Trojaner-Board - Win32.Agent.bb

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Win32.Agent.bb (https://www.trojaner-board.de/107721-win32-agent-bb.html)

Hallo Trojaner-Board Community,

Skybot hat folgendes Problem gemeldet:
"
--- Search result list ---
Win32.Agent.bb: [SBI $E6716A09] Programm-Verzeichnis (Verzeichnis, nothing done)
C:\Dokumente und Einstellungen\Jan\Anwendungsdaten\SogouExplorer\
"

Leider konnte weder Skybot den Trojaner entfernen, noch erkennt Avira Antivirus den Eindringling. Über google habe ich Euer Forum gefunden und wende mich nun vertrauensvoll an Euch. Der Trojaner Win32.Agent.bb scheint bekannt zu sein, jedoch sind mir die Anleitungen im Internet nicht ganz geheuer.

Das ist mein erster Post. Verzeiht bitte, wenn ich nicht alles gleich richtig mache. Ich habe versucht die Anweisung für Hilfesuchende so gut wie möglich zu befolgen.

Schritt I: Defogger erledigt
Schritt II: OTL LOG

Code:

OTL logfile created on: 1/7/2012 2:00:29 AM - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.77% Memory free

3.85 Gb Paging File | 3.33 Gb Available in Paging File | 86.57% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 69.65 Gb Total Space | 4.96 Gb Free Space | 7.12% Space Free | Partition Type: NTFS

 

Computer Name: LENOVO-B00D28A3 | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012/01/07 01:59:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

PRC - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2011/10/19 16:56:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2011/10/19 16:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/10/09 10:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\SyncServer.exe

PRC - [2011/09/27 06:22:34 | 000,013,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\distnoted.exe

PRC - [2010/04/23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe

PRC - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe

PRC - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

PRC - [2008/04/14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

PRC - [2005/12/21 17:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe

PRC - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

PRC - [2005/12/21 16:17:54 | 000,722,480 | ---- | M] (IBM) -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe

PRC - [2005/12/02 02:03:00 | 000,229,376 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe

PRC - [2005/12/01 00:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE

PRC - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011/10/19 16:56:38 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll

MOD - [2011/05/22 18:21:36 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll

MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2008/09/29 16:37:44 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Backup Now EZ\sqlite3.dll

MOD - [2006/04/17 12:12:32 | 000,114,688 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocMigrator.dll

MOD - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

MOD - [2006/04/17 12:12:22 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll

MOD - [2006/04/17 12:12:18 | 000,532,480 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACon.dll

MOD - [2006/04/17 11:47:38 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ThinQCon.dll

MOD - [2006/04/17 11:47:18 | 000,090,112 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcStub.dll

MOD - [2006/04/17 11:44:32 | 000,007,680 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll

MOD - [2006/04/17 11:44:28 | 000,143,360 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll

MOD - [2006/04/17 11:44:22 | 000,151,552 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll

MOD - [2006/04/17 11:43:44 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll

MOD - [2006/04/17 11:43:38 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll

MOD - [2006/02/17 15:15:46 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll

MOD - [2006/02/17 15:15:46 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll

MOD - [2006/02/17 15:15:46 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll

MOD - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

MOD - [2005/12/21 17:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe

MOD - [2005/12/21 17:23:06 | 000,139,264 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll

MOD - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

MOD - [2005/12/21 17:19:10 | 000,155,648 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\ui.dll

MOD - [2005/12/21 17:19:02 | 000,069,632 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\zlib.dll

MOD - [2005/12/21 17:15:14 | 000,671,744 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rr_res.dll

MOD - [2005/11/30 19:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll

MOD - [2005/10/19 09:17:58 | 000,073,728 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll

MOD - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011/06/07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Programme\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)

SRV - [2010/10/03 17:03:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)

SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)

SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)

SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/04/17 12:12:28 | 000,151,552 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)

SRV - [2005/12/21 16:17:54 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)

SRV - [2005/12/01 00:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)

SRV - [2005/11/01 14:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)

SRV - [2005/08/01 16:32:40 | 000,040,960 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)

SRV - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)

SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011/12/08 23:09:11 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/10/19 16:56:50 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/10/19 16:56:50 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010/09/29 19:38:44 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2008/05/08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)

DRV - [2008/04/13 19:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)

DRV - [2006/12/21 11:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2006/12/21 11:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2006/12/21 11:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2006/09/13 18:49:52 | 001,724,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/02/17 15:41:50 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2006/01/12 23:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)

DRV - [2005/12/21 22:39:46 | 000,006,912 | ---- | M] (IBM Corp.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\ANCSQ.sys -- (ANCSQ)

DRV - [2005/12/21 16:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)

DRV - [2005/12/07 00:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)

DRV - [2005/12/04 23:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)

DRV - [2005/12/01 00:09:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)

DRV - [2005/11/30 00:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)

DRV - [2005/11/30 00:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)

DRV - [2005/11/21 01:41:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)

DRV - [2005/11/15 12:11:28 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)

DRV - [2005/11/08 08:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2005/11/01 13:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2005/11/01 13:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.lenovo.com/de/de

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Game Master 1.1 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856449&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110529&user_guid=670230B35AF54A8C94B2CBCABA1CF55A&machine_id=6fc368cecf994cfb74d4ab4711c21dc9&browser=FF&os=win&os_version=5.1-x86-SP3"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=782682b00000000000000018de73780d&tlver=1.4.31.2&instlRef=sst&affID=19950&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\superfish@superfish.com: C:\Dokumente und Einstellungen\All Users\AnwendungsdatenMozilla\Extensions\superfish@superfish.com [2011/05/30 15:32:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/12/04 12:03:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/12/03 21:07:56 | 000,000,000 | ---D | M]

 

[2010/09/30 20:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions

[2011/08/21 17:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions

[2011/05/29 20:38:40 | 000,002,265 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\bing-zugo.xml

[2010/12/30 17:26:30 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\conduit.xml

[2011/01/04 18:20:25 | 000,002,523 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\google-ssl.xml

[2010/10/19 23:10:08 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\winamp-search.xml

[2011/12/04 12:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011/12/04 12:03:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2011/08/03 14:24:07 | 000,002,287 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml

[2011/09/29 01:26:50 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011/12/04 12:03:27 | 000,002,040 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\twitter.xml

 

O1 HOSTS File: ([2012/01/01 11:13:26 | 000,440,006 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 15128 more lines...

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Vertrauenswürdige Sites)

O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://cas.sc.loc/auth/taweb.cab (Cisco NAC Web Agent Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285791548781 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6102BDB8-B1E7-41FC-BCA3-774C86A6C452}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()

O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/09/29 19:51:53 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell - "" = AutoRun

O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe

O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/07 01:59:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2012/01/06 22:14:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes

[2012/01/06 22:12:57 | 000,000,000 | ---D | C] -- C:\Programme\iPod

[2012/01/06 22:12:42 | 000,000,000 | ---D | C] -- C:\Programme\iTunes

[2011/12/31 17:44:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2011/12/31 17:44:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011/12/31 17:42:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol

[2011/12/31 17:41:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\HiJackThis

[2011/12/31 17:41:39 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro

[2011/12/31 17:25:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2011/12/31 15:27:49 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent

[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Dokumente und Einstellungen\***\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\***\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/01/07 01:59:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2012/01/06 22:44:48 | 001,562,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/01/06 22:43:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/01/06 22:43:10 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/06 22:20:41 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable

[2012/01/06 22:14:35 | 000,001,533 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk

[2012/01/06 21:52:27 | 041,658,027 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5538.MOV

[2012/01/05 14:26:16 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job

[2012/01/02 16:35:25 | 000,000,020 | ---- | M] () -- C:\WINDOWS\tpcsd

[2012/01/02 16:20:50 | 000,605,906 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012/01/02 16:20:50 | 000,546,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/01/02 16:20:50 | 000,130,460 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012/01/02 16:20:50 | 000,102,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/01/01 11:20:52 | 001,466,761 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5472.JPG

[2012/01/01 11:20:26 | 001,423,115 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5462.JPG

[2012/01/01 11:13:26 | 000,440,006 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120101-111406.backup

[2012/01/01 11:13:26 | 000,440,006 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/12/31 22:52:00 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/31 20:13:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[2011/12/31 17:41:40 | 000,001,980 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.lnk

[2011/12/26 16:51:52 | 000,831,582 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5476.jpg

[2011/12/26 03:13:46 | 001,080,601 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0196.jpg

[2011/12/24 19:46:16 | 001,397,424 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0194.jpg

[2011/12/24 19:46:05 | 001,420,122 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0192.jpg

[2011/12/24 19:45:42 | 001,454,532 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0191.jpg

[2011/12/24 19:45:40 | 001,428,690 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0190.jpg

[2011/12/24 19:45:29 | 018,553,866 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0189.MOV

[2011/12/22 17:02:10 | 001,136,092 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Bild 070.jpg

[2011/12/22 16:58:26 | 001,520,087 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2564.JPG

[2011/12/14 23:12:08 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/12/11 16:21:04 | 001,406,262 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5481.JPG

[2011/12/11 16:20:56 | 001,438,864 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5480.JPG

[2011/12/11 15:44:26 | 001,302,399 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5475.JPG

[2011/12/08 23:09:11 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Dokumente und Einstellungen\***\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\***\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012/01/06 22:20:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable

[2012/01/06 22:14:35 | 000,001,533 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk

[2012/01/06 21:49:41 | 041,658,027 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5538.MOV

[2012/01/05 14:26:16 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job

[2012/01/04 19:49:49 | 001,596,813 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_4737.JPG

[2012/01/04 19:49:48 | 002,400,987 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_4683.JPG

[2012/01/04 19:49:48 | 002,278,860 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2591.JPG

[2012/01/04 19:49:48 | 002,206,123 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2548.JPG

[2012/01/04 19:49:48 | 002,028,563 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2533.JPG

[2012/01/04 19:49:48 | 001,833,308 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2561.JPG

[2012/01/04 19:49:48 | 001,667,983 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_4713.JPG

[2012/01/04 19:49:48 | 001,520,087 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2564.JPG

[2012/01/04 19:49:48 | 001,427,929 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_4510.JPG

[2012/01/04 19:49:48 | 001,317,122 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2726.JPG

[2012/01/04 19:49:48 | 000,769,650 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2527.JPG

[2012/01/04 19:49:47 | 005,965,566 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2466.jpg

[2012/01/04 19:49:47 | 001,466,761 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5472.JPG

[2012/01/04 19:49:47 | 001,438,864 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5480.JPG

[2012/01/04 19:49:47 | 001,423,115 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5462.JPG

[2012/01/04 19:49:47 | 001,406,262 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5481.JPG

[2012/01/04 19:49:47 | 001,302,399 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5475.JPG

[2012/01/04 19:49:47 | 001,236,624 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\DSCF1886.JPG

[2012/01/04 19:49:47 | 001,136,092 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Bild 070.jpg

[2012/01/04 19:49:47 | 000,808,348 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Bild 046.jpg

[2012/01/04 19:49:47 | 000,423,878 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Bild 568.jpg

[2012/01/04 19:49:45 | 002,437,141 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_4743.JPG

[2012/01/04 19:49:45 | 001,825,082 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5014.JPG

[2012/01/04 19:49:45 | 001,731,226 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5011.JPG

[2012/01/04 19:49:45 | 001,629,555 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5010.JPG

[2012/01/04 19:49:45 | 001,620,756 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_4744.jpg

[2012/01/04 19:48:31 | 002,209,581 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2589.JPG

[2012/01/04 19:48:11 | 000,831,582 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5476.jpg

[2012/01/04 19:47:20 | 001,964,273 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5017.jpg

[2012/01/02 16:35:25 | 000,000,020 | ---- | C] () -- C:\WINDOWS\tpcsd

[2011/12/31 17:41:40 | 000,001,980 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.lnk

[2011/12/26 03:13:46 | 001,080,601 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0196.jpg

[2011/12/24 19:46:16 | 001,397,424 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0194.jpg

[2011/12/24 19:46:05 | 001,420,122 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0192.jpg

[2011/12/24 19:45:42 | 001,454,532 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0191.jpg

[2011/12/24 19:45:40 | 001,428,690 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0190.jpg

[2011/12/24 19:45:29 | 018,553,866 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0189.MOV

[2011/07/22 08:53:28 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2011/07/12 17:16:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini

[2011/06/03 15:38:59 | 000,000,041 | ---- | C] () -- C:\WINDOWS\mapedit2.ini

[2011/05/29 20:44:51 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2010/12/15 00:06:50 | 000,059,392 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/29 15:29:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/10/16 11:00:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/09 20:15:36 | 000,051,892 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/10/03 17:24:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

[2010/10/02 19:10:18 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2010/10/02 19:10:18 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2010/10/02 19:09:39 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2010/10/02 19:09:38 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2010/10/02 19:09:37 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2010/10/02 19:09:36 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2010/10/01 18:32:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

[2010/09/30 20:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/09/29 19:51:47 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2010/09/29 19:41:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2010/09/29 19:40:56 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE

[2010/09/29 19:40:56 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2010/09/29 19:40:39 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2010/09/29 19:38:44 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe

[2010/09/29 19:34:07 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat

[2010/09/29 19:30:51 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys

[2010/09/29 19:30:32 | 000,001,310 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/09/29 19:19:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll

[2010/09/29 19:18:38 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS

[2010/09/29 19:17:07 | 000,147,520 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe

[2010/09/29 19:16:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe

[2010/09/29 19:02:38 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2010/09/29 18:56:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll

[2010/09/29 18:56:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll

[2010/09/29 18:54:24 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2008/05/26 21:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008/05/26 21:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008/05/26 21:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2005/11/01 13:59:16 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2005/10/17 14:22:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL

[2005/07/08 00:06:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe

[2005/05/23 07:22:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN

[2005/05/23 07:22:24 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT

[2004/08/10 12:48:32 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 12:33:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/10 12:23:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/10 12:18:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/10 12:17:14 | 001,562,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[1979/12/31 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[1979/12/31 23:00:00 | 000,605,906 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[1979/12/31 23:00:00 | 000,546,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[1979/12/31 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[1979/12/31 23:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[1979/12/31 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[1979/12/31 23:00:00 | 000,130,460 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[1979/12/31 23:00:00 | 000,102,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[1979/12/31 23:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

[1979/12/31 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[1979/12/31 23:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[1979/12/31 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[1979/12/31 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[1979/12/31 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[1979/12/31 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

 
 ========== LOP Check ==========

 

[2010/09/29 21:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco

[2011/07/28 21:50:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO

[2010/09/29 19:29:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo

[2010/10/02 19:17:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NTIReg

[2011/05/30 01:07:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2011/07/22 08:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip

[2011/05/30 01:04:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

[2010/10/02 22:53:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/01/29 03:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Amazon

[2011/07/22 09:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint

[2010/09/29 19:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IBM

[2011/12/03 20:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ

[2010/10/26 22:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo

[2010/10/05 14:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lenovo

[2010/12/05 21:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller

[2010/11/12 21:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org

[2011/10/13 05:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge

[2010/11/04 02:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings

[2010/10/09 20:23:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SE_logs

[2011/01/19 04:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SGPPLog

[2011/07/26 12:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouExplorer

[2011/06/01 18:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY

[2010/10/09 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY.users

[2010/09/29 19:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ThinkVantage

[2011/05/30 06:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software

[2011/01/14 19:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2011/10/11 21:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search

[2011/10/11 23:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search

[2011/12/31 17:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol

[2011/12/31 20:13:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

 
 ========== Purity Check ==========

 

 

 
 ========== Files - Unicode (All) ==========

(C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\???????) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\搜狗拼音输入法
 

< End of report >

Schritt III: Logfiles im Anhang

Malwarebytes Log:

Code:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2011.12.31.04
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Jan :: LENOVO-B00D28A3 [Administrator]
 

12/31/2011 5:50:23 PM

mbam-log-2011-12-31 (17-50-23).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 237853

Laufzeit: 20 Minute(n), 49 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 2

HKCR\SogouExplorer.AssocFile.HTM (Adware.Sogou) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Clients\StartMenuInternet\SogouExplorer.exe (Adware.Sogou) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 1

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Vielen Dank im Voraus für Eure Unterstützung!

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo cosinus,

Danke für Deine Antwort. Der Vollscan von Anti-Malware hat keine weiteren Ergebnisse erbracht.

Code:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.07.01
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

***:: LENOVO-B00D28A3 [Administrator]
 

1/8/2012 12:05:29 PM

mbam-log-2012-01-08 (12-05-29).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 423943

Laufzeit: 6 Stunde(n), 37 Minute(n), 53 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Hier das Ergebnis des ESET Scanners:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=7aafad8a82e3f54a95fa0f02b1c7d26a

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-12-31 09:11:43

# local_time=2011-12-31 10:11:43 (+0100, Westeuropäische Normalzeit)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1792 16777191 100 0 2412364 2412364 0 0

# compatibility_mode=8192 67108863 100 0 3803 3803 0 0

# scanned=195573

# found=16

# cleaned=16

# scan_time=16964

C:\Programme\Application Updater\ApplicationUpdater.exe        probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe        Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll        a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Adware.Toolbar.Dealio application (deleted - quarantined)        00000000000000000000000000000000        C

C:\Programme\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll        a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Programme\StartNow Toolbar\Toolbar32.dll        a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Programme\StartNow Toolbar\ToolbarUpdaterService.exe        a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP21\A0009080.exe        multiple threats (deleted - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP21\A0009113.exe        a variant of Win32/Toolbar.Babylon application (deleted - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010675.exe        probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010676.exe        Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010677.dll        a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010678.exe        Win32/Adware.Toolbar.Dealio application (deleted - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010679.dll        a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010680.dll        a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010681.exe        a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=7aafad8a82e3f54a95fa0f02b1c7d26a

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-01-08 11:16:35

# local_time=2012-01-09 12:16:35 (+0100, Westeuropäische Normalzeit)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 704625 704625 0 0

# compatibility_mode=5891 16776869 42 87 26852 22921594 0 0

# compatibility_mode=8192 67108863 100 0 705589 705589 0 0

# compatibility_mode=9217 16777214 75 66 105516 48324354 0 0

# scanned=199052

# found=0

# cleaned=0

# scan_time=13870

Was sind die nächsten Schritte?

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

So bisher habe ich die Raute-Taste # im Menü zum Posten des Logs benutzt.
Ich bin verunsichert, weil Du die Anleitung zum Log posten immer dazu schreibst/ kopierst. Hat das eine Bedeutung? Leider kann ich keinen Unterschied zwischen Deinem und meinem Log feststellen.

Hier der OTL Log:

OTL Logfile:

Code:

OTL logfile created on: 1/10/2012 10:23:30 PM - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\***\Desktop\Trojaner

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.39% Memory free

3.85 Gb Paging File | 3.23 Gb Available in Paging File | 83.94% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 69.65 Gb Total Space | 8.10 Gb Free Space | 11.63% Space Free | Partition Type: NTFS

 

Computer Name: LENOVO-B00D28A3 | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012/01/07 15:22:47 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe

PRC - [2012/01/07 01:59:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\Trojaner\OTL.exe

PRC - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2011/09/05 14:46:50 | 000,362,200 | ---- | M] (facemoods.com) -- C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe

PRC - [2011/07/29 10:30:30 | 000,994,360 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe

PRC - [2011/07/29 10:30:28 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe

PRC - [2011/07/29 10:30:28 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe

PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe

PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2010/06/28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe

PRC - [2010/06/28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe

PRC - [2010/06/15 16:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe

PRC - [2010/06/15 16:49:50 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe

PRC - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe

PRC - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

PRC - [2008/04/14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

PRC - [2005/12/21 17:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe

PRC - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

PRC - [2005/12/21 16:17:54 | 000,722,480 | ---- | M] (IBM) -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe

PRC - [2005/12/01 00:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE

PRC - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll

MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2008/09/29 16:37:44 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Backup Now EZ\sqlite3.dll

MOD - [2006/04/17 12:12:32 | 000,114,688 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocMigrator.dll

MOD - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

MOD - [2006/04/17 12:12:22 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll

MOD - [2006/04/17 12:12:18 | 000,532,480 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACon.dll

MOD - [2006/04/17 11:47:38 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ThinQCon.dll

MOD - [2006/04/17 11:47:18 | 000,090,112 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcStub.dll

MOD - [2006/04/17 11:44:32 | 000,007,680 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll

MOD - [2006/04/17 11:44:28 | 000,143,360 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll

MOD - [2006/04/17 11:44:22 | 000,151,552 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll

MOD - [2006/04/17 11:43:44 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll

MOD - [2006/04/17 11:43:38 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll

MOD - [2006/02/17 15:15:46 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll

MOD - [2006/02/17 15:15:46 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll

MOD - [2006/02/17 15:15:46 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll

MOD - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

MOD - [2005/12/21 17:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe

MOD - [2005/12/21 17:23:06 | 000,139,264 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll

MOD - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

MOD - [2005/12/21 17:19:10 | 000,155,648 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\ui.dll

MOD - [2005/12/21 17:19:02 | 000,069,632 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\zlib.dll

MOD - [2005/12/21 17:15:14 | 000,671,744 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rr_res.dll

MOD - [2005/11/30 19:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll

MOD - [2005/07/05 22:45:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\notifyf2.dll

MOD - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012/01/07 15:22:47 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2011/07/29 10:30:30 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)

SRV - [2011/07/29 10:30:28 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011/06/07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Programme\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/10/03 17:03:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/06/28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2010/06/15 16:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)

SRV - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)

SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)

SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)

SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/04/17 12:12:28 | 000,151,552 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)

SRV - [2005/12/21 16:17:54 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)

SRV - [2005/12/01 00:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)

SRV - [2005/11/01 14:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)

SRV - [2005/08/01 16:32:40 | 000,040,960 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)

SRV - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)

SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012/01/10 18:29:14 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{96F99F64-AE02-4C21-BD3F-DC2E07525CE2}\MpKsl7c37a9de.sys -- (MpKsl7c37a9de)

DRV - [2012/01/07 21:36:39 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011/03/18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)

DRV - [2010/09/29 19:38:44 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2010/06/15 16:49:46 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2008/05/08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)

DRV - [2008/04/13 19:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)

DRV - [2006/12/21 11:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2006/12/21 11:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2006/12/21 11:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2006/09/13 18:49:52 | 001,724,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/02/17 15:41:50 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2006/01/12 23:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)

DRV - [2005/12/21 22:39:46 | 000,006,912 | ---- | M] (IBM Corp.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\ANCSQ.sys -- (ANCSQ)

DRV - [2005/12/21 16:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)

DRV - [2005/12/07 00:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)

DRV - [2005/12/04 23:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)

DRV - [2005/12/01 00:09:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)

DRV - [2005/11/30 00:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)

DRV - [2005/11/30 00:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)

DRV - [2005/11/21 01:41:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)

DRV - [2005/11/15 12:11:28 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)

DRV - [2005/11/08 08:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2005/11/01 13:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2005/11/01 13:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.lenovo.com/de/de

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Game Master 1.1 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856449&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://my.daemon-search.com/|hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110529&user_guid=670230B35AF54A8C94B2CBCABA1CF55A&machine_id=6fc368cecf994cfb74d4ab4711c21dc9&browser=FF&os=win&os_version=5.1-x86-SP3"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=782682b00000000000000018de73780d&tlver=1.4.31.2&instlRef=sst&affID=19950&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\superfish@superfish.com: C:\Dokumente und Einstellungen\All Users\AnwendungsdatenMozilla\Extensions\superfish@superfish.com [2011/05/30 15:32:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012/01/08 11:54:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/01/07 15:16:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/01/07 21:39:30 | 000,000,000 | ---D | M]

 

[2010/09/30 20:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions

[2012/01/08 14:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions

[2012/01/07 21:37:31 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com

[2012/01/08 12:01:20 | 000,000,000 | ---D | M] (Facemoods) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\ffxtlbr@Facemoods.com

[2011/05/29 20:38:40 | 000,002,265 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\bing-zugo.xml

[2010/12/30 17:26:30 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\conduit.xml

[2012/01/07 21:37:11 | 000,002,055 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\daemon-search.xml

[2011/01/04 18:20:25 | 000,002,523 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\google-ssl.xml

[2010/10/19 23:10:08 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\winamp-search.xml

[2012/01/08 14:36:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012/01/08 14:36:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/12/17 06:09:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011/12/09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll

[2011/12/17 02:38:42 | 000,001,538 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazon-en-GB.xml

[2011/08/03 14:24:07 | 000,002,287 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml

[2011/12/17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011/12/17 02:38:42 | 000,000,947 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\chambers-en-GB.xml

[2011/12/17 02:38:42 | 000,001,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/01/08 12:01:23 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml

[2011/12/17 02:38:42 | 000,001,135 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-en-GB.xml

 
 ========== Chrome  ==========

 

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll

CHR - plugin: npFFApi (Enabled) = C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Picasa (Enabled) = C:\Programme\Picasa2\npPicasa3.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Facemoods = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0\

CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

 

O1 HOSTS File: ([2012/01/01 11:13:26 | 000,440,006 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 15128 more lines...

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)

O2 - BHO: (no name) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - No CLSID value found.

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [facemoods] C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)

O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2 ()

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Vertrauenswürdige Sites)

O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://cas.sc.loc/auth/taweb.cab (Cisco NAC Web Agent Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285791548781 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.7.0_02)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{321EE642-2C2E-4B36-AA44-BF882FCDB941}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()

O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/09/29 19:51:53 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell - "" = AutoRun

O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe

O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/10 06:02:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2012/01/09 23:07:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth

[2012/01/08 20:19:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Verwaltung

[2012/01/08 15:03:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PHP 5

[2012/01/08 15:03:27 | 000,000,000 | ---D | C] -- C:\Programme\PHP

[2012/01/08 14:58:14 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.3

[2012/01/08 14:48:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\OneNote Notebooks

[2012/01/08 14:14:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Google Chrome

[2012/01/08 12:16:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\facemoods.com

[2012/01/08 12:01:16 | 000,000,000 | ---D | C] -- C:\Programme\facemoods.com

[2012/01/08 11:59:15 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader

[2012/01/07 22:35:38 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent

[2012/01/07 21:39:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IsoBuster

[2012/01/07 21:39:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Winamp

[2012/01/07 21:39:31 | 000,000,000 | ---D | C] -- C:\Programme\Smart Projects

[2012/01/07 21:39:30 | 000,000,000 | ---D | C] -- C:\Programme\Winamp Detect

[2012/01/07 21:38:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Winamp

[2012/01/07 21:37:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DAEMON Tools Lite

[2012/01/07 21:37:11 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Toolbar

[2012/01/07 21:36:38 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys

[2012/01/07 21:36:14 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite

[2012/01/07 21:36:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite

[2012/01/07 21:36:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2012/01/07 21:35:18 | 000,000,000 | ---D | C] -- C:\Programme\SopCast

[2012/01/07 21:35:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\SopCast

[2012/01/07 21:34:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN

[2012/01/07 21:31:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\FFOutput

[2012/01/07 21:30:39 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

[2012/01/07 21:29:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\FormatFactory

[2012/01/07 21:28:26 | 000,000,000 | ---D | C] -- C:\Programme\FreeTime

[2012/01/07 21:26:10 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client

[2012/01/07 16:05:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ZoneAlarm

[2012/01/07 16:04:02 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs

[2012/01/07 16:03:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs

[2012/01/07 16:02:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView

[2012/01/07 16:02:43 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView

[2012/01/07 15:54:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Sun

[2012/01/07 15:52:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PCHealth

[2012/01/07 15:24:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java

[2012/01/07 15:19:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Notepad++

[2012/01/07 15:19:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Notepad++

[2012/01/07 15:19:07 | 000,000,000 | ---D | C] -- C:\Programme\Notepad++

[2012/01/07 15:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Picasa 3

[2012/01/07 15:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia

[2012/01/07 15:02:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe

[2012/01/07 14:54:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Tro***er

[2012/01/07 14:40:02 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client

[2012/01/07 14:32:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\SpeedFan

[2012/01/07 14:32:28 | 000,000,000 | ---D | C] -- C:\Programme\SpeedFan

[2012/01/07 14:32:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Secunia PSI

[2012/01/07 14:30:33 | 000,000,000 | ---D | C] -- C:\Programme\Secunia

[2012/01/07 14:05:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012/01/07 14:05:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/01/07 14:05:14 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012/01/07 11:55:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip

[2012/01/07 11:55:28 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip

[2012/01/06 22:14:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes

[2012/01/06 22:12:57 | 000,000,000 | ---D | C] -- C:\Programme\iPod

[2012/01/06 22:12:42 | 000,000,000 | ---D | C] -- C:\Programme\iTunes

[2011/12/31 17:44:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2011/12/31 17:44:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011/12/31 17:42:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol

[2011/12/31 17:41:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\HiJackThis

[2011/12/31 17:41:39 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro

[2011/12/31 17:25:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/01/10 18:26:43 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2012/01/09 22:57:50 | 001,562,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/01/09 22:57:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/01/09 22:56:57 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/08 15:26:09 | 000,608,888 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012/01/08 15:26:09 | 000,548,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/01/08 15:26:09 | 000,132,094 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012/01/08 15:26:09 | 000,104,038 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/01/08 15:25:00 | 000,000,674 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf

[2012/01/08 14:50:20 | 000,003,656 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2

[2012/01/08 14:49:48 | 000,004,960 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\OneNote Table Of Contents.onetoc2

[2012/01/08 14:48:14 | 000,000,938 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OneNote 2007 Screen Clipper and Launcher.lnk

[2012/01/08 14:11:56 | 000,001,150 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1005Core.job

[2012/01/08 12:25:35 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/01/07 21:36:39 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys

[2012/01/07 16:06:08 | 000,427,421 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2012/01/07 16:05:06 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat

[2012/01/07 15:20:01 | 000,002,198 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2012/01/07 15:16:31 | 000,000,707 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2012/01/07 14:32:28 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo

[2012/01/07 14:30:50 | 000,000,736 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk

[2012/01/06 22:20:41 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable

[2012/01/05 14:26:16 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job

[2012/01/02 16:35:25 | 000,000,020 | ---- | M] () -- C:\WINDOWS\tpcsd

[2012/01/01 11:13:26 | 000,440,006 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120101-111406.backup

[2012/01/01 11:13:26 | 000,440,006 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/12/31 22:52:00 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/31 20:13:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012/01/08 14:50:14 | 000,003,656 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2

[2012/01/08 14:49:53 | 000,003,656 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OneNote Table Of Contents.onetoc2

[2012/01/08 14:49:02 | 000,004,960 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\OneNote Table Of Contents.onetoc2

[2012/01/08 14:48:14 | 000,000,938 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OneNote 2007 Screen Clipper and Launcher.lnk

[2012/01/08 14:11:56 | 000,001,150 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1005Core.job

[2012/01/08 12:00:37 | 000,001,598 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader.lnk

[2012/01/07 16:05:06 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2012/01/07 16:04:04 | 000,427,421 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml

[2012/01/07 14:48:06 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2012/01/07 14:43:12 | 000,002,198 | ---- | C] () -- C:\WINDOWS\epplauncher.mif

[2012/01/07 14:41:05 | 000,001,663 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Security Essentials.lnk

[2012/01/07 14:32:27 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo

[2012/01/07 14:30:50 | 000,000,736 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk

[2012/01/07 14:30:50 | 000,000,699 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Secunia PSI.lnk

[2012/01/06 22:20:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable

[2012/01/05 14:26:16 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job

[2012/01/02 16:35:25 | 000,000,020 | ---- | C] () -- C:\WINDOWS\tpcsd

[2011/07/22 08:53:28 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2011/07/12 17:16:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini

[2011/06/03 15:38:59 | 000,000,041 | ---- | C] () -- C:\WINDOWS\mapedit2.ini

[2011/05/29 20:44:51 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2010/12/15 00:06:50 | 000,059,392 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/29 15:29:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/10/16 11:00:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/09 20:15:36 | 000,051,892 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/10/03 17:24:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

[2010/10/02 19:10:18 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2010/10/02 19:10:18 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2010/10/02 19:09:39 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2010/10/02 19:09:38 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2010/10/02 19:09:37 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2010/10/01 18:32:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

[2010/09/30 20:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/09/29 19:51:47 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2010/09/29 19:41:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2010/09/29 19:40:56 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE

[2010/09/29 19:40:56 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2010/09/29 19:40:39 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2010/09/29 19:38:44 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe

[2010/09/29 19:34:07 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat

[2010/09/29 19:30:51 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys

[2010/09/29 19:30:32 | 000,001,310 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/09/29 19:19:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll

[2010/09/29 19:18:38 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS

[2010/09/29 19:17:07 | 000,147,520 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe

[2010/09/29 19:16:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe

[2010/09/29 19:02:38 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2010/09/29 18:56:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll

[2010/09/29 18:56:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll

[2010/09/29 18:54:24 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2008/05/26 21:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008/05/26 21:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008/05/26 21:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2005/11/01 13:59:16 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2005/10/17 14:22:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL

[2005/07/08 00:06:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe

[2005/05/23 07:22:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN

[2005/05/23 07:22:24 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT

[2004/08/10 12:48:32 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 12:33:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/10 12:23:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/10 12:18:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/10 12:17:14 | 001,562,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

[1979/12/31 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[1979/12/31 23:00:00 | 000,608,888 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[1979/12/31 23:00:00 | 000,548,920 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[1979/12/31 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[1979/12/31 23:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[1979/12/31 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[1979/12/31 23:00:00 | 000,132,094 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[1979/12/31 23:00:00 | 000,104,038 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[1979/12/31 23:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

[1979/12/31 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[1979/12/31 23:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[1979/12/31 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[1979/12/31 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[1979/12/31 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[1979/12/31 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

 
 ========== LOP Check ==========

 

[2010/09/29 21:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco

[2012/01/07 21:36:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2011/07/28 21:50:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO

[2010/09/29 19:29:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo

[2010/10/02 19:17:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NTIReg

[2011/05/30 01:07:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2011/07/22 08:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip

[2011/05/30 01:04:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

[2010/10/02 22:53:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/01/29 03:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Amazon

[2011/07/22 09:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint

[2012/01/07 21:36:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite

[2012/01/08 12:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\facemoods.com

[2010/09/29 19:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IBM

[2011/12/03 20:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ

[2010/10/26 22:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo

[2010/10/05 14:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lenovo

[2010/12/05 21:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller

[2010/11/12 21:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org

[2011/10/13 05:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge

[2010/11/04 02:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings

[2010/10/09 20:23:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SE_logs

[2011/01/19 04:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SGPPLog

[2011/07/26 12:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouExplorer

[2011/06/01 18:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY

[2010/10/09 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY.users

[2010/09/29 19:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ThinkVantage

[2011/05/30 06:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software

[2011/01/14 19:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2011/10/11 21:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search

[2011/10/11 23:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search

[2011/12/31 17:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol

[2012/01/10 18:26:43 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2011/12/31 20:13:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < ESETSmartInstaller@High as downloader log: >

 
 < all ok >

 
 < # version=7 >

 
 < # OnlineScannerApp.exe=1.0.0.1 >

 
 < # OnlineScanner.ocx=1.0.0.6583 >

 
 < # api_version=3.0.2 >

 
 < # EOSSerial=7aafad8a82e3f54a95fa0f02b1c7d26a >

 
 < # end=finished >

 
 < # remove_checked=true >

 
 < # archives_checked=true >

 
 < # unwanted_checked=true >

 
 < # unsafe_checked=true >

 
 < # antistealth_checked=true >

 
 < # utc_time=2011-12-31 09:11:43 >

 
 < # local_time=2011-12-31 10:11:43 (+0100, Westeuropäische Normalzeit) >

 
 < # country="United States" >

 
 < # lang=1033 >

 
 < # osver=5.1.2600 NT Service Pack 3 >

 
 < # compatibility_mode=1792 16777191 100 0 2412364 2412364 0 0 >

 
 < # compatibility_mode=8192 67108863 100 0 3803 3803 0 0 >

 
 < # scanned=195573 >

 
 < # found=16 >

 
 < # cleaned=16 >

 
 < # scan_time=16964 >

 
 < C:\Programme\Application Updater\ApplicationUpdater.exe        probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C >

Invalid Switch: Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
 

 
 < C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe        Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C >

Invalid Switch: Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
 

 
 < C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll        a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C >

Invalid Switch: Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
 

 
 < C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Adware.Toolbar.Dealio application (deleted - quarantined)        00000000000000000000000000000000        C >

Invalid Switch: Adware.Toolbar.Dealio application (deleted - quarantined)        00000000000000000000000000000000        C
 

 
 < C:\Programme\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll        a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C >

Invalid Switch: Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
 

 
 < C:\Programme\StartNow Toolbar\Toolbar32.dll        a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C >

Invalid Switch: Toolbar.Zugo application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
 

 
 < C:\Programme\StartNow Toolbar\ToolbarUpdaterService.exe        a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C >

Invalid Switch: Toolbar.Zugo application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
 

 
 < C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP21\A0009080.exe        multiple threats (deleted - quarantined)        00000000000000000000000000000000        C >

 
 < C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP21\A0009113.exe        a variant of Win32/Toolbar.Babylon application (deleted - quarantined)        00000000000000000000000000000000        C >

Invalid Switch: Toolbar.Babylon application (deleted - quarantined)        00000000000000000000000000000000        C
 

 
 < C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010675.exe        probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C >

Invalid Switch: Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
 

 
 < C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010676.exe        Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C >

Invalid Switch: Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
 

 
 < C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010677.dll        a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C >

Invalid Switch: Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
 

 
 < C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010678.exe        Win32/Adware.Toolbar.Dealio application (deleted - quarantined)        00000000000000000000000000000000        C >

Invalid Switch: Adware.Toolbar.Dealio application (deleted - quarantined)        00000000000000000000000000000000        C
 

 
 < C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010679.dll        a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C >

Invalid Switch: Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
 

 
 < C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010680.dll        a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C >

Invalid Switch: Toolbar.Zugo application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
 

 
 < C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010681.exe        a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C >

Invalid Switch: Toolbar.Zugo application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
 

 
 < # version=7 >

 
 < # OnlineScannerApp.exe=1.0.0.1 >

 
 < # OnlineScanner.ocx=1.0.0.6583 >

 
 < # api_version=3.0.2 >

 
 < # EOSSerial=7aafad8a82e3f54a95fa0f02b1c7d26a >

 
 < # end=finished >

 
 < # remove_checked=false >

 
 < # archives_checked=true >

 
 < # unwanted_checked=true >

 
 < # unsafe_checked=true >

 
 < # antistealth_checked=true >

 
 < # utc_time=2012-01-08 11:16:35 >

 
 < # local_time=2012-01-09 12:16:35 (+0100, Westeuropäische Normalzeit) >

 
 < # country="United States" >

 
 < # lang=1033 >

 
 < # osver=5.1.2600 NT Service Pack 3 >

 
 < # compatibility_mode=512 16777215 100 0 704625 704625 0 0 >

 
 < # compatibility_mode=5891 16776869 42 87 26852 22921594 0 0 >

 
 < # compatibility_mode=8192 67108863 100 0 705589 705589 0 0 >

 
 < # compatibility_mode=9217 16777214 75 66 105516 48324354 0 0 >

 
 < # scanned=199052 >

 
 < # found=0 >

 
 < # cleaned=0 >

 
 < # scan_time=13870 >

 
 ========== Files - Unicode (All) ==========

(C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\???????) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\搜狗拼音输入法
 

< End of report >

--- --- ---

Nein das ist so richtig wie du das gemacht hast. Ich poste hier mit Hilfe von vorgefertigten Updatebausteinen und lieber poste ich das mit den CODE-Tags einmal zu viel als zu wenig.

Zitat:

========== Custom Scans ==========

< ESETSmartInstaller@High as downloader log: >

< all ok >

< # version=7 >

< # OnlineScannerApp.exe=1.0.0.1 >

Das OTL-Log hast du falsch erstellt. Pass beim Kopieren und einfügen bitte besser auf was da genau kopiert wird!

Das habe ich mir gedacht. Dieses Mal mit dem richtigen Custom Scan.

Code:

OTL logfile created on: 1/11/2012 9:54:56 PM - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\***\Desktop\Trojaner

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.54% Memory free

3.85 Gb Paging File | 3.19 Gb Available in Paging File | 82.93% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 69.65 Gb Total Space | 8.00 Gb Free Space | 11.49% Space Free | Partition Type: NTFS

 

Computer Name: LENOVO-B00D28A3 | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012/01/07 15:22:47 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe

PRC - [2012/01/07 01:59:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\Tro***er\OTL.exe

PRC - [2012/01/03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

PRC - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2011/09/05 14:46:50 | 000,362,200 | ---- | M] (facemoods.com) -- C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe

PRC - [2011/07/29 10:30:30 | 000,994,360 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe

PRC - [2011/07/29 10:30:28 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe

PRC - [2011/07/29 10:30:28 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe

PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe

PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2010/06/28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe

PRC - [2010/06/28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe

PRC - [2010/06/15 16:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe

PRC - [2010/06/15 16:49:50 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe

PRC - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe

PRC - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

PRC - [2008/04/14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

PRC - [2005/12/21 17:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe

PRC - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

PRC - [2005/12/21 16:17:54 | 000,722,480 | ---- | M] (IBM) -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe

PRC - [2005/12/01 00:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE

PRC - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011/07/18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll

MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2008/09/29 16:37:44 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Backup Now EZ\sqlite3.dll

MOD - [2006/04/17 12:12:32 | 000,114,688 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocMigrator.dll

MOD - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

MOD - [2006/04/17 12:12:22 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll

MOD - [2006/04/17 12:12:18 | 000,532,480 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACon.dll

MOD - [2006/04/17 11:47:38 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ThinQCon.dll

MOD - [2006/04/17 11:47:18 | 000,090,112 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcStub.dll

MOD - [2006/04/17 11:44:32 | 000,007,680 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll

MOD - [2006/04/17 11:44:28 | 000,143,360 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll

MOD - [2006/04/17 11:44:22 | 000,151,552 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll

MOD - [2006/04/17 11:43:44 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll

MOD - [2006/04/17 11:43:38 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll

MOD - [2006/02/17 15:15:46 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll

MOD - [2006/02/17 15:15:46 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll

MOD - [2006/02/17 15:15:46 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll

MOD - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

MOD - [2005/12/21 17:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe

MOD - [2005/12/21 17:23:06 | 000,139,264 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll

MOD - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

MOD - [2005/12/21 17:19:10 | 000,155,648 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\ui.dll

MOD - [2005/12/21 17:19:02 | 000,069,632 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\zlib.dll

MOD - [2005/12/21 17:15:14 | 000,671,744 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rr_res.dll

MOD - [2005/11/30 19:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll

MOD - [2005/07/05 22:45:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\notifyf2.dll

MOD - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012/01/07 15:22:47 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2011/07/29 10:30:30 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)

SRV - [2011/07/29 10:30:28 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011/06/07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Programme\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/10/03 17:03:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/06/28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2010/06/15 16:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)

SRV - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)

SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)

SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)

SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/04/17 12:12:28 | 000,151,552 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)

SRV - [2005/12/21 16:17:54 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)

SRV - [2005/12/01 00:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)

SRV - [2005/11/01 14:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)

SRV - [2005/08/01 16:32:40 | 000,040,960 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)

SRV - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)

SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012/01/10 18:29:14 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{96F99F64-AE02-4C21-BD3F-DC2E07525CE2}\MpKsl7c37a9de.sys -- (MpKsl7c37a9de)

DRV - [2012/01/07 21:36:39 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011/03/18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)

DRV - [2010/09/29 19:38:44 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2010/06/15 16:49:46 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2008/05/08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)

DRV - [2008/04/13 19:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)

DRV - [2006/12/21 11:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2006/12/21 11:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2006/12/21 11:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2006/09/13 18:49:52 | 001,724,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/02/17 15:41:50 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2006/01/12 23:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)

DRV - [2005/12/21 22:39:46 | 000,006,912 | ---- | M] (IBM Corp.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\ANCSQ.sys -- (ANCSQ)

DRV - [2005/12/21 16:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)

DRV - [2005/12/07 00:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)

DRV - [2005/12/04 23:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)

DRV - [2005/12/01 00:09:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)

DRV - [2005/11/30 00:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)

DRV - [2005/11/30 00:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)

DRV - [2005/11/21 01:41:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)

DRV - [2005/11/15 12:11:28 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)

DRV - [2005/11/08 08:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2005/11/01 13:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2005/11/01 13:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.lenovo.com/de/de

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Game Master 1.1 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856449&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://my.daemon-search.com/|hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110529&user_guid=670230B35AF54A8C94B2CBCABA1CF55A&machine_id=6fc368cecf994cfb74d4ab4711c21dc9&browser=FF&os=win&os_version=5.1-x86-SP3"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=782682b00000000000000018de73780d&tlver=1.4.31.2&instlRef=sst&affID=19950&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\superfish@superfish.com: C:\Dokumente und Einstellungen\All Users\AnwendungsdatenMozilla\Extensions\superfish@superfish.com [2011/05/30 15:32:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012/01/08 11:54:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/01/07 15:16:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/01/10 22:41:36 | 000,000,000 | ---D | M]

 

[2010/09/30 20:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions

[2012/01/08 14:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions

[2012/01/07 21:37:31 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com

[2012/01/08 12:01:20 | 000,000,000 | ---D | M] (Facemoods) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\ffxtlbr@Facemoods.com

[2011/05/29 20:38:40 | 000,002,265 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\bing-zugo.xml

[2010/12/30 17:26:30 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\conduit.xml

[2012/01/07 21:37:11 | 000,002,055 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\daemon-search.xml

[2011/01/04 18:20:25 | 000,002,523 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\google-ssl.xml

[2010/10/19 23:10:08 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\winamp-search.xml

[2012/01/08 14:36:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012/01/08 14:36:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/12/17 06:09:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011/12/09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll

[2011/12/17 02:38:42 | 000,001,538 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazon-en-GB.xml

[2011/08/03 14:24:07 | 000,002,287 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml

[2011/12/17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011/12/17 02:38:42 | 000,000,947 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\chambers-en-GB.xml

[2011/12/17 02:38:42 | 000,001,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/01/08 12:01:23 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml

[2011/12/17 02:38:42 | 000,001,135 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-en-GB.xml

 
 ========== Chrome  ==========

 

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll

CHR - plugin: npFFApi (Enabled) = C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Picasa (Enabled) = C:\Programme\Picasa2\npPicasa3.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Facemoods = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0\

CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

 

O1 HOSTS File: ([2012/01/01 11:13:26 | 000,440,006 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 15128 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)

O2 - BHO: (no name) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - No CLSID value found.

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [facemoods] C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)

O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2 ()

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Vertrauenswürdige Sites)

O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://cas.sc.loc/auth/taweb.cab (Cisco NAC Web Agent Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285791548781 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.7.0_02)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{321EE642-2C2E-4B36-AA44-BF882FCDB941}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()

O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/09/29 19:51:53 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell - "" = AutoRun

O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe

O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: SynTPEnh - hkey= - key= -  File not found

MsConfig - StartUpReg: SynTPLpr - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 2

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: Microsoft Base Smart Card Crypto Provider Package - 

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/10 06:02:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2012/01/09 23:07:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth

[2012/01/08 20:19:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Verwaltung

[2012/01/08 15:03:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PHP 5

[2012/01/08 15:03:27 | 000,000,000 | ---D | C] -- C:\Programme\PHP

[2012/01/08 14:58:14 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.3

[2012/01/08 14:48:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\OneNote Notebooks

[2012/01/08 14:14:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Google Chrome

[2012/01/08 12:16:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\facemoods.com

[2012/01/08 12:01:16 | 000,000,000 | ---D | C] -- C:\Programme\facemoods.com

[2012/01/08 11:59:15 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader

[2012/01/07 22:35:38 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent

[2012/01/07 21:39:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IsoBuster

[2012/01/07 21:39:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Winamp

[2012/01/07 21:39:31 | 000,000,000 | ---D | C] -- C:\Programme\Smart Projects

[2012/01/07 21:39:30 | 000,000,000 | ---D | C] -- C:\Programme\Winamp Detect

[2012/01/07 21:38:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Winamp

[2012/01/07 21:37:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DAEMON Tools Lite

[2012/01/07 21:37:11 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Toolbar

[2012/01/07 21:36:38 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys

[2012/01/07 21:36:14 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite

[2012/01/07 21:36:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite

[2012/01/07 21:36:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2012/01/07 21:35:18 | 000,000,000 | ---D | C] -- C:\Programme\SopCast

[2012/01/07 21:35:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\SopCast

[2012/01/07 21:34:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN

[2012/01/07 21:31:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\FFOutput

[2012/01/07 21:30:39 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

[2012/01/07 21:29:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\FormatFactory

[2012/01/07 21:28:26 | 000,000,000 | ---D | C] -- C:\Programme\FreeTime

[2012/01/07 21:26:10 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client

[2012/01/07 16:05:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ZoneAlarm

[2012/01/07 16:04:02 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs

[2012/01/07 16:03:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs

[2012/01/07 16:02:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView

[2012/01/07 16:02:43 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView

[2012/01/07 15:54:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Sun

[2012/01/07 15:52:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PCHealth

[2012/01/07 15:24:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java

[2012/01/07 15:19:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Notepad++

[2012/01/07 15:19:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Notepad++

[2012/01/07 15:19:07 | 000,000,000 | ---D | C] -- C:\Programme\Notepad++

[2012/01/07 15:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Picasa 3

[2012/01/07 15:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia

[2012/01/07 15:02:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe

[2012/01/07 14:54:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Tro***er

[2012/01/07 14:40:02 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client

[2012/01/07 14:32:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\SpeedFan

[2012/01/07 14:32:28 | 000,000,000 | ---D | C] -- C:\Programme\SpeedFan

[2012/01/07 14:32:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Secunia PSI

[2012/01/07 14:30:33 | 000,000,000 | ---D | C] -- C:\Programme\Secunia

[2012/01/07 14:05:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012/01/07 14:05:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/01/07 14:05:14 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012/01/07 11:55:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip

[2012/01/07 11:55:28 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip

[2012/01/06 22:14:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes

[2012/01/06 22:12:57 | 000,000,000 | ---D | C] -- C:\Programme\iPod

[2012/01/06 22:12:42 | 000,000,000 | ---D | C] -- C:\Programme\iTunes

[2011/12/31 17:44:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2011/12/31 17:44:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011/12/31 17:42:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol

[2011/12/31 17:41:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\HiJackThis

[2011/12/31 17:41:39 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro

[2011/12/31 17:25:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/01/11 22:00:29 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2012/01/09 22:57:50 | 001,562,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/01/09 22:57:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/01/09 22:56:57 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/08 15:26:09 | 000,608,888 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012/01/08 15:26:09 | 000,548,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/01/08 15:26:09 | 000,132,094 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012/01/08 15:26:09 | 000,104,038 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/01/08 15:25:00 | 000,000,674 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf

[2012/01/08 14:50:20 | 000,003,656 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2

[2012/01/08 14:49:48 | 000,004,960 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\OneNote Table Of Contents.onetoc2

[2012/01/08 14:48:14 | 000,000,938 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OneNote 2007 Screen Clipper and Launcher.lnk

[2012/01/08 14:11:56 | 000,001,150 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1005Core.job

[2012/01/08 12:25:35 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/01/07 21:36:39 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys

[2012/01/07 16:06:08 | 000,427,421 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2012/01/07 16:05:06 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat

[2012/01/07 15:20:01 | 000,002,198 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2012/01/07 15:16:31 | 000,000,707 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2012/01/07 14:32:28 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo

[2012/01/07 14:30:50 | 000,000,736 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk

[2012/01/06 22:20:41 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable

[2012/01/05 14:26:16 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job

[2012/01/02 16:35:25 | 000,000,020 | ---- | M] () -- C:\WINDOWS\tpcsd

[2012/01/01 11:13:26 | 000,440,006 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120101-111406.backup

[2012/01/01 11:13:26 | 000,440,006 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/12/31 22:52:00 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/31 20:13:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012/01/08 14:50:14 | 000,003,656 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2

[2012/01/08 14:49:53 | 000,003,656 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OneNote Table Of Contents.onetoc2

[2012/01/08 14:49:02 | 000,004,960 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\OneNote Table Of Contents.onetoc2

[2012/01/08 14:48:14 | 000,000,938 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OneNote 2007 Screen Clipper and Launcher.lnk

[2012/01/08 14:11:56 | 000,001,150 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1005Core.job

[2012/01/08 12:00:37 | 000,001,598 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader.lnk

[2012/01/07 16:05:06 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2012/01/07 16:04:04 | 000,427,421 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml

[2012/01/07 14:48:06 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2012/01/07 14:43:12 | 000,002,198 | ---- | C] () -- C:\WINDOWS\epplauncher.mif

[2012/01/07 14:41:05 | 000,001,663 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Security Essentials.lnk

[2012/01/07 14:32:27 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo

[2012/01/07 14:30:50 | 000,000,736 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk

[2012/01/07 14:30:50 | 000,000,699 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Secunia PSI.lnk

[2012/01/06 22:20:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable

[2012/01/05 14:26:16 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job

[2012/01/02 16:35:25 | 000,000,020 | ---- | C] () -- C:\WINDOWS\tpcsd

[2011/07/22 08:53:28 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2011/07/12 17:16:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini

[2011/06/03 15:38:59 | 000,000,041 | ---- | C] () -- C:\WINDOWS\mapedit2.ini

[2011/05/29 20:44:51 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2010/12/15 00:06:50 | 000,059,392 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/29 15:29:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/10/16 11:00:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/09 20:15:36 | 000,051,892 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/10/03 17:24:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

[2010/10/02 19:10:18 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2010/10/02 19:10:18 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2010/10/02 19:09:39 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2010/10/02 19:09:38 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2010/10/02 19:09:37 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2010/10/01 18:32:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

[2010/09/30 20:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/09/29 19:51:47 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2010/09/29 19:41:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2010/09/29 19:40:56 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE

[2010/09/29 19:40:56 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2010/09/29 19:40:39 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2010/09/29 19:38:44 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe

[2010/09/29 19:34:07 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat

[2010/09/29 19:30:51 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys

[2010/09/29 19:30:32 | 000,001,310 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/09/29 19:19:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll

[2010/09/29 19:18:38 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS

[2010/09/29 19:17:07 | 000,147,520 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe

[2010/09/29 19:16:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe

[2010/09/29 19:02:38 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2010/09/29 18:56:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll

[2010/09/29 18:56:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll

[2010/09/29 18:54:24 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2008/05/26 21:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008/05/26 21:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008/05/26 21:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2005/11/01 13:59:16 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2005/10/17 14:22:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL

[2005/07/08 00:06:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe

[2005/05/23 07:22:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN

[2005/05/23 07:22:24 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT

[2004/08/10 12:48:32 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 12:33:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/10 12:23:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/10 12:18:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/10 12:17:14 | 001,562,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

[1979/12/31 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[1979/12/31 23:00:00 | 000,608,888 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[1979/12/31 23:00:00 | 000,548,920 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[1979/12/31 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[1979/12/31 23:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[1979/12/31 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[1979/12/31 23:00:00 | 000,132,094 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[1979/12/31 23:00:00 | 000,104,038 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[1979/12/31 23:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

[1979/12/31 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[1979/12/31 23:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[1979/12/31 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[1979/12/31 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[1979/12/31 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[1979/12/31 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

 
 ========== LOP Check ==========

 

[2010/09/29 21:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco

[2012/01/07 21:36:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2011/07/28 21:50:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO

[2010/09/29 19:29:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo

[2010/10/02 19:17:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NTIReg

[2011/05/30 01:07:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2011/07/22 08:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip

[2011/05/30 01:04:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

[2010/10/02 22:53:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/01/29 03:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Amazon

[2011/07/22 09:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint

[2012/01/07 21:36:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite

[2012/01/08 12:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\facemoods.com

[2010/09/29 19:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IBM

[2011/12/03 20:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ

[2010/10/26 22:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo

[2010/10/05 14:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lenovo

[2010/12/05 21:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller

[2010/11/12 21:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org

[2011/10/13 05:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge

[2010/11/04 02:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings

[2010/10/09 20:23:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SE_logs

[2011/01/19 04:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SGPPLog

[2011/07/26 12:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouExplorer

[2011/06/01 18:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY

[2010/10/09 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY.users

[2010/09/29 19:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ThinkVantage

[2011/05/30 06:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software

[2011/01/14 19:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2011/10/11 21:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search

[2011/10/11 23:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search

[2011/12/31 17:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol

[2012/01/11 22:00:29 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2011/12/31 20:13:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

[2012/01/08 14:49:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Office Genuine Advantage

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011/10/16 19:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe

[2010/10/12 21:08:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeUM

[2011/01/29 03:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Amazon

[2012/01/04 19:40:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Apple Computer

[2010/09/29 19:25:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ATI

[2011/07/22 09:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint

[2012/01/07 21:36:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite

[2010/10/26 22:19:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DivX

[2010/11/10 08:47:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\dvdcss

[2012/01/08 12:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\facemoods.com

[2010/02/02 03:41:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Google

[2010/09/29 19:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IBM

[2011/12/03 20:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ

[2004/08/10 12:35:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities

[2010/10/26 22:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo

[2010/10/05 14:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lenovo

[2010/09/30 20:39:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia

[2011/12/31 17:44:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2012/01/08 14:48:31 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft

[2010/09/30 20:34:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla

[2010/12/05 21:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller

[2010/11/12 21:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org

[2011/10/13 05:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge

[2010/11/04 02:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings

[2010/10/09 20:23:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SE_logs

[2011/01/19 04:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SGPPLog

[2011/06/01 17:42:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype

[2011/06/01 17:07:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM

[2011/07/26 12:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouExplorer

[2011/06/01 18:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY

[2010/10/09 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY.users

[2010/10/04 18:17:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun

[2010/09/29 19:33:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Symantec

[2010/09/29 19:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ThinkVantage

[2011/05/30 06:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software

[2011/01/14 19:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2010/12/02 17:55:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3

[2011/01/11 07:00:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc

[2012/01/07 22:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Winamp

[2011/10/11 21:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search

[2011/10/11 23:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search

[2011/12/31 17:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol

[2010/10/17 00:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011/01/14 19:43:42 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2011/12/31 17:41:42 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2004/08/04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys

[2004/08/04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2010/09/29 23:00:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2010/09/29 23:00:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004/08/04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys

[2004/08/04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2010/09/29 23:00:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2010/09/29 23:00:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008/04/14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

 
 < MD5 for: IASTOR.SYS  >

[2005/10/12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\DRIVERS\OTHER\IASTOR.SYS

[2005/10/12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\IBMTOOLS\drivers\IMSM\IASTOR.SYS

[2005/10/12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\IASTOR.SYS

 
 < MD5 for: NETLOGON.DLL  >

[2008/04/14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008/04/14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005/03/02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2008/04/14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008/04/14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008/04/14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008/04/14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004/08/04 04:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2004/08/10 12:16:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2004/08/10 12:16:54 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2004/08/10 12:16:54 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[33 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 ========== Files - Unicode (All) ==========

(C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\???????) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\搜狗拼音输入法
 

< End of report >

Zitat:

(Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe

Eine zusätzliche bzw. andere Software-Firewall und v.a. sowas wie SecuritySuites sind Quatsch mit Sauce, in vielen Fällen kontraproduktiv und Ursache für die "lustigsten" Fehler.
Bitte umgehend deinstallieren, Windows danach neustarten und sicherstellen, dass die Windows-Firewall aktiv ist und keine gefährlichen "Löcher" (siehe Ausnahmeliste) hat.
Mach danach wieder ein neues OTL-CustomLog.

Ok - und das nächste LOG:

Code:

OTL logfile created on: 1/12/2012 10:59:41 PM - Run 4

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\***\Desktop\Trojaner

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.65% Memory free

3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.65% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 69.65 Gb Total Space | 7.74 Gb Free Space | 11.11% Space Free | Partition Type: NTFS

 

Computer Name: LENOVO-B00D28A3 | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012/01/07 15:22:47 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe

PRC - [2012/01/07 01:59:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\Tro***er\OTL.exe

PRC - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2011/07/29 10:30:30 | 000,994,360 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe

PRC - [2011/07/29 10:30:28 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe

PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe

PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe

PRC - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

PRC - [2008/04/14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

PRC - [2005/12/21 17:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe

PRC - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

PRC - [2005/12/21 16:17:54 | 000,722,480 | ---- | M] (IBM) -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe

PRC - [2005/12/01 00:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE

PRC - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012/01/07 15:16:51 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a45f2698\mscorlib.dll

MOD - [2012/01/07 15:16:34 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_09f67223\system.xml.dll

MOD - [2012/01/07 15:16:16 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_5e6b8e34\system.windows.forms.dll

MOD - [2012/01/07 15:15:52 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_39cd9ad1\system.dll

MOD - [2012/01/07 15:15:28 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll

MOD - [2012/01/07 15:15:23 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll

MOD - [2011/11/08 21:46:02 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll

MOD - [2011/07/18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll

MOD - [2010/09/29 19:27:14 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll

MOD - [2010/09/29 19:27:14 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll

MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2008/09/29 16:37:44 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Backup Now EZ\sqlite3.dll

MOD - [2006/04/17 12:12:32 | 000,114,688 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocMigrator.dll

MOD - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

MOD - [2006/04/17 12:12:22 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll

MOD - [2006/04/17 12:12:18 | 000,532,480 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACon.dll

MOD - [2006/04/17 11:47:38 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ThinQCon.dll

MOD - [2006/04/17 11:47:18 | 000,090,112 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcStub.dll

MOD - [2006/04/17 11:44:32 | 000,007,680 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll

MOD - [2006/04/17 11:44:28 | 000,143,360 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll

MOD - [2006/04/17 11:44:22 | 000,151,552 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll

MOD - [2006/04/17 11:43:44 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll

MOD - [2006/04/17 11:43:38 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll

MOD - [2006/02/17 15:15:46 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll

MOD - [2006/02/17 15:15:46 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll

MOD - [2006/02/17 15:15:46 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll

MOD - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

MOD - [2005/12/21 17:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe

MOD - [2005/12/21 17:23:06 | 000,139,264 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll

MOD - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

MOD - [2005/12/21 17:19:10 | 000,155,648 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\ui.dll

MOD - [2005/12/21 17:19:02 | 000,069,632 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\zlib.dll

MOD - [2005/12/21 17:15:14 | 000,671,744 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rr_res.dll

MOD - [2005/11/30 19:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll

MOD - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012/01/07 15:22:47 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2011/07/29 10:30:30 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)

SRV - [2011/07/29 10:30:28 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011/06/07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Programme\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/10/03 17:03:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)

SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)

SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)

SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/04/17 12:12:28 | 000,151,552 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)

SRV - [2005/12/21 16:17:54 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)

SRV - [2005/12/01 00:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)

SRV - [2005/11/01 14:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)

SRV - [2005/08/01 16:32:40 | 000,040,960 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)

SRV - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)

SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012/01/12 22:44:29 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{FEE264FF-C53C-4750-9BFF-90C45F0241DC}\MpKsl06f1d0c7.sys -- (MpKsl06f1d0c7)

DRV - [2012/01/07 21:36:39 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011/03/18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)

DRV - [2010/09/29 19:38:44 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2008/05/08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)

DRV - [2008/04/13 19:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)

DRV - [2006/12/21 11:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2006/12/21 11:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2006/12/21 11:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2006/09/13 18:49:52 | 001,724,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/02/17 15:41:50 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2006/01/12 23:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)

DRV - [2005/12/21 22:39:46 | 000,006,912 | ---- | M] (IBM Corp.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\ANCSQ.sys -- (ANCSQ)

DRV - [2005/12/21 16:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)

DRV - [2005/12/07 00:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)

DRV - [2005/12/04 23:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)

DRV - [2005/12/01 00:09:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)

DRV - [2005/11/30 00:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)

DRV - [2005/11/30 00:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)

DRV - [2005/11/21 01:41:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)

DRV - [2005/11/15 12:11:28 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)

DRV - [2005/11/08 08:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2005/11/01 13:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2005/11/01 13:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.lenovo.com/de/de

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaultthis.engineName: "Game Master 1.1 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856449&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://my.daemon-search.com/|hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110529&user_guid=670230B35AF54A8C94B2CBCABA1CF55A&machine_id=6fc368cecf994cfb74d4ab4711c21dc9&browser=FF&os=win&os_version=5.1-x86-SP3"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=782682b00000000000000018de73780d&tlver=1.4.31.2&instlRef=sst&affID=19950&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\superfish@superfish.com: C:\Dokumente und Einstellungen\All Users\AnwendungsdatenMozilla\Extensions\superfish@superfish.com [2011/05/30 15:32:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/01/07 15:16:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/01/10 22:41:36 | 000,000,000 | ---D | M]

 

[2010/09/30 20:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions

[2012/01/12 22:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions

[2012/01/07 21:37:31 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com

[2011/05/29 20:38:40 | 000,002,265 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\bing-zugo.xml

[2010/12/30 17:26:30 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\conduit.xml

[2012/01/07 21:37:11 | 000,002,055 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\daemon-search.xml

[2011/01/04 18:20:25 | 000,002,523 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\google-ssl.xml

[2010/10/19 23:10:08 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\winamp-search.xml

[2012/01/08 14:36:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012/01/08 14:36:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/12/17 06:09:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011/12/09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll

[2011/12/17 02:38:42 | 000,001,538 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazon-en-GB.xml

[2011/08/03 14:24:07 | 000,002,287 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml

[2011/12/17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011/12/17 02:38:42 | 000,000,947 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\chambers-en-GB.xml

[2011/12/17 02:38:42 | 000,001,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/01/08 12:01:23 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml

[2011/12/17 02:38:42 | 000,001,135 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-en-GB.xml

 
 ========== Chrome  ==========

 

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll

CHR - plugin: npFFApi (Enabled) = C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Picasa (Enabled) = C:\Programme\Picasa2\npPicasa3.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Facemoods = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0\

CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

 

O1 HOSTS File: ([2012/01/01 11:13:26 | 000,440,006 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 15128 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()

O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2 ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Vertrauenswürdige Sites)

O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://cas.sc.loc/auth/taweb.cab (Cisco NAC Web Agent Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285791548781 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.7.0_02)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{321EE642-2C2E-4B36-AA44-BF882FCDB941}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()

O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/09/29 19:51:53 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell - "" = AutoRun

O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe

O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Secunia PSI Tray.lnk - C:\Programme\Secunia\PSI\psi_tray.exe - (Secunia)

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe (Google Inc.)

MsConfig - StartUpReg: ISW - hkey= - key= -  File not found

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: SynTPEnh - hkey= - key= -  File not found

MsConfig - StartUpReg: SynTPLpr - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 2

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: vsmon - Service

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: Microsoft Base Smart Card Crypto Provider Package - 

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/12 22:48:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs

[2012/01/12 22:38:50 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent

[2012/01/09 23:07:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth

[2012/01/08 20:19:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Verwaltung

[2012/01/08 15:03:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PHP 5

[2012/01/08 15:03:27 | 000,000,000 | ---D | C] -- C:\Programme\PHP

[2012/01/08 14:58:14 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.3

[2012/01/08 14:48:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\OneNote Notebooks

[2012/01/08 14:14:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Google Chrome

[2012/01/08 11:59:15 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader

[2012/01/07 21:39:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IsoBuster

[2012/01/07 21:39:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Winamp

[2012/01/07 21:39:31 | 000,000,000 | ---D | C] -- C:\Programme\Smart Projects

[2012/01/07 21:39:30 | 000,000,000 | ---D | C] -- C:\Programme\Winamp Detect

[2012/01/07 21:38:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Winamp

[2012/01/07 21:37:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DAEMON Tools Lite

[2012/01/07 21:37:11 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Toolbar

[2012/01/07 21:36:38 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys

[2012/01/07 21:36:14 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite

[2012/01/07 21:36:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite

[2012/01/07 21:36:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2012/01/07 21:35:18 | 000,000,000 | ---D | C] -- C:\Programme\SopCast

[2012/01/07 21:35:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\SopCast

[2012/01/07 21:34:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN

[2012/01/07 21:31:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\FFOutput

[2012/01/07 21:30:39 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

[2012/01/07 21:29:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\FormatFactory

[2012/01/07 21:28:26 | 000,000,000 | ---D | C] -- C:\Programme\FreeTime

[2012/01/07 21:26:10 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client

[2012/01/07 16:02:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView

[2012/01/07 16:02:43 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView

[2012/01/07 15:54:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Sun

[2012/01/07 15:52:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PCHealth

[2012/01/07 15:24:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java

[2012/01/07 15:19:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Notepad++

[2012/01/07 15:19:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Notepad++

[2012/01/07 15:19:07 | 000,000,000 | ---D | C] -- C:\Programme\Notepad++

[2012/01/07 15:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Picasa 3

[2012/01/07 15:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia

[2012/01/07 15:02:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe

[2012/01/07 14:54:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Tro***er

[2012/01/07 14:40:02 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client

[2012/01/07 14:32:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\SpeedFan

[2012/01/07 14:32:28 | 000,000,000 | ---D | C] -- C:\Programme\SpeedFan

[2012/01/07 14:32:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Secunia PSI

[2012/01/07 14:30:33 | 000,000,000 | ---D | C] -- C:\Programme\Secunia

[2012/01/07 14:05:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012/01/07 14:05:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/01/07 14:05:14 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012/01/07 11:55:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip

[2012/01/07 11:55:28 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip

[2012/01/06 22:14:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes

[2012/01/06 22:12:57 | 000,000,000 | ---D | C] -- C:\Programme\iPod

[2012/01/06 22:12:42 | 000,000,000 | ---D | C] -- C:\Programme\iTunes

[2011/12/31 17:44:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2011/12/31 17:44:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011/12/31 17:42:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol

[2011/12/31 17:41:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\HiJackThis

[2011/12/31 17:41:39 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro

[2011/12/31 17:25:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/01/12 22:49:29 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2012/01/12 22:44:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/01/12 22:44:04 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/12 22:23:49 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/01/09 22:57:50 | 001,562,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/01/08 15:26:09 | 000,608,888 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012/01/08 15:26:09 | 000,548,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/01/08 15:26:09 | 000,132,094 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012/01/08 15:26:09 | 000,104,038 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/01/08 15:25:00 | 000,000,674 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf

[2012/01/08 14:50:20 | 000,003,656 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2

[2012/01/08 14:49:48 | 000,004,960 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\OneNote Table Of Contents.onetoc2

[2012/01/08 14:11:56 | 000,001,150 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1005Core.job

[2012/01/07 21:36:39 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys

[2012/01/07 16:05:06 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat

[2012/01/07 15:20:01 | 000,002,198 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2012/01/07 15:16:31 | 000,000,707 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2012/01/07 14:32:28 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo

[2012/01/06 22:20:41 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable

[2012/01/05 14:26:16 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job

[2012/01/02 16:35:25 | 000,000,020 | ---- | M] () -- C:\WINDOWS\tpcsd

[2012/01/01 11:13:26 | 000,440,006 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120101-111406.backup

[2012/01/01 11:13:26 | 000,440,006 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/12/31 22:52:00 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/31 20:13:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012/01/08 14:50:14 | 000,003,656 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2

[2012/01/08 14:49:53 | 000,003,656 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OneNote Table Of Contents.onetoc2

[2012/01/08 14:49:02 | 000,004,960 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\OneNote Table Of Contents.onetoc2

[2012/01/08 14:11:56 | 000,001,150 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1005Core.job

[2012/01/08 12:00:37 | 000,001,598 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader.lnk

[2012/01/07 16:05:06 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2012/01/07 14:48:06 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2012/01/07 14:43:12 | 000,002,198 | ---- | C] () -- C:\WINDOWS\epplauncher.mif

[2012/01/07 14:41:05 | 000,001,663 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Security Essentials.lnk

[2012/01/07 14:32:27 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo

[2012/01/07 14:30:50 | 000,000,699 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Secunia PSI.lnk

[2012/01/06 22:20:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable

[2012/01/05 14:26:16 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job

[2012/01/02 16:35:25 | 000,000,020 | ---- | C] () -- C:\WINDOWS\tpcsd

[2011/07/22 08:53:28 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2011/07/12 17:16:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini

[2011/06/03 15:38:59 | 000,000,041 | ---- | C] () -- C:\WINDOWS\mapedit2.ini

[2011/05/29 20:44:51 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2010/12/15 00:06:50 | 000,059,392 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/29 15:29:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/10/16 11:00:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/09 20:15:36 | 000,051,892 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/10/03 17:24:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

[2010/10/02 19:10:18 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2010/10/02 19:10:18 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2010/10/02 19:09:39 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2010/10/02 19:09:38 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2010/10/02 19:09:37 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2010/10/01 18:32:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

[2010/09/30 20:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/09/29 19:51:47 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2010/09/29 19:41:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2010/09/29 19:40:56 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE

[2010/09/29 19:40:56 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2010/09/29 19:40:39 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2010/09/29 19:38:44 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe

[2010/09/29 19:34:07 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat

[2010/09/29 19:30:51 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys

[2010/09/29 19:30:32 | 000,001,310 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/09/29 19:19:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll

[2010/09/29 19:18:38 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS

[2010/09/29 19:17:07 | 000,147,520 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe

[2010/09/29 19:16:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe

[2010/09/29 19:02:38 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2010/09/29 18:56:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll

[2010/09/29 18:56:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll

[2010/09/29 18:54:24 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2008/05/26 21:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008/05/26 21:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008/05/26 21:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2005/11/01 13:59:16 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2005/10/17 14:22:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL

[2005/07/08 00:06:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe

[2005/05/23 07:22:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN

[2005/05/23 07:22:24 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT

[2004/08/10 12:48:32 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 12:33:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/10 12:23:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/10 12:18:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/10 12:17:14 | 001,562,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

[1979/12/31 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[1979/12/31 23:00:00 | 000,608,888 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[1979/12/31 23:00:00 | 000,548,920 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[1979/12/31 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[1979/12/31 23:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[1979/12/31 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[1979/12/31 23:00:00 | 000,132,094 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[1979/12/31 23:00:00 | 000,104,038 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[1979/12/31 23:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

[1979/12/31 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[1979/12/31 23:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[1979/12/31 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[1979/12/31 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[1979/12/31 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[1979/12/31 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

 
 ========== LOP Check ==========

 

[2010/09/29 21:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco

[2012/01/07 21:36:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

[2011/07/28 21:50:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO

[2010/09/29 19:29:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo

[2010/10/02 19:17:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NTIReg

[2011/05/30 01:07:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2011/07/22 08:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip

[2011/05/30 01:04:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

[2010/10/02 22:53:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/01/29 03:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Amazon

[2011/07/22 09:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint

[2012/01/07 21:36:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite

[2010/09/29 19:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IBM

[2011/12/03 20:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ

[2010/10/26 22:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo

[2010/10/05 14:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lenovo

[2010/12/05 21:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller

[2010/11/12 21:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org

[2011/10/13 05:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge

[2010/11/04 02:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings

[2010/10/09 20:23:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SE_logs

[2011/01/19 04:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SGPPLog

[2011/07/26 12:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouExplorer

[2011/06/01 18:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY

[2010/10/09 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY.users

[2010/09/29 19:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ThinkVantage

[2011/05/30 06:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software

[2011/01/14 19:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2011/10/11 21:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search

[2011/10/11 23:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search

[2011/12/31 17:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol

[2012/01/12 22:49:29 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2011/12/31 20:13:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

[2012/01/08 14:49:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Office Genuine Advantage

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011/10/16 19:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe

[2010/10/12 21:08:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeUM

[2011/01/29 03:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Amazon

[2012/01/04 19:40:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Apple Computer

[2010/09/29 19:25:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ATI

[2011/07/22 09:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint

[2012/01/07 21:36:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite

[2010/10/26 22:19:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DivX

[2010/11/10 08:47:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\dvdcss

[2010/02/02 03:41:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Google

[2010/09/29 19:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IBM

[2011/12/03 20:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ

[2004/08/10 12:35:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities

[2010/10/26 22:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo

[2010/10/05 14:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lenovo

[2010/09/30 20:39:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia

[2011/12/31 17:44:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2012/01/08 14:48:31 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft

[2010/09/30 20:34:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla

[2010/12/05 21:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller

[2010/11/12 21:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org

[2011/10/13 05:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge

[2010/11/04 02:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings

[2010/10/09 20:23:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SE_logs

[2011/01/19 04:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SGPPLog

[2011/06/01 17:42:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype

[2011/06/01 17:07:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM

[2011/07/26 12:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouExplorer

[2011/06/01 18:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY

[2010/10/09 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY.users

[2010/10/04 18:17:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun

[2010/09/29 19:33:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Symantec

[2010/09/29 19:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ThinkVantage

[2011/05/30 06:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software

[2011/01/14 19:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2010/12/02 17:55:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3

[2011/01/11 07:00:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc

[2012/01/07 22:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Winamp

[2011/10/11 21:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search

[2011/10/11 23:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search

[2011/12/31 17:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol

[2010/10/17 00:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011/01/14 19:43:42 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2011/12/31 17:41:42 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2004/08/04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys

[2004/08/04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2010/09/29 23:00:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2010/09/29 23:00:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004/08/04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys

[2004/08/04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2010/09/29 23:00:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2010/09/29 23:00:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008/04/14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

 
 < MD5 for: IASTOR.SYS  >

[2005/10/12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\DRIVERS\OTHER\IASTOR.SYS

[2005/10/12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\IBMTOOLS\drivers\IMSM\IASTOR.SYS

[2005/10/12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\IASTOR.SYS

 
 < MD5 for: NETLOGON.DLL  >

[2008/04/14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008/04/14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005/03/02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2008/04/14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008/04/14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008/04/14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008/04/14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004/08/04 04:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2004/08/10 12:16:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2004/08/10 12:16:54 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2004/08/10 12:16:54 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[33 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 ========== Files - Unicode (All) ==========

(C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\???????) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\搜狗拼音输入法
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.lenovo.com/de/de

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaultthis.engineName: "Game Master 1.1 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2856449&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://my.daemon-search.com/|http://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110529&user_guid=670230B35AF54A8C94B2CBCABA1CF55A&machine_id=6fc368cecf994cfb74d4ab4711c21dc9&browser=FF&os=win&os_version=5.1-x86-SP3"

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1

FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=782682b00000000000000018de73780d&tlver=1.4.31.2&instlRef=sst&affID=19950&q="

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found

[2012/01/07 21:37:31 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com

[2011/05/29 20:38:40 | 000,002,265 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\bing-zugo.xml

[2010/12/30 17:26:30 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\conduit.xml

[2012/01/07 21:37:11 | 000,002,055 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\daemon-search.xml

[2011/01/04 18:20:25 | 000,002,523 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\google-ssl.xml

[2010/10/19 23:10:08 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\winamp-search.xml

[2011/08/03 14:24:07 | 000,002,287 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml

[2011/12/17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011/12/17 02:38:42 | 000,000,947 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\chambers-en-GB.xml

[2011/12/17 02:38:42 | 000,001,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/01/08 12:01:23 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - No CLSID value found.

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/09/29 19:51:53 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell - "" = AutoRun

O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe

O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe

[2011/10/13 05:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge

[2010/11/04 02:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings

[2011/07/22 09:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint

:Files

C:\WINDOWS\Internet Logs

C:\Programme\DAEMON Tools Toolbar

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

So - das nächste Log:

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!

Prefs.js: "Google" removed from browser.search.defaultenginename

Prefs.js: "Game Master 1.1 Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856449&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: true removed from browser.search.useDBForOrder

Prefs.js: "hxxp://my.daemon-search.com/|hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110529&user_guid=670230B35AF54A8C94B2CBCABA1CF55A&machine_id=6fc368cecf994cfb74d4ab4711c21dc9&browser=FF&os=win&os_version=5.1-x86-SP3" removed from browser.startup.homepage

Prefs.js: pdfforge@mybrowserbar.com:4.1 removed from extensions.enabledItems

Prefs.js: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=782682b00000000000000018de73780d&tlver=1.4.31.2&instlRef=sst&affID=19950&q=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com\components\Resources folder moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com\components folder moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com\chrome\content folder moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com\chrome folder moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com folder moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\bing-zugo.xml moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\conduit.xml moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\daemon-search.xml moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\google-ssl.xml moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\winamp-search.xml moved successfully.

C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.

C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.

C:\Programme\Mozilla Firefox\searchplugins\chambers-en-GB.xml moved successfully.

C:\Programme\Mozilla Firefox\searchplugins\eBay-en-GB.xml moved successfully.

C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.

C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

File C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\AUTOEXEC.BAT moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{362661aa-fd14-11df-b24d-0018de73780d}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{362661aa-fd14-11df-b24d-0018de73780d}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{362661aa-fd14-11df-b24d-0018de73780d}\ not found.

File E:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc75be86-07d6-11e0-b257-0018de73780d}\ not found.

File E:\Setup_FlipShare.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc75be86-07d6-11e0-b257-0018de73780d}\ not found.

File E:\Setup_FlipShare.exe not found.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge\temp folder moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge\res folder moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge\Images2PDF folder moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge folder moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings\temp folder moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings\res folder moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings folder moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint\ZoneAlarm Toolbar\TrustChecker folder moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint\ZoneAlarm Toolbar\PTPCACHE folder moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint\ZoneAlarm Toolbar folder moved successfully.

C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint folder moved successfully.

========== FILES ==========

C:\WINDOWS\Internet Logs folder moved successfully.

C:\Programme\DAEMON Tools Toolbar\Resources folder moved successfully.

C:\Programme\DAEMON Tools Toolbar folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 19089584 bytes

->Temporary Internet Files folder emptied: 33567 bytes

->Flash cache emptied: 405 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 400868 bytes

->Flash cache emptied: 56468 bytes

 

User: Internet

->Temp folder emptied: 211242083 bytes

->Temporary Internet Files folder emptied: 48966398 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 616460035 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 80461 bytes

 

User: ***

->Temp folder emptied: 11499776 bytes

->Temporary Internet Files folder emptied: 1573266 bytes

->Java cache emptied: 239011 bytes

->FireFox cache emptied: 57025437 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 56994 bytes

 

User: LocalService

->Temp folder emptied: 1129624 bytes

->Temporary Internet Files folder emptied: 34210 bytes

->Flash cache emptied: 343 bytes

 

User: NetworkService

->Temp folder emptied: 2506236 bytes

->Temporary Internet Files folder emptied: 33950 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 23058720 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 124346 bytes

RecycleBin emptied: 13717787 bytes

 

Total Files Cleaned = 961.00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 01132012_181642
 

Files\Folders moved on Reboot...

C:\WINDOWS\temp\Perflib_Perfdata_be0.dat moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Also es hat 22 Objekte gefunden:

Code:

17:27:24.0250 3700        TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05

17:27:24.0609 3700        ============================================================

17:27:24.0609 3700        Current date / time: 2012/01/14 17:27:24.0609

17:27:24.0609 3700        SystemInfo:

17:27:24.0609 3700        

17:27:24.0609 3700        OS Version: 5.1.2600 ServicePack: 3.0

17:27:24.0609 3700        Product type: Workstation

17:27:24.0609 3700        ComputerName: LENOVO-B00D28A3

17:27:24.0609 3700        UserName: ***

17:27:24.0609 3700        Windows directory: C:\WINDOWS

17:27:24.0609 3700        System windows directory: C:\WINDOWS

17:27:24.0609 3700        Processor architecture: Intel x86

17:27:24.0609 3700        Number of processors: 2

17:27:24.0609 3700        Page size: 0x1000

17:27:24.0609 3700        Boot type: Normal boot

17:27:24.0609 3700        ============================================================

17:27:27.0796 3700        Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000, SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K', Flags 0x00000050

17:27:27.0843 3700        Initialize success

17:28:59.0937 0752        ============================================================

17:28:59.0937 0752        Scan started

17:28:59.0937 0752        Mode: Manual; SigCheck; TDLFS; 

17:28:59.0937 0752        ============================================================

17:29:00.0703 0752        Abiosdsk - ok

17:29:00.0750 0752        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

17:29:01.0812 0752        abp480n5 - ok

17:29:02.0000 0752        ac97intc        (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

17:29:02.0265 0752        ac97intc - ok

17:29:02.0328 0752        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:29:02.0562 0752        ACPI - ok

17:29:02.0593 0752        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

17:29:02.0828 0752        ACPIEC - ok

17:29:02.0890 0752        ADIHdAudAddService (b7c4f2a40b7d2289eb944fff30f385ff) C:\WINDOWS\system32\drivers\ADIHdAud.sys

17:29:02.0984 0752        ADIHdAudAddService - ok

17:29:03.0125 0752        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

17:29:03.0390 0752        adpu160m - ok

17:29:03.0437 0752        AEAudioService  (c984de22ed71414abc42c1e03d412e33) C:\WINDOWS\system32\drivers\AEAudio.sys

17:29:03.0546 0752        AEAudioService - ok

17:29:03.0640 0752        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:29:03.0906 0752        aec - ok

17:29:03.0953 0752        AegisP          (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys

17:29:04.0000 0752        AegisP ( UnsignedFile.Multi.Generic ) - warning

17:29:04.0000 0752        AegisP - detected UnsignedFile.Multi.Generic (1)

17:29:04.0062 0752        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:29:04.0156 0752        AFD - ok

17:29:04.0296 0752        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

17:29:04.0546 0752        agp440 - ok

17:29:04.0593 0752        agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

17:29:04.0859 0752        agpCPQ - ok

17:29:04.0875 0752        Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

17:29:05.0015 0752        Aha154x - ok

17:29:05.0078 0752        aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

17:29:05.0328 0752        aic78u2 - ok

17:29:05.0453 0752        aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

17:29:05.0671 0752        aic78xx - ok

17:29:05.0718 0752        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

17:29:05.0937 0752        AliIde - ok

17:29:06.0015 0752        alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

17:29:06.0265 0752        alim1541 - ok

17:29:06.0312 0752        amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

17:29:06.0562 0752        amdagp - ok

17:29:06.0609 0752        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

17:29:06.0750 0752        amsint - ok

17:29:06.0859 0752        ANC             (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS

17:29:06.0921 0752        ANC ( UnsignedFile.Multi.Generic ) - warning

17:29:06.0921 0752        ANC - detected UnsignedFile.Multi.Generic (1)

17:29:06.0968 0752        ANCSQ           (684ca2e739f7c1c8be1af7236d7a28cf) C:\WINDOWS\system32\drivers\ANCSQ.sys

17:29:07.0000 0752        ANCSQ ( UnsignedFile.Multi.Generic ) - warning

17:29:07.0000 0752        ANCSQ - detected UnsignedFile.Multi.Generic (1)

17:29:07.0062 0752        asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

17:29:07.0312 0752        asc - ok

17:29:07.0343 0752        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

17:29:07.0484 0752        asc3350p - ok

17:29:07.0531 0752        asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

17:29:07.0750 0752        asc3550 - ok

17:29:07.0953 0752        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:29:08.0171 0752        AsyncMac - ok

17:29:08.0203 0752        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:29:08.0468 0752        atapi - ok

17:29:08.0468 0752        Atdisk - ok

17:29:08.0625 0752        ati2mtag        (e150424208c8a91deed8c45019a6cdd2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

17:29:09.0250 0752        ati2mtag - ok

17:29:09.0468 0752        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:29:09.0734 0752        Atmarpc - ok

17:29:09.0796 0752        atmeltpm        (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys

17:29:09.0875 0752        atmeltpm - ok

17:29:09.0921 0752        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:29:10.0125 0752        audstub - ok

17:29:10.0156 0752        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:29:10.0375 0752        Beep - ok

17:29:10.0531 0752        BTKRNL          (7512c4f3f408dd9804500e275517a758) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

17:29:10.0687 0752        BTKRNL ( UnsignedFile.Multi.Generic ) - warning

17:29:10.0687 0752        BTKRNL - detected UnsignedFile.Multi.Generic (1)

17:29:10.0828 0752        BTWUSB          (eb68b380da558ba4f5d54519ec734dc9) C:\WINDOWS\system32\Drivers\btwusb.sys

17:29:10.0906 0752        BTWUSB ( UnsignedFile.Multi.Generic ) - warning

17:29:10.0906 0752        BTWUSB - detected UnsignedFile.Multi.Generic (1)

17:29:10.0953 0752        cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

17:29:11.0187 0752        cbidf - ok

17:29:11.0250 0752        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:29:11.0468 0752        cbidf2k - ok

17:29:11.0515 0752        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

17:29:11.0734 0752        CCDECODE - ok

17:29:11.0765 0752        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

17:29:11.0921 0752        cd20xrnt - ok

17:29:11.0953 0752        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:29:12.0187 0752        Cdaudio - ok

17:29:12.0265 0752        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:29:12.0500 0752        Cdfs - ok

17:29:12.0578 0752        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:29:12.0812 0752        Cdrom - ok

17:29:12.0890 0752        Changer - ok

17:29:12.0921 0752        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

17:29:13.0140 0752        CmBatt - ok

17:29:13.0187 0752        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys

17:29:13.0406 0752        CmdIde - ok

17:29:13.0421 0752        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

17:29:13.0640 0752        Compbatt - ok

17:29:13.0703 0752        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

17:29:13.0921 0752        Cpqarray - ok

17:29:14.0031 0752        dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

17:29:14.0281 0752        dac2w2k - ok

17:29:14.0328 0752        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

17:29:14.0562 0752        dac960nt - ok

17:29:14.0671 0752        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:29:14.0890 0752        Disk - ok

17:29:14.0953 0752        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

17:29:15.0250 0752        dmboot - ok

17:29:15.0312 0752        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

17:29:15.0546 0752        dmio - ok

17:29:15.0578 0752        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:29:15.0812 0752        dmload - ok

17:29:15.0953 0752        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:29:16.0218 0752        DMusic - ok

17:29:16.0562 0752        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

17:29:16.0859 0752        dpti2o - ok

17:29:17.0187 0752        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:29:17.0421 0752        drmkaud - ok

17:29:17.0562 0752        dtsoftbus01     (fb38473835476a6fb272215a1d972af9) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

17:29:17.0781 0752        dtsoftbus01 - ok

17:29:17.0875 0752        E100B           (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys

17:29:18.0171 0752        E100B - ok

17:29:18.0218 0752        e1express       (00560c3fedf8958fcdc7c68b7906f66f) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

17:29:18.0453 0752        e1express - ok

17:29:18.0515 0752        EGATHDRV        (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS

17:29:18.0578 0752        EGATHDRV ( UnsignedFile.Multi.Generic ) - warning

17:29:18.0578 0752        EGATHDRV - detected UnsignedFile.Multi.Generic (1)

17:29:18.0781 0752        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:29:19.0046 0752        Fastfat - ok

17:29:19.0093 0752        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

17:29:19.0328 0752        Fdc - ok

17:29:19.0359 0752        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

17:29:19.0593 0752        Fips - ok

17:29:19.0640 0752        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

17:29:19.0859 0752        Flpydisk - ok

17:29:19.0921 0752        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:29:20.0156 0752        FltMgr - ok

17:29:20.0343 0752        fssfltr         (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

17:29:20.0421 0752        fssfltr - ok

17:29:20.0468 0752        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:29:20.0703 0752        Fs_Rec - ok

17:29:20.0765 0752        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:29:21.0000 0752        Ftdisk - ok

17:29:21.0046 0752        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

17:29:21.0125 0752        GEARAspiWDM - ok

17:29:21.0156 0752        giveio          (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys

17:29:21.0203 0752        giveio ( UnsignedFile.Multi.Generic ) - warning

17:29:21.0203 0752        giveio - detected UnsignedFile.Multi.Generic (1)

17:29:21.0375 0752        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:29:21.0609 0752        Gpc - ok

17:29:21.0671 0752        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:29:21.0906 0752        HDAudBus - ok

17:29:21.0953 0752        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:29:22.0187 0752        HidUsb - ok

17:29:22.0234 0752        hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

17:29:22.0453 0752        hpn - ok

17:29:22.0515 0752        HSFHWAZL        (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

17:29:22.0625 0752        HSFHWAZL - ok

17:29:22.0796 0752        HSF_DPV         (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

17:29:22.0937 0752        HSF_DPV - ok

17:29:23.0046 0752        HSXHWAZL        (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys

17:29:23.0140 0752        HSXHWAZL - ok

17:29:23.0296 0752        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:29:23.0390 0752        HTTP - ok

17:29:23.0437 0752        i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

17:29:23.0671 0752        i2omgmt - ok

17:29:23.0718 0752        i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

17:29:23.0953 0752        i2omp - ok

17:29:24.0031 0752        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:29:24.0265 0752        i8042prt - ok

17:29:24.0390 0752        iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

17:29:24.0578 0752        iaStor - ok

17:29:24.0671 0752        ibmfilter       (bd1ddf774e7fd633d701b1fb69b9f081) C:\WINDOWS\system32\drivers\ibmfilter.sys

17:29:24.0750 0752        ibmfilter ( UnsignedFile.Multi.Generic ) - warning

17:29:24.0750 0752        ibmfilter - detected UnsignedFile.Multi.Generic (1)

17:29:24.0828 0752        IBMPMDRV        (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

17:29:24.0875 0752        IBMPMDRV - ok

17:29:24.0968 0752        IBMTPCHK        (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys

17:29:25.0000 0752        IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning

17:29:25.0000 0752        IBMTPCHK - detected UnsignedFile.Multi.Generic (1)

17:29:25.0078 0752        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:29:25.0296 0752        Imapi - ok

17:29:25.0343 0752        ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

17:29:25.0578 0752        ini910u - ok

17:29:25.0640 0752        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys

17:29:25.0859 0752        IntelIde - ok

17:29:25.0921 0752        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:29:26.0140 0752        intelppm - ok

17:29:26.0187 0752        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:29:26.0406 0752        Ip6Fw - ok

17:29:26.0453 0752        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:29:26.0687 0752        IpFilterDriver - ok

17:29:26.0750 0752        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:29:26.0968 0752        IpInIp - ok

17:29:27.0031 0752        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:29:27.0265 0752        IpNat - ok

17:29:27.0281 0752        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:29:27.0531 0752        IPSec - ok

17:29:27.0578 0752        irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

17:29:27.0796 0752        irda - ok

17:29:27.0859 0752        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:29:28.0078 0752        IRENUM - ok

17:29:28.0125 0752        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:29:28.0343 0752        isapnp - ok

17:29:28.0390 0752        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:29:28.0625 0752        Kbdclass - ok

17:29:28.0687 0752        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:29:28.0921 0752        kmixer - ok

17:29:28.0984 0752        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:29:29.0109 0752        KSecDD - ok

17:29:29.0140 0752        lbrtfdc - ok

17:29:29.0218 0752        mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

17:29:29.0281 0752        mdmxsdk - ok

17:29:29.0359 0752        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:29:29.0578 0752        mnmdd - ok

17:29:29.0703 0752        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

17:29:29.0906 0752        Modem - ok

17:29:29.0953 0752        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:29:30.0187 0752        Mouclass - ok

17:29:30.0281 0752        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:29:30.0500 0752        mouhid - ok

17:29:30.0531 0752        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:29:30.0796 0752        MountMgr - ok

17:29:30.0890 0752        MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

17:29:31.0000 0752        MpFilter - ok

17:29:31.0140 0752        MpKsl06f1d0c7 - ok

17:29:31.0218 0752        MpKsl3d152c12   (a69630d039c38018689190234f866d77) c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{89A2593E-6C14-4EF2-8AA2-24110F267508}\MpKsl3d152c12.sys

17:29:31.0265 0752        MpKsl3d152c12 - ok

17:29:31.0453 0752        MQAC            (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys

17:29:31.0671 0752        MQAC - ok

17:29:31.0750 0752        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

17:29:31.0984 0752        mraid35x - ok

17:29:32.0031 0752        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:29:32.0250 0752        MRxDAV - ok

17:29:32.0328 0752        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:29:32.0468 0752        MRxSmb - ok

17:29:32.0625 0752        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:29:32.0828 0752        Msfs - ok

17:29:32.0875 0752        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:29:33.0109 0752        MSKSSRV - ok

17:29:33.0171 0752        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:29:33.0359 0752        MSPCLOCK - ok

17:29:33.0390 0752        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:29:33.0609 0752        MSPQM - ok

17:29:33.0656 0752        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:29:33.0859 0752        mssmbios - ok

17:29:33.0906 0752        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

17:29:34.0109 0752        MSTEE - ok

17:29:34.0156 0752        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:29:34.0250 0752        Mup - ok

17:29:34.0421 0752        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:29:34.0640 0752        NABTSFEC - ok

17:29:34.0718 0752        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:29:34.0968 0752        NDIS - ok

17:29:35.0000 0752        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:29:35.0218 0752        NdisIP - ok

17:29:35.0281 0752        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:29:35.0359 0752        NdisTapi - ok

17:29:35.0500 0752        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:29:35.0718 0752        Ndisuio - ok

17:29:35.0750 0752        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:29:36.0031 0752        NdisWan - ok

17:29:36.0093 0752        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:29:36.0171 0752        NDProxy - ok

17:29:36.0203 0752        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:29:36.0421 0752        NetBIOS - ok

17:29:36.0453 0752        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:29:36.0687 0752        NetBT - ok

17:29:36.0750 0752        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:29:36.0953 0752        Npfs - ok

17:29:36.0968 0752        NSCIRDA         (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys

17:29:37.0187 0752        NSCIRDA - ok

17:29:37.0359 0752        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:29:37.0640 0752        Ntfs - ok

17:29:37.0703 0752        NTIDrvr         (8055859b87ac3e504ece0c1e9353cc4e) C:\WINDOWS\system32\drivers\NTIDrvr.sys

17:29:37.0750 0752        NTIDrvr - ok

17:29:37.0796 0752        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:29:38.0000 0752        Null - ok

17:29:38.0125 0752        nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:29:38.0437 0752        nv - ok

17:29:38.0609 0752        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:29:38.0828 0752        NwlnkFlt - ok

17:29:38.0875 0752        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:29:39.0093 0752        NwlnkFwd - ok

17:29:39.0171 0752        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

17:29:39.0437 0752        Parport - ok

17:29:39.0468 0752        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:29:39.0671 0752        PartMgr - ok

17:29:39.0703 0752        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

17:29:39.0937 0752        ParVdm - ok

17:29:39.0953 0752        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

17:29:40.0203 0752        PCI - ok

17:29:40.0218 0752        PCIDump - ok

17:29:40.0250 0752        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:29:40.0484 0752        PCIIde - ok

17:29:40.0656 0752        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

17:29:40.0875 0752        Pcmcia - ok

17:29:40.0890 0752        PDCOMP - ok

17:29:40.0906 0752        PDFRAME - ok

17:29:40.0937 0752        PDRELI - ok

17:29:40.0953 0752        PDRFRAME - ok

17:29:40.0984 0752        perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

17:29:41.0218 0752        perc2 - ok

17:29:41.0265 0752        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

17:29:41.0484 0752        perc2hib - ok

17:29:41.0531 0752        pmem            (fa292805788528c083f416e151b60ab6) C:\WINDOWS\System32\drivers\pmemnt.sys

17:29:41.0578 0752        pmem ( UnsignedFile.Multi.Generic ) - warning

17:29:41.0578 0752        pmem - detected UnsignedFile.Multi.Generic (1)

17:29:41.0625 0752        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:29:41.0843 0752        PptpMiniport - ok

17:29:41.0968 0752        PrivateDisk     (e580dd7d54415905bb0bab306b659fdf) C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys

17:29:42.0140 0752        PrivateDisk ( UnsignedFile.Multi.Generic ) - warning

17:29:42.0140 0752        PrivateDisk - detected UnsignedFile.Multi.Generic (1)

17:29:42.0328 0752        PROCDD          (abd39d58dac2cfcee7f0c9a838e989a8) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS

17:29:42.0328 0752        PROCDD ( UnsignedFile.Multi.Generic ) - warning

17:29:42.0328 0752        PROCDD - detected UnsignedFile.Multi.Generic (1)

17:29:42.0359 0752        Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys

17:29:42.0578 0752        Processor - ok

17:29:42.0625 0752        psadd           (76df9412c1556fca3d6d94b2c9d94d6b) C:\WINDOWS\system32\Drivers\psadd.sys

17:29:42.0687 0752        psadd ( UnsignedFile.Multi.Generic ) - warning

17:29:42.0687 0752        psadd - detected UnsignedFile.Multi.Generic (1)

17:29:42.0703 0752        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:29:42.0968 0752        PSched - ok

17:29:43.0015 0752        PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

17:29:43.0093 0752        PSI - ok

17:29:43.0125 0752        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:29:43.0343 0752        Ptilink - ok

17:29:43.0375 0752        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

17:29:43.0437 0752        PxHelp20 - ok

17:29:43.0468 0752        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

17:29:43.0703 0752        ql1080 - ok

17:29:43.0890 0752        Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

17:29:44.0125 0752        Ql10wnt - ok

17:29:44.0218 0752        ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

17:29:44.0468 0752        ql12160 - ok

17:29:44.0500 0752        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

17:29:44.0750 0752        ql1240 - ok

17:29:44.0781 0752        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

17:29:45.0000 0752        ql1280 - ok

17:29:45.0062 0752        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:29:45.0281 0752        RasAcd - ok

17:29:45.0359 0752        Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

17:29:45.0484 0752        Rasirda - ok

17:29:45.0546 0752        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:29:45.0765 0752        Rasl2tp - ok

17:29:45.0796 0752        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:29:46.0031 0752        RasPppoe - ok

17:29:46.0062 0752        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:29:46.0296 0752        Raspti - ok

17:29:46.0328 0752        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:29:46.0578 0752        Rdbss - ok

17:29:46.0687 0752        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:29:46.0906 0752        RDPCDD - ok

17:29:46.0968 0752        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:29:47.0234 0752        rdpdr - ok

17:29:47.0328 0752        RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

17:29:47.0437 0752        RDPWD - ok

17:29:47.0484 0752        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:29:47.0718 0752        redbook - ok

17:29:47.0890 0752        RkHit - ok

17:29:47.0984 0752        RMCAST          (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys

17:29:48.0109 0752        RMCAST - ok

17:29:48.0218 0752        s24trans        (13c2d87042260afa37b6d6a0ba3e4391) C:\WINDOWS\system32\DRIVERS\s24trans.sys

17:29:48.0296 0752        s24trans ( UnsignedFile.Multi.Generic ) - warning

17:29:48.0296 0752        s24trans - detected UnsignedFile.Multi.Generic (1)

17:29:48.0421 0752        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:29:48.0640 0752        Secdrv - ok

17:29:48.0687 0752        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:29:48.0890 0752        serenum - ok

17:29:48.0937 0752        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

17:29:49.0203 0752        Serial - ok

17:29:49.0328 0752        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:29:49.0531 0752        Sfloppy - ok

17:29:49.0578 0752        ShockMgr        (1a9b76c8e0d77bcaca24fdf36781b59d) C:\WINDOWS\system32\drivers\ShockMgr.sys

17:29:49.0609 0752        ShockMgr ( UnsignedFile.Multi.Generic ) - warning

17:29:49.0609 0752        ShockMgr - detected UnsignedFile.Multi.Generic (1)

17:29:49.0687 0752        Shockprf        (70d82eb75e7e3b2980d6bf5b26051f4b) C:\WINDOWS\system32\drivers\Shockprf.sys

17:29:49.0812 0752        Shockprf ( UnsignedFile.Multi.Generic ) - warning

17:29:49.0812 0752        Shockprf - detected UnsignedFile.Multi.Generic (1)

17:29:49.0859 0752        Simbad - ok

17:29:49.0953 0752        sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

17:29:50.0203 0752        sisagp - ok

17:29:50.0250 0752        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:29:50.0437 0752        SLIP - ok

17:29:50.0500 0752        Smapint         (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys

17:29:50.0562 0752        Smapint ( UnsignedFile.Multi.Generic ) - warning

17:29:50.0562 0752        Smapint - detected UnsignedFile.Multi.Generic (1)

17:29:50.0656 0752        smi2            (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Programme\SMI2\smi2.sys

17:29:50.0687 0752        smi2 ( UnsignedFile.Multi.Generic ) - warning

17:29:50.0687 0752        smi2 - detected UnsignedFile.Multi.Generic (1)

17:29:50.0765 0752        Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

17:29:50.0906 0752        Sparrow - ok

17:29:51.0000 0752        speedfan        (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys

17:29:51.0062 0752        speedfan - ok

17:29:51.0125 0752        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:29:51.0343 0752        splitter - ok

17:29:51.0437 0752        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

17:29:51.0687 0752        sr - ok

17:29:51.0750 0752        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:29:51.0859 0752        Srv - ok

17:29:51.0953 0752        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:29:52.0156 0752        streamip - ok

17:29:52.0218 0752        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:29:52.0437 0752        swenum - ok

17:29:52.0484 0752        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:29:52.0718 0752        swmidi - ok

17:29:52.0843 0752        symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

17:29:53.0062 0752        symc810 - ok

17:29:53.0109 0752        symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

17:29:53.0328 0752        symc8xx - ok

17:29:53.0375 0752        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

17:29:53.0593 0752        sym_hi - ok

17:29:53.0609 0752        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

17:29:53.0828 0752        sym_u3 - ok

17:29:53.0937 0752        SynTP           (d7dc30b8b41e7a913c3fccc0631e72ec) C:\WINDOWS\system32\DRIVERS\SynTP.sys

17:29:54.0000 0752        SynTP - ok

17:29:54.0062 0752        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:29:54.0281 0752        sysaudio - ok

17:29:54.0421 0752        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:29:54.0593 0752        Tcpip - ok

17:29:54.0656 0752        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:29:54.0875 0752        TDPIPE - ok

17:29:54.0984 0752        TDSMAPI         (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS

17:29:55.0046 0752        TDSMAPI ( UnsignedFile.Multi.Generic ) - warning

17:29:55.0046 0752        TDSMAPI - detected UnsignedFile.Multi.Generic (1)

17:29:55.0093 0752        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:29:55.0328 0752        TDTCP - ok

17:29:55.0437 0752        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:29:55.0656 0752        TermDD - ok

17:29:55.0718 0752        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys

17:29:55.0921 0752        TosIde - ok

17:29:55.0968 0752        TPHKDRV         (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys

17:29:56.0046 0752        TPHKDRV ( UnsignedFile.Multi.Generic ) - warning

17:29:56.0046 0752        TPHKDRV - detected UnsignedFile.Multi.Generic (1)

17:29:56.0140 0752        TPPWRIF         (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys

17:29:56.0187 0752        TPPWRIF ( UnsignedFile.Multi.Generic ) - warning

17:29:56.0187 0752        TPPWRIF - detected UnsignedFile.Multi.Generic (1)

17:29:56.0218 0752        TSMAPIP         (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS

17:29:56.0265 0752        TSMAPIP ( UnsignedFile.Multi.Generic ) - warning

17:29:56.0265 0752        TSMAPIP - detected UnsignedFile.Multi.Generic (1)

17:29:56.0312 0752        UBHelper        (9e39dc3022e6d84bf974678011a1ea4c) C:\WINDOWS\system32\drivers\UBHelper.sys

17:29:56.0359 0752        UBHelper - ok

17:29:56.0468 0752        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:29:56.0687 0752        Udfs - ok

17:29:56.0734 0752        ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

17:29:56.0890 0752        ultra - ok

17:29:56.0968 0752        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:29:57.0187 0752        Update - ok

17:29:57.0296 0752        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

17:29:57.0390 0752        USBAAPL - ok

17:29:57.0421 0752        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

17:29:57.0687 0752        usbaudio - ok

17:29:57.0796 0752        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:29:58.0046 0752        usbccgp - ok

17:29:58.0078 0752        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:29:58.0296 0752        usbehci - ok

17:29:58.0328 0752        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:29:58.0578 0752        usbhub - ok

17:29:58.0671 0752        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:29:58.0875 0752        usbscan - ok

17:29:58.0921 0752        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:29:59.0125 0752        USBSTOR - ok

17:29:59.0156 0752        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:29:59.0375 0752        usbuhci - ok

17:29:59.0484 0752        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

17:29:59.0703 0752        usbvideo - ok

17:29:59.0750 0752        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:29:59.0968 0752        VgaSave - ok

17:30:00.0046 0752        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

17:30:00.0296 0752        viaagp - ok

17:30:00.0343 0752        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

17:30:00.0562 0752        ViaIde - ok

17:30:00.0593 0752        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

17:30:00.0812 0752        VolSnap - ok

17:30:01.0015 0752        w39n51          (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys

17:30:01.0218 0752        w39n51 - ok

17:30:01.0296 0752        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:30:01.0531 0752        Wanarp - ok

17:30:01.0687 0752        Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

17:30:01.0765 0752        Wdf01000 - ok

17:30:01.0781 0752        WDICA - ok

17:30:01.0859 0752        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:30:02.0125 0752        wdmaud - ok

17:30:02.0218 0752        winachsf        (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

17:30:02.0343 0752        winachsf - ok

17:30:02.0500 0752        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

17:30:02.0625 0752        WpdUsb - ok

17:30:02.0718 0752        WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:30:02.0968 0752        WS2IFSL - ok

17:30:03.0015 0752        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:30:03.0265 0752        WSTCODEC - ok

17:30:03.0328 0752        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:30:03.0468 0752        WudfPf - ok

17:30:03.0562 0752        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

17:30:03.0656 0752        WudfRd - ok

17:30:03.0703 0752        MBR (0x1B8)     (27a2c828549e506fa4a176df897fa151) \Device\Harddisk0\DR0

17:30:03.0812 0752        \Device\Harddisk0\DR0 - ok

17:30:03.0812 0752        Boot (0x1200)   (71402eec6fba5652da501fa87e92a751) \Device\Harddisk0\DR0\Partition0

17:30:03.0812 0752        \Device\Harddisk0\DR0\Partition0 - ok

17:30:03.0828 0752        ============================================================

17:30:03.0828 0752        Scan finished

17:30:03.0828 0752        ============================================================

17:30:03.0937 2576        Detected object count: 22

17:30:03.0937 2576        Actual detected object count: 22

18:26:07.0421 2576        AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0421 2576        AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0421 2576        ANC ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0421 2576        ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0421 2576        ANCSQ ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0421 2576        ANCSQ ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0421 2576        BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0421 2576        BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0421 2576        BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0421 2576        BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0437 2576        EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0437 2576        EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0437 2576        giveio ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0437 2576        giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0437 2576        ibmfilter ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0437 2576        ibmfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0437 2576        IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0437 2576        IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0453 2576        pmem ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0453 2576        pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0453 2576        PrivateDisk ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0453 2576        PrivateDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0453 2576        PROCDD ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0453 2576        PROCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0453 2576        psadd ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0453 2576        psadd ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0453 2576        s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0453 2576        s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0468 2576        ShockMgr ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0468 2576        ShockMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0468 2576        Shockprf ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0468 2576        Shockprf ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0468 2576        Smapint ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0468 2576        Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0468 2576        smi2 ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0468 2576        smi2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0468 2576        TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0468 2576        TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0468 2576        TPHKDRV ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0468 2576        TPHKDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0484 2576        TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0484 2576        TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:26:07.0484 2576        TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user

18:26:07.0484 2576        TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 12-01-13.05 - *** 01/15/2012   0:57.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1424 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\***\Anwendungsdaten\SogouExplorer

c:\dokumente und einstellungen\***\Anwendungsdaten\SogouExplorer\Skin\????????.seskin

c:\dokumente und einstellungen\***\Anwendungsdaten\SogouExplorer\Skin\???????????.seskin

c:\dokumente und einstellungen\***\Anwendungsdaten\SogouExplorer\Skin\?????‘Chrome’?.seskin

c:\dokumente und einstellungen\***\Anwendungsdaten\SogouExplorer\Skin\?????IE???.seskin

c:\programme\StartNow Toolbar

c:\programme\StartNow Toolbar\Resources\images\btn-msn.png

c:\programme\StartNow Toolbar\Resources\images\chevronButton.png

c:\programme\StartNow Toolbar\Resources\images\engine_images.png

c:\programme\StartNow Toolbar\Resources\images\engine_maps.png

c:\programme\StartNow Toolbar\Resources\images\engine_news.png

c:\programme\StartNow Toolbar\Resources\images\engine_videos.png

c:\programme\StartNow Toolbar\Resources\images\engine_web.png

c:\programme\StartNow Toolbar\Resources\images\icon_amazon.png

c:\programme\StartNow Toolbar\Resources\images\icon_ebay.png

c:\programme\StartNow Toolbar\Resources\images\icon_facebook.png

c:\programme\StartNow Toolbar\Resources\images\icon_games.png

c:\programme\StartNow Toolbar\Resources\images\icon_shopping.png

c:\programme\StartNow Toolbar\Resources\images\icon_travel.png

c:\programme\StartNow Toolbar\Resources\images\icon_twitter.png

c:\programme\StartNow Toolbar\Resources\images\separator.png

c:\programme\StartNow Toolbar\Resources\images\splitter.png

c:\programme\StartNow Toolbar\Resources\images\startnow_logo.png

c:\programme\StartNow Toolbar\Resources\installer.xml

c:\programme\StartNow Toolbar\Resources\protect\index.html

c:\programme\StartNow Toolbar\Resources\protect\NotIE6.css

c:\programme\StartNow Toolbar\Resources\protect\OnlyIE6.css

c:\programme\StartNow Toolbar\Resources\protect\SearchProtectIcon.png

c:\programme\StartNow Toolbar\Resources\protect\window.css

c:\programme\StartNow Toolbar\Resources\protect\window.js

c:\programme\StartNow Toolbar\Resources\reactivate\index.html

c:\programme\StartNow Toolbar\Resources\reactivate\LeftImage.png

c:\programme\StartNow Toolbar\Resources\reactivate\NotIE6.css

c:\programme\StartNow Toolbar\Resources\reactivate\OnlyIE6.css

c:\programme\StartNow Toolbar\Resources\reactivate\window.css

c:\programme\StartNow Toolbar\Resources\reactivate\window.js

c:\programme\StartNow Toolbar\Resources\searchbox\dropdown_button_normal.png

c:\programme\StartNow Toolbar\Resources\searchbox\searchbox_button_hover.png

c:\programme\StartNow Toolbar\Resources\searchbox\searchbox_button_normal.png

c:\programme\StartNow Toolbar\Resources\searchbox\searchbox_input_left.png

c:\programme\StartNow Toolbar\Resources\searchbox\searchbox_input_middle.png

c:\programme\StartNow Toolbar\Resources\toolbar.xml

c:\programme\StartNow Toolbar\Resources\toolbarbutton\hover_c.png

c:\programme\StartNow Toolbar\Resources\toolbarbutton\hover_l.png

c:\programme\StartNow Toolbar\Resources\toolbarbutton\hover_r.png

c:\programme\StartNow Toolbar\Resources\toolbarbutton\normal_c.png

c:\programme\StartNow Toolbar\Resources\toolbarbutton\normal_l.png

c:\programme\StartNow Toolbar\Resources\toolbarbutton\normal_r.png

c:\programme\StartNow Toolbar\Resources\update.xml

c:\programme\StartNow Toolbar\uninstall.dat

c:\windows\IsUn0407.exe

c:\windows\system32\Cache

c:\windows\system32\TPAPSLOG.LOG

c:\windows\system32\TPHDLOG0.LOG

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_RKHIT

-------\Service_RkHit

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-15 bis 2012-01-15  ))))))))))))))))))))))))))))))

.

.

2012-01-15 01:26 . 2012-01-15 01:26        56200        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{3013AE6D-53EF-49BF-A1B0-B4D12AAE17A2}\offreg.dll

2012-01-15 01:26 . 2011-11-21 01:47        6823496        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{3013AE6D-53EF-49BF-A1B0-B4D12AAE17A2}\mpengine.dll

2012-01-13 17:16 . 2012-01-13 17:16        --------        d-----w-        C:\_OTL

2012-01-09 22:07 . 2012-01-09 22:07        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth

2012-01-08 14:03 . 2012-01-08 14:03        --------        d-----w-        c:\programme\PHP

2012-01-08 13:56 . 2012-01-08 13:56        --------        d-----w-        c:\dokumente und einstellungen\Internet\Papa_Model_Eichhoernchen

2012-01-08 10:59 . 2012-01-08 11:01        --------        d-----w-        c:\programme\JDownloader

2012-01-07 20:43 . 2009-03-16 13:18        22360        ----a-w-        c:\windows\system32\X3DAudio1_6.dll

2012-01-07 20:39 . 2012-01-07 20:39        --------        d-----w-        c:\programme\Smart Projects

2012-01-07 20:39 . 2012-01-07 20:39        --------        d-----w-        c:\programme\Winamp Detect

2012-01-07 20:38 . 2012-01-07 21:36        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Winamp

2012-01-07 20:36 . 2012-01-07 20:36        239168        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys

2012-01-07 20:36 . 2012-01-07 20:37        --------        d-----w-        c:\programme\DAEMON Tools Lite

2012-01-07 20:36 . 2012-01-07 20:36        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\DAEMON Tools Lite

2012-01-07 20:36 . 2012-01-07 20:36        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite

2012-01-07 20:35 . 2012-01-07 20:35        --------        d-----w-        c:\programme\SopCast

2012-01-07 20:28 . 2012-01-07 20:28        --------        d-----w-        c:\programme\FreeTime

2012-01-07 20:26 . 2012-01-07 20:26        --------        d-----w-        c:\programme\FileZilla FTP Client

2012-01-07 15:02 . 2012-01-07 15:02        --------        d-----w-        c:\programme\IrfanView

2012-01-07 14:54 . 2012-01-07 14:54        --------        d-----w-        c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Sun

2012-01-07 14:52 . 2012-01-07 14:52        --------        d-----w-        c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PCHealth

2012-01-07 14:24 . 2012-01-07 14:24        --------        d-----w-        c:\programme\Gemeinsame Dateien\Java

2012-01-07 14:23 . 2012-01-07 14:22        637848        ----a-w-        c:\windows\system32\npdeployJava1.dll

2012-01-07 14:19 . 2012-01-07 14:19        --------        d-----w-        c:\programme\Notepad++

2012-01-07 14:16 . 2012-01-14 16:27        626688        ----a-w-        c:\programme\Mozilla Firefox\msvcr80.dll

2012-01-07 14:16 . 2012-01-14 16:27        548864        ----a-w-        c:\programme\Mozilla Firefox\msvcp80.dll

2012-01-07 14:16 . 2012-01-14 16:27        479232        ----a-w-        c:\programme\Mozilla Firefox\msvcm80.dll

2012-01-07 14:16 . 2012-01-14 16:27        43992        ----a-w-        c:\programme\Mozilla Firefox\mozutils.dll

2012-01-07 14:10 . 2012-01-07 14:22        141312        ----a-w-        c:\windows\system32\javacpl.cpl

2012-01-07 14:09 . 2011-11-21 01:47        6823496        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-01-07 13:53 . 2010-10-19 20:51        222080        ------w-        c:\windows\system32\MpSigStub.exe

2012-01-07 13:40 . 2012-01-07 13:43        --------        d-----w-        c:\programme\Microsoft Security Client

2012-01-07 13:32 . 2012-01-07 13:32        --------        d-----w-        c:\programme\SpeedFan

2012-01-07 13:32 . 2012-01-07 13:32        --------        d-----w-        c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Secunia PSI

2012-01-07 13:30 . 2012-01-07 13:30        --------        d-----w-        c:\programme\Secunia

2012-01-07 13:05 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-01-07 13:05 . 2012-01-07 13:05        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2012-01-07 10:55 . 2012-01-07 10:55        --------        d-----w-        c:\programme\7-Zip

2012-01-06 21:12 . 2012-01-06 21:12        --------        d-----w-        c:\programme\iPod

2012-01-06 21:12 . 2012-01-06 21:14        --------        d-----w-        c:\programme\iTunes

2012-01-03 13:10 . 2012-01-03 13:10        182672        ----a-w-        c:\programme\Mozilla Firefox\plugins\nppdf32.dll

2012-01-03 13:10 . 2012-01-03 13:10        182672        ----a-w-        c:\programme\Internet Explorer\PLUGINS\nppdf32.dll

2011-12-31 16:44 . 2011-12-31 16:44        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes

2011-12-31 16:44 . 2011-12-31 16:44        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2011-12-31 16:42 . 2011-12-31 16:42        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\WinPatrol

2011-12-31 16:41 . 2011-12-31 16:41        388096        ----a-r-        c:\dokumente und einstellungen\***\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-31 16:41 . 2011-12-31 16:41        --------        d-----w-        c:\programme\Trend Micro

2011-12-31 16:25 . 2011-12-31 16:25        --------        d-----w-        c:\programme\ESET

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-14 23:23 . 2010-09-29 18:39        5427        ----a-w-        c:\windows\system32\EGATHDRV.SYS

2012-01-07 20:38 . 2011-06-01 14:51        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-07 14:22 . 2010-10-04 17:28        567184        ----a-w-        c:\windows\system32\deployJava1.dll

2011-11-25 21:57 . 1979-12-31 22:00        293888        ----a-w-        c:\windows\system32\winsrv.dll

2011-11-23 14:40 . 1979-12-31 22:00        1859712        ------w-        c:\windows\system32\win32k.sys

2011-11-20 06:12 . 1979-12-31 22:00        61952        ------w-        c:\windows\system32\packager.exe

2011-11-04 19:13 . 1979-12-31 22:00        916992        ----a-w-        c:\windows\system32\wininet.dll

2011-11-04 19:13 . 1979-12-31 22:00        43520        ------w-        c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 1979-12-31 22:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 1979-12-31 22:00        385024        ------w-        c:\windows\system32\html.iec

2011-11-03 15:28 . 1979-12-31 22:00        387072        ------w-        c:\windows\system32\qdvd.dll

2011-11-03 15:28 . 1979-12-31 22:00        1297920        ------w-        c:\windows\system32\quartz.dll

2011-11-01 16:07 . 1979-12-31 22:00        1288704        ----a-w-        c:\windows\system32\ole32.dll

2011-10-28 05:31 . 1979-12-31 22:00        33280        ------w-        c:\windows\system32\csrsrv.dll

2011-10-26 10:49 . 2004-08-03 22:50        2029568        ------w-        c:\windows\system32\ntkrnlpa.exe

2011-10-26 10:49 . 1979-12-31 22:00        2151424        ------w-        c:\windows\system32\ntoskrnl.exe

2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx

2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\system32\QuickTime.qts

2011-10-21 10:38 . 2011-10-21 10:38        371272        ------r-        c:\dokumente und einstellungen\Internet\Anwendungsdaten\Microsoft\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe

2011-10-18 11:13 . 1979-12-31 22:00        186880        ------w-        c:\windows\system32\encdec.dll

2012-01-14 16:27 . 2011-06-01 02:38        121816        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-12-15 925696]

"MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

OneNote Table Of Contents.onetoc2 [2012-1-8 3656]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2005-07-05 21:45        28672        ------w-        c:\windows\system32\notifyf2.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2005-11-30 18:16        24576        ------w-        c:\windows\system32\tphklock.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]

   Ime File        REG_SZ                 SOGOUPY.IME

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Secunia PSI Tray.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk

backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\dokumente und einstellungen\***\Startmenü\Programme\Autostart\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37        843712        ----a-w-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-11-02 06:51        59240        ----a-w-        c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-01 22:25        59240        ----a-w-        c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-01-08 13:11        136176        ----atw-        c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 00:36        421736        ----a-w-        c:\programme\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 13:28        421888        ----a-w-        c:\programme\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-09-30 11:19        252296        ----a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2010-04-22 22:16        1725736        ----a-w-        c:\programme\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

2010-04-22 23:16        128296        ----a-w-        c:\programme\Synaptics\SynTP\SynTPLpr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"PWRMGRTR"=rundll32 c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [12/21/2005 10:39 PM 6912]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/7/2012 9:36 PM 239168]

R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2/22/2010 9:44 AM 45312]

R2 PrivateDisk;PrivateDisk;c:\programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [11/15/2005 12:11 PM 46142]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\programme\Secunia\PSI\PSIA.exe --start-service --> c:\programme\Secunia\PSI\PSIA.exe --start-service [?]

R2 Secunia Update Agent;Secunia Update Agent;c:\programme\Secunia\PSI\sua.exe --start-service --> c:\programme\Secunia\PSI\sua.exe --start-service [?]

R2 smi2;smi2;c:\programme\SMI2\smi2.sys [12/21/2005 3:45 PM 3968]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 9:30 AM 15544]

S1 MpKsl066d7c49;MpKsl066d7c49;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D5BAF62F-5904-457A-BE06-859DDD662EDC}\MpKsl066d7c49.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D5BAF62F-5904-457A-BE06-859DDD662EDC}\MpKsl066d7c49.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [2/2/2010 3:41 AM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [2/2/2010 3:41 AM 136176]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [12/31/1979 11:00 PM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM        REG_MULTI_SZ           WINRM

.

Inhalt des "geplante Tasks" Ordners

.

2011-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]

.

2012-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-02 02:41]

.

2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-02 02:41]

.

2012-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1005Core.job

- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2012-01-08 13:11]

.

2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1008Core.job

- c:\dokumente und einstellungen\Internet\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-06-29 02:41]

.

2012-01-15 c:\windows\Tasks\MP Scheduled Scan.job

- c:\programme\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]

.

2011-12-31 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-09-29 23:12]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Senden an &Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: microsoft.com\windowsupdate

TCP: DhcpNameServer = 192.168.0.1

DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://cas.sc.loc/auth/taweb.cab

FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - Google

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Notify-ACNotify - ACNotify.dll

Notify-NavLogon - (no file)

MSConfigStartUp-ISW - c:\programme\CheckPoint\ZAForceField\ForceField.exe

AddRemove-DAEMON Tools Toolbar - c:\programme\DAEMON Tools Toolbar\uninst.exe

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe

AddRemove-Presentation Director - c:\windows\IsUn0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-01-15 07:52

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(940)

c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll

c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll

c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll

c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\tphklock.dll

.

- - - - - - - > 'explorer.exe'(3324)

c:\windows\system32\PROCHLP.DLL

c:\programme\Windows Desktop Search\deskbar.dll

c:\programme\Windows Desktop Search\de-de\dbres.dll.mui

c:\programme\Windows Desktop Search\dbres.dll

c:\programme\Windows Desktop Search\wordwheel.dll

c:\programme\Windows Desktop Search\de-de\msnlExtRes.dll.mui

c:\programme\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\windows\system32\Ati2evxx.exe

c:\programme\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\Ati2evxx.exe

c:\programme\Intel\Wireless\Bin\EvtEng.exe

c:\programme\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\system32\IPSSVC.EXE

c:\windows\system32\msdtc.exe

c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\programme\Bonjour\mDNSResponder.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\programme\Java\jre7\bin\jqs.exe

c:\programme\Intel\Wireless\Bin\RegSrvc.exe

c:\programme\Secunia\PSI\PSIA.exe

c:\windows\System32\snmp.exe

c:\windows\System32\TPHDEXLG.EXE

c:\windows\system32\TpKmpSVC.exe

c:\programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe

c:\programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

c:\programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\mqsvc.exe

c:\programme\Windows Media Player\WMPNetwk.exe

c:\windows\system32\mqtgsvc.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\programme\IBM ThinkVantage\Common\Logger\logmon.exe

c:\programme\Secunia\PSI\sua.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-01-15  07:58:17 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-01-15 06:58

.

Vor Suchlauf: 8,942,624,768 Bytes frei

Nach Suchlauf: 8,725,815,296 Bytes frei

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noguiboot /numproc=2

.

- - End Of File - - 8489267ACE70D4F265AF0A92EBB5A97A

--- --- ---