Hammer Rootkit, popups, reroutes, in safemode, bsod ...

[Genervt]

SynTPEnh.exea

Zunächst die geforderten 3 Logs von HJT und CC, weitere Details weiter unten (Ursache, Symptome, bisherige Erfolge etc)
Die härteste Nuß in FÜNFUNDZWANIZIG Jahren, für mich...

HJThis Log

Code:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 17:02:51, on 19.02.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe
C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
C:\Windows\RtHDVCpl.exe
C:\Programs\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Programs\Sandboxie\SbieCtrl.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\mdm.exe
C:\Programs\MozillaFirefox\firefox.exe
C:\Programs\MozillaThunderbird\thunderbird.exe
C:\Windows\explorer.exe
C:\Programs\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programs\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programs\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programs\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [muBlinder] C:\Windows\muBlinder.exe -startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SandboxieControl] "C:\Programs\Sandboxie\SbieCtrl.exe"
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programs\AllMusicConverter\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programs\AllMusicConverter\YouTubeRipper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\Spybot\SDHelper.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BOLVSVCXK - Sysinternals - www.sysinternals.com - C:\Users\mw210461\AppData\Local\Temp\BOLVSVCXK.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programs\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programs\Sandboxie\SbieSvc.exe
O23 - Service: SMServer - SMServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: TKKMUFJ - Sysinternals - www.sysinternals.com - C:\Users\mw210461\AppData\Local\Temp\TKKMUFJ.exe
O23 - Service: uvnc_service - UltraVNC - C:\Programs\UltraVNC\WinVNC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programs\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 10601 bytes

HJTScanlist Log

Code:

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.0.6002]
 
 
C:

       C:\hiberfil.sys ---------    
       C:\pagefile.sys ---------    
  19.02.2010 16:05     C:\aaw7boot.log --------- 7298   
  19.02.2010 15:25     C:\Config.Msi --------- 0   
  19.02.2010 14:40     C:\Programs --------- 28672   
  19.02.2010 13:47     C:\Junk --------- 16384   
  19.02.2010 13:37     C:\ProgramData --------- 40960   
  19.02.2010 12:54     C:\_Temp --------- 65536   
  19.02.2010 11:57     C:\Program --------- 0   
  19.02.2010 11:20     C:\cf.exe --------- 65536   
  19.02.2010 11:17     C:\Qoobox --------- 0   
  19.02.2010 11:10     C:\cf18998c --------- 65536   
  19.02.2010 10:59     C:\Windows --------- 40960   
  19.02.2010 10:48     C:\cf --------- 65536   
  17.02.2010 20:32     C:\Program Files --------- 24576   
  17.02.2010 17:02     C:\temp --------- 0   
  16.02.2010 15:15     C:\Sandbox --------- 0   
  15.02.2010 18:24     C:\System Volume Information --------- 40960   
  07.02.2010 12:05     C:\Cryptload --------- 4096   
  06.02.2010 09:28     C:\Converted --------- 0   
  12.01.2010 11:55     C:\Ruby --------- 4096   
  09.11.2009 10:29     C:\$AVG --------- 0   
  02.10.2009 13:50     C:\VundoFix Backups --------- 0   
  02.10.2009 13:02     C:\Boot --------- 4096   
  14.09.2009 16:57     C:\CELab --------- 0   
  28.07.2009 16:42     C:\$RECYCLE.BIN --------- 4096   
  28.07.2009 16:41     C:\Users --------- 4096   
  27.06.2009 17:29     C:\NVIDIA --------- 0   
  24.06.2009 12:22     C:\My Music --------- 0   
  21.06.2009 15:16     C:\MSOCache --------- 0   
  21.06.2009 12:54     C:\MSDOS.SYS --------- 0   
  21.06.2009 12:54     C:\IO.SYS --------- 0   
  21.06.2009 09:32     C:\Programme --------- 0   
  21.06.2009 09:32     C:\Dokumente und Einstellungen --------- 0   
  11.04.2009 07:36     C:\bootmgr --------- 333257   
  23.07.2008 10:20     C:\MyWorks --------- 0   
  23.07.2008 09:24     C:\BOOTSECT.BAK --------- 8192   
  23.07.2008 08:46     C:\Intel --------- 0   
  02.11.2006 14:02     C:\Documents and Settings --------- 0   
  18.09.2006 22:43     C:\config.sys --------- 10   
  18.09.2006 22:43     C:\autoexec.bat --------- 24   
----------------------------------------

 
C:\Windows

  19.02.2010 16:11     C:\Windows\WindowsUpdate.log --------- 66455   
  19.02.2010 16:06     C:\Windows\bootstat.dat --------- 67584   
  19.02.2010 15:33     C:\Windows\ntbtlog.txt --------- 872834   
  19.02.2010 13:48     C:\Windows\PFRO.log --------- 2816   
  19.02.2010 11:13     C:\Windows\bthservsdp.dat --------- 12   
  19.02.2010 10:59     C:\Windows\setupact.log --------- 0   
  19.02.2010 10:59     C:\Windows\setuperr.log --------- 0   
  19.02.2010 10:59     C:\Windows\ICSharpCode.SharpZipLib.dll --------- 192512   
  17.02.2010 20:31     C:\Windows\Sandboxie.ini --------- 1300   
  15.02.2010 19:56     C:\Windows\win.ini --------- 559   
  10.02.2010 10:51     C:\Windows\NeroDigital.ini --------- 69   
  09.02.2010 09:49     C:\Windows\vbaddin.ini --------- 93   
  06.02.2010 11:03     C:\Windows\ConverterCore.INI --------- 116   
  03.02.2010 10:34     C:\Windows\Recorder.dat --------- 12   
  10.01.2010 11:58     C:\Windows\REGKEYNT.INI --------- 53   
  09.12.2009 22:54     C:\Windows\PEV.exe --------- 261632   
  27.10.2009 16:52     C:\Windows\opera6.adr --------- 73126   
  25.10.2009 06:11     C:\Windows\MBR.exe --------- 77312   
  16.10.2009 16:53     C:\Windows\unins000.dat --------- 9553   
  16.10.2009 16:53     C:\Windows\unins000.exe --------- 695642   
  12.10.2009 16:39     C:\Windows\$_hpcst$.hpc --------- 876   
  08.10.2009 17:09     C:\Windows\CD_Start.INI --------- 32   
  28.07.2009 17:35     C:\Windows\w32demo8.ini --------- 267   
  26.06.2009 13:20     C:\Windows\nsreg.dat --------- 0   
  24.06.2009 12:24     C:\Windows\Ulead32.ini --------- 216   
  21.06.2009 16:23     C:\Windows\mdm.ini --------- 126   
  21.06.2009 16:23     C:\Windows\ODBCINST.INI --------- 535   
  21.06.2009 16:23     C:\Windows\ODBC.INI --------- 288   
  21.06.2009 16:21     C:\Windows\VB.INI --------- 1273   
  21.06.2009 13:06     C:\Windows\UnHSDX.bat --------- 2026   
  20.04.2009 12:56     C:\Windows\NIRCMD.exe --------- 31232   
  11.04.2009 07:27     C:\Windows\explorer.exe --------- 2926592   
  02.04.2009 00:50     C:\Windows\muBlinder.exe --------- 1464320   
  20.10.2008 08:49     C:\Windows\csup.txt --------- 10   
  24.09.2008 11:05     C:\Windows\twspmm.ini --------- 14115   
  30.08.2008 08:39     C:\Windows\twspmm.src --------- 5860   
  08.08.2008 06:04     C:\Windows\NOCLOSE.PIF --------- 545   
  08.08.2008 06:04     C:\Windows\UC.PIF --------- 545   
  08.08.2008 06:04     C:\Windows\LHA.PIF --------- 545   
  08.08.2008 06:04     C:\Windows\PKUNZIP.PIF --------- 545   
  08.08.2008 06:04     C:\Windows\PKZIP.PIF --------- 545   
  08.08.2008 06:04     C:\Windows\ARJ.PIF --------- 545   
  08.08.2008 06:04     C:\Windows\RAR.PIF --------- 545   
  23.07.2008 09:12     C:\Windows\DIFxAPI.dll --------- 319456   
  23.07.2008 09:11     C:\Windows\HideWin.exe --------- 315392   
  20.03.2008 16:56     C:\Windows\UNRecode.exe --------- 972072   
  28.02.2008 17:38     C:\Windows\UNNeroMediaHome.exe --------- 972072   
  14.02.2008 13:07     C:\Windows\Updates.txt --------- 10   
  21.01.2008 03:43     C:\Windows\WindowsShell.Manifest --------- 749   
  21.01.2008 03:24     C:\Windows\regedit.exe --------- 134656   
  21.01.2008 03:24     C:\Windows\bfsvc.exe --------- 58880   
  21.01.2008 03:24     C:\Windows\fveupdate.exe --------- 13312   
  21.01.2008 03:24     C:\Windows\HelpPane.exe --------- 498176   
  21.01.2008 03:23     C:\Windows\notepad.exe --------- 151040   
  18.12.2007 18:42     C:\Windows\RTKAUDIOSERVICE.EXE --------- 98304   
  17.12.2007 10:02     C:\Windows\RtHDVCpl.exe --------- 4718592   
  10.12.2007 23:20     C:\Windows\TrueprintCfg.exe --------- 73728   
  20.11.2007 17:15     C:\Windows\SkyTel.exe --------- 1826816   
  14.11.2007 14:18     C:\Windows\USetup.iss --------- 553   
  07.11.2007 16:31     C:\Windows\RtlUpd.exe --------- 1191936   
  26.07.2007 16:09     C:\Windows\RtlExUpd.dll --------- 520192   
  21.03.2007 20:02     C:\Windows\UNNeroVision.exe --------- 972336   
  20.03.2007 20:22     C:\Windows\UNNeroBackItUp.exe --------- 972336   
  28.02.2007 15:41     C:\Windows\UNNeroShowTime.exe --------- 972336   
  08.12.2006 11:23     C:\Windows\RSetupCE.exe --------- 90112   
  02.11.2006 13:35     C:\Windows\WMSysPr9.prx --------- 316640   
  02.11.2006 13:34     C:\Windows\twunk_16.exe --------- 49680   
  02.11.2006 13:34     C:\Windows\twunk_32.exe --------- 31232   
  02.11.2006 13:34     C:\Windows\twain_32.dll --------- 50688   
  02.11.2006 13:34     C:\Windows\twain.dll --------- 94784   
  02.11.2006 10:45     C:\Windows\winhlp32.exe --------- 9216   
  02.11.2006 10:45     C:\Windows\hh.exe --------- 14848   
  02.11.2006 08:46     C:\Windows\mib.bin --------- 43131   
  26.10.2006 12:08     C:\Windows\agrsmdel.exe --------- 50752   
  19.09.2006 12:41     C:\Windows\HomePremium.xml --------- 8328   
  18.09.2006 22:46     C:\Windows\system.ini --------- 219   
  18.09.2006 22:43     C:\Windows\_default.pif --------- 707   
  18.09.2006 22:43     C:\Windows\winhelp.exe --------- 256192   
  18.09.2006 22:30     C:\Windows\msdfmap.ini --------- 1405   
  15.09.2005 13:35     C:\Windows\UNNeroMediaHome.cfg --------- 50   
  30.08.2005 20:37     C:\Windows\UNNeroVision.cfg --------- 50   
  30.08.2005 20:37     C:\Windows\UNNeroShowTime.cfg --------- 50   
  30.08.2005 20:36     C:\Windows\UNRecode.cfg --------- 50   
  30.08.2005 20:33     C:\Windows\UNNeroBackItUp.cfg --------- 50   
  12.12.2003 00:52     C:\Windows\epsuninst.exe --------- 278668   
  11.12.2002 19:11     C:\Windows\WMPrfDan.prx --------- 31712   
  11.12.2002 19:11     C:\Windows\WMPrfDEU.prx --------- 33820   
  11.12.2002 19:11     C:\Windows\WMPrfNLd.prx --------- 32964   
  11.12.2002 19:11     C:\Windows\WMPrfFra.prx --------- 37916   
  11.12.2002 19:11     C:\Windows\WMPrfIta.prx --------- 35680   
  11.12.2002 19:11     C:\Windows\WMPrfPtg.prx --------- 35916   
  11.12.2002 19:11     C:\Windows\WMPrfEsp.prx --------- 35590   
  06.08.2001 20:58     C:\Windows\psuninst2.exe --------- 163599   
  12.01.2001 17:04     C:\Windows\setdebug.exe --------- 46352   
  12.01.2001 15:10     C:\Windows\jautoexp.dat --------- 6550   
  31.08.2000 08:00     C:\Windows\sed.exe --------- 98816   
  31.08.2000 08:00     C:\Windows\SWREG.exe --------- 161792   
  31.08.2000 08:00     C:\Windows\zip.exe --------- 68096   
  31.08.2000 08:00     C:\Windows\SWSC.exe --------- 136704   
  31.08.2000 08:00     C:\Windows\SWXCACLS.exe --------- 212480   
  31.08.2000 08:00     C:\Windows\grep.exe --------- 80412   
  14.07.2000 23:00     C:\Windows\REGTLIB.EXE --------- 30720   
  17.12.1999 10:13     C:\Windows\unvise32.exe --------- 86016   
  25.06.1999 08:56     C:\Windows\Unwise.exe --------- 127184   
  23.03.1999 08:12     C:\Windows\uninst.exe --------- 299520   
  17.05.1998 23:00     C:\Windows\JAUTOEXP.INI --------- 14017   
  23.04.1998 23:00     C:\Windows\FRONTPG.INI --------- 218   
  06.11.1996 12:05     C:\Windows\unin0407.exe --------- 302592   
----------------------------------------

 
C:\Windows\System

 27.09.2007 14:32      C:\Windows\System\ms.ico --------- 34530 
 27.09.2007 14:17      C:\Windows\System\sm.ico --------- 37041 
 27.09.2007 14:12      C:\Windows\System\sd.ico --------- 38660 
 27.09.2007 14:04      C:\Windows\System\cf.ico --------- 37300 
 02.08.2007 21:32      C:\Windows\System\DriveIcon.dll --------- 5631520 
 02.11.2006 13:34      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 13:34      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 13:34      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 13:34      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 13:34      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 13:34      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 08:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 08:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 08:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 08:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 08:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 08:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 08:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 08:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 08:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 08:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 08:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 08:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 22:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 22:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 22:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 22:35      C:\Windows\System\stdole.tlb --------- 5532 
 30.06.2004 15:24      C:\Windows\System\MyMulti.ico --------- 5430 
 12.06.2000 23:00      C:\Windows\System\FP30WEC.DLL --------- 408848 
 24.05.1998 23:00      C:\Windows\System\VI30AUT.DLL --------- 84225 
 06.05.1998 23:00      C:\Windows\System\VI30WRP.DLL --------- 86528 
 23.04.1998 23:00      C:\Windows\System\FP30WEL.DLL --------- 706832 
 23.04.1998 23:00      C:\Windows\System\FP30TXT.DLL --------- 98576 
 23.04.1998 23:00      C:\Windows\System\FP30UTL.DLL --------- 435984 
----------------------------------------

 
C:\Windows\System32

 19.02.2010 16:06     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3744  
 19.02.2010 16:06     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3744  
 19.02.2010 15:24     C:\Windows\system32\KNJYS --------- 801898476  
 19.02.2010 15:24     C:\Windows\system32\PANJVOI --------- 544604159  
 19.02.2010 14:19     C:\Windows\system32\drivers --------- 65536  
 19.02.2010 14:13     C:\Windows\system32\UEGYL --------- 0  
 19.02.2010 11:17     C:\Windows\system32\catroot2 --------- 12288  
 18.02.2010 16:29     C:\Windows\system32\Tasks --------- 4096  
 17.02.2010 20:04     C:\Windows\system32\perfh009.dat --------- 590082  
 17.02.2010 20:04     C:\Windows\system32\perfc009.dat --------- 102094  
 17.02.2010 20:04     C:\Windows\system32\perfc007.dat --------- 123852  
 17.02.2010 20:04     C:\Windows\system32\perfh007.dat --------- 621952  
 17.02.2010 20:04     C:\Windows\system32\PerfStringBackup.INI --------- 1427406  
 17.02.2010 19:59     C:\Windows\system32\catroot --------- 4096  
 17.02.2010 19:58     C:\Windows\system32\BIOAPIFFDB --------- 4096  
 17.02.2010 19:23     C:\Windows\system32\javaw.exe --------- 145184  
 17.02.2010 19:23     C:\Windows\system32\javaws.exe --------- 153376  
 17.02.2010 19:23     C:\Windows\system32\java.exe --------- 145184  
 17.02.2010 19:23     C:\Windows\system32\deploytk.dll --------- 411368  
 16.02.2010 12:47     C:\Windows\system32\GroupPolicy --------- 0  
 15.02.2010 19:04     C:\Windows\system32\DRVSTORE --------- 0  
 15.02.2010 18:48     C:\Windows\system32\lsdelete.exe --------- 15880  
 15.02.2010 18:15     C:\Windows\system32\wbem --------- 65536  
 15.02.2010 18:14     C:\Windows\system32\config --------- 12288  
 15.02.2010 18:13     C:\Windows\system32\spool --------- 4096  
 15.02.2010 18:13     C:\Windows\system32\Msdtc --------- 4096  
 15.02.2010 18:13     C:\Windows\system32\CodeIntegrity --------- 4096  
 15.02.2010 16:32     C:\Windows\system32\spsys.log --------- 552  
 06.02.2010 11:27     C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat --------- 13848  
 06.02.2010 11:26     C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp --------- 33846  
 06.02.2010 10:14     C:\Windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat --------- 3658  
 06.02.2010 10:13     C:\Windows\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp --------- 33846  
 01.02.2010 20:26     C:\Windows\system32\mrt.exe --------- 30364104  
 22.01.2010 16:11     C:\Windows\system32\migration --------- 4096  
 22.01.2010 09:06     C:\Windows\system32\WDI --------- 8192  
 21.01.2010 11:27     C:\Windows\system32\fmod.dll --------- 162816  
 14.01.2010 11:12     C:\Windows\system32\MpSigStub.exe --------- 181120  
 10.01.2010 10:57     C:\Windows\system32\awrdscdc.ax --------- 360448  
 02.01.2010 07:38     C:\Windows\system32\wininet.dll --------- 916480  
 02.01.2010 07:38     C:\Windows\system32\urlmon.dll --------- 1208832  
 02.01.2010 07:36     C:\Windows\system32\occache.dll --------- 206848  
 02.01.2010 07:33     C:\Windows\system32\mshtml.dll --------- 5942784  
 02.01.2010 07:33     C:\Windows\system32\msfeedsbs.dll --------- 55296  
 02.01.2010 07:33     C:\Windows\system32\msfeeds.dll --------- 594432  
 02.01.2010 07:32     C:\Windows\system32\jsproxy.dll --------- 25600  
 02.01.2010 07:32     C:\Windows\system32\inetcpl.cpl --------- 1469440  
 02.01.2010 07:32     C:\Windows\system32\ieui.dll --------- 164352  
 02.01.2010 07:32     C:\Windows\system32\iesysprep.dll --------- 109056  
 02.01.2010 07:32     C:\Windows\system32\iertutil.dll --------- 1985536  
 02.01.2010 07:32     C:\Windows\system32\iesetup.dll --------- 71680  
 02.01.2010 07:32     C:\Windows\system32\iernonce.dll --------- 55808  
 02.01.2010 07:32     C:\Windows\system32\iepeers.dll --------- 184320  
 02.01.2010 07:32     C:\Windows\system32\ieframe.dll --------- 11070464  
 02.01.2010 07:32     C:\Windows\system32\iedkcs32.dll --------- 387584  
 02.01.2010 05:57     C:\Windows\system32\ieUnatt.exe --------- 133632  
 02.01.2010 05:56     C:\Windows\system32\ie4uinit.exe --------- 173056  
 02.01.2010 05:56     C:\Windows\system32\msfeedssync.exe --------- 13312  
 02.01.2010 05:55     C:\Windows\system32\mshtml.tlb --------- 1638912  
 10.12.2009 09:18     C:\Windows\system32\de-DE --------- 196608  
 04.12.2009 19:30     C:\Windows\system32\tsbyuv.dll --------- 12288  
 04.12.2009 19:29     C:\Windows\system32\quartz.dll --------- 1314816  
 04.12.2009 19:28     C:\Windows\system32\msyuv.dll --------- 22528  
 04.12.2009 19:28     C:\Windows\system32\msvidc32.dll --------- 31744  
 04.12.2009 19:28     C:\Windows\system32\msvfw32.dll --------- 123904  
 04.12.2009 19:28     C:\Windows\system32\msrle32.dll --------- 13312  
 04.12.2009 19:28     C:\Windows\system32\mciavi32.dll --------- 82944  
 04.12.2009 19:28     C:\Windows\system32\iyuv_32.dll --------- 50176  
 04.12.2009 19:27     C:\Windows\system32\avifil32.dll --------- 91136  
 25.11.2009 15:38     C:\Windows\system32\RMBin --------- 4096  
 11.11.2009 16:27     C:\Windows\system32\FNTCACHE.DAT --------- 408488  
 10.11.2009 23:08     C:\Windows\system32\QuickTimeVR.qtx --------- 94208  
 10.11.2009 23:08     C:\Windows\system32\QuickTime.qts --------- 69632  
 09.11.2009 13:31     C:\Windows\system32\nshhttp.dll --------- 24064  
 09.11.2009 13:30     C:\Windows\system32\httpapi.dll --------- 30720  
 08.11.2009 12:02     C:\Windows\system32\avgrsstx.dll --------- 12464  
 02.11.2009 18:19     C:\Windows\system32\MSDATGRD.oca --------- 65536  
 02.11.2009 18:19     C:\Windows\system32\MSFLXGRD.oca --------- 76288  
 02.11.2009 18:19     C:\Windows\system32\MSCOMM32.oca --------- 25600  
 02.11.2009 18:19     C:\Windows\system32\comctl32.oca --------- 240128  
 02.11.2009 18:19     C:\Windows\system32\RICHTX32.oca --------- 64000  
 02.11.2009 18:19     C:\Windows\system32\TABCTL32.oca --------- 43008  
 29.10.2009 10:17     C:\Windows\system32\tzres.dll --------- 2048  
 27.10.2009 11:26     C:\Windows\system32\GDIPFONTCACHEV1.DAT --------- 116552  
 26.10.2009 13:24     C:\Windows\system32\Office 2007-2003 Genuine Advantage (OGA) Cracked [kingbear] --------- 0  
 24.10.2009 12:02     C:\Windows\system32\LegitCheckControl.DLL --------- 1488688  
 19.10.2009 14:38     C:\Windows\system32\t2embed.dll --------- 156672  
 19.10.2009 14:35     C:\Windows\system32\fontsub.dll --------- 72704  
 17.10.2009 10:56     C:\Windows\system32\ezsidmv.dat --------- 56  
 07.10.2009 12:36     C:\Windows\system32\rastls.dll --------- 243712  
 05.10.2009 15:33     C:\Windows\system32\zh-TW --------- 4096  
 05.10.2009 15:33     C:\Windows\system32\zh-HK --------- 0  
 05.10.2009 15:33     C:\Windows\system32\tr-TR --------- 0  
 05.10.2009 15:33     C:\Windows\system32\sv-SE --------- 0  
 05.10.2009 15:33     C:\Windows\system32\pt-BR --------- 4096  
 05.10.2009 15:33     C:\Windows\system32\nl-NL --------- 4096  
 05.10.2009 15:33     C:\Windows\system32\nb-NO --------- 4096  
 05.10.2009 15:33     C:\Windows\system32\ko-KR --------- 0  
 05.10.2009 15:33     C:\Windows\system32\it-IT --------- 0  
 05.10.2009 15:33     C:\Windows\system32\he-IL --------- 0  
 05.10.2009 15:33     C:\Windows\system32\fr-FR --------- 0  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 19.02.2010 16:36     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1096  
 19.02.2010 16:06     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1092  
 19.02.2010 16:06     C:\Windows\Tasks\SA.DAT --------- 6  
 19.02.2010 11:13     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32622  
 18.02.2010 17:00     C:\Windows\Tasks\Ad-Aware Update (Weekly).job --------- 370  
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\mw210461\AppData\Local\Temp

 19.02.2010 17:17     C:\Users\mw210461\AppData\Local\Temp\Low --------- 0  
 19.02.2010 17:18     C:\Users\mw210461\AppData\Local\Temp\plugtmp-1 --------- 4096  
 19.02.2010 17:10     C:\Users\mw210461\AppData\Local\Temp\Google Toolbar --------- 0  
 19.02.2010 16:11     C:\Users\mw210461\AppData\Local\Temp\jusched.log --------- 8297  
 19.02.2010 16:08     C:\Users\mw210461\AppData\Local\Temp\~DFAE77.tmp --------- 81920  
 19.02.2010 16:07     C:\Users\mw210461\AppData\Local\Temp\WPDNSE --------- 0  
 19.02.2010 16:06     C:\Users\mw210461\AppData\Local\Temp\MUI --------- 0  
 19.02.2010 15:27     C:\Users\mw210461\AppData\Local\Temp\~DF252D.tmp --------- 81920  
 19.02.2010 14:44     C:\Users\mw210461\AppData\Local\Temp\~DFA60.tmp --------- 16384  
 19.02.2010 14:18     C:\Users\mw210461\AppData\Local\Temp\~DF650A.tmp --------- 81920  
 19.02.2010 14:12     C:\Users\mw210461\AppData\Local\Temp\BOLVSVCXK.exe --------- 428928  
 19.02.2010 14:12     C:\Users\mw210461\AppData\Local\Temp\TKKMUFJ.exe --------- 469888  
 19.02.2010 14:12     C:\Users\mw210461\AppData\Local\Temp\wzc4f3 --------- 0  
 19.02.2010 13:53     C:\Users\mw210461\AppData\Local\Temp\683c3afd-ed26-4276-bdc4-cd469335a098.mht --------- 7298  
 19.02.2010 13:51     C:\Users\mw210461\AppData\Local\Temp\~DFC50E.tmp --------- 81920  
 19.02.2010 13:51     C:\Users\mw210461\AppData\Local\Temp\wmplog04.sqm --------- 1390  
 19.02.2010 13:37     C:\Users\mw210461\AppData\Local\Temp\KDSInterface.txt --------- 2  
 19.02.2010 13:37     C:\Users\mw210461\AppData\Local\Temp\Uninstall Log 2010-02-19 #002.txt --------- 4644  
 19.02.2010 13:37     C:\Users\mw210461\AppData\Local\Temp\Uninstall Log 2010-02-19 #001.txt --------- 3934  
 19.02.2010 13:11     C:\Users\mw210461\AppData\Local\Temp\hsperfdata_mw210461 --------- 0  
 19.02.2010 13:11     C:\Users\mw210461\AppData\Local\Temp\AdobeARM.log --------- 14800  
 19.02.2010 13:10     C:\Users\mw210461\AppData\Local\Temp\plugtmp --------- 0  
 19.02.2010 13:07     C:\Users\mw210461\AppData\Local\Temp\dBPA4ED.tmp --------- 886  
 19.02.2010 13:07     C:\Users\mw210461\AppData\Local\Temp\dBPAA4B.tmp --------- 886  
 19.02.2010 12:59     C:\Users\mw210461\AppData\Local\Temp\dBPA440.tmp --------- 886  
 19.02.2010 12:59     C:\Users\mw210461\AppData\Local\Temp\dBPD55E.tmp --------- 886  
 19.02.2010 12:55     C:\Users\mw210461\AppData\Local\Temp\dBP4702.tmp --------- 886  
 19.02.2010 12:54     C:\Users\mw210461\AppData\Local\Temp\dBPE9A6.tmp --------- 886  
 19.02.2010 12:54     C:\Users\mw210461\AppData\Local\Temp\dBP6B23.tmp --------- 886  
 19.02.2010 12:53     C:\Users\mw210461\AppData\Local\Temp\dBP5E18.tmp --------- 886  
 19.02.2010 12:45     C:\Users\mw210461\AppData\Local\Temp\sarscan.log --------- 5289  
 19.02.2010 12:35     C:\Users\mw210461\AppData\Local\Temp\samples.sar --------- 62857108  
 19.02.2010 12:03     C:\Users\mw210461\AppData\Local\Temp\wmplog03.sqm --------- 1512  
 19.02.2010 11:39     C:\Users\mw210461\AppData\Local\Temp\log --------- 0  
 19.02.2010 11:38     C:\Users\mw210461\AppData\Local\Temp\wz9368 --------- 0  
 19.02.2010 11:36     C:\Users\mw210461\AppData\Local\Temp\wz20f7 --------- 0  
 19.02.2010 11:23     C:\Users\mw210461\AppData\Local\Temp\~DF4061.tmp --------- 81920  
 19.02.2010 11:23     C:\Users\mw210461\AppData\Local\Temp\wmplog02.sqm --------- 1334  
 19.02.2010 10:54     C:\Users\mw210461\AppData\Local\Temp\c715dd5e-8193-47cf-8c9c-489fb59157e5.mht --------- 7298  
 19.02.2010 10:51     C:\Users\mw210461\AppData\Local\Temp\~DF8A70.tmp --------- 81920  
 18.02.2010 16:19     C:\Users\mw210461\AppData\Local\Temp\~DF90CF.tmp --------- 81920  
 18.02.2010 15:27     C:\Users\mw210461\AppData\Local\Temp\~DF7F0.tmp --------- 32768  
 18.02.2010 14:25     C:\Users\mw210461\AppData\Local\Temp\wmplog01.sqm --------- 1334  
 18.02.2010 14:25     C:\Users\mw210461\AppData\Local\Temp\~DF6DAE.tmp --------- 81920  
 18.02.2010 13:18     C:\Users\mw210461\AppData\Local\Temp\wmplog00.sqm --------- 1512  
 18.02.2010 13:18     C:\Users\mw210461\AppData\Local\Temp\~DF1CC7.tmp --------- 81920  
 18.02.2010 10:36     C:\Users\mw210461\AppData\Local\Temp\~DFD90D.tmp --------- 114688  
 18.02.2010 10:27     C:\Users\mw210461\AppData\Local\Temp\MultiSensor.gadget.~0000 --------- 314134  
 18.02.2010 10:26     C:\Users\mw210461\AppData\Local\Temp\SystemMonitor.gadget.~0000 --------- 137091  
 18.02.2010 10:26     C:\Users\mw210461\AppData\Local\Temp\All_CPU_Meter_V1.3.gadget.~0000 --------- 233824  
 18.02.2010 10:25     C:\Users\mw210461\AppData\Local\Temp\SpeedTest.gadget.~0000 --------- 914522  
 18.02.2010 09:44     C:\Users\mw210461\AppData\Local\Temp\~DF4701.tmp --------- 81920  
 17.02.2010 20:41     C:\Users\mw210461\AppData\Local\Temp\~DFFD80.tmp --------- 81920  
 17.02.2010 20:36     C:\Users\mw210461\AppData\Local\Temp\{07BD4C32-D9ED-411E-9943-B7D2CC2CE596} --------- 0  
 17.02.2010 20:08     C:\Users\mw210461\AppData\Local\Temp\~DF30EB.tmp --------- 16384  
 17.02.2010 19:46     C:\Users\mw210461\AppData\Local\Temp\d3f1.rra --------- 114688  
 17.02.2010 19:45     C:\Users\mw210461\AppData\Local\Temp\{38258DC9-41AD-477E-8700-AC3BDC248F69} --------- 0  
 17.02.2010 19:45     C:\Users\mw210461\AppData\Local\Temp\{D04E2C4D-7676-425F-9953-9DB8EB308816} --------- 4096  
 17.02.2010 19:38     C:\Users\mw210461\AppData\Local\Temp\AUCHECK_CORE.txt --------- 294  
 17.02.2010 19:38     C:\Users\mw210461\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 257  
 17.02.2010 19:35     C:\Users\mw210461\AppData\Local\Temp\~DFD44A.tmp --------- 81920  
 17.02.2010 19:24     C:\Users\mw210461\AppData\Local\Temp\JAUReg.log --------- 255  
 17.02.2010 19:24     C:\Users\mw210461\AppData\Local\Temp\java_install_reg.log --------- 4643  
 17.02.2010 19:24     C:\Users\mw210461\AppData\Local\Temp\java_install.log --------- 29082  
 16.02.2010 12:53     C:\Users\mw210461\AppData\Local\Temp\Temporary Internet Files --------- 0  
 18.06.2009 12:55     C:\Users\mw210461\AppData\Local\Temp\ldvqvc.exe --------- 61440  
----------------------------------------

 
C:\Program Files

 19.02.2010 13:48     C:\Program Files\Common Files --------- 4096  
 17.02.2010 20:33     C:\Program Files\InstallShield Installation Information --------- 8192  
 17.02.2010 19:46     C:\Program Files\AuthenTec --------- 0  
 17.02.2010 19:23     C:\Program Files\Java --------- 0  
 17.02.2010 19:21     C:\Program Files\Softex --------- 0  
 15.02.2010 16:22     C:\Program Files\Lavasoft --------- 0  
 10.02.2010 09:33     C:\Program Files\Google --------- 4096  
 06.02.2010 12:30     C:\Program Files\PixiePack Codec Pack --------- 8192  
 06.02.2010 10:53     C:\Program Files\Soliddocuments --------- 0  
 30.01.2010 12:34     C:\Program Files\Hexacto Games --------- 0  
 22.01.2010 16:11     C:\Program Files\Internet Explorer --------- 4096  
 22.01.2010 16:11     C:\Program Files\Microsoft Silverlight --------- 4096  
 20.01.2010 11:59     C:\Program Files\ACCESS --------- 0  
 12.01.2010 10:40     C:\Program Files\Windows Media Player --------- 4096  
 06.01.2010 10:12     C:\Program Files\SPCA1528 --------- 4096  
 17.11.2009 12:37     C:\Program Files\Microsoft Windows 7 Upgrade Advisor --------- 4096  
 08.11.2009 12:02     C:\Program Files\AVG --------- 0  
 17.10.2009 10:55     C:\Program Files\Skype --------- 0  
 11.10.2009 14:21     C:\Program Files\Resco --------- 0  
 11.10.2009 13:25     C:\Program Files\Yahoo --------- 0  
 10.10.2009 13:33     C:\Program Files\Microsoft ActiveSync --------- 4096  
 10.10.2009 10:44     C:\Program Files\IMPlus 2.14 for MSSP --------- 0  
 02.10.2009 15:32     C:\Program Files\Enigma Software Group --------- 0  
 02.10.2009 12:54     C:\Program Files\Windows Calendar --------- 0  
 02.10.2009 12:54     C:\Program Files\Windows Mail --------- 4096  
 02.10.2009 12:54     C:\Program Files\Movie Maker --------- 4096  
 02.10.2009 12:54     C:\Program Files\Windows Sidebar --------- 4096  
 02.10.2009 12:54     C:\Program Files\Windows Collaboration --------- 4096  
 02.10.2009 12:54     C:\Program Files\Windows Journal --------- 4096  
 02.10.2009 12:54     C:\Program Files\Windows Photo Gallery --------- 4096  
 02.10.2009 12:54     C:\Program Files\Windows Defender --------- 4096  
 01.10.2009 16:03     C:\Program Files\Database Tools --------- 4096  
 28.09.2009 18:15     C:\Program Files\Aspecto Software --------- 0  
 26.09.2009 17:38     C:\Program Files\SoftMaker Office 2008 --------- 4096  
 26.09.2009 15:46     C:\Program Files\Kakuro --------- 0  
 26.09.2009 15:42     C:\Program Files\SuDokuV2 --------- 0  
 21.09.2009 15:30     C:\Program Files\TorrentSpeeder --------- 4096  
 20.09.2009 17:02     C:\Program Files\allReader 2.6 --------- 0  
 17.09.2009 15:48     C:\Program Files\Anywhere Software --------- 0  
 13.09.2009 16:21     C:\Program Files\SuDoku --------- 0  
 12.09.2009 16:55     C:\Program Files\PocketRAR --------- 4096  
 12.09.2009 16:39     C:\Program Files\Lonely Cat Games --------- 0  
 06.08.2009 15:56     C:\Program Files\LifeView MVP --------- 4096  
 08.07.2009 16:22     C:\Program Files\Syncrosoft --------- 4096  
 08.07.2009 15:38     C:\Program Files\Steinberg --------- 0  
 07.07.2009 13:24     C:\Program Files\DIFX --------- 0  
 27.06.2009 17:33     C:\Program Files\AGEIA Technologies --------- 8192  
 24.06.2009 12:25     C:\Program Files\Windows Media-Komponenten --------- 0  
 22.06.2009 18:39     C:\Program Files\PC Camer@ --------- 0  
 21.06.2009 16:26     C:\Program Files\ComPlus Applications --------- 0  
 21.06.2009 16:21     C:\Program Files\Web Publish --------- 0  
 21.06.2009 15:22     C:\Program Files\Microsoft Works --------- 24576  
 21.06.2009 15:22     C:\Program Files\MSBuild --------- 0  
 21.06.2009 15:22     C:\Program Files\Microsoft Office --------- 4096  
 21.06.2009 15:22     C:\Program Files\Microsoft Visual Studio --------- 0  
 21.06.2009 15:20     C:\Program Files\Microsoft.NET --------- 0  
 21.06.2009 15:18     C:\Program Files\Microsoft Visual Studio 8 --------- 0  
 21.06.2009 13:29     C:\Program Files\Apple Software Update --------- 4096  
 21.06.2009 12:35     C:\Program Files\Eyeball --------- 0  
 21.06.2009 10:45     C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0  
 21.06.2009 10:17     C:\Program Files\MSXML 4.0 --------- 0  
 21.06.2009 09:32     C:\Program Files\Gemeinsame Dateien --------- 0  
 21.06.2009 09:32     C:\Program Files\Windows NT --------- 4096  
 21.10.2008 08:20     C:\Program Files\MEDIONmail --------- 4096  
 20.10.2008 14:51     C:\Program Files\GoogleEULA --------- 4096  
 23.07.2008 10:28     C:\Program Files\Nero --------- 0  
 23.07.2008 10:26     C:\Program Files\HomeCinema --------- 4096  
 23.07.2008 10:19     C:\Program Files\CyberLink --------- 0  
 23.07.2008 10:03     C:\Program Files\Launch Manager --------- 4096  
 23.07.2008 09:57     C:\Program Files\X10 Hardware --------- 4096  
 23.07.2008 09:51     C:\Program Files\Fingerprint Sensor --------- 0  
 23.07.2008 09:29     C:\Program Files\Synaptics --------- 0  
 23.07.2008 09:23     C:\Program Files\Realtek --------- 0  
 23.07.2008 09:05     C:\Program Files\Intel --------- 0  
 21.01.2008 03:43     C:\Program Files\desktop.ini --------- 174  
 02.11.2006 14:01     C:\Program Files\Uninstall Information --------- 0  
 02.11.2006 13:37     C:\Program Files\Microsoft Games --------- 4096  
 02.11.2006 13:37     C:\Program Files\Reference Assemblies --------- 0  
----------------------------------------

 
C:\ProgramData\.. 

mw210461    
Administrator    
ew210431    
Public    
Default    
desktop.ini    
Default User    
All Users    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1 	localhost
::1 	localhost
127.0.0.1	http://bin-layer.de
127.0.0.1	http://layer-ads.de/
127.0.0.1	http://www.euros4click.de
127.0.0.1	layer-ads.de
127.0.0.1	http://www.forced-klicks.de
127.0.0.1	http://www.sponsorads.de
127.0.0.1	http://www.paidsolution.de
127.0.0.1	http://www.crody.de
127.0.0.1	http://www.bin-layer.de

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0       102.804 K
smss.exe                       620 Services                   0           752 K
csrss.exe                      740 Services                   0         5.964 K
wininit.exe                    792 Services                   0         4.828 K
csrss.exe                      800 Console                    1        11.000 K
avgchsvx.exe                   812 Services                   0         1.340 K
avgrsx.exe                     820 Services                   0           660 K
services.exe                   852 Services                   0         7.404 K
lsass.exe                      864 Services                   0         2.788 K
lsm.exe                        872 Services                   0         4.780 K
winlogon.exe                   900 Console                    1         6.332 K
avgcsrvx.exe                   988 Services                   0           388 K
svchost.exe                   1100 Services                   0         7.196 K
nvvsvc.exe                    1184 Services                   0         3.836 K
OmniServ.exe                  1356 Services                   0        11.932 K
svchost.exe                   1400 Services                   0         7.688 K
svchost.exe                   1572 Services                   0        14.440 K
svchost.exe                   1704 Services                   0        89.840 K
svchost.exe                   1744 Services                   0       112.644 K
audiodg.exe                   1840 Services                   0        13.792 K
svchost.exe                   1960 Services                   0         5.484 K
SLsvc.exe                     2000 Services                   0        12.192 K
svchost.exe                   2044 Services                   0        13.136 K
nvvsvc.exe                     380 Console                    1         6.728 K
svchost.exe                     12 Services                   0        16.076 K
spoolsv.exe                   1860 Services                   0        10.508 K
svchost.exe                   1888 Services                   0        22.748 K
avgwdsvc.exe                   920 Services                   0         2.412 K
svchost.exe                   1580 Services                   0         4.104 K
IAANTmon.exe                  2080 Services                   0         6.468 K
NBService.exe                 2280 Services                   0         7.920 K
avgnsx.exe                    2388 Services                   0           328 K
IoctlSvc.exe                  2448 Services                   0         3.500 K
svchost.exe                   2500 Services                   0         5.964 K
RichVideo.exe                 2560 Services                   0         4.288 K
SbieSvc.exe                   2584 Services                   0         4.516 K
svchost.exe                   2656 Services                   0         7.460 K
svchost.exe                   2704 Services                   0         5.340 K
SearchIndexer.exe             2764 Services                   0        50.952 K
avgemc.exe                    2816 Services                   0           600 K
avgcsrvx.exe                  3020 Services                   0        10.600 K
WUDFHost.exe                  3028 Services                   0         6.252 K
taskeng.exe                   3528 Services                   0         6.100 K
dwm.exe                       3588 Console                    1         3.772 K
explorer.exe                  3648 Console                    1        38.172 K
taskeng.exe                   3788 Console                    1        13.128 K
IAAnotif.exe                  3924 Console                    1         6.368 K
SynTPStart.exe                3952 Console                    1         5.316 K
LaunchAp.exe                  3988 Console                    1         5.300 K
opvapp.exe                    4040 Console                    1         7.932 K
HotkeyApp.exe                 4064 Console                    1         7.468 K
OSD.exe                       2472 Console                    1         5.204 K
WButton.exe                   2848 Console                    1         6.216 K
CLMLSvc.exe                   2632 Console                    1         9.032 K
PDVDServ.exe                  2096 Console                    1         5.304 K
WisLMSvc.exe                  3476 Services                   0         5.548 K
WmiPrvSE.exe                  3692 Services                   0         8.352 K
RtHDVCpl.exe                  3844 Console                    1         8.596 K
VCDDaemon.exe                 3836 Console                    1         4.672 K
SynTPEnh.exe                  4092 Console                    1         7.292 K
Monitor.exe                   3152 Console                    1         4.960 K
avgtray.exe                   2532 Console                    1         6.572 K
jusched.exe                   1628 Console                    1         3.588 K
scureapp.exe                  3852 Console                    1        12.660 K
GoogleToolbarNotifier.exe     4188 Console                    1         2.152 K
ehtray.exe                    4248 Console                    1         1.556 K
wmpnscfg.exe                  4256 Console                    1         5.260 K
SbieCtrl.exe                  4284 Console                    1         7.932 K
ehmsas.exe                    4504 Console                    1         4.468 K
unsecapp.exe                  4524 Console                    1         5.336 K
wmpnetwk.exe                  4540 Services                   0        10.756 K
ehsched.exe                   4656 Services                   0         5.120 K
ehrecvr.exe                   4884 Services                   0        10.148 K
MDM.EXE                       4996 Console                    1         4.692 K
firefox.exe                   5408 Console                    1       186.916 K
thunderbird.exe               3560 Console                    1        66.428 K
explorer.exe                  3356 Console                    1        46.948 K
notepad.exe                   5916 Console                    1         5.596 K
SearchProtocolHost.exe        4348 Services                   0         9.228 K
cmd.exe                       5680 Console                    1         4.304 K
conime.exe                    3140 Console                    1         4.460 K
dllhost.exe                   2860 Console                    1         4.656 K
SkypeNames.exe                4904 Console                    1         4.688 K
SearchFilterHost.exe          5812 Services                   0         5.080 K
tasklist.exe                  1504 Console                    1         5.388 K
WmiPrvSE.exe                  5840 Services                   0         6.616 K

 
***** Ende des Scans 19.02.2010 um 17:31:59,06 ***

CC install list

[Code]
ACDSee Trial Version 20.06.2009 2,24MB
Ad-Aware Lavasoft 14.02.2010 86,7MB
Ad-Aware Email Scanner for Outlook Lavasoft 14.02.2010 0,67MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 10.10.2009
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 21.12.2009
Adobe Reader 9.3 - Deutsch Adobe Systems Incorporated 15.01.2010 162,6MB
Agere Systems HDA Modem Agere Systems 22.07.2008
AllMusicConverter 3.8.9 01.02.2010 58,9MB
AoA Audio Extractor AoAMedia.com 05.11.2009 20,7MB
Apple Application Support Apple Inc. 18.12.2009 32,4MB
Apple Mobile Device Support Apple Inc. 18.12.2009 40,4MB
Apple Software Update Apple Inc. 20.06.2009 2,16MB
Art Vista Virtual Grand Piano 01.07.2009 41,6MB
ASIO4ALL 20.06.2009 0,34MB
AudibleManager Audible, Inc. 09.01.2010 9,47MB
AuthenTec Fingerprint Sensor Minimum Install AuthenTec 16.02.2010 4,99MB
AutoShutdown Pro v4.3 20.06.2009 1,20MB
AVG Free 9.0 AVG Technologies 07.11.2009 80,5MB
AVM FRITZ!DSL AVM Berlin 13.08.2009 14,1MB
Basic4ppc Desktop v6.80 Anywhere Software 14.02.2010 5,72MB
BookmarkBridge 0.76 25.10.2009 8,45MB
CAB Installer 11.09.2009 64,00KB
CamStudio 06.01.2010 8,23MB
Capture Screen Utility 1.01 15.10.2009
CCleaner (remove only) Piriform 01.10.2009 2,71MB
CD Recovery Toolbox Free 1.1 Recovery Toolbox, Inc. 01.02.2010 1,81MB
CDRoller version 8.61 Digital Atlantic Corp. 01.02.2010 9,81MB
Classic Menu 3.x for Office 2007 Addintools 04.02.2010 9,82MB
CommView for WiFi PPC 19.11.2009
Compatibility Pack für 2007 Office System Microsoft Corporation 10.11.2009
CyberLink Power2Go CyberLink Corp. 22.07.2008 124,0MB
CyberLink PowerDirector CyberLink Corp. 22.07.2008 229,8MB
CyberLink YouCam CyberLink Corp. 22.07.2008 34,3MB
dataPro trial version 1.6 Vive Corp. 30.09.2009 3,16MB
dBpoweramp m4a Codec Illustrate 05.02.2010 10,9MB
dBpoweramp Music Converter Illustrate 05.02.2010 10,9MB
DigiSoft Multimedia Server DigiSoft 24.10.2009 0,27MB
DockWare for Pocket PC 23.09.2009 0,52MB
Dr. Hardware 2009 9.9.5d Peter A. Gebhard 10.11.2009 18,4MB
East West Boesendorfer 290 30.06.2009 3.335,8MB
eEye Digital Security Pocket WiFi Retina Scanner eEye Digital Security 08.10.2009 2,72MB
eMule 20.06.2009 19,3MB
Eyeball Chat 2.2 Eyeball Networks Inc. 20.06.2009 3,88MB
FLV Player 2.0 (build 25) Martijn de Visser 20.11.2009 1,95MB
FormatFactory 2.20 Free Time 26.12.2009 100,4MB
Forté Agent Forté Internet Software, Inc. 20.06.2009
FreeUndelete Recoveronix 27.06.2009 1,01MB
Games 30.01.2010
GMX MultiMessenger GMX GmbH 20.06.2009 35,3MB
GoldWave v5.25 09.01.2010 5,53MB
Google Earth Google 23.06.2009 25,3MB
Google Toolbar for Internet Explorer Google Inc. 30.01.2010 12,0MB
Hexacto ScoreCast 29.01.2010 96,00KB
HiJackThis Trend Micro 15.02.2010 0,36MB
HyperSnap-DX 20.06.2009 3,58MB
imov 15.10.2009
Intel(R) Matrix Storage Manager 20.06.2009 3,77MB
IsoBuster 2.5 Smart Projects 20.06.2009 9,32MB
Java(TM) 6 Update 18 Sun Microsystems, Inc. 16.02.2010 97,1MB
Launch Manager V1.4.9 Wistron Corp. 22.07.2008 0,98MB
Lexipedia 26.09.2009
LifeView MVP LifeView 06.07.2009 11,1MB
MakeDisc CyberLink Corp. 20.06.2009 102,1MB
Malwarebytes' Anti-Malware Malwarebytes Corporation 15.02.2010 4,08MB
Mastersoft Mobile Solutions Kakuro Mastersoft Mobile Solutions 05.11.2009 4,66MB
Mastersoft Mobile Solutions SuDoku Mastersoft Mobile Solutions 05.11.2009 2,67MB
Mastersoft Mobile Solutions SuDokuV2 Mastersoft Mobile Solutions 05.11.2009 4,52MB
MasterSplitter Program 20.06.2009 0,68MB
Mathe Formelsammlung 19.09.2009
MediaShow CyberLink Corporation 20.06.2009 33,1MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 20.06.2009 27,8MB
Microsoft Office Enterprise 2007 Microsoft Corporation 23.06.2009 619,8MB
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 14.10.2009
Microsoft Pocket PC 2003 SDK Microsoft 17.10.2009 165,5MB
Microsoft Silverlight Microsoft Corporation 20.01.2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 05.02.2010 0,41MB
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 08.02.2010 0,19MB
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 05.02.2010 0,58MB
Microsoft Visual Studio 6.0 Enterprise Edition 20.06.2009 330,2MB
Microsoft Web Publishing Wizard 1.53 20.06.2009
Microsoft Windows Alternative Mouse Pointers 06.01.2010
Microsoft Windows Media Player Control for Pocket IE 11.10.2009 2,26MB
Microsoft Works Microsoft Corporation 20.06.2009
MIDI-OX MIDIOX Computing 16.12.2009 1,99MB
Mozilla Firefox (3.5.7) Mozilla 08.01.2010 31,7MB
Mozilla Firefox (3.5.8) Mozilla 17.02.2010 31,7MB
Mozilla Thunderbird (3.0.1) Mozilla 21.01.2010 32,7MB
Mp3Split V1.30 (C) Copyright Christian Punz 2006-2009 21.01.2010 2,42MB
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 20.06.2009 1,28MB
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,34MB
MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 20.06.2009 36,00KB
Nero 8 Essentials Nero AG 20.10.2008 1.600,4MB
Net Meter 3.6 build 437 Hoo Technologies 20.06.2009 1,41MB
NetFront v3.3 for Pocket PC (PPC3ARENR106JV) 19.01.2010 9,88MB
NVIDIA Drivers NVIDIA Corporation 26.06.2009
NVIDIA PhysX NVIDIA Corporation 26.06.2009 119,9MB
OLYMPUS Studio 2 OLYMPUS IMAGING CORP. 20.06.2009 2,94MB
OmniPass 6.00.26 Softex Inc. 16.02.2010 37,7MB
Oscilloscope 03.10.2009
Palringo Palringo Ltd. 25.12.2009 3,80MB
PC Camer@ Teconet 21.06.2009 48,00KB
PDAwin TV remote controller 20.09.2009
PeerBlock 1.0+ (r277) PeerBlock, LLC 09.02.2010 14,6MB
Pegasus Imaging Corp. "The JPEG Wizard2" 27.07.2009 2,47MB
PhotoNow! CyberLink Corp. 20.06.2009 1,60MB
Physik Formelsammlung 19.09.2009
Pianoteq v2.2.0 30.06.2009 14,4MB
PictPocket Movie Converter 1.0 DigiSoft 24.10.2009 0,11MB
PixiePack Codec Pack None 05.02.2010 16,4MB
Podcast Receiver 13.11.2009 2,47MB
Pop's Pipes for PocketPC 29.01.2010 4,75MB
PowerDVD CyberLink Corporation 20.06.2009 87,2MB
PowerProducer CyberLink Corp. 20.06.2009 190,2MB
QuickPar 0.9 Peter B. Clements 20.06.2009 0,93MB
QuickTime Apple Inc. 18.12.2009 77,3MB
RealPlayer Basic 23.06.2009
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Realtek 22.07.2008 0,66MB
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 22.07.2008 15,7MB
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 22.07.2008 2,97MB
Recuva (remove only) Piriform 27.06.2009 1,80MB
RemoteControl II 11.09.2009
Resco Explorer 10.10.2009 0,21MB
Resco Sudoku Touch 09.10.2009 8,00KB
Ruby-186-27 rubyinstaller.rubyforge.org 11.01.2010 147,4MB
Sandboxie 3.44 15.02.2010 2,35MB
SID Video Cutter & Splitter 1.8.0.2 SoundInDepth.com 24.11.2009 6,56MB
Skype web features Skype Technologies S.A. 16.10.2009 4,34MB
Skype? 4.1 Skype Technologies S.A. 16.10.2009 31,1MB
Skype? for Pocket PC 1.1 Skype Technologies S.A. 15.10.2009 8,25MB
Skype? for Windows Mobile 3.0 Skype Limited 23.11.2009 17,2MB
SmartMovie Converter 11.09.2009 1,04MB
Socket Wi-Fi® Companion Software Socket Communications, Inc. 15.11.2009 2,63MB
SoftMaker Office 2008 (C:\Program Files\SoftMaker Office 2008) SoftMaker Software GmbH 25.09.2009 1,13MB
SoftMaker Office 2008 (C:\Programs\SoftMaker Office 2008) SoftMaker Software GmbH 21.09.2009 1,13MB
SolidConverterPDF SolidDocuments 05.02.2010 24,9MB
Sophos Anti-Rootkit 1.5.0 Sophos Plc 18.02.2010 2,66MB
Spb Backup 02.10.2009 4,55MB
Spb Backup 2.0.2 Spb Software House 02.10.2009 4,55MB
Spb Mobile Shell 16.09.2009
SPCA1528 PC Driver sunplus 05.01.2010 0,88MB
Spybot - Search & Destroy Safer Networking Limited 15.02.2010 54,8MB
SQLite Expert Personal 2.1.22 Bogdan Ureche 29.09.2009 38,5MB
Starry Night Basic 20.06.2009 6,64MB
Steinberg The Grand 2 Steinberg 07.07.2009
Steinberg The Grand 2 v2.0.0.1152 07.07.2009 12.798,8MB
Synaptics Pointing Device Driver Synaptics 22.07.2008 13,6MB
SyncroSoft Emu (Remove only) 07.07.2009 10,3MB
Syncrosofts Lizenz Kontrolle Syncrosoft Hard- und Software GmbH 07.07.2009 10,3MB
TomeRaider3 26.09.2009
TorrentSpeeder C4DL Media 20.09.2009 2,46MB
Total Commander (Remove or Repair) 20.06.2009 4,88MB
Total Recorder 7.1 18.07.2009 8,78MB
TotalAudioConverter Helmsman, Inc. 23.06.2009 9,54MB
TrackThisOut Tracky v3.0 TrackThisOut 13.09.2009 3,87MB
Transcribe! 20.06.2009 1,10MB
TruePianos 1.4.2 4Front Technologies 03.07.2009 180,4MB
TruePianos: Diamond Module 1.4.0 4Front Technologies 03.07.2009 175,3MB
TruePianos: Sapphire Module 1.4.0 4Front Technologies 03.07.2009 175,3MB
Tunebite RapidSolution Software AG 05.02.2010 189,1MB
Ulead VideoStudio 7 SE VCD Ulead Systems, Inc. 23.06.2009 76,3MB
UltraISO Premium V9.33 11.01.2010 5,71MB
UltraVNC 1.0.5.6 1.0.5.6 21.06.2009 9,77MB
VideoLAN VLC media player 0.8.6h VideoLAN Team 20.06.2009 32,5MB
VirtualCloneDrive Elaborate Bytes 20.06.2009 2,23MB
VNC Enterprise Edition E4.4.2 RealVNC Ltd. 03.10.2009 8,65MB
VNC Mirror Driver 1.8.0 RealVNC Ltd. 03.10.2009 0,81MB
Vorwerk&Stengel RealCalculator 15.09.2009 1,00MB
WiFiFoFum Aspecto Software 27.09.2009 7,97MB
WinCESoft PocketMVP for WM2003 11.09.2009
WinCESoft RemoteControl II 12.09.2009
Windows 7 Upgrade Advisor Microsoft Corporation 16.11.2009 8,75MB
Windows Media Encoder 9-Reihe 23.06.2009 13,7MB
Windows Media Player Firefox Plugin Microsoft Corp 27.09.2009 0,29MB
Windows Mobile-Gerätecenter Microsoft Corporation 11.09.2009 27,5MB
Windows Mobile-Gerätecenter: Treiberupdate Microsoft Corporation 11.09.2009 42,4MB
Windows-Treiberpaket - Lifeview (LVMST) MEDIA (11/16/2006 1.33.0.001) Lifeview 06.07.2009 4,36MB
Windows-Treiberpaket - OLYMPUS IMAGING CORP. (OlyFirCam) OlyFirCam (06/28/2007 2.2.0.0) OLYMPUS IMAGING CORP. 20.06.2009 2.402,9MB
Windows-Treiberpaket - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam (12/28/2006 1.0.0.0) OLYMPUS IMAGING CORP. 20.06.2009
WinRAR archiver 20.06.2009 3,25MB
WinZip WinZip Computing LP 20.06.2009 12,3MB
X10 Hardware(TM) 20.06.2009 28,00KB
µTorrent 20.06.2009 0,33MB

[{CODE]

Hier das Usec Radix Log (persönliche Daten entfernt)

Code:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 17:02:51, on 19.02.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe
C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
C:\Windows\RtHDVCpl.exe
C:\Programs\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Programs\Sandboxie\SbieCtrl.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\mdm.exe
C:\Programs\MozillaFirefox\firefox.exe
C:\Programs\MozillaThunderbird\thunderbird.exe
C:\Windows\explorer.exe
C:\Programs\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programs\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programs\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programs\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [muBlinder] C:\Windows\muBlinder.exe -startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SandboxieControl] "C:\Programs\Sandboxie\SbieCtrl.exe"
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programs\AllMusicConverter\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programs\AllMusicConverter\YouTubeRipper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\Spybot\SDHelper.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BOLVSVCXK - Sysinternals - www.sysinternals.com - C:\Users\mw210461\AppData\Local\Temp\BOLVSVCXK.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programs\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programs\Sandboxie\SbieSvc.exe
O23 - Service: SMServer - SMServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: TKKMUFJ - Sysinternals - www.sysinternals.com - C:\Users\mw210461\AppData\Local\Temp\TKKMUFJ.exe
O23 - Service: uvnc_service - UltraVNC - C:\Programs\UltraVNC\WinVNC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programs\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 10601 bytes

25 Jahre habe ich nie um Hilfe gebettelt, alle PC-Viren und -Trojaner alleine bekämpft und auch beseitigt, und nun das hier...

Gerät:
8 Monate altes MD96970 Notebook, Vista SP2, ca. 200 (!) diverse Applikationen installiert, optimiert, stabil und immer aktuelle Treiber und Updates, AVG9 mit allen Funktionen/Scanners/Shields stets aktiv, WLAN und Windows Firewall up...

Ursache:
unbekannt, weil 2 parallele Installationen (dubioses gepacktes .EXE, Firefox Web-Applikation für Mediendarstellung) zeitgleich installiert wurden, am 15.02.2010 um 13:02, da begann alles.
Trotz AVG9...
Sofort Verdacht geschöpft und nach allen Dateien mit Zeitstempel dieser Zeit gefahndet:
esport2.exe - never executed, deleted
kryptisch benanntes 20kB DLL - removed after rename/reboot, leider gelöscht, sonst hätte ich die ggf. Verursacher-Datei..

Symptome des aktuellen Befalls:
- Administrator Passwort war plötzlich gelöscht und leer! Zurückgesetzt...
- System Restore war deaktiviert, selbst die Kontroll-Reiter in den Menüs verschwunden! Schei.. Windows! Wieder manuell aktiviert
- Omnipass (wg. Fingerprint-Sensor) macht Ärger: Shellview (rechte Maus) stürzt Windows Explorer/System ab, deaktivert, neu installiert, geht wieder
- Firefox und IE Search wurde auf Ask.com umgeleitet; in Registry repariert
- evtl Nero Problem (irgendeine Fehlermeldung kam bei Neustart? NMFileIndexing crasht oft)
- (z.Z.) seltene Pop-Ups in Firefox zu willkürlichen Seiten, sonst alles stabil, aber etwas lahm (Explorer/Firefox)? PopUps AUCH IN SAFEMODE, wenn nur 25 Prozesse und 24 Dienste laufen!!
- Rerouting zu www.ClickCheck.com in Firefox bei Zugriff zu bestimmten Seiten
- AVG9 meldet Threat beim Öffnen belangloser Webseiten in Firefox (rerouting intern?)
- Gmer Scan führte mehrfach zu BSOD (erstmalig in meinem stabilen Vista!), v.a. wenn Firefox glz lief, iaStor.sys??
- Connection resets wenn man versucht, den Beitrag an dieses Forum zu senden (Firefox, IE!), das hier kommt von meinem ppc.


Nach manueller Reaktivierung des Vista System Restore das System auf 11.02.2010 (da war es stabil) zurückgesetzt, das PopUp Problem BLEIBT!!! -> Rootkit und Veränderung von Kernel-Dateien!!

Installation diverser Abwehr-Programme, Scans mit neuesten Definitionen, Bereinigungen/Reboots bis alle nacheinander zufrieden waren, das PopUp/Reroute Problem bleibt!
Warum findet es denn KEINES der diversen Analyse-Programme?!!
Spybot
HijackThis
Adaware
Spyware Doctor
SuperAntiSpyware
Windows Defender
Malwarebytes
combofix, access denied trotz admin shell, reboot loops
Gmer (BSOD oder crash bei diversen Versuchen)
Vundo check (clean)

Sandboxie (evtl. die beiden vermutlichen Verursacher nochmals unter Kontrolle installieren, 'Impfen' des Systems mit absichtlichem Virus, um Dateien und Änderungen der Registry zu beobachten?! Meine letzte Waffe...)
...

Mehrfaches gründliches visuelles Analysieren des HijackThis Scans, ich sehe nichts was noch verdächtig wäre...

Alles deutet auf ROOTKIT Virus der schlimmsten Sorte hin, vermutlich befallen:
NTKRNLPA.EXE (patched)
iaStor.sys (nicht sicher, da 'unsigned' wird es von einigen mokiert)

Ein Programm (Radix) bot 'fix' für Kernel Datei an, nicht getraut, da ein Zerstören des Kernels vermutlich das Ende bedeutet (keine Vista DVD, preinstalled, nur Komplett-Neuaufbau möglich vom Urbackup)

WO IST ER, DER VERDAMMTE HUND???
WER WAR'S - ich bring' ihn um!

DANKE!

[pc-jedi]

Willkommen im HijackThis.de Supportforum Genervt,

ein System zu bereinigen ist unter Umständen aufwändig und mit einiger Arbeit für Dich verbunden.
Bitte folgende Punkte beachten:

• Respektiere unsere Forenregeln und sei nicht zu ungeduldig, wenn es mal etwas länger dauert.
• Während der Bereinigung alle vorhandenen externen Speichermedien (USB Sticks, Festplatten) anschließen,
• und keine Programme ohne Absprache installieren oder deinstallieren.
• Programme ausschließlich von den in unserer Anleitung angegebenen Links herunterladen!
• Logfiles in Code-Tags posten und ggfs. persönliche Daten anonymisieren.
• Arbeite jeden Punkt der Reihe nach ab und berichte, dass Du ihn erledigt hast.
• Wenn es ein Problem gibt, stoppen und es so genau wie möglich beschreiben.

• Achtung: Das Verschwinden der Symptome bedeutet nicht das Dein Rechner schon sauber ist.
  Bitte arbeite solange mit bis wir sagen, dass der Rechner sauber ist.
• Nur Anleitungen/Anweisungen eines hier aufgeführten Team-Mitglieds ausführen.
• Es gibt grundsätzlich keinen Support per PN oder Mail.
• Wir bereinigen keine Rechner, die geschäftlich genutzt werden.
• Der Besitz legaler Software ist Vorraussetzung für die Support.
  Sollten wir illegale Software finden, wird der Support eingestellt.

Vista und Win7 User:

• Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1
Gmer scannen lassen

• Lade Dir Gmer von dieser Seite herunter
  (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
• Vista-User mit Rechtsklick und als Administrator starten.
• Sollte sich ein Fenster mit folgender Warnung öffnen:
  WARNING !!!
  GMER has found system modification, which might have been caused by ROOTKIT activity.
  Do you want to fully scan your system ?
  Unbedingt auf "No" klicken.
• Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

Schritt 2
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles in Code-Tags hier in den Thread.

Poste bitte bei deiner nächsten Antwort

• GMER Logfile
• OTL Logfiles

[Genervt]

Network off, AVG Shield down, Apps off
In Logs lediglich Username ge'x't
Meine Kommentare/Fragen darunter

Gmer log

Code:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-20 10:48:47
Windows 6.0.6002 Service Pack 2
Running: vltrpkbr.exe; Driver: C:\Users\xxxxxxxx\AppData\Local\Temp\fwrdqpob.sys


---- System - GMER 1.0.15 ----

Code            A4DAAC4C                                                                                               ZwTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!NtTraceEvent                                                                              83A41326 5 Bytes  JMP A4DAAC50 
PAGE            ntkrnlpa.exe!NtRequestPort + 2                                                                         83C21E54 5 Bytes  JMP A4DAACF0 
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2                                                             83C533DB 5 Bytes  JMP A4DAAE30 
PAGE            ntkrnlpa.exe!NtRequestWaitReplyPort + 2                                                                83C599B0 5 Bytes  JMP A4DAAD90 
.rsrc           C:\Windows\system32\DRIVERS\iaStor.sys                                                                 entry point in ".rsrc" section [0x844C6014]
?               C:\Windows\system32\DRIVERS\iaStor.sys                                                                 Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text           win32k.sys!EngTransparentBlt + 8B03                                                                    814E221E 5 Bytes  JMP A4DAA9D0 
.text           win32k.sys!XFORMOBJ_iGetXform + 4559                                                                   814EFD01 5 Bytes  JMP A4DAA610 
.text           win32k.sys!XFORMOBJ_iGetXform + 70AE                                                                   814F2856 5 Bytes  JMP A4DAA750 
.text           win32k.sys!EngGradientFill + 60BD                                                                      81533055 5 Bytes  JMP A4DAA930 
.text           win32k.sys!EngMulDiv + 4D02                                                                            815399F1 5 Bytes  JMP A4DAA6B0 
.text           win32k.sys!EngMulDiv + 8B1E                                                                            8153D80D 5 Bytes  JMP A4DAA570 
.text           win32k.sys!EngStrokePath + 5FF                                                                         81546C6C 5 Bytes  JMP A4DAAA70 
.text           win32k.sys!EngAlphaBlend + 8888                                                                        8155DF25 5 Bytes  JMP A4DAA430 
.text           win32k.sys!EngAlphaBlend + 9B12                                                                        8155F1AF 5 Bytes  JMP A4DAA4D0 
.text           win32k.sys!STROBJ_vEnumStart + 4728                                                                    815767A9 5 Bytes  JMP A4DAAB10 
.text           win32k.sys!CLIPOBJ_bEnum + 24A                                                                         8159A3DA 5 Bytes  JMP A4DAA890 
.text           win32k.sys!EngLineTo + A0F                                                                             815BD066 5 Bytes  JMP A4DAA7F0 
.text           win32k.sys!EngLineTo + DCCE                                                                            815CA325 5 Bytes  JMP A4DAABB0 

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\svchost.exe[1660] ntdll.dll!NtProtectVirtualMemory                                 77064D34 5 Bytes  JMP 0013000A 
.text           C:\Windows\system32\svchost.exe[1660] ntdll.dll!NtWriteVirtualMemory                                   77065674 5 Bytes  JMP 0014000A 
.text           C:\Windows\system32\svchost.exe[1660] ntdll.dll!KiUserExceptionDispatcher                              77065DC8 5 Bytes  JMP 0012000A 
.text           C:\Windows\system32\svchost.exe[1660] ole32.dll!CoCreateInstance                                       76C39EA6 5 Bytes  JMP 00C3000A 
.text           C:\Windows\Explorer.EXE[3568] ntdll.dll!NtProtectVirtualMemory                                         77064D34 5 Bytes  JMP 0025000A 
.text           C:\Windows\Explorer.EXE[3568] ntdll.dll!NtWriteVirtualMemory                                           77065674 5 Bytes  JMP 008F000A 
.text           C:\Windows\Explorer.EXE[3568] ntdll.dll!KiUserExceptionDispatcher                                      77065DC8 5 Bytes  JMP 0024000A 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                  [73DA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                   [73DFA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]               [73DABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]         [73D9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                   [73DA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                [73D9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]    [73DD8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]       [73DADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]               [73D9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                [73D9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                 [73D971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]         [73E2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]            [73DCC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]               [73D9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                         [73D96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                        [73D9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]           [73DA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                 SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \FileSystem\fastfat \Fat                                                                               fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device           -> \Driver\iaStor \Device\Harddisk0\DR0                                                               8717B81A

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015aff3f58f                            
Reg             HKLM\SYSTEM\ControlSet036\Services\BTHPORT\Parameters\Keys\0015aff3f58f (not active ControlSet)        
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat                0x2D 0xE9 0x8E 0x67 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@\24!s!y!f!c!`!j!t!f!t!t!e!d!c!s!f!  19583823

---- Files - GMER 1.0.15 ----

File            C:\Windows\system32\DRIVERS\iaStor.sys                                                                 suspicious modification

---- EOF - GMER 1.0.15 ----

OTL log:

Code:

OTL Extras logfile created on: 20.02.2010 10:49:59 - Run 1
OTL by OldTimer - Version 3.1.30.1     Folder = C:\Users\xxxxxxxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 3,00 Gb Total 
Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 248,58 Gb Total Space | 178,80 Gb Free Space | 71,93% Space Free | Partition Type: NTFS
Drive D: | 49,50 Gb Total Space | 6,21 Gb Free Space | 12,54% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NB_2009
Current User Name: xxxxxxxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programs\MozillaFirefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programs\MozillaFirefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programs\MozillaFirefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D8978A-3DD4-4A14-A85E-8FA12533455C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{02341A06-5AE9-4D4B-89A6-D0ECA40C1220}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{0690DF35-082C-4A25-AAF0-FF54EB1F55D7}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{0777263D-35F7-471B-92D9-6CC1FEC60D11}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0B102CDE-6B96-43A3-9AE4-6DBF94F6AF3E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{171DA68E-5310-45BF-846C-FA15AD1C9BB2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1A730A98-3203-4150-91BA-7D77CD7F9D21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{1CA154C9-622B-4F87-A62E-2EC95E5B76D9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2A1C992C-42C5-496D-BC21-E34015D555F2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2A677811-38B8-4BE8-A9E1-0D6D99CF3CE0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2D6AA9E1-0A48-4386-8358-3DB3DAC0BC82}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{43A5EC14-CDAC-476E-8A02-5452E68F3748}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4F5E444F-BC91-4039-A97A-4342FC999ABE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{55AFC057-C610-4DB2-A49A-79C9983C4AEF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5AD0E77A-A414-4F35-B998-7F466214D8B7}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{60D92B9E-0462-435E-B884-664524E27B35}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{6724A762-77D9-48AB-8873-25D7C89BB4CF}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{6CE2915F-3CDC-41F8-8181-8225F9E9483A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{77D84D47-4AF8-460B-97A1-25A2741D7EB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A339DE1-EF3A-428E-8704-D1F2920E7A53}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8BF986E5-4248-4906-B022-69FC7C23BB9C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9380A506-4D63-41B4-AAC0-ACA94FD3C0C1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{9DAB9D3B-422E-4346-AB99-184FA4BC70A3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9E0F3E08-982C-4FA6-ACEA-4EA9F75F985C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A029018B-D0E6-41EF-9738-B42E56E2832E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{A95843A0-F52F-452B-8883-3753921EE394}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{B0BEB6EE-5E7E-4315-9285-0FAD888E9E92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{B112F3C4-5E7D-461B-8411-74B93C94B0E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{B62ED658-8B9C-4F80-A0C7-CACBC89B192F}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{BA58A826-DFA3-40AA-BB69-ED65C84948FC}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{BCA49D45-4A0F-4645-8E5F-DECDABDBC5A4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C02ED5C2-6CB3-49C0-8CEB-BC9495F82273}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{C45BB8B1-BF09-449C-9A37-E676F35B8C4F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D282204D-EEDA-40B7-B550-D2DB4DE55DBD}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{DA398520-C73E-4179-A3D8-0152435860EC}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{E2B15577-BD02-4588-8DE4-832618FBA074}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{E5C26E77-530A-4258-B790-3AD3B2534A2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{ED5B89EF-E4B6-481C-B534-32155BA14548}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F9ECF2ED-0834-499D-B2A9-86A1BF600D54}" = lport=5900 | protocol=6 | dir=in | name=vnc | 
"{FCFFB204-A754-44C4-A66E-B2B0587A4CA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A64927-90FA-40B7-B500-B8F77564F6FC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{084C4219-C0FE-4C58-9D3E-A4CE2F9D8C02}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{0A36B6C8-0AAF-4B25-A189-6EE2B739AFAD}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{0A720BF0-568F-4C62-A6DC-54B522C5D718}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0F0A3BB8-0441-411B-963A-4116E2B41925}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0F67F3A6-9FF3-4796-BF11-142F29522D10}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{106BF25A-AE80-4B19-BACB-BBF6771A36B5}" = protocol=6 | dir=in | app=c:\programs\utorrent\utorrent.exe | 
"{19530400-D9FC-4A1B-8E9A-6ABCF5108498}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{242442C4-90C8-4DAB-AB54-42CDF94D08CB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{26F5C2EC-F5CD-4F77-9DC1-102E156A90BD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2976F245-BBA3-4DFB-AA41-FD0917095F5F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2E147EA5-BFD2-4FA1-88E1-923E3C7D7531}" = protocol=6 | dir=in | app=c:\programs\fritz!dsl\fboxupd.exe | 
"{30250AC8-CA64-47F6-86B5-41E8FE991FC1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3167FDCF-98F2-4053-B7E5-C2ED27E1FB8B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{32EDA535-F752-412B-A7A4-A49189D92F31}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{341A6758-4623-45F2-B632-984A52329F43}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3668118B-160B-4149-A266-3945F1EF7E21}" = protocol=6 | dir=in | app=c:\programs\ultravnc\vncviewer.exe | 
"{3843C838-7793-4EA1-8E40-9907E5377E1C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{397D0C28-1AED-4221-B968-C195287C8AE5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{398AF3AC-F8FF-482C-9710-04B4D42AB56E}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | 
"{3E942D6A-8EAC-4EF4-8885-9F5370FD48B6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3EAEAF35-CAEB-4AD3-BE77-428BC29A8744}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4123A4DC-F496-48CF-BA1C-2CB27CDEDE69}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{4506EF7D-F590-4515-9E41-F9C69459D22F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{450ABEB6-F066-470E-AE41-B70D62041D37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{455AE3F5-5709-4617-8C0E-EE8F5369F0FA}" = protocol=6 | dir=in | app=c:\windows\temp\~os47cb.tmp\rlvknlg.exe | 
"{4637A5FC-F99A-4A69-B7D7-8C6A8B526283}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{48496BC4-CB33-4342-8447-6315FC6087CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{48DD7723-E577-4780-801C-58BB69CDB48D}" = protocol=6 | dir=in | app=c:\programs\utorrent\utorrent.exe | 
"{4987CA63-51F9-45C6-8902-A4A6263C1CE6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{56448393-08DA-4CCF-93D8-CA9A9E1CDAAB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5CD89D28-2875-41B5-A86E-59E24F8F85B1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5DBDCC38-BBE0-4C92-AADD-BCE5BAD60698}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{644E79F8-66B0-463E-ABD5-7DB6215CDB9E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{66552E78-8343-442C-BE31-106E251BBA03}" = protocol=6 | dir=in | app=c:\windows\temp\~os90ca.tmp\rlvknlg.exe | 
"{6B0B3C4E-7F49-4E11-A7D8-030875392663}" = protocol=17 | dir=in | app=c:\programs\fritz!dsl\fboxupd.exe | 
"{6B28D3E7-91F0-443F-A623-ED7979A92EBF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6F9632E9-2268-4E37-B42F-F9E30D5682E2}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{733FFBE8-C95E-4FB1-A0B2-CE7FB5B0D51E}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | 
"{7385F772-8213-438C-AB65-05BB2F37806E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7544D103-3CEB-4E69-9BDB-01311C3FA84D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{78681348-45EA-4D19-8994-89706915264B}" = protocol=6 | dir=in | app=c:\programs\realvnc\vnc4\winvnc4.exe | 
"{7AFA4912-0BD3-497E-B86B-602032839424}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7CDB494F-2A3B-444F-B484-71C4480D2CA9}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe | 
"{7E9C2293-D65F-4487-8E15-C09229021866}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7FA8DDEC-DF5E-489C-AEBF-C5959F79F96E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7FE17387-2F3B-45BF-8743-70AB6D68E0D4}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{83086FC5-4848-40A7-B658-DAD23804952F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{85788DBC-98B9-4C7D-AF22-ABC4A8682496}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8777950A-167C-4CC8-88EB-7DAD211E9B43}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{898857C0-7D4F-493E-9603-76826FD4E335}" = protocol=17 | dir=in | app=c:\programs\utorrent\utorrent.exe | 
"{9CBA5399-E114-40A4-BCD6-84E7BFF9434B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9CE84AB1-4176-4319-83A3-57D6AADB13FB}" = protocol=17 | dir=in | app=c:\programs\ultravnc\vncviewer.exe | 
"{9FE864DF-D65A-47C3-9495-C6C309265E3C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A057E87B-4246-4352-9D23-CB782784AF3F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A477456A-8E50-4ECA-8B19-FA606F921A2C}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{A7CAB8B8-7992-40BB-91F0-B103DDFF52EB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A9EE2DAB-D78D-4F04-BDDB-AB34DD7D895F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{AD059C8D-7867-4475-B52D-BB856E236B1F}" = dir=in | app=c:\programs\avg\avg8\avgnsx.exe | 
"{B1B7A5A5-033A-4F7F-822B-A83464AD6E85}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B1E94761-2466-4E8B-9FD8-D7B9CF2EE62A}" = protocol=6 | dir=in | app=c:\programs\fritz!dsl\igdctrl.exe | 
"{B2543856-137C-4C95-8D20-3A111501EC21}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{B70F497A-BD45-4456-909D-943C9CAA1485}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{B824E811-67A1-464F-BCCE-F2D92364D9FD}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe | 
"{BD455181-8C17-47E8-8306-6BB457290A06}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BE82F9F2-DFA1-4D18-89DF-9398116962B6}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{BF1BC646-8955-45CC-97FF-A7C90BF42D1F}" = protocol=17 | dir=in | app=c:\programs\realvnc\vnc4\winvnc4.exe | 
"{C0AC64D3-5979-4545-99B3-F0F856DA954E}" = dir=in | app=c:\programs\avg\avg8\avgemc.exe | 
"{D442FB3C-7285-4DEA-A373-D421937F95AE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D70B61AF-451A-47F4-AB6C-C051C75F6214}" = protocol=17 | dir=in | app=c:\programs\fritz!dsl\webwaigd.exe | 
"{D728C466-2910-4F95-A4C3-8A45C6C1F0F8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DE090EA7-9500-4ADB-86E4-E3DFF9AE8178}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{DF437267-37BB-46EF-9687-BF4B3691C7E3}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 
"{DF4C983D-7775-4D3E-AC9B-998A9823C671}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{E12D00BA-3101-4215-812E-7283B0BE716B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E15B00CA-90C8-4A15-BE0E-F428506C9FA6}" = protocol=6 | dir=out | app=system | 
"{E3DE3256-1F7E-4B95-AA46-6A3D32187E74}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E6FEB768-6AE0-4F5D-AA54-4AD4C2BC005D}" = protocol=17 | dir=in | app=c:\programs\utorrent\utorrent.exe | 
"{E8A28B8E-1050-4302-B0F0-3561C6C195C8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E8BF946F-7E9E-4DA9-A979-355AD2521507}" = protocol=17 | dir=in | app=c:\programs\fritz!dsl\igdctrl.exe | 
"{EAB61BBF-4756-4FD7-A74D-34169CCA466D}" = dir=in | app=c:\programs\avg\avg8\avgupd.exe | 
"{EC617904-E1B0-4FB6-91D3-A804B432A085}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F0B70A07-EFA8-43B0-9CE4-1FDCDDD6873A}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{F1983FE1-5802-448D-874B-1C18759C902D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F80B6A78-7082-42E6-B4D0-F9D5A9DFE9D5}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{FB54DC1E-AD6E-4B74-8376-2E8360FB6DEE}" = protocol=6 | dir=in | app=c:\programs\fritz!dsl\webwaigd.exe | 
"{FEC39F5A-AE4B-4185-9874-D730B8048825}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{088F2C79-E5B4-4D5F-98D4-E345600A5924}C:\programs\ultravnc\winvnc.exe" = protocol=6 | dir=in | app=c:\programs\ultravnc\winvnc.exe | 
"TCP Query User{0925D98F-58D1-4A07-8607-8C80ACA1DA95}C:\programs\mozillathunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\programs\mozillathunderbird\thunderbird.exe | 
"TCP Query User{0DC63109-08B3-409D-9717-94A4863DFE18}C:\programs\mozillafirefox\firefox.exe" = protocol=6 | dir=in | app=c:\programs\mozillafirefox\firefox.exe | 
"TCP Query User{247F5902-D4CC-4E8D-B3F2-4CA6C1B44BCB}C:\programs\gmx\gmx multimessenger\messengr.exe" = protocol=6 | dir=in | app=c:\programs\gmx\gmx multimessenger\messengr.exe | 
"TCP Query User{52B7DC19-7E75-4AAA-83E5-3B817BA90B4E}C:\programs\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\programs\utorrent\utorrent.exe | 
"TCP Query User{61E080AD-FB20-4D32-8BE7-84974D656A93}C:\programs\mozillathunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\programs\mozillathunderbird\thunderbird.exe | 
"TCP Query User{721F6D97-8743-42F2-997A-0049262EC26A}C:\programs\emule\emule.exe" = protocol=6 | dir=in | app=c:\programs\emule\emule.exe | 
"TCP Query User{984A9627-46A6-4245-B6CD-981AF8EA68DE}C:\programs\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe" = protocol=6 | dir=in | app=c:\programs\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe | 
"TCP Query User{B499E5F3-7D97-4F70-BB68-2979127DC03A}C:\programs\emule\emule.exe" = protocol=6 | dir=in | app=c:\programs\emule\emule.exe | 
"TCP Query User{D63FAC27-58DE-415F-A998-41D70FF184F9}C:\programs\gmx\gmx multimessenger\messengr.exe" = protocol=6 | dir=in | app=c:\programs\gmx\gmx multimessenger\messengr.exe | 
"UDP Query User{404E8BF7-D344-4AAF-A0BA-E5E5F5DEF2CA}C:\programs\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe" = protocol=17 | dir=in | app=c:\programs\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe | 
"UDP Query User{4C0B4323-2413-4A12-9C90-653DE078BD94}C:\programs\mozillafirefox\firefox.exe" = protocol=17 | dir=in | app=c:\programs\mozillafirefox\firefox.exe | 
"UDP Query User{51621530-3F95-40E5-AA80-F3CA74C6A218}C:\programs\emule\emule.exe" = protocol=17 | dir=in | app=c:\programs\emule\emule.exe | 
"UDP Query User{5338799F-021F-4F3F-8D56-8D39AB990B7F}C:\programs\gmx\gmx multimessenger\messengr.exe" = protocol=17 | dir=in | app=c:\programs\gmx\gmx multimessenger\messengr.exe | 
"UDP Query User{86F28499-2EE5-4307-9629-5348D6291BEC}C:\programs\emule\emule.exe" = protocol=17 | dir=in | app=c:\programs\emule\emule.exe | 
"UDP Query User{BBD8A35C-66C6-4AB0-B20D-0885064C279D}C:\programs\mozillathunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\programs\mozillathunderbird\thunderbird.exe | 
"UDP Query User{C54DA372-7CF3-4848-8F6B-62C28B8F9E90}C:\programs\mozillathunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\programs\mozillathunderbird\thunderbird.exe | 
"UDP Query User{CFD44C6C-9C04-4794-8EE5-C4594DFDBE88}C:\programs\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\programs\utorrent\utorrent.exe | 
"UDP Query User{E15792BF-7C9F-4DED-AE57-0B8286F069E2}C:\programs\gmx\gmx multimessenger\messengr.exe" = protocol=17 | dir=in | app=c:\programs\gmx\gmx multimessenger\messengr.exe | 
"UDP Query User{E6D793D7-2BA3-4EC2-B891-FCED41BDEAD2}C:\programs\ultravnc\winvnc.exe" = protocol=17 | dir=in | app=c:\programs\ultravnc\winvnc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r277)
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1638AE60-C349-4A7C-BFFE-AF6E0A39C512}" = Tunebite
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B4FAA72-82D6-440E-8AEA-230C4668074D}" = Socket Wi-Fi® Companion Software
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu 3.x for Office 2007
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4BA6C9AC-B6BA-4B0D-AB8D-71B2B19D4AA3}" = Microsoft Pocket PC 2003 SDK
"{52581E8C-F0AE-44CD-84A7-CF0945B2628C}" = AuthenTec Fingerprint Sensor Minimum Install
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{570C2A84-A145-4DF0-AE9D-012584DF09DC}" = SPCA1528 PC Driver
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE VCD
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80958B03-07E3-4F0A-8950-4F709899F321}" = OLYMPUS Studio 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8523C0E7-31E6-4E2D-AD27-0384CAB715CA}" = eEye Digital Security Pocket WiFi Retina Scanner
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}" = SolidConverterPDF
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{A35883BD-9C83-4625-82F3-90F86728C662}" = FreeUndelete
"{A533F43A-2171-401F-91A3-223C5DE38434}" = NetFront v3.3 for Pocket PC (PPC3ARENR106JV)
"{A6903FF6-895A-4EA6-BDCC-BE1DD911103A}" = PC Camer@
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBE36F8C-DF43-40DA-9430-A9D604AAFBB3}_is1" = Basic4ppc Desktop v6.80
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D1BA1F1C-D88B-405D-953F-D7074B65453D}" = LifeView MVP
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 6.00.26
"{F5A7052F-2AF4-4CBA-8951-26B91476BDAB}" = WiFiFoFum
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"1A6754C019F3AE544C346226BB63AC9BC7DACCDE" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam  (12/28/2006 1.0.0.0)
"2CFDDBA03CBE225A1FA2032FE06674F0AF0549D0" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. (OlyFirCam) OlyFirCam  (06/28/2007 2.2.0.0)
"5564564_is1" = TrackThisOut Tracky v3.0
"ACDSee Trial Version" = ACDSee Trial Version
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AllMusicConverter_is1" = AllMusicConverter 3.8.9
"Art Vista Virtual Grand Piano" = Art Vista Virtual Grand Piano
"ASIO4ALL" = ASIO4ALL
"AudibleManager" = AudibleManager
"AutoShutdown Pro v4.3" = AutoShutdown Pro v4.3
"AVG9Uninstall" = AVG Free 9.0
"Bookmarkbridge" = BookmarkBridge 0.76
"C3602087D644728271A56391792D1D11F24B9E9F" = Windows-Treiberpaket - Lifeview (LVMST) MEDIA  (11/16/2006 1.33.0.001)
"CAB Installer" = CAB Installer
"CamStudio" = CamStudio
"CapScrUtil_is1" = Capture Screen Utility 1.01
"CCleaner" = CCleaner (remove only)
"CD Recovery Toolbox Free_is1" = CD Recovery Toolbox Free 1.1
"CDRoller_is1" = CDRoller version 8.61
"CommView for WiFi PPC" = CommView for WiFi PPC
"Cursors" = Microsoft Windows Alternative Mouse Pointers
"dataPro_is1" = dataPro trial version 1.6
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DigiSoft Multimedia Server_is1" = DigiSoft Multimedia Server
"DockWare PKT" = DockWare for Pocket PC
"Dr. Hardware 2009_is1" = Dr. Hardware 2009 9.9.5d
"East West Boesendorfer 290" = East West Boesendorfer 290
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eyeball Chat 2.2" = Eyeball Chat 2.2
"FLV Player" = FLV Player 2.0 (build 25)
"FormatFactory" = FormatFactory 2.20
"Forte Agent" = Forté Agent
"Games" = Games
"GMX MultiMessenger" = GMX MultiMessenger
"GoldWave v5.25" = GoldWave v5.25
"Hexacto ScoreCast" = Hexacto ScoreCast
"HyperSnap-DX" = HyperSnap-DX
"imov" = imov
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A6903FF6-895A-4EA6-BDCC-BE1DD911103A}" = PC Camer@
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D1BA1F1C-D88B-405D-953F-D7074B65453D}" = LifeView MVP
"IsoBuster_is1" = IsoBuster 2.5
"Lexipedia" = Lexipedia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mastersoft Mobile Solutions Kakuro" = Mastersoft Mobile Solutions Kakuro
"Mastersoft Mobile Solutions SuDoku" = Mastersoft Mobile Solutions SuDoku
"Mastersoft Mobile Solutions SuDokuV2" = Mastersoft Mobile Solutions SuDokuV2
"MasterSplitter" = MasterSplitter Program
"Mathe Formelsammlung" = Mathe Formelsammlung
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"Mp3Split_is1" = Mp3Split V1.30
"Net Meter" = Net Meter 3.6 build 437
"NVIDIA Drivers" = NVIDIA Drivers
"Oscilloscope" = Oscilloscope
"Palringo" = Palringo
"PDAwin TV remote controller" = PDAwin TV remote controller
"Physik Formelsammlung" = Physik Formelsammlung
"Pianoteq22" = Pianoteq v2.2.0
"PictPocket Movie Converter_is1" = PictPocket Movie Converter 1.0
"Pop's Pipes for PocketPC" = Pop's Pipes for PocketPC
"Primetime Podcast Receiver" = Podcast Receiver
"QuickPar" = QuickPar 0.9
"RealPlayer 6.0" = RealPlayer Basic
"RealVNC_is1" = VNC Enterprise Edition E4.4.2
"Recuva" = Recuva (remove only)
"RemoteControl II" = RemoteControl II
"Resco Explorer" = Resco Explorer
"Resco Sudoku Touch" = Resco Sudoku Touch
"Ruby-186-27" = Ruby-186-27
"Sandboxie" = Sandboxie 3.44
"SID Video Cutter & Splitter_is1" = SID Video Cutter & Splitter 1.8.0.2
"Skype™ for Pocket PC_is1" = Skype™ for Pocket PC 1.1
"Skype™ for Windows Mobile_is1" = Skype™ for Windows Mobile 3.0
"SmartMovie Converter" = SmartMovie Converter
"sm-un1.u32" = SoftMaker Office 2008 (C:\Programs\SoftMaker Office 2008)
"sm-un2.u32" = SoftMaker Office 2008 (C:\Program Files\SoftMaker Office 2008)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Spb Backup" = Spb Backup
"Spb Backup_is1" = Spb Backup 2.0.2
"Spb Mobile Shell" = Spb Mobile Shell
"SQLite Expert Personal 2_is1" = SQLite Expert Personal 2.1.22
"Starry Night Basic" = Starry Night Basic
"Steinberg The Grand 2" = Steinberg The Grand 2
"Steinberg The Grand 2 v2.0.0.1152" = Steinberg The Grand 2 v2.0.0.1152
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The JPEG Wizard2" = Pegasus Imaging Corp. "The JPEG Wizard2"
"TomeRaider3" = TomeRaider3
"TorrentSpeeder" = TorrentSpeeder
"Total Audio Converter_is1" = TotalAudioConverter
"Totalcmd" = Total Commander (Remove or Repair)
"TotalRecorder" = Total Recorder 7.1
"Transcribe!" = Transcribe!
"TruePianos: Diamond Module_is1" = TruePianos: Diamond Module 1.4.0
"TruePianos: Sapphire Module (Pedal sounds included)_is1" = TruePianos: Sapphire Module 1.4.0
"TruePianos_is1" = TruePianos 1.4.2
"UltraISO_is1" = UltraISO Premium V9.33
"Ultravnc2_is1" = UltraVNC 1.0.5.6
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VideoLAN VLC media player 0.8.6h
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WinCESoft PocketMVP for WM2003" = WinCESoft PocketMVP for WM2003
"WinCESoft RemoteControl II" = WinCESoft RemoteControl II
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMHHCEAll" = Microsoft Windows Media Player Control for Pocket IE
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"RealCalculator" = Vorwerk&Stengel RealCalculator
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Ich sehe massive Manipulationen an einem oder mehreren Windows-Kernel-Dateien.
Was ist ein NTtraceEvent und was soll die Umleitung vieler Einsprünge zum Adressbereich A4DAA...?
Ich würde Scans/Fixes lieber im SAFE MODE machen, denn:
- dort laufen nur 25 Prozesse und 24 Dienste, im normalen Betrieb über 80/30
- alles läuft stabiler und schneller
Ich weiß, daß gewisse Scanner/Fixer NICHT im Safe Mode funktionieren, daher bitte sagen, wann ich das darf!

Danke!

[pc-jedi]

Hi

Auf dem Desktop dürfte noch eine zweite Datei von OTL erstellt worden sein die sich otl.txt nennt. Poste bitte deren Inhalt.

[Genervt]

Diese hier?
Username ge'x't:

Code:

OTL logfile created on: 20.02.2010 10:49:58 - Run 1
OTL by OldTimer - Version 3.1.30.1     Folder = C:\Users\xxxxxxxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 248,58 Gb Total Space | 178,80 Gb Free Space | 71,93% Space Free | Partition Type: NTFS
Drive D: | 49,50 Gb Total Space | 6,21 Gb Free Space | 12,54% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NB_2009
Current User Name: xxxxxxxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxxxxxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programs\Sandboxie\SbieSvc.exe (tzuk)
PRC - C:\Programme\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Programs\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Softex\OmniPass\scureapp.exe ()
PRC - C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)
PRC - C:\Programme\Softex\OmniPass\opvapp.exe ()
PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Launch Manager\LaunchAp.exe ()
PRC - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Programme\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Windows\System32\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Windows\System32\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\xxxxxxxx\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (BOLVSVCXK) -- C:\Users\xxxxxxxx\AppData\Local\Temp\BOLVSVCXK.exe (Sysinternals - www.sysinternals.com)
SRV - (TKKMUFJ) -- C:\Users\xxxxxxxx\AppData\Local\Temp\TKKMUFJ.exe (Sysinternals - www.sysinternals.com)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (SbieSvc) -- C:\Programs\Sandboxie\SbieSvc.exe (tzuk)
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SMServer) -- C:\Windows\System32\snmvtsvc.exe (SMServer)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (uvnc_service) -- C:\Programs\UltraVNC\WinVNC.exe (UltraVNC)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (WinVNC4) -- C:\Programs\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 3) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (IGDCTRL) -- C:\Programs\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\System32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AutoShutdown) -- C:\Programs\AutoShutdown\AS_Service.exe (Barefoot Productions, Inc.)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
SRV - (Visual Studio Analyzer RPC bridge) -- C:\Programs\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (SbieDrv) -- C:\Programs\Sandboxie\SbieDrv.sys (tzuk)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MusCAudio) -- C:\Windows\System32\drivers\MusCAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (LVMST) -- C:\Windows\System32\drivers\LVMST.sys (Animation Technologies Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM) -- C:\Windows\System32\drivers\lmvac.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ISODrive) -- C:\Programs\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (iTurns) -- C:\Windows\System32\drivers\iTurnsDriver.sys (Pixbyte Development SL)
DRV - (TotRec7) -- C:\Windows\System32\drivers\TotRec7.sys (High Criteria inc.)
DRV - (YMIDUSBW) Yamaha USB-MIDI Driver (WDM) -- C:\Windows\System32\drivers\ymidusbw.sys (Yamaha Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (usbanyka) -- C:\Windows\System32\drivers\usbanyka.sys (Anyka (Guangzhou) Software Technology Co., Ltd.)
DRV - (vncmirror) -- C:\Windows\System32\drivers\vncmirror.sys (RealVNC Ltd.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys ()
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (drhard) -- C:\Windows\System32\drivers\drhard.sys (Licensed for Gebhard Software)
DRV - (CLEDX) -- C:\Windows\System32\drivers\cledx.sys (Team H2O)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.medion.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {b80e3187-dfe3-879f-dc50-c893d60ae36c}:4.6.6.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009.12.13 09:15:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programs\MozillaFirefox\components [2010.02.18 14:26:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programs\MozillaFirefox\plugins [2010.02.18 14:26:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Programs\MozillaThunderbird\components [2010.02.05 10:58:02 | 000,000,000 | ---D | M]
 
[2009.12.10 17:07:43 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\Extensions
[2009.12.10 17:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.19 10:27:13 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\1qjfkobl.default\extensions
[2010.02.04 09:14:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\1qjfkobl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.20 09:49:09 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\1qjfkobl.default\extensions\elemhidehelper@adblockplus.org
[2010.02.15 14:04:18 | 000,000,261 | ---- | M] () -- C:\Users\xxxxxxxx\AppData\Roaming\Mozilla\FireFox\Profiles\1qjfkobl.default\searchplugins\Search.xml
 
O1 HOSTS File: ([2009.11.16 15:52:54 | 000,001,044 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 	localhost
O1 - Hosts: ::1 	localhost
O1 - Hosts: 127.0.0.1	http://bin-layer.de
O1 - Hosts: 127.0.0.1	http://layer-ads.de/
O1 - Hosts: 127.0.0.1	http://www.euros4click.de
O1 - Hosts: 127.0.0.1	layer-ads.de
O1 - Hosts: 127.0.0.1	http://www.forced-klicks.de
O1 - Hosts: 127.0.0.1	http://www.sponsorads.de
O1 - Hosts: 127.0.0.1	http://www.paidsolution.de
O1 - Hosts: 127.0.0.1	http://www.crody.de
O1 - Hosts: 127.0.0.1	http://www.bin-layer.de
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SolidConverter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programs\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SolidConverter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programs\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [muBlinder] C:\Windows\muBlinder.exe (KRX)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programs\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SandboxieControl] C:\Programs\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programs\AllMusicConverter\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programs\AllMusicConverter\YouTubeRipper.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\Spybot\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.02.20 09:26:00 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxxxxx\Desktop\OTL.exe
[2010.02.19 11:57:20 | 000,000,000 | ---D | C] -- C:\Program
[2010.02.19 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\Pavark
[2010.02.19 11:17:04 | 000,000,000 | --SD | C] -- C:\cf.exe
[2010.02.19 11:16:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.02.19 11:06:49 | 000,000,000 | --SD | C] -- C:\cf18998c
[2010.02.19 10:44:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.02.19 10:44:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.02.19 10:44:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.02.19 10:44:49 | 000,000,000 | --SD | C] -- C:\cf
[2010.02.19 10:44:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.02.18 10:26:48 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Local\BuildAGadget Content
[2010.02.17 20:32:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.02.17 19:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\UIB
[2010.02.17 19:58:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\BIOAPIFFDB
[2010.02.17 19:46:37 | 000,146,688 | ---- | C] (AuthenTec, Inc.) -- C:\Windows\System32\drivers\atswpdrv.sys
[2010.02.17 19:46:27 | 000,000,000 | ---D | C] -- C:\Programme\AuthenTec
[2010.02.17 19:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.02.17 19:24:19 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.02.17 19:24:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.02.17 19:24:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.02.17 19:24:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.02.17 19:23:49 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.02.17 19:21:49 | 000,000,000 | ---D | C] -- C:\Programme\Softex
[2010.02.17 17:03:00 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\InstallShield
[2010.02.17 17:02:39 | 000,000,000 | ---D | C] -- C:\temp
[2010.02.16 15:15:16 | 000,000,000 | R--D | C] -- C:\Sandbox
[2010.02.16 14:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.02.16 13:52:12 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\QuickScan
[2010.02.16 12:57:05 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.02.16 12:57:02 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.02.16 12:57:02 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.02.16 12:57:02 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.02.16 12:00:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.02.16 10:42:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.02.16 10:42:42 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.02.16 10:42:12 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.02.15 19:04:27 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.02.15 16:22:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.02.15 16:21:31 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.02.15 16:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.02.15 16:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.02.15 16:16:30 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\SUPERAntiSpyware.com
[2010.02.15 13:50:32 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\Thinstall
[2010.02.07 11:59:32 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\WinRAR
[2010.02.07 11:57:27 | 000,000,000 | ---D | C] -- C:\Cryptload
[2010.02.06 12:30:39 | 000,000,000 | ---D | C] -- C:\Programme\PixiePack Codec Pack
[2010.02.06 12:04:03 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Local\RapidSolution
[2010.02.06 11:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2010.02.06 11:12:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TuneClone
[2010.02.06 10:54:19 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\SolidDocuments
[2010.02.06 10:54:17 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\SolidDocuments
[2010.02.06 10:53:09 | 000,000,000 | ---D | C] -- C:\Programme\Soliddocuments
[2010.02.06 10:13:24 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\AccurateRip
[2010.02.06 10:00:19 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Local\WMA-MP3.com
[2010.02.06 09:57:45 | 000,025,616 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\lmvac.sys
[2010.02.06 09:28:23 | 000,000,000 | ---D | C] -- C:\Converted
[2010.02.02 18:28:14 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\CDRoller
[2010.02.02 17:45:42 | 000,245,760 | ---- | C] (SMServer) -- C:\Windows\System32\snmvtsvc.exe
[2010.02.02 17:45:40 | 000,023,096 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\MusCAudio.sys
[2010.02.02 17:45:40 | 000,023,096 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\MusCAudio.sys
[2010.02.02 17:45:40 | 000,010,936 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\MusCVideo.dll
[2010.02.02 17:45:40 | 000,003,768 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\MusCVideo.sys
[2010.02.01 09:05:58 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Local\QuickPar
[2010.01.30 12:34:35 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010.01.30 12:34:22 | 000,000,000 | ---D | C] -- C:\Programme\Hexacto Games
[2010.01.22 10:14:26 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.01.22 10:14:25 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.01.22 10:14:25 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.01.22 10:14:25 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.01.22 10:14:25 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.01.22 10:14:24 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.01.22 10:14:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.01.22 10:14:24 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.01.22 10:14:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.01.22 10:14:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.01.22 10:14:24 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.01.22 10:14:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.01.22 10:14:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.01.22 10:14:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.02.20 10:50:18 | 004,194,304 | -HS- | M] () -- C:\Users\xxxxxxxx\ntuser.dat
[2010.02.20 10:36:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.02.20 09:38:32 | 000,001,482 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010.02.20 09:36:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.02.20 09:26:14 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxxxxx\Desktop\OTL.exe
[2010.02.20 09:21:30 | 000,293,376 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\vltrpkbr.exe
[2010.02.20 09:04:51 | 055,938,014 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.02.20 09:01:34 | 000,065,372 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.02.20 09:01:18 | 000,065,372 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.02.20 09:00:57 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.02.20 09:00:56 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.02.20 09:00:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.02.20 09:00:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.02.20 09:00:18 | 3217,489,920 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.19 18:41:11 | 000,524,288 | -HS- | M] () -- C:\Users\xxxxxxxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.02.19 18:41:11 | 000,065,536 | -HS- | M] () -- C:\Users\xxxxxxxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.02.19 18:05:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.02.19 17:00:44 | 000,002,453 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\HiJackThis.lnk
[2010.02.19 15:24:14 | 801,898,476 | ---- | M] () -- C:\Windows\System32\KNJYS
[2010.02.19 15:24:14 | 544,604,159 | ---- | M] () -- C:\Windows\System32\PANJVOI
[2010.02.19 14:56:16 | 000,142,336 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\cm.exe
[2010.02.19 14:13:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\UEGYL
[2010.02.19 10:59:56 | 000,192,512 | ---- | M] (ICSharpCode.net) -- C:\Windows\ICSharpCode.SharpZipLib.dll
[2010.02.19 10:32:04 | 003,864,099 | R--- | M] () -- C:\Users\xxxxxxxx\Desktop\cf.exe
[2010.02.19 10:09:21 | 000,000,680 | ---- | M] () -- C:\Users\xxxxxxxx\AppData\Local\d3d9caps.dat
[2010.02.18 17:59:25 | 000,033,658 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\cc_20100218_175802.reg
[2010.02.18 17:56:37 | 000,000,082 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\cc_20100218_175634.reg
[2010.02.18 17:00:14 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.02.18 15:13:43 | 000,001,623 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\Command Prompt.lnk
[2010.02.17 20:44:28 | 000,018,620 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Omni_MW.opi
[2010.02.17 20:04:25 | 001,427,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.02.17 20:04:25 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.02.17 20:04:25 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.02.17 20:04:25 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.02.17 20:04:25 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.02.17 19:23:52 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010.02.17 19:23:52 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.02.17 19:23:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.02.17 19:23:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.02.17 11:46:55 | 000,106,496 | ---- | M] () -- C:\Users\xxxxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.16 14:31:16 | 001,253,537 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Lenco_MMC290.PDF
[2010.02.16 12:47:46 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.02.15 19:56:50 | 000,000,559 | ---- | M] () -- C:\Windows\win.ini
[2010.02.15 19:45:47 | 000,067,404 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\snap.jpg
[2010.02.15 18:49:05 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.02.15 18:48:11 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010.02.15 18:38:17 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.02.15 18:24:47 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\Basic4ppc Desktop.lnk
[2010.02.15 18:19:28 | 000,116,552 | ---- | M] () -- C:\Users\xxxxxxxx\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.15 11:36:06 | 000,141,156 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Meistro_StromAntrag.pdf
[2010.02.12 17:11:49 | 000,861,818 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Lenco_CR31-USB-SD_GER.pdf
[2010.02.10 10:51:10 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.02.10 10:04:06 | 000,001,640 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\PeerBlock.lnk
[2010.02.09 09:49:27 | 000,000,093 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010.02.08 10:00:41 | 000,524,705 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllZ.csv
[2010.02.08 10:00:40 | 001,164,442 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllR.csv
[2010.02.08 10:00:40 | 000,000,000 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllS.csv
[2010.02.08 10:00:39 | 000,901,959 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllO.csv
[2010.02.08 10:00:39 | 000,394,162 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllJ.csv
[2010.02.08 10:00:39 | 000,032,327 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllK.csv
[2010.02.08 10:00:38 | 001,995,439 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllH.csv
[2010.02.08 10:00:35 | 000,328,999 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllC.csv
[2010.02.08 10:00:35 | 000,000,000 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllF.csv
[2010.02.08 10:00:34 | 000,863,034 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllB.csv
[2010.02.08 09:44:50 | 001,954,304 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\HausVerbrauch_BadSalzschlirf.xls
[2010.02.08 09:21:59 | 000,030,340 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\history_2010.dat
[2010.02.07 11:24:25 | 005,861,221 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Lenco_CR-2850_manual_GER.pdf
[2010.02.06 12:51:16 | 000,026,624 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Pkw-Angebotsanforderung Neukunden.xls
[2010.02.06 12:05:22 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\Tunebite 7.lnk
[2010.02.06 11:27:16 | 000,013,848 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010.02.06 11:26:55 | 000,033,846 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010.02.06 11:03:33 | 000,000,116 | ---- | M] () -- C:\Windows\ConverterCore.INI
[2010.02.06 11:03:28 | 000,165,888 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Meistro_StromAntrag.doc
[2010.02.06 10:56:58 | 000,194,611 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Vattenfall_823800440806(2).doc
[2010.02.06 10:14:05 | 000,003,658 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010.02.06 10:13:54 | 000,033,846 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2010.02.06 09:11:33 | 000,103,478 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Meistro_Strom.JPG
[2010.02.05 10:52:16 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.02.04 18:31:22 | 000,151,269 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Bote20100204.jpg
[2010.02.04 17:41:42 | 000,006,809 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\03.02.Bi27.jpg
[2010.02.04 16:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.02.03 12:03:26 | 000,127,908 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Vattenfall_823800440806(2).pdf
[2010.02.03 10:34:22 | 000,000,012 | ---- | M] () -- C:\Windows\Recorder.dat
[2010.02.02 18:28:18 | 000,000,742 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\CDRoller.lnk
[2010.02.02 17:45:57 | 000,001,601 | ---- | M] () -- C:\Users\Public\Desktop\AllMusicConverter CDRipper.lnk
[2010.02.02 17:45:56 | 000,001,644 | ---- | M] () -- C:\Users\Public\Desktop\AllMusicConverter.lnk
[2010.02.02 17:23:43 | 000,000,772 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\CD Recovery Toolbox Free.lnk
[2010.02.01 09:45:43 | 000,643,072 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Expense.mdb
[2010.01.26 10:49:45 | 000,876,000 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\philips_ajm180_12_dfu_eng.pdf
[2010.01.23 11:14:23 | 000,454,410 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Lenco_CR-2800_manuals_ENG.pdf
[2010.01.22 16:47:59 | 000,000,700 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\Mp3Split.lnk
[2010.01.21 11:27:19 | 000,162,816 | ---- | M] (Firelight Technologies Pty, Ltd) -- C:\Windows\System32\fmod.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.02.20 09:21:13 | 000,293,376 | ---- | C] () -- C:\Users\xxxxxxxx\Desktop\vltrpkbr.exe
[2010.02.20 08:56:30 | 3217,489,920 | -HS- | C] () -- C:\hiberfil.sys
[2010.02.19 14:57:13 | 000,142,336 | ---- | C] () -- C:\Users\xxxxxxxx\Desktop\cm.exe
[2010.02.19 14:45:24 | 544,604,159 | ---- | C] () -- C:\Windows\System32\PANJVOI
[2010.02.19 14:24:56 | 801,898,476 | ---- | C] () -- C:\Windows\System32\KNJYS
[2010.02.19 14:13:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\UEGYL
[2010.02.19 10:44:57 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.02.19 10:44:57 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.02.19 10:44:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.02.19 10:44:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.02.19 10:44:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.02.19 10:32:56 | 003,864,099 | R--- | C] () -- C:\Users\xxxxxxxx\Desktop\cf.exe
[2010.02.19 09:40:53 | 000,000,680 | ---- | C] () -- C:\Users\xxxxxxxx\AppData\Local\d3d9caps.dat
[2010.02.18 17:58:04 | 000,033,658 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\cc_20100218_175802.reg
[2010.02.18 17:56:37 | 000,000,082 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\cc_20100218_175634.reg
[2010.02.18 17:00:13 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.02.17 20:44:16 | 000,018,620 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Omni_MW.opi
[2010.02.17 20:34:14 | 000,013,824 | ---- | C] () -- C:\Windows\System32\vchannel.dll
[2010.02.16 15:14:32 | 000,001,482 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010.02.16 14:30:56 | 001,253,537 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Lenco_MMC290.PDF
[2010.02.16 12:47:46 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.02.16 10:56:13 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.02.15 19:45:46 | 000,067,404 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\snap.jpg
[2010.02.15 18:38:17 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.02.15 18:24:47 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\Basic4ppc Desktop.lnk
[2010.02.15 11:36:00 | 000,141,156 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Meistro_StromAntrag.pdf
[2010.02.12 17:11:40 | 000,861,818 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Lenco_CR31-USB-SD_GER.pdf
[2010.02.07 11:24:01 | 005,861,221 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Lenco_CR-2850_manual_GER.pdf
[2010.02.06 12:51:15 | 000,026,624 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Pkw-Angebotsanforderung Neukunden.xls
[2010.02.06 12:05:22 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\Tunebite 7.lnk
[2010.02.06 11:27:16 | 000,033,846 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010.02.06 11:27:16 | 000,013,848 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010.02.06 11:03:33 | 000,000,116 | ---- | C] () -- C:\Windows\ConverterCore.INI
[2010.02.06 11:03:26 | 000,165,888 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Meistro_StromAntrag.doc
[2010.02.06 10:56:57 | 000,194,611 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Vattenfall_823800440806(2).doc
[2010.02.06 10:14:05 | 000,033,846 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2010.02.06 10:14:05 | 000,003,658 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010.02.06 10:13:23 | 005,082,488 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010.02.06 09:10:57 | 000,103,478 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Meistro_Strom.JPG
[2010.02.04 18:31:20 | 000,151,269 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Bote20100204.jpg
[2010.02.04 17:41:29 | 000,006,809 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\03.02.Bi27.jpg
[2010.02.03 12:03:26 | 000,127,908 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Vattenfall_823800440806(2).pdf
[2010.02.02 18:31:23 | 000,000,742 | ---- | C] () -- C:\Users\xxxxxxxx\Desktop\CDRoller.lnk
[2010.02.02 17:45:57 | 000,001,601 | ---- | C] () -- C:\Users\Public\Desktop\AllMusicConverter CDRipper.lnk
[2010.02.02 17:45:56 | 000,001,644 | ---- | C] () -- C:\Users\Public\Desktop\AllMusicConverter.lnk
[2010.02.02 17:45:40 | 000,019,099 | ---- | C] () -- C:\Windows\System32\MusCAudio.inf
[2010.02.02 17:45:40 | 000,002,577 | ---- | C] () -- C:\Windows\System32\MusCVideo.inf
[2010.02.02 17:45:40 | 000,002,539 | ---- | C] () -- C:\Windows\System32\MusCVideo.cat
[2010.02.02 17:45:40 | 000,002,100 | ---- | C] () -- C:\Windows\System32\MusCAudio.cat
[2010.02.02 17:23:43 | 000,000,772 | ---- | C] () -- C:\Users\xxxxxxxx\Desktop\CD Recovery Toolbox Free.lnk
[2010.01.31 09:31:48 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.01.31 09:31:46 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.01.26 10:49:19 | 000,876,000 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\philips_ajm180_12_dfu_eng.pdf
[2010.01.23 11:14:13 | 000,454,410 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Lenco_CR-2800_manuals_ENG.pdf
[2010.01.22 16:47:59 | 000,000,700 | ---- | C] () -- C:\Users\xxxxxxxx\Desktop\Mp3Split.lnk
[2010.01.10 11:58:21 | 000,000,053 | ---- | C] () -- C:\Windows\REGKEYNT.INI
[2010.01.06 10:12:21 | 000,014,115 | ---- | C] () -- C:\Windows\twspmm.ini
[2009.11.25 15:38:51 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.10.08 15:57:44 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2009.09.24 16:09:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.23 03:29:12 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009.09.23 03:29:12 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2009.09.23 03:29:12 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.09.23 03:29:12 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009.09.23 03:29:12 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009.09.23 03:29:12 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009.09.23 03:29:12 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009.09.23 03:29:12 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009.09.23 03:29:12 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009.09.23 03:29:12 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2009.09.23 03:29:12 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009.09.23 03:29:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009.09.23 03:29:12 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009.09.23 03:29:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2009.09.23 03:29:12 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009.09.23 03:29:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009.09.23 03:29:12 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009.09.23 03:29:12 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009.09.23 03:29:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dllOLD
[2009.07.28 17:31:58 | 000,000,267 | ---- | C] () -- C:\Windows\w32demo8.ini
[2009.07.17 13:21:18 | 000,027,503 | ---- | C] () -- C:\Users\xxxxxxxx\AppData\Roaming\UserTile.png
[2009.07.07 13:21:33 | 000,003,072 | ---- | C] () -- C:\Windows\System32\716xCoInstallerMST.dll
[2009.06.30 13:04:39 | 000,106,496 | ---- | C] () -- C:\Users\xxxxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.27 17:35:08 | 000,065,372 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.27 17:35:08 | 000,065,372 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.24 11:35:48 | 000,000,216 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009.06.22 17:48:22 | 000,028,124 | ---- | C] () -- C:\Users\xxxxxxxx\AppData\Roaming\nvModes.001
[2009.06.22 17:20:41 | 000,028,124 | ---- | C] () -- C:\Users\xxxxxxxx\AppData\Roaming\nvModes.dat
[2009.06.21 16:23:25 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2009.06.21 16:23:12 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.06.21 12:36:06 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.06.21 09:49:34 | 000,000,114 | ---- | C] () -- C:\Users\xxxxxxxx\AppData\Roaming\wklnhst.dat
[2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.07.23 10:03:08 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008.07.23 09:04:44 | 000,308,248 | ---- | C] () -- C:\Windows\System32\drivers\iaStor.sys
[2008.03.19 07:58:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.03.19 07:57:24 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2007.05.02 18:43:30 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2007.05.02 18:43:30 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2005.01.25 14:15:42 | 000,010,240 | R--- | C] () -- C:\Windows\System32\PA207USD.DLL
[1998.06.09 23:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL
[1998.05.17 23:00:00 | 000,014,017 | ---- | C] () -- C:\Windows\JAUTOEXP.INI
[1998.04.23 23:00:00 | 000,000,218 | ---- | C] () -- C:\Windows\FRONTPG.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 980 bytes -> C:\Users\xxxxxxxx\Documents\2009_01_16_Schritte.eml:OECustomProperty
@Alternate Data Stream - 976 bytes -> C:\Users\xxxxxxxx\Documents\(Attn ).eml:OECustomProperty
@Alternate Data Stream - 868 bytes -> C:\Users\xxxxxxxx\Documents\Mozart.eml:OECustomProperty
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B174FAE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66E02052
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >

[Genervt]

Vermutlich alles erledigt. Manuell, war ein Haufen Arbeit, aber das System läuft sauber, schnell und mit weit weniger Resourcen, Diensten, Speicherbedarf, keine PopUps mehr.
Es war ganz bestimmt der mieseste aller Rootkits, TDSS Rev 3, wie ich bereits vermutet hatte.
Nur wenige Tools finden ihn, noch weniger scheinen ihn auch beseitigen zu können.

Mache gerade Scans mit allen mir zur Verfügung stehenden Tools, werde sie morgen reinstellen, zur Sicherheit.
Habe dann noch ein paar Fragen zu TDSS sowie besserem Schutz gegen solche Superkiller.

Habe ich auch nach 25 Jahren Eigenleistung noch die Oberhand über diese Bastarde?

[Genervt]

Für alle, die mitlesen:

AdAware, Spybot, SuperAntiSpyware, MalwareBytes sind nun alle ohne Befund.
RootkitRevealer, Prevx, TDSS Killer RC3, Sophos, Radix und CatchMe finden nichts mehr.

"Combofix" war die Lösung des TDSS Rev3 Befalls, nachdem manuell die "verlorengegangenen" Admin-Rechte durch manuelle Reg-Hacks wiederhergestellt wurden. Davor lief so gut wie nichts (Gmer BSOD, Combofix crashes etc).

HijackThis Log:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:33, on 22.02.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe
C:\Windows\RtHDVCpl.exe
C:\Programs\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\mdm.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\system32\wuauclt.exe
C:\Programs\TrendMicro\HiJackThis\HiJackThis.exe
C:\Programs\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programs\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programs\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programs\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [muBlinder] C:\Windows\muBlinder.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programs\AllMusicConverter\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programs\AllMusicConverter\YouTubeRipper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\Spybot\SDHelper.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AZSEKBXTO - Unknown owner - C:\Users\xxxxxxxx\AppData\Local\Temp\AZSEKBXTO.exe (file missing)
O23 - Service: BOLVSVCXK - Unknown owner - C:\Users\xxxxxxxx\AppData\Local\Temp\BOLVSVCXK.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programs\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PAGDHA - Unknown owner - C:\Users\xxxxxxxx\AppData\Local\Temp\PAGDHA.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programs\Sandboxie\SbieSvc.exe
O23 - Service: SMServer - SMServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: TKKMUFJ - Unknown owner - C:\Users\xxxxxxxx\AppData\Local\Temp\TKKMUFJ.exe (file missing)
O23 - Service: uvnc_service - UltraVNC - C:\Programs\UltraVNC\WinVNC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programs\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 9437 bytes

HiJackThis Scanlist:

Code:

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.0.6002]
 
 
C:

C:\_Temp 
C:\hiberfil.sys 
C:\pagefile.sys 
C:\aaw7boot.log 
C:\Programs 
C:\Qoobox 
C:\Windows 
C:\ComboFix.txt 
C:\$RECYCLE.BIN 
C:\Boot 
C:\RootRepeal report 02-22-10 (15-06-33).txt 
C:\ProgramData 
C:\Program Files 
C:\RootRepeal report 02-21-10 (15-19-10).txt 
C:\Config.Msi 
C:\Junk 
C:\Program 
C:\cf.exe 
C:\cf18998c 
C:\cf 
C:\temp 
C:\Sandbox 
C:\System Volume Information 
C:\Cryptload 
C:\Converted 
C:\Ruby 
C:\$AVG 
C:\VundoFix Backups 
C:\CELab 
C:\Users 
C:\NVIDIA 
C:\My Music 
C:\MSOCache 
C:\IO.SYS 
C:\MSDOS.SYS 
C:\Programme 
C:\Dokumente und Einstellungen 
C:\bootmgr 
C:\SDFix 
C:\MyWorks 
C:\BOOTSECT.BAK 
C:\Intel 
C:\Documents and Settings 
C:\config.sys 
C:\autoexec.bat 
----------------------------------------

 
C:\Windows

C:\Windows\WindowsUpdate.log 
C:\Windows\bootstat.dat 
C:\Windows\bthservsdp.dat 
C:\Windows\system.ini 
C:\Windows\PFRO.log 
C:\Windows\ntbtlog.txt 
C:\Windows\NeroDigital.ini 
C:\Windows\ICSharpCode.SharpZipLib.dll 
C:\Windows\setupact.log 
C:\Windows\setuperr.log 
C:\Windows\wininit.ini 
C:\Windows\Sandboxie.ini 
C:\Windows\win.ini 
C:\Windows\vbaddin.ini 
C:\Windows\ConverterCore.INI 
C:\Windows\Recorder.dat 
C:\Windows\REGKEYNT.INI 
C:\Windows\PEV.exe 
C:\Windows\opera6.adr 
C:\Windows\MBR.exe 
C:\Windows\unins000.dat 
C:\Windows\unins000.exe 
C:\Windows\$_hpcst$.hpc 
C:\Windows\CD_Start.INI 
C:\Windows\w32demo8.ini 
C:\Windows\nsreg.dat 
C:\Windows\Ulead32.ini 
C:\Windows\mdm.ini 
C:\Windows\ODBCINST.INI 
C:\Windows\ODBC.INI 
C:\Windows\VB.INI 
C:\Windows\UnHSDX.bat 
C:\Windows\NIRCMD.exe 
C:\Windows\explorer.exe 
C:\Windows\muBlinder.exe 
C:\Windows\csup.txt 
C:\Windows\twspmm.ini 
C:\Windows\twspmm.src 
C:\Windows\PKUNZIP.PIF 
C:\Windows\PKZIP.PIF 
C:\Windows\NOCLOSE.PIF 
C:\Windows\RAR.PIF 
C:\Windows\ARJ.PIF 
C:\Windows\LHA.PIF 
C:\Windows\UC.PIF 
C:\Windows\DIFxAPI.dll 
C:\Windows\HideWin.exe 
C:\Windows\UNRecode.exe 
C:\Windows\UNNeroMediaHome.exe 
C:\Windows\Updates.txt 
C:\Windows\WindowsShell.Manifest 
C:\Windows\regedit.exe 
C:\Windows\bfsvc.exe 
C:\Windows\fveupdate.exe 
C:\Windows\HelpPane.exe 
C:\Windows\notepad.exe 
C:\Windows\RTKAUDIOSERVICE.EXE 
C:\Windows\RtHDVCpl.exe 
C:\Windows\TrueprintCfg.exe 
C:\Windows\SkyTel.exe 
C:\Windows\USetup.iss 
C:\Windows\RtlUpd.exe 
C:\Windows\RtlExUpd.dll 
C:\Windows\UNNeroVision.exe 
C:\Windows\UNNeroBackItUp.exe 
C:\Windows\UNNeroShowTime.exe 
C:\Windows\RSetupCE.exe 
C:\Windows\WMSysPr9.prx 
C:\Windows\twunk_16.exe 
C:\Windows\twain_32.dll 
C:\Windows\twunk_32.exe 
C:\Windows\twain.dll 
C:\Windows\winhlp32.exe 
C:\Windows\hh.exe 
C:\Windows\mib.bin 
C:\Windows\agrsmdel.exe 
C:\Windows\HomePremium.xml 
C:\Windows\_default.pif 
C:\Windows\winhelp.exe 
C:\Windows\msdfmap.ini 
C:\Windows\UNNeroMediaHome.cfg 
C:\Windows\UNNeroVision.cfg 
C:\Windows\UNNeroShowTime.cfg 
C:\Windows\UNRecode.cfg 
C:\Windows\UNNeroBackItUp.cfg 
C:\Windows\epsuninst.exe 
C:\Windows\WMPrfNLd.prx 
C:\Windows\WMPrfFra.prx 
C:\Windows\WMPrfEsp.prx 
C:\Windows\WMPrfDEU.prx 
C:\Windows\WMPrfDan.prx 
C:\Windows\WMPrfIta.prx 
C:\Windows\WMPrfPtg.prx 
C:\Windows\psuninst2.exe 
C:\Windows\setdebug.exe 
C:\Windows\jautoexp.dat 
C:\Windows\SWSC.exe 
C:\Windows\grep.exe 
C:\Windows\zip.exe 
C:\Windows\SWREG.exe 
C:\Windows\sed.exe 
C:\Windows\SWXCACLS.exe 
C:\Windows\REGTLIB.EXE 
C:\Windows\unvise32.exe 
C:\Windows\Unwise.exe 
C:\Windows\uninst.exe 
C:\Windows\JAUTOEXP.INI 
C:\Windows\FRONTPG.INI 
C:\Windows\unin0407.exe 
----------------------------------------

 
C:\Windows\System

C:\Windows\System\ms.ico 
C:\Windows\System\sm.ico 
C:\Windows\System\sd.ico 
C:\Windows\System\cf.ico 
C:\Windows\System\DriveIcon.dll 
C:\Windows\System\mciwave.drv 
C:\Windows\System\mciseq.drv 
C:\Windows\System\avicap.dll 
C:\Windows\System\avifile.dll 
C:\Windows\System\mciavi.drv 
C:\Windows\System\msvideo.dll 
C:\Windows\System\OLESVR.DLL 
C:\Windows\System\WFWNET.DRV 
C:\Windows\System\COMMDLG.DLL 
C:\Windows\System\TIMER.DRV 
C:\Windows\System\MMSYSTEM.DLL 
C:\Windows\System\mmtask.tsk 
C:\Windows\System\mouse.drv 
C:\Windows\System\vga.drv 
C:\Windows\System\sound.drv 
C:\Windows\System\keyboard.drv 
C:\Windows\System\SHELL.DLL 
C:\Windows\System\system.drv 
C:\Windows\System\ver.dll 
C:\Windows\System\olecli.dll 
C:\Windows\System\lzexpand.dll 
C:\Windows\System\stdole.tlb 
C:\Windows\System\MyMulti.ico 
C:\Windows\System\FP30WEC.DLL 
C:\Windows\System\VI30AUT.DLL 
C:\Windows\System\VI30WRP.DLL 
C:\Windows\System\FP30WEL.DLL 
C:\Windows\System\FP30TXT.DLL 
C:\Windows\System\FP30UTL.DLL 
----------------------------------------

 
C:\Windows\System32

C:\Windows\system32\perfh007.dat 
C:\Windows\system32\perfh009.dat 
C:\Windows\system32\perfc009.dat 
C:\Windows\system32\PerfStringBackup.INI 
C:\Windows\system32\perfc007.dat 
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 
C:\Windows\system32\drivers 
C:\Windows\system32\Tasks 
C:\Windows\system32\config 
C:\Windows\system32\KGBDXX 
C:\Windows\system32\PANJVOI 
C:\Windows\system32\KNJYS 
C:\Windows\system32\UEGYL 
C:\Windows\system32\catroot2 
C:\Windows\system32\catroot 
C:\Windows\system32\BIOAPIFFDB 
C:\Windows\system32\javaws.exe 
C:\Windows\system32\javaw.exe 
C:\Windows\system32\java.exe 
C:\Windows\system32\deploytk.dll 
C:\Windows\system32\GroupPolicy 
C:\Windows\system32\DRVSTORE 
C:\Windows\system32\lsdelete.exe 
C:\Windows\system32\wbem 
C:\Windows\system32\spool 
C:\Windows\system32\Msdtc 
C:\Windows\system32\CodeIntegrity 
C:\Windows\system32\spsys.log 
C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat 
C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp 
C:\Windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat 
C:\Windows\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp 
C:\Windows\system32\mrt.exe 
C:\Windows\system32\migration 
C:\Windows\system32\WDI 
C:\Windows\system32\fmod.dll 
C:\Windows\system32\MpSigStub.exe 
C:\Windows\system32\awrdscdc.ax 
C:\Windows\system32\wininet.dll 
C:\Windows\system32\urlmon.dll 
C:\Windows\system32\occache.dll 
C:\Windows\system32\mshtml.dll 
C:\Windows\system32\msfeedsbs.dll 
C:\Windows\system32\msfeeds.dll 
C:\Windows\system32\jsproxy.dll 
C:\Windows\system32\inetcpl.cpl 
C:\Windows\system32\ieui.dll 
C:\Windows\system32\iesysprep.dll 
C:\Windows\system32\iesetup.dll 
C:\Windows\system32\iertutil.dll 
C:\Windows\system32\iernonce.dll 
C:\Windows\system32\iepeers.dll 
C:\Windows\system32\ieframe.dll 
C:\Windows\system32\iedkcs32.dll 
C:\Windows\system32\ieUnatt.exe 
C:\Windows\system32\ie4uinit.exe 
C:\Windows\system32\msfeedssync.exe 
C:\Windows\system32\mshtml.tlb 
C:\Windows\system32\de-DE 
C:\Windows\system32\tsbyuv.dll 
C:\Windows\system32\quartz.dll 
C:\Windows\system32\msyuv.dll 
C:\Windows\system32\msvfw32.dll 
C:\Windows\system32\msvidc32.dll 
C:\Windows\system32\msrle32.dll 
C:\Windows\system32\mciavi32.dll 
C:\Windows\system32\iyuv_32.dll 
C:\Windows\system32\avifil32.dll 
C:\Windows\system32\RMBin 
C:\Windows\system32\FNTCACHE.DAT 
C:\Windows\system32\QuickTime.qts 
C:\Windows\system32\QuickTimeVR.qtx 
C:\Windows\system32\nshhttp.dll 
C:\Windows\system32\httpapi.dll 
C:\Windows\system32\avgrsstx.dll 
C:\Windows\system32\MSDATGRD.oca 
C:\Windows\system32\MSFLXGRD.oca 
C:\Windows\system32\MSCOMM32.oca 
C:\Windows\system32\RICHTX32.oca 
C:\Windows\system32\TABCTL32.oca 
C:\Windows\system32\tzres.dll 
C:\Windows\system32\GDIPFONTCACHEV1.DAT 
C:\Windows\system32\Office 2007-2003 Genuine Advantage (OGA) Cracked [kingbear] 
C:\Windows\system32\LegitCheckControl.DLL 
C:\Windows\system32\t2embed.dll 
C:\Windows\system32\fontsub.dll 
C:\Windows\system32\ezsidmv.dat 
C:\Windows\system32\rastls.dll 
C:\Windows\system32\zh-TW 
C:\Windows\system32\zh-HK 
C:\Windows\system32\tr-TR 
C:\Windows\system32\sv-SE 
C:\Windows\system32\pt-BR 
C:\Windows\system32\nl-NL 
C:\Windows\system32\nb-NO 
C:\Windows\system32\ko-KR 
C:\Windows\system32\it-IT 
C:\Windows\system32\he-IL 
C:\Windows\system32\fr-FR 
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 
C:\Windows\Tasks\SA.DAT 
C:\Windows\Tasks\SCHEDLGU.TXT 
----------------------------------------

 
C:\Windows\Temp

C:\Windows\Temp\ehprivjob.log 
C:\Windows\Temp\ehprivjob1.log 
C:\Windows\Temp\GoogleToolbarInstaller1.log 
----------------------------------------

 
C:\Users\xxxxxxxx\AppData\Local\Temp

C:\Users\xxxxxxxx\AppData\Local\Temp\8553b70f-ab60-4721-a1b6-ae4d097cdb8a.mht
C:\Users\xxxxxxxx\AppData\Local\Temp\jusched.log
C:\Users\xxxxxxxx\AppData\Local\Temp\~DF5FD9.tmp
C:\Users\xxxxxxxx\AppData\Local\Temp\~DF5B96.tmp
C:\Users\xxxxxxxx\AppData\Local\Temp\MUI
C:\Users\xxxxxxxx\AppData\Local\Temp\WPDNSE
C:\Users\xxxxxxxx\AppData\Local\Temp\wmplog02.sqm
C:\Users\xxxxxxxx\AppData\Local\Temp\wmplog01.sqm
C:\Users\xxxxxxxx\AppData\Local\Temp\~DFB23.tmp
C:\Users\xxxxxxxx\AppData\Local\Temp\catchme.dll
C:\Users\xxxxxxxx\AppData\Local\Temp\wmplog00.sqm
C:\Users\xxxxxxxx\AppData\Local\Temp\plugtmp
C:\Users\xxxxxxxx\AppData\Local\Temp\AdobeARM.log
C:\Users\xxxxxxxx\AppData\Local\Temp\Low
C:\Users\xxxxxxxx\AppData\Local\Temp\Google Toolbar
----------------------------------------

 
C:\Program Files

C:\Program Files\Common Files 
C:\Program Files\InstallShield Installation Information 
C:\Program Files\AuthenTec 
C:\Program Files\Java 
C:\Program Files\Softex 
C:\Program Files\Lavasoft 
C:\Program Files\Google 
C:\Program Files\PixiePack Codec Pack 
C:\Program Files\Soliddocuments 
C:\Program Files\Hexacto Games 
C:\Program Files\Internet Explorer 
C:\Program Files\Microsoft Silverlight 
C:\Program Files\ACCESS 
C:\Program Files\Windows Media Player 
C:\Program Files\SPCA1528 
C:\Program Files\Microsoft Windows 7 Upgrade Advisor 
C:\Program Files\AVG 
C:\Program Files\Skype 
C:\Program Files\Resco 
C:\Program Files\Yahoo 
C:\Program Files\Microsoft ActiveSync 
C:\Program Files\IMPlus 2.14 for MSSP 
C:\Program Files\Enigma Software Group 
C:\Program Files\Windows Calendar 
C:\Program Files\Windows Mail 
C:\Program Files\Movie Maker 
C:\Program Files\Windows Sidebar 
C:\Program Files\Windows Collaboration 
C:\Program Files\Windows Journal 
C:\Program Files\Windows Photo Gallery 
C:\Program Files\Windows Defender 
C:\Program Files\Database Tools 
C:\Program Files\Aspecto Software 
C:\Program Files\SoftMaker Office 2008 
C:\Program Files\Kakuro 
C:\Program Files\SuDokuV2 
C:\Program Files\TorrentSpeeder 
C:\Program Files\allReader 2.6 
C:\Program Files\Anywhere Software 
C:\Program Files\SuDoku 
C:\Program Files\PocketRAR 
C:\Program Files\Lonely Cat Games 
C:\Program Files\LifeView MVP 
C:\Program Files\Syncrosoft 
C:\Program Files\Steinberg 
C:\Program Files\DIFX 
C:\Program Files\AGEIA Technologies 
C:\Program Files\Windows Media-Komponenten 
C:\Program Files\PC Camer@ 
C:\Program Files\ComPlus Applications 
C:\Program Files\Web Publish 
C:\Program Files\Microsoft Works 
C:\Program Files\MSBuild 
C:\Program Files\Microsoft Office 
C:\Program Files\Microsoft Visual Studio 
C:\Program Files\Microsoft.NET 
C:\Program Files\Microsoft Visual Studio 8 
C:\Program Files\Apple Software Update 
C:\Program Files\Eyeball 
C:\Program Files\Microsoft CAPICOM 2.1.0.2 
C:\Program Files\MSXML 4.0 
C:\Program Files\Gemeinsame Dateien 
C:\Program Files\Windows NT 
C:\Program Files\MEDIONmail 
C:\Program Files\GoogleEULA 
C:\Program Files\Nero 
C:\Program Files\HomeCinema 
C:\Program Files\CyberLink 
C:\Program Files\Launch Manager 
C:\Program Files\X10 Hardware 
C:\Program Files\Fingerprint Sensor 
C:\Program Files\Synaptics 
C:\Program Files\Realtek 
C:\Program Files\Intel 
C:\Program Files\desktop.ini 
C:\Program Files\Uninstall Information 
C:\Program Files\Microsoft Games 
C:\Program Files\Reference Assemblies 
----------------------------------------

 
C:\ProgramData\.. 

Default    
Public    
Administrator    
xxxxxxxx    
ew210431    
desktop.ini    
Default User    
All Users    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts


----------------------------------------



Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0       119.368 K
smss.exe                       600 Services                   0         1.548 K
csrss.exe                      740 Services                   0        10.356 K
wininit.exe                    792 Services                   0         9.028 K
csrss.exe                      804 Console                    1        16.936 K
services.exe                   836 Services                   0        13.092 K
lsass.exe                      848 Services                   0         2.464 K
lsm.exe                        856 Services                   0         9.080 K
svchost.exe                   1036 Services                   0        12.916 K
nvvsvc.exe                    1080 Services                   0        20.156 K
OmniServ.exe                  1092 Services                   0        28.964 K
svchost.exe                   1120 Services                   0        13.356 K
svchost.exe                   1228 Services                   0        19.572 K
winlogon.exe                  1280 Console                    1        10.992 K
svchost.exe                   1312 Services                   0       101.732 K
svchost.exe                   1328 Services                   0        48.132 K
audiodg.exe                   1544 Services                   0        19.528 K
svchost.exe                   1568 Services                   0        10.396 K
SLsvc.exe                     1584 Services                   0        28.124 K
svchost.exe                   1612 Services                   0        29.712 K
nvvsvc.exe                    1720 Console                    1        23.016 K
svchost.exe                   1772 Services                   0        32.428 K
spoolsv.exe                   2008 Services                   0        27.508 K
svchost.exe                   2044 Services                   0        26.532 K
avgwdsvc.exe                   900 Services                   0         2.112 K
svchost.exe                   1028 Services                   0        10.068 K
IAANTmon.exe                   808 Services                   0        22.676 K
NBService.exe                 2072 Services                   0        23.912 K
IoctlSvc.exe                  2160 Services                   0         8.208 K
svchost.exe                   2196 Services                   0        12.276 K
RichVideo.exe                 2208 Services                   0        20.056 K
svchost.exe                   2276 Services                   0        24.628 K
svchost.exe                   2336 Services                   0         5.344 K
avgnsx.exe                    2416 Services                   0        21.500 K
SearchIndexer.exe             2472 Services                   0        36.060 K
avgemc.exe                    2560 Services                   0           756 K
WUDFHost.exe                  2636 Services                   0        23.088 K
avgcsrvx.exe                  2840 Services                   0         8.608 K
taskeng.exe                   2916 Services                   0        24.508 K
avgchsvx.exe                  2980 Services                   0         1.512 K
avgrsx.exe                    3008 Services                   0           628 K
avgcsrvx.exe                  3028 Services                   0           396 K
dwm.exe                       3448 Console                    1         8.732 K
explorer.exe                  3504 Console                    1        76.804 K
taskeng.exe                   3564 Console                    1        31.148 K
IAAnotif.exe                  3960 Console                    1        22.660 K
opvapp.exe                    4040 Console                    1        25.704 K
SynTPStart.exe                4068 Console                    1        21.188 K
LaunchAp.exe                  2316 Console                    1        23.044 K
HotkeyApp.exe                 2436 Console                    1        26.036 K
OSD.exe                       2584 Console                    1        21.836 K
WButton.exe                   2016 Console                    1        23.236 K
CLMLSvc.exe                   2624 Console                    1        26.144 K
RtHDVCpl.exe                  1688 Console                    1        25.480 K
VCDDaemon.exe                 3280 Console                    1        20.476 K
Monitor.exe                   3496 Console                    1        21.068 K
WisLMSvc.exe                  3792 Services                   0        21.820 K
jusched.exe                   3344 Console                    1        20.948 K
WmiPrvSE.exe                  1464 Services                   0        11.912 K
scureapp.exe                  1476 Console                    1        33.688 K
ehtray.exe                    1700 Console                    1        19.220 K
wmpnscfg.exe                  1536 Console                    1        10.528 K
ehmsas.exe                     336 Console                    1         8.612 K
SynTPEnh.exe                  1152 Console                    1        23.012 K
unsecapp.exe                  4112 Console                    1         9.940 K
wmpnetwk.exe                  4212 Services                   0        27.780 K
ehsched.exe                   4460 Services                   0         9.120 K
MDM.EXE                       4668 Console                    1         9.784 K
ehrecvr.exe                   4896 Services                   0        26.904 K
avgtray.exe                   1436 Console                    1        22.028 K
wuauclt.exe                   5200 Console                    1        25.016 K
taskmgr.exe                   5696 Console                    1        25.544 K
avgui.exe                     5148 Console                    1        29.256 K
avgcfgex.exe                  5156 Console                    1        19.852 K
rundll32.exe                  4152 Console                    1        24.900 K
FirewallControlPanel.exe      5312 Console                    1        26.868 K
conime.exe                    5844 Console                    1         3.724 K
notepad.exe                    944 Console                    1         4.872 K
SearchProtocolHost.exe        3272 Services                   0         8.420 K
SearchFilterHost.exe          1452 Services                   0         6.604 K
cmd.exe                        232 Console                    1         2.900 K
tasklist.exe                  3352 Console                    1         4.880 K
WmiPrvSE.exe                   892 Services                   0         5.888 K

 
***** Ende des Scans 22.02.2010 um 17:59:25,19 ***

OTL log:

Code:

OTL logfile created on: 22.02.2010 18:01:03 - Run 2
OTL by OldTimer - Version 3.1.30.1     Folder = C:\Users\xxxxxxxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 248,58 Gb Total Space | 178,62 Gb Free Space | 71,86% Space Free | Partition Type: NTFS
Drive D: | 49,50 Gb Total Space | 6,79 Gb Free Space | 13,73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NB_2009
Current User Name: xxxxxxxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxxxxxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\AVG\AVG9\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Programs\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Softex\OmniPass\scureapp.exe ()
PRC - C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)
PRC - C:\Programme\Softex\OmniPass\opvapp.exe ()
PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FirewallControlPanel.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Launch Manager\LaunchAp.exe ()
PRC - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Windows\System32\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Windows\System32\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\xxxxxxxx\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TKKMUFJ) --  File not found
SRV - (PAGDHA) --  File not found
SRV - (BOLVSVCXK) --  File not found
SRV - (AZSEKBXTO) --  File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (SbieSvc) -- C:\Programs\Sandboxie\SbieSvc.exe (tzuk)
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SMServer) -- C:\Windows\System32\snmvtsvc.exe (SMServer)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (uvnc_service) -- C:\Programs\UltraVNC\WinVNC.exe (UltraVNC)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (WinVNC4) -- C:\Programs\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 3) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (IGDCTRL) -- C:\Programs\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\System32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AutoShutdown) -- C:\Programs\AutoShutdown\AS_Service.exe (Barefoot Productions, Inc.)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
SRV - (Visual Studio Analyzer RPC bridge) -- C:\Programs\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SDTHelper) -- D:\_temp\SDTHLPR.sys ()
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (SbieDrv) -- C:\Programs\Sandboxie\SbieDrv.sys (tzuk)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MusCAudio) -- C:\Windows\System32\drivers\MusCAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (LVMST) -- C:\Windows\System32\drivers\LVMST.sys (Animation Technologies Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM) -- C:\Windows\System32\drivers\lmvac.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ISODrive) -- C:\Programs\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (iTurns) -- C:\Windows\System32\drivers\iTurnsDriver.sys (Pixbyte Development SL)
DRV - (TotRec7) -- C:\Windows\System32\drivers\TotRec7.sys (High Criteria inc.)
DRV - (YMIDUSBW) Yamaha USB-MIDI Driver (WDM) -- C:\Windows\System32\drivers\ymidusbw.sys (Yamaha Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (usbanyka) -- C:\Windows\System32\drivers\usbanyka.sys (Anyka (Guangzhou) Software Technology Co., Ltd.)
DRV - (vncmirror) -- C:\Windows\System32\drivers\vncmirror.sys (RealVNC Ltd.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (drhard) -- C:\Windows\System32\drivers\drhard.sys (Licensed for Gebhard Software)
DRV - (CLEDX) -- C:\Windows\System32\drivers\cledx.sys (Team H2O)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.medion.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {b80e3187-dfe3-879f-dc50-c893d60ae36c}:4.6.6.3
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009.12.13 09:15:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programs\MozillaFirefox\components [2010.02.18 14:26:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programs\MozillaFirefox\plugins [2010.02.18 14:26:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Programs\MozillaThunderbird\components [2010.02.05 10:58:02 | 000,000,000 | ---D | M]
 
[2009.12.10 17:07:43 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\Extensions
[2009.12.10 17:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.22 16:51:03 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\1qjfkobl.default\extensions
[2010.02.04 09:14:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\1qjfkobl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.20 09:49:09 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\1qjfkobl.default\extensions\elemhidehelper@adblockplus.org
[2010.02.15 14:04:18 | 000,000,261 | ---- | M] () -- C:\Users\xxxxxxxx\AppData\Roaming\Mozilla\FireFox\Profiles\1qjfkobl.default\searchplugins\Search.xml
 
O1 HOSTS File: ([2010.02.22 15:27:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SolidConverter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programs\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SolidConverter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programs\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [muBlinder] C:\Windows\muBlinder.exe (KRX)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programs\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programs\AllMusicConverter\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programs\AllMusicConverter\YouTubeRipper.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\Spybot\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.02.22 15:37:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.02.22 15:37:04 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Local\temp
[2010.02.22 15:28:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.02.22 15:07:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.02.21 15:50:48 | 000,000,000 | ---D | C] -- C:\SDFix
[2010.02.21 15:15:26 | 000,472,064 | ---- | C] ( ) -- C:\Users\xxxxxxxx\Desktop\RootRepeal.exe
[2010.02.21 15:14:43 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\Desktop\RootRepeal
[2010.02.20 09:26:00 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxxxxx\Desktop\OTL.exe
[2010.02.19 11:57:20 | 000,000,000 | ---D | C] -- C:\Program
[2010.02.19 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\Pavark
[2010.02.19 11:17:04 | 000,000,000 | ---D | C] -- C:\cf.exe
[2010.02.19 11:06:49 | 000,000,000 | ---D | C] -- C:\cf18998c
[2010.02.19 10:44:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.02.19 10:44:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.02.19 10:44:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.02.19 10:44:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.02.19 10:44:49 | 000,000,000 | ---D | C] -- C:\cf
[2010.02.18 10:26:48 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Local\BuildAGadget Content
[2010.02.17 20:32:51 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.02.17 19:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\UIB
[2010.02.17 19:58:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\BIOAPIFFDB
[2010.02.17 19:46:37 | 000,146,688 | ---- | C] (AuthenTec, Inc.) -- C:\Windows\System32\drivers\atswpdrv.sys
[2010.02.17 19:46:27 | 000,000,000 | ---D | C] -- C:\Programme\AuthenTec
[2010.02.17 19:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.02.17 19:24:19 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.02.17 19:24:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.02.17 19:24:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.02.17 19:24:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.02.17 19:23:49 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.02.17 19:21:49 | 000,000,000 | ---D | C] -- C:\Programme\Softex
[2010.02.17 17:03:00 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\InstallShield
[2010.02.17 17:02:39 | 000,000,000 | ---D | C] -- C:\temp
[2010.02.16 15:15:16 | 000,000,000 | R--D | C] -- C:\Sandbox
[2010.02.16 14:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.02.16 13:52:12 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\QuickScan
[2010.02.16 12:57:05 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.02.16 12:57:02 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.02.16 12:57:02 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.02.16 12:57:02 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.02.16 12:00:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.02.16 10:42:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.02.16 10:42:42 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.02.16 10:42:12 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.02.15 19:04:27 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.02.15 16:22:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.02.15 16:21:31 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.02.15 16:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.02.15 16:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.02.15 16:16:30 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\SUPERAntiSpyware.com
[2010.02.15 13:50:32 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\Thinstall
[2010.02.07 11:59:32 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\WinRAR
[2010.02.07 11:57:27 | 000,000,000 | ---D | C] -- C:\Cryptload
[2010.02.06 12:30:39 | 000,000,000 | ---D | C] -- C:\Programme\PixiePack Codec Pack
[2010.02.06 12:04:03 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Local\RapidSolution
[2010.02.06 11:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2010.02.06 11:12:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TuneClone
[2010.02.06 10:54:19 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\SolidDocuments
[2010.02.06 10:54:17 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\SolidDocuments
[2010.02.06 10:53:09 | 000,000,000 | ---D | C] -- C:\Programme\Soliddocuments
[2010.02.06 10:13:24 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\AccurateRip
[2010.02.06 10:00:19 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Local\WMA-MP3.com
[2010.02.06 09:57:45 | 000,025,616 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\lmvac.sys
[2010.02.06 09:28:23 | 000,000,000 | ---D | C] -- C:\Converted
[2010.02.02 18:28:14 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\CDRoller
[2010.02.02 17:45:42 | 000,245,760 | ---- | C] (SMServer) -- C:\Windows\System32\snmvtsvc.exe
[2010.02.02 17:45:40 | 000,023,096 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\MusCAudio.sys
[2010.02.02 17:45:40 | 000,023,096 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\MusCAudio.sys
[2010.02.02 17:45:40 | 000,010,936 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\MusCVideo.dll
[2010.02.02 17:45:40 | 000,003,768 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\MusCVideo.sys
[2010.02.01 09:05:58 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Local\QuickPar
[2010.01.30 12:34:35 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010.01.30 12:34:22 | 000,000,000 | ---D | C] -- C:\Programme\Hexacto Games
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.02.22 18:01:28 | 004,194,304 | -HS- | M] () -- C:\Users\xxxxxxxx\ntuser.dat
[2010.02.22 17:36:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.02.22 17:09:54 | 001,448,126 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.02.22 17:09:54 | 000,637,346 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.02.22 17:09:54 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.02.22 17:09:54 | 000,128,786 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.02.22 17:09:54 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.02.22 17:02:58 | 000,065,372 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.02.22 17:02:34 | 000,065,372 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.02.22 17:02:27 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.02.22 17:02:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.02.22 17:02:19 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.02.22 17:02:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.02.22 17:02:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.02.22 17:02:01 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.22 17:01:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.02.22 17:01:16 | 000,524,288 | -HS- | M] () -- C:\Users\xxxxxxxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.02.22 17:01:16 | 000,065,536 | -HS- | M] () -- C:\Users\xxxxxxxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.02.22 17:01:12 | 004,123,248 | -H-- | M] () -- C:\Users\xxxxxxxx\AppData\Local\IconCache.db
[2010.02.22 15:28:06 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.02.22 15:27:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.02.22 15:04:06 | 000,000,000 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\settings.dat
[2010.02.22 14:55:02 | 003,868,001 | R--- | M] () -- C:\Users\xxxxxxxx\Desktop\cfFEB22.exe
[2010.02.22 14:04:47 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.02.22 13:11:49 | 000,192,512 | ---- | M] (ICSharpCode.net) -- C:\Windows\ICSharpCode.SharpZipLib.dll
[2010.02.22 13:05:35 | 000,000,000 | ---- | M] () -- C:\Windows\System32\KGBDXX
[2010.02.22 11:13:47 | 000,108,544 | ---- | M] () -- C:\Users\xxxxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.22 09:50:23 | 001,954,304 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\HausVerbrauch_BadSalzschlirf.xls
[2010.02.22 09:35:14 | 056,071,489 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.02.21 15:40:18 | 000,000,053 | ---- | M] () -- C:\Windows\wininit.ini
[2010.02.21 15:02:29 | 001,529,241 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\SDFix.exe
[2010.02.21 09:55:45 | 000,109,713 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\CT_MiniAbo_Nach4kündigen.jpg
[2010.02.20 09:38:32 | 000,001,482 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010.02.20 09:26:14 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxxxxx\Desktop\OTL.exe
[2010.02.20 09:21:30 | 000,293,376 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\vltrpkbr.exe
[2010.02.19 15:24:14 | 801,898,476 | ---- | M] () -- C:\Windows\System32\KNJYS
[2010.02.19 15:24:14 | 544,604,159 | ---- | M] () -- C:\Windows\System32\PANJVOI
[2010.02.19 14:56:16 | 000,142,336 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\cm.exe
[2010.02.19 14:13:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\UEGYL
[2010.02.19 10:09:21 | 000,000,680 | ---- | M] () -- C:\Users\xxxxxxxx\AppData\Local\d3d9caps.dat
[2010.02.18 17:59:25 | 000,033,658 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\cc_20100218_175802.reg
[2010.02.18 17:56:37 | 000,000,082 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\cc_20100218_175634.reg
[2010.02.18 15:13:43 | 000,001,623 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\Command Prompt.lnk
[2010.02.17 20:44:28 | 000,018,620 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Omni_MW.opi
[2010.02.17 19:23:52 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010.02.17 19:23:52 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.02.17 19:23:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.02.17 19:23:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.02.16 14:31:16 | 001,253,537 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Lenco_MMC290.PDF
[2010.02.16 12:47:46 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.02.15 19:56:50 | 000,000,559 | ---- | M] () -- C:\Windows\win.ini
[2010.02.15 19:45:47 | 000,067,404 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\snap.jpg
[2010.02.15 18:49:05 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.02.15 18:48:11 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010.02.15 18:38:17 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.02.15 18:24:47 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\Basic4ppc Desktop.lnk
[2010.02.15 18:19:28 | 000,116,552 | ---- | M] () -- C:\Users\xxxxxxxx\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.15 11:36:06 | 000,141,156 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Meistro_StromAntrag.pdf
[2010.02.12 17:11:49 | 000,861,818 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Lenco_CR31-USB-SD_GER.pdf
[2010.02.10 10:04:06 | 000,001,640 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\PeerBlock.lnk
[2010.02.09 09:49:27 | 000,000,093 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010.02.08 10:00:41 | 000,524,705 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllZ.csv
[2010.02.08 10:00:40 | 001,164,442 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllR.csv
[2010.02.08 10:00:40 | 000,000,000 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllS.csv
[2010.02.08 10:00:39 | 000,901,959 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllO.csv
[2010.02.08 10:00:39 | 000,394,162 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllJ.csv
[2010.02.08 10:00:39 | 000,032,327 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllK.csv
[2010.02.08 10:00:38 | 001,995,439 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllH.csv
[2010.02.08 10:00:35 | 000,328,999 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllC.csv
[2010.02.08 10:00:35 | 000,000,000 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllF.csv
[2010.02.08 10:00:34 | 000,863,034 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\AllB.csv
[2010.02.08 09:21:59 | 000,030,340 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\history_2010.dat
[2010.02.07 11:24:25 | 005,861,221 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Lenco_CR-2850_manual_GER.pdf
[2010.02.06 12:51:16 | 000,026,624 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Pkw-Angebotsanforderung Neukunden.xls
[2010.02.06 12:05:22 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\Tunebite 7.lnk
[2010.02.06 11:27:16 | 000,013,848 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010.02.06 11:26:55 | 000,033,846 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010.02.06 11:03:33 | 000,000,116 | ---- | M] () -- C:\Windows\ConverterCore.INI
[2010.02.06 11:03:28 | 000,165,888 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Meistro_StromAntrag.doc
[2010.02.06 10:56:58 | 000,194,611 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Vattenfall_823800440806(2).doc
[2010.02.06 10:14:05 | 000,003,658 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010.02.06 10:13:54 | 000,033,846 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2010.02.06 09:11:33 | 000,103,478 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Meistro_Strom.JPG
[2010.02.05 10:52:16 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.02.04 18:31:22 | 000,151,269 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Bote20100204.jpg
[2010.02.04 17:41:42 | 000,006,809 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\03.02.Bi27.jpg
[2010.02.04 16:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.02.03 12:03:26 | 000,127,908 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Vattenfall_823800440806(2).pdf
[2010.02.03 10:34:22 | 000,000,012 | ---- | M] () -- C:\Windows\Recorder.dat
[2010.02.02 18:28:18 | 000,000,742 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\CDRoller.lnk
[2010.02.02 17:45:57 | 000,001,601 | ---- | M] () -- C:\Users\Public\Desktop\AllMusicConverter CDRipper.lnk
[2010.02.02 17:45:56 | 000,001,644 | ---- | M] () -- C:\Users\Public\Desktop\AllMusicConverter.lnk
[2010.02.02 17:23:43 | 000,000,772 | ---- | M] () -- C:\Users\xxxxxxxx\Desktop\CD Recovery Toolbox Free.lnk
[2010.02.01 09:45:43 | 000,643,072 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\Expense.mdb
[2010.01.26 10:49:45 | 000,876,000 | ---- | M] () -- C:\Users\xxxxxxxx\Documents\philips_ajm180_12_dfu_eng.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.02.22 15:04:06 | 000,000,000 | ---- | C] () -- C:\Users\xxxxxxxx\Desktop\settings.dat
[2010.02.22 14:59:15 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2010.02.22 14:54:30 | 003,868,001 | R--- | C] () -- C:\Users\xxxxxxxx\Desktop\cfFEB22.exe
[2010.02.22 13:05:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\KGBDXX
[2010.02.21 15:40:18 | 000,000,053 | ---- | C] () -- C:\Windows\wininit.ini
[2010.02.21 15:00:03 | 001,529,241 | ---- | C] () -- C:\Users\xxxxxxxx\Desktop\SDFix.exe
[2010.02.21 09:55:44 | 000,109,713 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\CT_MiniAbo_Nach4kündigen.jpg
[2010.02.20 09:21:13 | 000,293,376 | ---- | C] () -- C:\Users\xxxxxxxx\Desktop\vltrpkbr.exe
[2010.02.19 14:57:13 | 000,142,336 | ---- | C] () -- C:\Users\xxxxxxxx\Desktop\cm.exe
[2010.02.19 14:45:24 | 544,604,159 | ---- | C] () -- C:\Windows\System32\PANJVOI
[2010.02.19 14:24:56 | 801,898,476 | ---- | C] () -- C:\Windows\System32\KNJYS
[2010.02.19 14:13:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\UEGYL
[2010.02.19 10:44:57 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.02.19 10:44:57 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.02.19 10:44:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.02.19 10:44:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.02.19 10:44:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.02.19 09:40:53 | 000,000,680 | ---- | C] () -- C:\Users\xxxxxxxx\AppData\Local\d3d9caps.dat
[2010.02.18 17:58:04 | 000,033,658 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\cc_20100218_175802.reg
[2010.02.18 17:56:37 | 000,000,082 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\cc_20100218_175634.reg
[2010.02.17 20:44:16 | 000,018,620 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Omni_MW.opi
[2010.02.17 20:34:14 | 000,013,824 | ---- | C] () -- C:\Windows\System32\vchannel.dll
[2010.02.16 15:14:32 | 000,001,482 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010.02.16 14:30:56 | 001,253,537 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Lenco_MMC290.PDF
[2010.02.16 12:47:46 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.02.16 10:56:13 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.02.15 19:45:46 | 000,067,404 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\snap.jpg
[2010.02.15 18:38:17 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.02.15 18:24:47 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\Basic4ppc Desktop.lnk
[2010.02.15 11:36:00 | 000,141,156 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Meistro_StromAntrag.pdf
[2010.02.12 17:11:40 | 000,861,818 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Lenco_CR31-USB-SD_GER.pdf
[2010.02.07 11:24:01 | 005,861,221 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Lenco_CR-2850_manual_GER.pdf
[2010.02.06 12:51:15 | 000,026,624 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Pkw-Angebotsanforderung Neukunden.xls
[2010.02.06 12:05:22 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\Tunebite 7.lnk
[2010.02.06 11:27:16 | 000,033,846 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010.02.06 11:27:16 | 000,013,848 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010.02.06 11:03:33 | 000,000,116 | ---- | C] () -- C:\Windows\ConverterCore.INI
[2010.02.06 11:03:26 | 000,165,888 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Meistro_StromAntrag.doc
[2010.02.06 10:56:57 | 000,194,611 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Vattenfall_823800440806(2).doc
[2010.02.06 10:14:05 | 000,033,846 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2010.02.06 10:14:05 | 000,003,658 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010.02.06 10:13:23 | 005,082,488 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010.02.06 09:10:57 | 000,103,478 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Meistro_Strom.JPG
[2010.02.04 18:31:20 | 000,151,269 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Bote20100204.jpg
[2010.02.04 17:41:29 | 000,006,809 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\03.02.Bi27.jpg
[2010.02.03 12:03:26 | 000,127,908 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\Vattenfall_823800440806(2).pdf
[2010.02.02 18:31:23 | 000,000,742 | ---- | C] () -- C:\Users\xxxxxxxx\Desktop\CDRoller.lnk
[2010.02.02 17:45:57 | 000,001,601 | ---- | C] () -- C:\Users\Public\Desktop\AllMusicConverter CDRipper.lnk
[2010.02.02 17:45:56 | 000,001,644 | ---- | C] () -- C:\Users\Public\Desktop\AllMusicConverter.lnk
[2010.02.02 17:45:40 | 000,019,099 | ---- | C] () -- C:\Windows\System32\MusCAudio.inf
[2010.02.02 17:45:40 | 000,002,577 | ---- | C] () -- C:\Windows\System32\MusCVideo.inf
[2010.02.02 17:45:40 | 000,002,539 | ---- | C] () -- C:\Windows\System32\MusCVideo.cat
[2010.02.02 17:45:40 | 000,002,100 | ---- | C] () -- C:\Windows\System32\MusCAudio.cat
[2010.02.02 17:23:43 | 000,000,772 | ---- | C] () -- C:\Users\xxxxxxxx\Desktop\CD Recovery Toolbox Free.lnk
[2010.01.31 09:31:48 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.01.31 09:31:46 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.01.26 10:49:19 | 000,876,000 | ---- | C] () -- C:\Users\xxxxxxxx\Documents\philips_ajm180_12_dfu_eng.pdf
[2010.01.10 11:58:21 | 000,000,053 | ---- | C] () -- C:\Windows\REGKEYNT.INI
[2010.01.06 10:12:21 | 000,014,115 | ---- | C] () -- C:\Windows\twspmm.ini
[2009.11.25 15:38:51 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.10.08 15:57:44 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2009.09.24 16:09:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.23 03:29:12 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009.09.23 03:29:12 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2009.09.23 03:29:12 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.09.23 03:29:12 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009.09.23 03:29:12 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009.09.23 03:29:12 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009.09.23 03:29:12 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009.09.23 03:29:12 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009.09.23 03:29:12 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009.09.23 03:29:12 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2009.09.23 03:29:12 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009.09.23 03:29:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009.09.23 03:29:12 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009.09.23 03:29:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2009.09.23 03:29:12 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009.09.23 03:29:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009.09.23 03:29:12 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009.09.23 03:29:12 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009.09.23 03:29:12 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dllOLD
[2009.07.28 17:31:58 | 000,000,267 | ---- | C] () -- C:\Windows\w32demo8.ini
[2009.07.17 13:21:18 | 000,027,503 | ---- | C] () -- C:\Users\xxxxxxxx\AppData\Roaming\UserTile.png
[2009.07.07 13:21:33 | 000,003,072 | ---- | C] () -- C:\Windows\System32\716xCoInstallerMST.dll
[2009.06.30 13:04:39 | 000,108,544 | ---- | C] () -- C:\Users\xxxxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.27 17:35:08 | 000,065,372 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.27 17:35:08 | 000,065,372 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.24 11:35:48 | 000,000,216 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009.06.22 17:48:22 | 000,028,124 | ---- | C] () -- C:\Users\xxxxxxxx\AppData\Roaming\nvModes.001
[2009.06.22 17:20:41 | 000,028,124 | ---- | C] () -- C:\Users\xxxxxxxx\AppData\Roaming\nvModes.dat
[2009.06.21 16:23:25 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2009.06.21 16:23:12 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.06.21 12:36:06 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.06.21 09:49:34 | 000,000,114 | ---- | C] () -- C:\Users\xxxxxxxx\AppData\Roaming\wklnhst.dat
[2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.07.23 10:03:08 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008.03.19 07:58:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.03.19 07:57:24 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2007.05.02 18:43:30 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2007.05.02 18:43:30 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2005.01.25 14:15:42 | 000,010,240 | R--- | C] () -- C:\Windows\System32\PA207USD.DLL
[1998.06.09 23:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL
[1998.05.17 23:00:00 | 000,014,017 | ---- | C] () -- C:\Windows\JAUTOEXP.INI
[1998.04.23 23:00:00 | 000,000,218 | ---- | C] () -- C:\Windows\FRONTPG.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 980 bytes -> C:\Users\xxxxxxxx\Documents\2009_01_16_Schritte gegen UnityMedia wg mehrfacher unerlaubter Anrufe.eml:OECustomProperty
@Alternate Data Stream - 976 bytes -> C:\Users\xxxxxxxx\Documents\(Attn Fr_ xxxxxxxx)_ Mozartstrasse 65 Informationen.eml:OECustomProperty
@Alternate Data Stream - 868 bytes -> C:\Users\xxxxxxxx\Documents\Mozartstrasse 65 Informationen.eml:OECustomProperty
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B174FAE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66E02052
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >

Gmer Log

Code:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-22 17:58:36
Windows 6.0.6002 Service Pack 2
Running: vltrpkbr.exe; Driver: C:\Users\xxxxxxxx\AppData\Local\Temp\fwrdqpob.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                  [73767817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                   [737BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]               [7376BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]         [7375F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                   [737675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                [7375E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]    [73798395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]       [7376DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]               [7375FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                [7375FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                 [737571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]         [737ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]            [7378C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]               [7375D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                         [73756853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                        [7375687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3504] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]           [73762AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                 SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \FileSystem\fastfat \Fat                                                                               fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015aff3f58f                            
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015aff3f58f (not active ControlSet)        
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat                0x4A 0x63 0x4B 0x5B ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@\24!s!y!f!c!`!j!t!f!t!t!e!d!c!s!f!  19583823

---- EOF - GMER 1.0.15 ----

[pc-jedi]

Das TDSS Rev 3 Rootkit kann nur schwer entdeckt werden, da es die gleiche Größe hat wie der orginale System Treiber. Es filtert die Communication und versteckt so die infizierten Treiber und anderen Komponenten auf der Festplatte.

[pc-jedi]

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung, wenn ja welche? Wenn ich innerhalb von fünf Tagen keine Rückmeldung von Dir erhalte, gehe ich davon aus, dass Du nicht mehr weitermachen möchtest und/oder Du das Problem lösen konntest und werde diesen Thread kommentarlos schließen, damit Kapazitäten für andere wartende User frei werden.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Edit 2.3.2010:
Thread wird mangels Rückmeldung geschlossen.
Bei Bedarf schicke bitte eine PN an mich, ich kann den Thread ggfs. wieder öffnen.