladen hat. Kaspersky (Internet Security) hat auch angeschlagen. Da das aber öfters vorkommt, hab ich mich nicht groß Gedanken drüber gemacht und erst "Löschen" ausgewählt. Das ging aber nicht, also hab ich "In Quarantäne" verschoben. Soweit so gut, nix mehr davon gehört.

Gestern wollte ich eine Überweisung machen und bekam diese Meldung mit den 20 TANs eingeben, hab direkt bei der Sparkasse angerufen und man sagte mir das sei ein Trojaner. Konto ist gesperrt. Bei Kaspersky steht folgendes im Quarantäne Bericht:

24.01.2011 18:22:29 Unter Quarantäne unbekannte Bedrohung UDSangerousObject.Multi.Generic C:\USERS\***\DOWNLOADS\FACEBOOK-PIC000934519.EXE

24.01.2011 18:37:44 Unter Quarantäne unbekannte Bedrohung UDSangerousObject.Multi.Generic C:\Users\***\AppData\Local\Flock\User Data\Default\Cache\f_002356

25.01.2011 03:42:27 Unter Quarantäne unbekannte Bedrohung UDSangerousObject.Multi.Generic C:\USERS\***\DOWNLOADS\FACEBOOK-PIC000934519.EXE

Ich kann aber nichts löschen oder desinfizieren.
Wenn ich neu scanne wird nichts gefunden. Hab auch schon Malwarebytes und Bitdefender drüberlaufen lassen, nix.


Hier die Ergebnisse des OTL Scans:

Code:
ATTFilter
OTL logfile created on: 29.01.2011 13:17:57 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Maquita\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 22,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 96,44 Gb Free Space | 32,35% Space Free | Partition Type: NTFS
 
Computer Name: KISTE | User Name: Maquita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Maquita\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Maquita\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Maquita\AppData\Local\Flock\Application\flock.exe (Flock Inc. and The Chromium Authors)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Logitech\Vid\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtblfs.exe (Kaspersky Lab)
PRC - C:\Program Files\Adobe\CS5\Adobe Photoshop CS5\Photoshop.exe (Adobe Systems, Incorporated)
PRC - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
PRC - C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe ()
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\CamDrvr\LVComS.exe (Logitech Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Maquita\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\program files\common files\akamai\netsession_win_dbc0250.dll ()
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (FETNDIS) -- C:\Windows\System32\drivers\fetnd6.sys (VIA Technologies, Inc.              )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (LGDDCDevice) -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys ()
DRV - (LGII2CDevice) -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys ()
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 2C 5C 40 E3 A5 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {2832ABCD-4444-1012-2D45-132D5447C445}:1.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {3c6e1eed-a07e-4c80-9cf3-66ea0bf40b37}:2.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..extensions.enabledItems: {b01bf10c-302a-11da-b67b-000d60ca027b}:2.5.5
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 04:47:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.5\extensions\\Components: C:\Program Files\components [2010.12.15 17:27:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.5\extensions\\Plugins: C:\Program Files\plugins [2011.01.09 17:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 17:27:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.09 17:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 17:27:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.09 17:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 17:27:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.09 17:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 17:27:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.09 17:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 17:27:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.09 17:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 17:27:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.09 17:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 17:27:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.09 17:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 17:27:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.09 17:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 17:27:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.09 17:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 17:27:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.09 17:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 17:27:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.09 17:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.15 17:27:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.09 17:19:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.15 17:27:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.12.04 13:54:58 | 000,000,000 | ---D | M]
 
[2009.12.28 13:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maquita\AppData\Roaming\mozilla\Extensions
[2009.12.28 13:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maquita\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.12.28 12:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maquita\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011.01.29 04:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maquita\AppData\Roaming\mozilla\Firefox\Profiles\doxxvfkw.default\extensions
[2010.04.27 10:16:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Maquita\AppData\Roaming\mozilla\Firefox\Profiles\doxxvfkw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.23 04:26:31 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Maquita\AppData\Roaming\mozilla\Firefox\Profiles\doxxvfkw.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.01.23 04:26:32 | 000,000,000 | ---D | M] ("All-Glass Firefox mod, based on Glasser") -- C:\Users\Maquita\AppData\Roaming\mozilla\Firefox\Profiles\doxxvfkw.default\extensions\allglassv2@ambroos.neowin.net
[2010.06.05 17:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.06.05 17:21:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2009.12.28 13:52:37 | 000,000,000 | ---D | M] (Beemp3 Search ToolBar) -- C:\USERS\MAQUITA\APPDATA\ROAMING\FLOCK\BROWSER\PROFILES\L4BNU38E.DEFAULT\EXTENSIONS\{2832ABCD-4444-1012-2D45-132D5447C445}
[2010.02.14 11:11:53 | 000,000,000 | ---D | M] (Dust-Me Selectors) -- C:\USERS\MAQUITA\APPDATA\ROAMING\FLOCK\BROWSER\PROFILES\L4BNU38E.DEFAULT\EXTENSIONS\{3C6E1EED-A07E-4C80-9CF3-66EA0BF40B37}
[2010.09.02 19:26:56 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\USERS\MAQUITA\APPDATA\ROAMING\FLOCK\BROWSER\PROFILES\L4BNU38E.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}
[2010.09.02 19:26:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\USERS\MAQUITA\APPDATA\ROAMING\FLOCK\BROWSER\PROFILES\L4BNU38E.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
[2009.12.28 13:52:38 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\USERS\MAQUITA\APPDATA\ROAMING\FLOCK\BROWSER\PROFILES\L4BNU38E.DEFAULT\EXTENSIONS\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
[2009.12.28 17:07:46 | 000,000,000 | ---D | M] (Firebug) -- C:\USERS\MAQUITA\APPDATA\ROAMING\FLOCK\BROWSER\PROFILES\L4BNU38E.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\CamDrvr\LVCOMS.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [QCDriverInstaller] C:\Program Files\Common Files\Logitech\CamDrvr\Lqdsw.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [consvice] C:\Users\Maquita\AppData\Local\Temp\autoesvr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [Flock Update] C:\Users\Maquita\AppData\Local\Flock\Update\FlockUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [ISUSPM Startup]  File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Logitech Vid HD] C:\Program Files\Logitech\Vid\vid.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {158241FE-532E-4482-9FBB-783E96893BB7} - Themes Setup
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2BB6F020-A98E-A905-77FB-6E0A00CFFF12} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3BFFC48C-6104-4CAA-4051-23134D426C2D} - Themes Setup
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {E952AAC6-7971-5B2B-350B-D81CFE353F01} - Browser Customizations
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: mixer - C:\Windows\System32\DrvTrNTm.dll (High Criteria inc.)
Drivers32: msacm.enc - C:\Windows\System32\ITIG726.acm (Ingenient Technologies, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: wave - C:\Windows\System32\DrvTrNTm.dll (High Criteria inc.)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.29 08:18:54 | 000,000,000 | ---D | C] -- C:\Users\Maquita\AppData\Roaming\Malwarebytes
[2011.01.29 08:18:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.29 08:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.29 08:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.29 08:18:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.29 08:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.29 08:11:59 | 004,177,272 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Maquita\Desktop\procexp.exe
[2011.01.23 14:43:03 | 000,000,000 | ---D | C] -- C:\Users\Maquita\Desktop\__MACOSX
[2011.01.22 17:56:40 | 000,000,000 | ---D | C] -- C:\Users\Maquita\Desktop\Archiv
[2011.01.20 21:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011.01.16 12:54:31 | 000,000,000 | ---D | C] -- C:\Users\Maquita\Desktop\nathansmith-960-Grid-System-64e46a1
[2011.01.12 03:57:50 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 03:57:46 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.01.12 03:57:46 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.01.12 03:57:46 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.01.12 03:57:46 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.01.12 03:57:45 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.01.12 03:57:45 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.01.12 03:57:45 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.01.12 03:57:45 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.01.12 03:57:45 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.01.12 03:57:45 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.01.12 03:57:45 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.01.12 03:57:45 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.01.12 03:57:45 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.01.12 03:57:44 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.01.12 03:57:44 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.01.09 17:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.01.09 17:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011.01.09 17:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011.01.09 17:16:33 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.01.09 17:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.01.09 17:00:25 | 000,000,000 | ---D | C] -- C:\Users\Maquita\Desktop\Office 2007
[2011.01.09 16:47:59 | 000,000,000 | ---D | C] -- C:\Users\Maquita\AppData\Roaming\DAEMON Tools Lite
[2011.01.09 16:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.01.09 14:17:07 | 000,000,000 | ---D | C] -- C:\Users\Maquita\Desktop\Acquistion landing page 2
[2011.01.09 13:44:00 | 000,000,000 | ---D | C] -- C:\Users\Maquita\Documents\Demo Builder Movies
[2011.01.07 10:19:53 | 000,000,000 | ---D | C] -- C:\Users\Maquita\AppData\Roaming\elsterformular
[2011.01.07 10:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2009.12.28 12:28:14 | 008,822,784 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2009.12.28 12:28:14 | 000,434,176 | ---- | C] (sqlite.org) -- C:\Program Files\sqlite3.dll
[2009.12.28 12:28:14 | 000,255,288 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2009.12.28 12:28:14 | 000,155,648 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2009.12.28 12:28:14 | 000,131,072 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll
[2009.12.28 12:28:14 | 000,098,304 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll
[2009.12.28 12:28:14 | 000,014,848 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plc4.dll
[2009.12.28 12:28:14 | 000,011,776 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll
[2009.12.28 12:28:14 | 000,011,776 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plds4.dll
[2009.12.28 12:28:13 | 002,837,304 | ---- | C] (GraphicsMagick Group) -- C:\Program Files\gm.exe
[2009.12.28 12:28:13 | 001,925,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2009.12.28 12:28:13 | 000,704,512 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozcrt19.dll
[2009.12.28 12:28:13 | 000,626,688 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2009.12.28 12:28:13 | 000,618,496 | ---- | C] (Netscape Communications Corporation) -- C:\Program Files\js3250.dll
[2009.12.28 12:28:13 | 000,311,296 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2009.12.28 12:28:13 | 000,249,856 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2009.12.28 12:28:13 | 000,206,136 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2009.12.28 12:28:13 | 000,167,936 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nspr4.dll
[2009.12.28 12:28:13 | 000,116,024 | ---- | C] (Flock, Inc.) -- C:\Program Files\flock.exe
[2009.12.28 12:28:13 | 000,098,304 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2009.12.28 12:28:13 | 000,081,920 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll
[2009.12.28 12:28:13 | 000,011,776 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
[16 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.29 13:27:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\FlockUpdateTaskUserS-1-5-21-1355555997-3618250266-2459793322-1000UA.job
[2011.01.29 13:01:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.29 12:48:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1355555997-3618250266-2459793322-1000UA.job
[2011.01.29 11:39:47 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.29 11:39:47 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.29 11:30:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.29 11:30:45 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.01.29 11:30:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.29 11:30:14 | 2509,545,472 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.29 08:18:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.28 21:18:17 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.28 21:18:17 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.28 21:18:17 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.28 21:18:17 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.28 17:27:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\FlockUpdateTaskUserS-1-5-21-1355555997-3618250266-2459793322-1000Core.job
[2011.01.27 03:48:01 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1355555997-3618250266-2459793322-1000Core.job
[2011.01.23 14:14:23 | 000,001,456 | ---- | M] () -- C:\Users\Maquita\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011.01.23 14:14:19 | 000,072,118 | ---- | M] () -- C:\Users\Maquita\Desktop\font.png
[2011.01.23 04:33:33 | 003,000,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.01.13 09:06:59 | 000,090,924 | ---- | M] () -- C:\Users\Maquita\ESt2010_Bauer_Nicole_update.elfo
[2011.01.13 08:30:20 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular - Screenreadermodus.lnk
[2011.01.13 08:30:20 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.01.12 15:38:04 | 000,002,279 | ---- | M] () -- C:\Users\Maquita\USt2010.elfo
[2011.01.12 13:07:18 | 000,090,558 | ---- | M] () -- C:\Users\Maquita\ESt2010_Bauer_Nicole Neu.elfo
[2011.01.12 10:02:38 | 000,089,157 | ---- | M] () -- C:\Users\Maquita\ESt2010_Bauer_Nicole.elfo
[2011.01.09 13:46:50 | 000,661,989 | ---- | M] () -- C:\Users\Maquita\Desktop\scene1_1.png
[2011.01.08 18:29:28 | 000,042,911 | ---- | M] () -- C:\Users\Maquita\Desktop\PremiumCoaching.jpg
[2011.01.07 10:26:41 | 000,017,817 | ---- | M] () -- C:\Users\Maquita\UStVA2010  Dezember Andreas Merz.elfo
[2011.01.07 08:49:02 | 006,881,889 | ---- | M] () -- C:\Users\Maquita\Desktop\5MinuteTeaser_small.swf
[2011.01.07 08:49:02 | 000,001,671 | ---- | M] () -- C:\Users\Maquita\Desktop\5MinuteTeaser_small.html
[16 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.29 08:18:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.29 08:11:59 | 000,072,268 | ---- | C] () -- C:\Users\Maquita\Desktop\procexp.chm
[2011.01.23 14:43:03 | 007,110,149 | ---- | C] () -- C:\Users\Maquita\Desktop\iconSweets 2 - 64x64.psd
[2011.01.23 14:43:03 | 004,844,395 | ---- | C] () -- C:\Users\Maquita\Desktop\iconSweets2.psd
[2011.01.23 14:43:03 | 003,741,862 | ---- | C] () -- C:\Users\Maquita\Desktop\iconSweets 2 - 16x16.psd
[2011.01.23 14:43:03 | 000,413,210 | ---- | C] () -- C:\Users\Maquita\Desktop\iconSweets2-promotional-preview.png
[2011.01.23 14:43:03 | 000,000,797 | ---- | C] () -- C:\Users\Maquita\Desktop\License.rtf
[2011.01.23 14:14:18 | 000,072,118 | ---- | C] () -- C:\Users\Maquita\Desktop\font.png
[2011.01.13 09:04:27 | 000,090,924 | ---- | C] () -- C:\Users\Maquita\ESt2010_Bauer_Nicole_update.elfo
[2011.01.12 15:38:00 | 000,002,279 | ---- | C] () -- C:\Users\Maquita\USt2010.elfo
[2011.01.12 13:05:33 | 000,090,558 | ---- | C] () -- C:\Users\Maquita\ESt2010_Bauer_Nicole Neu.elfo
[2011.01.11 13:11:38 | 000,089,157 | ---- | C] () -- C:\Users\Maquita\ESt2010_Bauer_Nicole.elfo
[2011.01.09 13:46:55 | 000,661,989 | ---- | C] () -- C:\Users\Maquita\Desktop\scene1_1.png
[2011.01.09 13:30:13 | 006,881,889 | ---- | C] () -- C:\Users\Maquita\Desktop\5MinuteTeaser_small.swf
[2011.01.09 13:30:13 | 000,001,671 | ---- | C] () -- C:\Users\Maquita\Desktop\5MinuteTeaser_small.html
[2011.01.09 13:30:13 | 000,000,087 | ---- | C] () -- C:\Users\Maquita\Desktop\ieupdate.js
[2011.01.08 18:29:22 | 000,042,911 | ---- | C] () -- C:\Users\Maquita\Desktop\PremiumCoaching.jpg
[2011.01.07 10:26:24 | 000,017,817 | ---- | C] () -- C:\Users\Maquita\UStVA2010  Dezember Andreas Merz.elfo
[2011.01.07 10:19:20 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular - Screenreadermodus.lnk
[2011.01.07 10:19:20 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2010.12.25 12:57:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.12.25 12:57:38 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.09.04 12:20:12 | 000,000,276 | ---- | C] () -- C:\Windows\_delis32.ini
[2010.06.07 12:47:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.22 22:00:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.05.14 22:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010.05.14 22:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010.05.14 22:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.05.12 17:39:43 | 000,001,456 | ---- | C] () -- C:\Users\Maquita\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010.05.07 17:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010.05.07 17:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010.05.05 14:04:03 | 000,000,082 | ---- | C] () -- C:\Windows\odbc_merge.INI
[2010.03.21 13:03:05 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010.01.31 13:24:38 | 000,010,593 | ---- | C] () -- C:\Windows\CSTBox.INI
[2009.12.28 13:58:27 | 000,118,784 | ---- | C] () -- C:\Windows\System32\DrvTrNTl.dll
[2009.12.28 12:28:14 | 000,144,819 | ---- | C] () -- C:\Program Files\yahootoolbar.xpi
[2009.12.28 12:28:14 | 000,022,433 | ---- | C] () -- C:\Program Files\removed-files
[2009.12.28 12:28:14 | 000,000,704 | ---- | C] () -- C:\Program Files\updater.ini
[2009.12.28 12:28:14 | 000,000,478 | ---- | C] () -- C:\Program Files\softokn3.chk
[2009.12.28 12:28:14 | 000,000,147 | ---- | C] () -- C:\Program Files\README.txt
[2009.12.28 12:28:13 | 000,031,393 | ---- | C] () -- C:\Program Files\LICENSE
[2009.12.28 12:28:13 | 000,003,558 | ---- | C] () -- C:\Program Files\crashreporter.ini
[2009.12.28 12:28:13 | 000,002,702 | ---- | C] () -- C:\Program Files\blocklist.xml
[2009.12.28 12:28:13 | 000,002,024 | ---- | C] () -- C:\Program Files\application.ini
[2009.12.28 12:28:13 | 000,000,583 | ---- | C] () -- C:\Program Files\crashreporter-override.ini
[2009.12.28 12:28:13 | 000,000,478 | ---- | C] () -- C:\Program Files\freebl3.chk
[2009.12.28 12:28:13 | 000,000,084 | ---- | C] () -- C:\Program Files\browserconfig.properties
[2009.12.28 12:28:13 | 000,000,051 | ---- | C] () -- C:\Program Files\builddetails.ini
[2009.12.28 12:28:13 | 000,000,049 | ---- | C] () -- C:\Program Files\platform.ini
[2009.12.28 12:28:11 | 000,027,960 | ---- | C] () -- C:\Program Files\install.log
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.01.30 19:31:46 | 000,002,346 | ---- | C] () -- C:\Windows\EaseAudioConverter.ini
[2006.04.14 10:37:26 | 000,000,031 | ---- | C] () -- C:\Windows\aceg.ini
 
========== LOP Check ==========
 
[2010.03.20 16:24:32 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Audacity
[2011.01.12 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Canon
[2011.01.09 16:52:18 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\DAEMON Tools Lite
[2011.01.07 10:19:59 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\elsterformular
[2010.05.22 23:33:42 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Facebook
[2009.12.28 12:53:56 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Flock
[2010.11.04 21:02:35 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\FontExplorerX
[2011.01.29 11:34:23 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\ICQ
[2010.09.10 16:29:28 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Leadertech
[2010.11.11 20:30:56 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\MAGIX
[2009.12.28 18:49:53 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\NVD
[2010.03.04 21:35:27 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Opera
[2010.12.25 13:25:37 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\PC Suite
[2010.12.25 12:56:22 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Samsung
[2010.11.04 20:43:49 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\SoftGrid Client
[2010.07.11 11:57:45 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009.12.28 13:55:05 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Thunderbird
[2010.02.11 17:47:12 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
[2010.04.08 20:02:35 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Total Recorder Editor
[2010.11.04 14:37:06 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\TP
[2009.12.28 16:44:42 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\TuneUp Software
[2010.02.21 18:38:52 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\uTorrent
[2010.02.24 17:26:49 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\webex
[2011.01.28 17:27:00 | 000,000,860 | ---- | M] () -- C:\Windows\Tasks\FlockUpdateTaskUserS-1-5-21-1355555997-3618250266-2459793322-1000Core.job
[2011.01.29 13:27:02 | 000,000,912 | ---- | M] () -- C:\Windows\Tasks\FlockUpdateTaskUserS-1-5-21-1355555997-3618250266-2459793322-1000UA.job
[2010.12.17 04:16:56 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.06.03 16:47:03 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Adobe
[2010.07.11 11:57:45 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Adobe Mini Bridge CS5
[2010.12.24 20:48:51 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Apple Computer
[2009.12.28 17:40:24 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\ATI
[2010.03.20 16:24:32 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Audacity
[2011.01.12 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Canon
[2011.01.09 16:52:18 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\DAEMON Tools Lite
[2011.01.07 10:19:59 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\elsterformular
[2010.05.22 23:33:42 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Facebook
[2009.12.28 12:53:56 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Flock
[2010.11.04 21:02:35 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\FontExplorerX
[2011.01.29 11:34:23 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\ICQ
[2009.12.28 12:20:27 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Identities
[2010.09.10 16:29:28 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Leadertech
[2009.12.28 12:40:32 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Macromedia
[2010.11.11 20:30:56 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\MAGIX
[2011.01.29 08:18:54 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Media Center Programs
[2010.11.04 15:14:28 | 000,000,000 | --SD | M] -- C:\Users\Maquita\AppData\Roaming\Microsoft
[2010.02.24 16:47:39 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Mozilla
[2009.12.28 17:05:27 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\MozillaControl
[2009.12.28 18:49:53 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\NVD
[2010.03.04 21:35:27 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Opera
[2010.12.25 13:25:37 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\PC Suite
[2010.12.25 12:56:22 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Samsung
[2010.11.18 22:03:46 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Skype
[2010.11.18 21:19:29 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\skypePM
[2010.11.04 20:43:49 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\SoftGrid Client
[2010.07.11 11:57:45 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009.12.28 13:55:05 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Thunderbird
[2010.02.11 17:47:12 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
[2010.04.08 20:02:35 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\Total Recorder Editor
[2010.11.04 14:37:06 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\TP
[2009.12.28 16:44:42 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\TuneUp Software
[2010.02.21 18:38:52 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\uTorrent
[2010.02.24 17:26:49 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\webex
[2009.12.28 19:37:42 | 000,000,000 | ---D | M] -- C:\Users\Maquita\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.05.22 23:33:42 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Maquita\AppData\Roaming\Facebook\uninstall.exe
[2008.12.01 11:01:02 | 000,018,040 | ---- | M] ( ) -- C:\Users\Maquita\AppData\Roaming\Flock\Browser\Profiles\l4bnu38e.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\chrome\content\getPlus_Adobe_reg.exe
[2008.12.01 11:01:02 | 000,013,368 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Maquita\AppData\Roaming\Flock\Browser\Profiles\l4bnu38e.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\chrome\content\getPlus_Adobe_reg_bootstrap.exe
[2010.02.11 17:42:51 | 000,038,784 | ---- | M] () -- C:\Users\Maquita\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.09.10 16:29:27 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Maquita\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2009.12.28 16:56:20 | 000,010,134 | R--- | M] () -- C:\Users\Maquita\AppData\Roaming\Microsoft\Installer\{A2D08D5A-74E8-7509-452A-E40E63D8FFC2}\ARPPRODUCTICON.exe
[2010.12.25 13:04:45 | 000,069,632 | ---- | M] () -- C:\Users\Maquita\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe
[2010.12.25 14:12:49 | 087,932,552 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Maquita\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.07.13 06:22:54 | 000,026,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\Diskdump.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.11.25 04:18:02 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009.07.14 02:03:56 | 000,095,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\auditpolmsg.dll
[2009.07.14 02:15:00 | 000,042,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\bthci.dll
[2009.07.14 02:15:11 | 000,011,264 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dhcpcmonitor.dll
[2009.07.14 02:15:13 | 000,020,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ds32gt.dll
[2009.07.14 02:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\expsrv.dll
[2009.07.14 02:15:20 | 000,009,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\fdBthProxy.dll
[2009.07.14 02:06:13 | 000,006,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\KBDAL.DLL
[2009.07.14 02:06:13 | 000,006,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\KBDCZ1.DLL
[2009.07.14 02:06:13 | 000,005,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\KBDHE.DLL
[2009.07.14 02:06:14 | 000,005,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\KBDLT1.DLL
[2009.07.14 02:06:14 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\KBDSORST.DLL
[2009.07.14 02:06:14 | 000,006,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\KBDUGHR.DLL
[2009.07.14 02:15:36 | 000,006,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\lpksetupproxyserv.dll
[2009.07.14 02:15:38 | 000,087,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\mcsrchPH.dll
[2009.07.14 02:06:53 | 000,002,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msafd.dll
[2009.07.14 02:15:42 | 000,010,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\mscat32.dll
[2009.07.14 02:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2009.07.14 02:16:02 | 000,158,208 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\NAPMONTR.DLL
[2009.07.14 02:16:02 | 000,200,192 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ndfapi.dll
[2009.07.14 02:16:03 | 001,537,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\NlsData0000.dll
[2009.07.14 02:16:08 | 004,509,696 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\NlsData0019.dll
[2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\odtext32.dll
[2009.07.14 02:16:15 | 000,974,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\sppobjs.dll
[2009.07.14 02:16:17 | 000,095,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ufat.dll
[2009.07.14 02:16:17 | 000,030,749 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbajet32.dll
[2010.03.08 22:33:56 | 000,427,520 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbscript.dll
[2009.07.14 02:16:18 | 000,416,256 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\wiadefui.dll
[2009.07.14 02:16:19 | 000,010,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\winrssrv.dll
[2009.07.14 02:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\wsmplpxy.dll
[16 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
         
Extras:

Code:
ATTFilter
OTL Extras logfile created on: 29.01.2011 13:17:57 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Maquita\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 22,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 96,44 Gb Free Space | 32,35% Space Free | Partition Type: NTFS
 
Computer Name: KISTE | User Name: Maquita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- C:\Users\Maquita\AppData\Local\Flock\Application\flock.exe (Flock Inc. and The Chromium Authors)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BB72566-0D4C-7200-2CE7-02F298B49C88}" = CCC Help English
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{110AD51E-D0E0-49B1-52FD-291373BA62EA}" = Catalyst Control Center Graphics Full New
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{31557F4F-7D10-D32E-4B70-237A09FCC31B}" = Catalyst Control Center Graphics Previews Common
"{332BCC03-A1B7-4BE7-8C8A-2B1333E22C33}" = Opera 10.50
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35DE25C6-1191-4F41-AA34-8B9DDFA38853}" = Logitech ClickSmart
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C175604-F026-5D79-BBD8-F626AE10B3EF}" = Catalyst Control Center Graphics Full Existing
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62C2067E-5851-BD4C-98E0-5C4D5E155A5B}" = Catalyst Control Center Core Implementation
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{934528B2-09B3-C6E5-288A-4E554E6DF2B9}" = ATI Catalyst Install Manager
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}" = Adobe Creative Suite 5 Design Premium
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A292C05C-840A-9D47-5350-EF39ECC7629E}" = Catalyst Control Center HydraVision Full
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D08D5A-74E8-7509-452A-E40E63D8FFC2}" = Catalyst Control Center InstallProxy
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85C5601-E614-58D4-C4ED-E01A9D56D59D}" = MyFonts Order M1977201
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_941" = Adobe Acrobat 9.4.1 - CPSID_83708
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AD17676C-5065-E427-130B-21CE713F93E7}" = Catalyst Control Center Graphics Light
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B970700B-E49F-ECEF-4ADB-0F3E1AFEDE91}" = ccc-core-static
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9370463-B35E-473F-BB0D-4FC572A1F9DF}" = MAGIX Video easy SE
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9726DDC-D7B5-BF1F-5626-EA467FEEBC52}" = ccc-utility
"{F9F13FEA-D51E-A1C3-4EDC-D04A91B62C93}" = Catalyst Control Center Graphics Previews Vista
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"Akamai" = Akamai NetSession Interface
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Ease Audio Converter_is1" = Ease Audio Converter 4.80
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"ElsterFormular für Privatanwender und Unternehmer 11.5.3.5585" = ElsterFormular für Privatanwender und Unternehmer
"ElsterFormular für Unternehmer 12.0.0.5880u" = ElsterFormular für Unternehmer
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flock (2.5.5)" = Flock (2.5.5)
"Gadwin PrintScreen" = Gadwin PrintScreen
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"LastFM_is1" = Last.fm 1.5.4.27091
"MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Total Recorder Editor_is1" = Total Recorder Editor v12.0.1
"TotalRecorder" = Total Recorder 4.1
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Flock" = Flock (3.5.2.4599)
"Google Chrome" = Google Chrome
"Twitter" = Twitter
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.11.2010 16:34:34 | Computer Name = KISTE | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 25.11.2010 17:02:05 | Computer Name = KISTE | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 25.11.2010 17:02:05 | Computer Name = KISTE | Source = Bonjour Service | ID = 100
Description = 380: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 25.11.2010 17:02:05 | Computer Name = KISTE | Source = Bonjour Service | ID = 100
Description = 208: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 25.11.2010 17:40:13 | Computer Name = KISTE | Source = Bonjour Service | ID = 100
Description = 208: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 25.11.2010 17:40:13 | Computer Name = KISTE | Source = Bonjour Service | ID = 100
Description = 380: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 25.11.2010 17:40:13 | Computer Name = KISTE | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 26.11.2010 02:56:51 | Computer Name = KISTE | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 27.11.2010 01:03:47 | Computer Name = KISTE | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 28.11.2010 01:45:26 | Computer Name = KISTE | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 27.01.2011 11:24:31 | Computer Name = KISTE | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 27.01.2011 11:28:10 | Computer Name = KISTE | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 27.01.2011 11:28:15 | Computer Name = KISTE | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 27.01.2011 15:24:43 | Computer Name = KISTE | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?01.?2011 um 18:29:58 unerwartet heruntergefahren.
 
Error - 27.01.2011 15:25:20 | Computer Name = KISTE | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Akamai erreicht.
 
Error - 27.01.2011 23:04:25 | Computer Name = KISTE | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?01.?2011 um 22:23:36 unerwartet heruntergefahren.
 
Error - 27.01.2011 23:05:03 | Computer Name = KISTE | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Akamai erreicht.
 
Error - 28.01.2011 06:03:20 | Computer Name = KISTE | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?01.?2011 um 08:18:17 unerwartet heruntergefahren.
 
Error - 28.01.2011 06:03:58 | Computer Name = KISTE | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Akamai erreicht.
 
Error - 28.01.2011 23:41:40 | Computer Name = KISTE | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Akamai erreicht.
 
 
< End of report >
         

Alt 29.01.2011, 14:30   #2
markusg
/// Malware-holic
 
Sparkassen Tojaner von Facebook, was tun? - Standard

Sparkassen Tojaner von Facebook, was tun?



1. bank hat doch sicher ne notfall nummer, diese anrufen, onlinebanking muss gesperrt werden!
2.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKCU..\Run: [consvice] C:\Users\Maquita\AppData\Local\Temp\autoesvr.dll (Microsoft Corporation)
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
öffne computer, c: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
lade das archiv in unserem upload channel hoch.
http://www.trojaner-board.de/54791-a...ner-board.html
__________________

__________________

Alt 29.01.2011, 14:55   #3
Maquita
 
Sparkassen Tojaner von Facebook, was tun? - Standard

Sparkassen Tojaner von Facebook, was tun?



Hat geklappt.

Hier der Inhalt der Textdatei:

Code:
ATTFilter
All processes killed
Error: Unable to interpret <[EMPTYFLASH] > in the current context!
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[Reboot]> in the current context!
 
OTL by OldTimer - Version 3.2.20.6 log created on 01292011_144220

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Archiv hab ich hochgeladen.
__________________

Alt 29.01.2011, 14:57   #4
raman
 
Sparkassen Tojaner von Facebook, was tun? - Standard

Sparkassen Tojaner von Facebook, was tun?



Hallo Maquita,

Denke daran, zwei Helfer mit dem selben Problem zur selben Zeit zu "belaestigen" ist nicht die feine Art und auch nicht sehr produktiv.

http://forum.kaspersky.com/index.php...iew=getnewpost

Crosspostings werden nicht gerne gesehen:
http://www.trojaner-board.de/69886-a...-beachten.html
__________________
MfG Ralf

Alt 29.01.2011, 15:06   #5
Maquita
 
Sparkassen Tojaner von Facebook, was tun? - Standard

Sparkassen Tojaner von Facebook, was tun?



Ja, sorry, ich hab erst hier gefragt und da Kaspersky was in Quarantäne geschickt hatte, dachte ich es macht Sinn dort im Forum zu fragen, weil man es vielleicht doch dort irgendwie löschen kann. Aber nach dem zweiten Post hab ich dann gemerkt, dass die Links sowieso hierher gehen....

Meistens bekommt mal halt auch nicht so schnell Antwort und ich muss noch arbeiten am Wochenende, vorzugweise ohne Trojaner im Nacken , daher hab ich etwas eilig das Ding wieder loszuwerden.


Alt 29.01.2011, 15:10   #6
markusg
/// Malware-holic
 
Sparkassen Tojaner von Facebook, was tun? - Standard

Sparkassen Tojaner von Facebook, was tun?



danke ralf.
es ist wirklich ziemlich unhöflich.
otl wurde nicht richtig ausgeführt das script startet ab
tl und geht bis zur rebot zeile.
__________________
--> Sparkassen Tojaner von Facebook, was tun?

Alt 29.01.2011, 15:20   #7
Maquita
 
Sparkassen Tojaner von Facebook, was tun? - Standard

Sparkassen Tojaner von Facebook, was tun?



Hm, haste Recht. Beim Zweiten Mal kam mehr bei raus.

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\consvice not found.
File C:\Users\Maquita\AppData\Local\Temp\autoesvr.dll not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: A
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Maquita
->Flash cache emptied: 44257 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: A
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Maquita
->Temp folder emptied: 720411428 bytes
->Temporary Internet Files folder emptied: 7973283 bytes
->Java cache emptied: 7636480 bytes
->FireFox cache emptied: 45309849 bytes
->Google Chrome cache emptied: 457566828 bytes
->Opera cache emptied: 7380826 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 34 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 579820 bytes
RecycleBin emptied: 47823 bytes
 
Total Files Cleaned = 1.189,00 mb
 
 
OTL by OldTimer - Version 3.2.20.6 log created on 01292011_151139

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Archiv hab ich wieder hochgeladen.

Alt 29.01.2011, 16:52   #8
Maquita
 
Sparkassen Tojaner von Facebook, was tun? - Standard

Sparkassen Tojaner von Facebook, was tun?



In einem anderen Post hier zu dem Thema, hab ich gelesen, dass die Meldung bei der Sparkasse auch kam, wenn man falsche Logindaten eingegeben hat. Das hab ich mal gemacht und es kam jetzt nichts mehr. Heißt das der Trojaner ist weg? Wie kann ich das jetzt feststellen?

Formatieren muss ich sowieso, oder? Bin schon am Sichern....
Ich hatte aber irgendwo gelesen (bin nicht sicher ob es hier war), dass man den Masterboot record überschreiben muss?

Vielen Dank schonmal für eure Hilfe (trotz Doppelpost...)!

Alt 29.01.2011, 16:55   #9
markusg
/// Malware-holic
 
Sparkassen Tojaner von Facebook, was tun? - Standard

Sparkassen Tojaner von Facebook, was tun?



ja, formatieren solltest du auf jeden fall.

wir haben die sichtbaren teile gelöscht, was nicht unbedingt was heißen muss.
wenn du fertig gesicherst hast, dann sag bescheid.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.01.2011, 18:27   #10
Maquita
 
Sparkassen Tojaner von Facebook, was tun? - Standard

Sparkassen Tojaner von Facebook, was tun?



Hm. Ok, wäre auch zu schön gewesen. Aber mein PC hat's eh mal wieder nötig.
Mit Sichern bin ich so weit fertig. Und nu?

Alt 29.01.2011, 18:29   #11
markusg
/// Malware-holic
 
Sparkassen Tojaner von Facebook, was tun? - Standard

Sparkassen Tojaner von Facebook, was tun?



http://www.trojaner-board.de/96344-a...-rechners.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.02.2011, 17:55   #12
Maquita
 
Sparkassen Tojaner von Facebook, was tun? - Standard

Sparkassen Tojaner von Facebook, was tun?



Puh, geschafft. Ging ja super schnell das Formatieren und neu Installieren mit Windows 7. Soweit schein alles wieder im Lot zu sein. Konto ist entsperrt und ich habe jetzt eines dieser tollen Lesegeräte. Jetzt werd ich mal deine Liste durcharbeiten.

Vielen Dank für die Hilfe!

Alt 04.02.2011, 11:52   #13
markusg
/// Malware-holic
 
Sparkassen Tojaner von Facebook, was tun? - Standard

Sparkassen Tojaner von Facebook, was tun?



war krank konnte net antworten :-(
ja, win7 instalation geht wirklich schnell.
bitte noch folgendes beachten.

die uac sollte auf maximum stehen.
klicke auf start, ausführen (suchen) tippe
uac
enter
nachfrage bestätigen, regler auf höchste stufe.
so ist es schwiriger heimlich etwas auf dem pc zu instalieren.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.02.2011, 15:19   #14
Maquita
 
Sparkassen Tojaner von Facebook, was tun? - Standard

Sparkassen Tojaner von Facebook, was tun?



Ok, wird gemacht! Danke dir!

Alt 04.02.2011, 15:25   #15
markusg
/// Malware-holic
 
Sparkassen Tojaner von Facebook, was tun? - Standard

Sparkassen Tojaner von Facebook, was tun?



ok, den rest hast du ja übernommen nehme ich an?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Sparkassen Tojaner von Facebook, was tun?
4d36e972-e325-11ce-bfc1-08002be10318, akamai, audiodg.exe, avp.exe, bho, bonjour, c:\windows\system32\rundll32.exe, chromium, corp./icp, error, excel, fehler, firefox, fontcache, google, google chrome, hängen, indesign, installation, internet, kaspersky, kis, langs, location, logfile, lws.exe, media center, microsoft office word, monitor.exe, mozilla, mozilla thunderbird, nvstor.sys, oldtimer, otl.exe, pixel, plug-in, programdata, realtek, registry, richtlinie, saver, scan, searchplugins, security, security update, server, software, start menu, studio, taskhost.exe, tastatur, tojaner, vdeck.exe, was tun, webcheck, windows, wrapper




Ähnliche Themen: Sparkassen Tojaner von Facebook, was tun?


  1. Sparkassen Trojaner?!
    Plagegeister aller Art und deren Bekämpfung - 21.03.2015 (21)
  2. Sparkassen Trojaner
    Log-Analyse und Auswertung - 05.09.2013 (13)
  3. Sparkassen-Trojaner
    Log-Analyse und Auswertung - 21.05.2013 (21)
  4. Sparkassen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.04.2013 (13)
  5. Sparkassen Trojaner
    Log-Analyse und Auswertung - 02.04.2013 (17)
  6. Facebook-Trojaner: vinamost.net/images/facebook/get.php?image=IMG39348819.JPG
    Log-Analyse und Auswertung - 21.11.2011 (42)
  7. Sparkassen Trojaner
    Log-Analyse und Auswertung - 20.10.2011 (12)
  8. Sparkassen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.09.2011 (5)
  9. Sparkassen Virus
    Plagegeister aller Art und deren Bekämpfung - 22.07.2011 (1)
  10. Der Sparkassen RAT
    Plagegeister aller Art und deren Bekämpfung - 26.03.2011 (7)
  11. Zuerst Facebook-Virus-Neu aufgesetzt,cpu Auslastung 100%,bei Facebook-Games extrem lahm!
    Log-Analyse und Auswertung - 03.02.2011 (11)
  12. Sparkassen TAN-Abfrage-Trojaner.
    Plagegeister aller Art und deren Bekämpfung - 15.12.2010 (4)
  13. Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (6)
  14. Sparkassen Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (15)
  15. Sparkassen 40 TAN Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.08.2010 (5)
  16. Sparkassen-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.08.2010 (9)

Zum Thema Sparkassen Tojaner von Facebook, was tun? - Hallo, ich muss am 24.01. auf Facebook irgendeinen Link von einem Freund angeklickt haben, der die Datei FACEBOOK-PIC000934519.EXE heruntergeladen hat. Kaspersky (Internet Security) hat auch angeschlagen. Da das aber öfters - Sparkassen Tojaner von Facebook, was tun?...
Archiv
Du betrachtest: Sparkassen Tojaner von Facebook, was tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.