Liebe Forenmitarbeiter,
meine Sunbelt-Software hat mir heute beim Deep Scan in Safe Mode o.g. Trojaner gemeldet. Ich habe die Datei in Quarantäne nehmen lassen. Skeptisch wurde ich, weil ich seit ca 4 Wochen Spybot nicht mehr updaten konnte, auch das manual updating war nicht möglich.
Ich habe die gewünschten scans vorgenommen, hier sind die Ergebnisse:
Analysis
Code:GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-07-21 20:34:02 Windows 6.0.6002 Service Pack 2 Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglcrpod.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BA05340, 0x3481E7, 0xE8000020] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74167817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7416BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7415F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7415E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74198395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7416DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7415FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7415FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7418C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7415D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74156853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7415687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3244] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74162AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snman380.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snman380.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snman380.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 snman380.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\tdx \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) AttachedDevice \Driver\tdx \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) AttachedDevice fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d020b7 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d020b7 (not active ControlSet) ---- EOF - GMER 1.0.15 ----Code:Logfile of random's system information tool 1.08 (written by random/random) Run by Admin at 2010-07-21 20:43:24 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 8 GB (16%) free of 50 GB Total RAM: 2046 MB (49% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:43:33, on 21.07.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Windows\system32\conime.exe E:\dokumente und einstellungen\karin\Desktop\RSIT.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\Admin.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-21-3422163174-322343488-803143304-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Karin') O4 - HKUS\S-1-5-21-3422163174-322343488-803143304-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Karin') O4 - Global Startup: SMART Board Tools.lnk.disabled O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AN - Sysinternals - www.sysinternals.com - C:\Users\Admin\AppData\Local\Temp\AN.exe O23 - Service: EXLAOP - Sysinternals - www.sysinternals.com - C:\Users\Admin\AppData\Local\Temp\EXLAOP.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: VIPRE Antivirus Premium (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TQCWWBGQQ - Sysinternals - www.sysinternals.com - C:\Users\Admin\AppData\Local\Temp\TQCWWBGQQ.exe -- End of file - 6082 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}] CIEDownload Object - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll [2010-01-08 247080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}] QUICKfind BHO Object - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll [2007-02-16 457216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-10 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-09 8433664] "SBAMTray"=C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe [2010-04-30 1291600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-11-27 165144] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2008-11-27 962584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GenePccMon.exe] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe [2007-02-13 36864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe [2007-01-08 52256] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\Windows\system32\NvMcTray.dll [2007-07-09 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] C:\Users\Karin\Desktop\Nokia PC Suite 7\PCSuite.exe -onlytray [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe [2007-02-09 71216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] C:\Windows\Skytel.exe [2007-08-03 1826816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Board Service] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe [2010-01-05 3372328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [2010-01-05 1053992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk] C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2007-05-22 2756608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SMART Board Tools.lnk] C:\PROGRA~1\SMARTT~1\SMARTB~1\SMARTB~2.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SMART Board-Werkzeuge.lnk] C:\PROGRA~1\SMARTT~1\SMARTP~1\SMARTB~2.EXE [2010-01-05 11154728] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup SMART Board Tools.lnk.disabled - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBPIMSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-07-21 20:43:24 ----D---- C:\rsit 2010-07-21 20:37:36 ----D---- C:\Program Files\rootkit revealer 2010-07-21 19:47:49 ----D---- C:\programmes 2010-07-21 17:32:25 ----ASH---- C:\hiberfil.sys 2010-07-21 14:52:01 ----A---- C:\Windows\ntbtlog.txt 2010-07-13 02:19:28 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 1 2010-07-10 20:45:50 ----D---- C:\Program Files\Common Files\Java 2010-07-10 20:44:57 ----A---- C:\Windows\system32\javaws.exe 2010-07-10 20:44:57 ----A---- C:\Windows\system32\javaw.exe 2010-07-10 20:44:57 ----A---- C:\Windows\system32\java.exe 2010-07-10 20:43:40 ----D---- C:\Program Files\Java 2010-06-28 01:15:49 ----D---- C:\Users\Admin\AppData\Roaming\vlc 2010-06-22 23:07:27 ----A---- C:\Windows\system32\PresentationHostProxy.dll 2010-06-22 23:07:27 ----A---- C:\Windows\system32\PresentationHost.exe 2010-06-22 23:07:27 ----A---- C:\Windows\system32\netfxperf.dll 2010-06-22 23:07:27 ----A---- C:\Windows\system32\mscoree.dll 2010-06-22 23:07:27 ----A---- C:\Windows\system32\dfshim.dll 2010-06-22 20:32:50 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2010-06-22 20:32:50 ----A---- C:\Windows\system32\Apphlpdm.dll ======List of files/folders modified in the last 1 months====== 2010-07-21 20:43:33 ----D---- C:\Windows\Prefetch 2010-07-21 20:43:06 ----D---- C:\Windows\Temp 2010-07-21 20:37:36 ----RD---- C:\Program Files 2010-07-21 17:30:33 ----D---- C:\Windows\System32 2010-07-21 14:52:01 ----D---- C:\Windows 2010-07-21 14:48:16 ----D---- C:\ProgramData\Spybot - Search & Destroy 2010-07-20 23:57:04 ----SHD---- C:\System Volume Information 2010-07-19 20:23:26 ----D---- C:\Program Files\Foxit Software 2010-07-19 18:24:08 ----D---- C:\Windows\system32\catroot2 2010-07-15 15:45:54 ----D---- C:\Windows\rescache 2010-07-15 14:06:53 ----D---- C:\Windows\winsxs 2010-07-15 00:04:45 ----D---- C:\Windows\Debug 2010-07-14 02:45:06 ----SHD---- C:\Windows\Installer 2010-07-14 02:44:47 ----D---- C:\Windows\system32\catroot 2010-07-14 02:44:43 ----D---- C:\Program Files\Windows Mail 2010-07-13 02:26:11 ----D---- C:\Program Files\Common Files\DVDVideoSoft 2010-07-13 02:15:46 ----D---- C:\Program Files\DVDVideoSoft 2010-07-12 00:49:25 ----D---- C:\Windows\IME 2010-07-12 00:49:25 ----D---- C:\Program Files\Common Files\microsoft shared 2010-07-10 20:45:50 ----D---- C:\Program Files\Common Files 2010-07-10 20:44:00 ----A---- C:\Windows\system32\deployJava1.dll 2010-07-05 23:51:00 ----D---- C:\Windows\inf 2010-07-05 23:51:00 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-07-03 18:14:35 ----D---- C:\Windows\Microsoft.NET 2010-07-03 18:14:10 ----RSD---- C:\Windows\assembly 2010-07-03 00:40:31 ----D---- C:\Program Files\Mozilla Firefox 2010-07-02 21:39:05 ----A---- C:\Windows\system32\mrt.exe 2010-06-27 02:07:29 ----D---- C:\Windows\system32\en-US 2010-06-27 02:07:26 ----D---- C:\Program Files\Microsoft.NET 2010-06-24 20:48:38 ----D---- C:\Program Files\CCleaner 2010-06-22 23:09:29 ----D---- C:\Windows\AppPatch 2010-06-22 23:09:04 ----D---- C:\Windows\ehome ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 snapman380;Acronis Snapshots Manager (Build 380); C:\Windows\system32\DRIVERS\snman380.sys [2009-09-06 134272] R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174); C:\Windows\system32\DRIVERS\tdrpm174.sys [2009-09-06 971552] R0 timounter;Acronis True Image Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2009-09-06 540000] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232] R1 SbFw;SbFw; C:\Windows\system32\drivers\SbFw.sys [2010-04-28 322904] R1 SbTis;SbTis; C:\Windows\system32\drivers\sbtis.sys [2010-04-28 204632] R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-05-24 64000] R2 sbapifs;sbapifs; C:\Windows\system32\DRIVERS\sbapifs.sys [2010-01-04 69720] R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2009-09-06 44704] R3 AgereSoftModem;Agere Systems-Softmodem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552] R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera; C:\Windows\system32\DRIVERS\usbgene.sys [2007-06-26 131584] R3 GearAspiWDM;GEARAspiWDM; C:\Windows\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552] R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-08 2226688] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-09 7140800] R3 PhilCap;NXP service; C:\Windows\system32\DRIVERS\PhilCap.sys [2007-07-31 908896] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-18 8192] R3 RTL8169;Realtek 8169-NT-Treiber; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544] R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-15 47616] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\Windows\system32\DRIVERS\sbfwim.sys [2010-01-14 67800] R3 SMARTMouseFilterx86;HID-compliant mouse; C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2009-12-15 11048] R3 SMARTVHidMini2000x86;SMART HID Device; C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2009-12-15 14120] R3 SMARTVTabletPCx86;SMART Virtual TabletPC; C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2009-12-15 13440] R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600] R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856] R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-23 29696] S3 aglcrpod;aglcrpod; \??\C:\Users\Admin\AppData\Local\Temp\aglcrpod.sys [] S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528] S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632] S3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016] S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992] S3 SbHips;sbhips; C:\Windows\system32\drivers\sbhips.sys [2010-04-28 86232] S3 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [2009-10-13 95024] S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920] S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480] S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728] S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612] S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2007-01-22 53376] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808] S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648] S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808] S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-11-27 554264] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 21504] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024] R2 SBPIMSvc;SB Recovery Service; C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe [2010-04-30 181584] R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 21504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe /svc [] S2 SBAMSvc;VIPRE Antivirus Premium; C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2010-04-30 2730120] S3 AN;AN; C:\Users\Admin\AppData\Local\Temp\AN.exe [2010-07-21 478080] S3 EXLAOP;EXLAOP; C:\Users\Admin\AppData\Local\Temp\EXLAOP.exe [2010-07-21 355200] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-12-05 774144] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408] S3 TQCWWBGQQ;TQCWWBGQQ; C:\Users\Admin\AppData\Local\Temp\TQCWWBGQQ.exe [2010-07-21 514944] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] -----------------EOF-----------------
Code:info.txt logfile of random's system information tool 1.08 2010-07-21 20:43:36 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL Acronis True Image Home-->MsiExec.exe /X{37C8899D-FD70-481F-94AA-1F1B08765E22} Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin AFPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt" Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} Canon Setup Utility 2.0-->"C:\Program Files\Canon\Canon Setup Utility 2.0\Maint.exe" /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.0\uninst.ini Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini Canon Utilities Easy-PrintToolBox-->C:\Windows\BJPSUNST.EXE CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE} CyberLink PhotoNow-->"C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall Das große Oxford Wörterbuch-->"C:\Program Files\Oxford\DGOW\uninstall.exe" DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" Easy-WebPrint-->C:\Windows\IsUn0407.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" Falk Navi-Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3222B0CE-59C5-4CA0-B545-2B88F200756B}\setup.exe" -l0x7 -removeonly Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe Free Audio CD Burner version 1.2-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe" Free Audio CD to MP3 Converter version 1.1-->"C:\Program Files\DVDVideoSoft\Free Audio CD to MP3 Converter\unins000.exe" Free YouTube Download 2.7-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe" Free YouTube to MP3 Converter version 3.6-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe" FreePDF (Remove only)-->C:\Program Files\FreePDF_XP\fpsetup.exe /r Genesys PC Camera Device-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}\setup.exe" -l0x7 -removeonly Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} GPL Ghostscript 8.70-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.70\uninstal.txt" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF} Longman Dictionary of Contemporary English 5th Edition-->"C:\Program Files\Longman\LDOCE5\uninstall.exe" MakeDisc-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\Setup.exe" -uninstall Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MediaShow-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\Setup.exe" -uninstall Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Encarta Premium 2007-->MsiExec.exe /I{07040081-E9B4-4DF6-A845-CAAFD093E477} Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120407-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Firefox (4.0b1)-->C:\Program Files\Mozilla Firefox 4.0 Beta 1\uninstall\helper.exe MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6} MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MyScript HWR (German)-->MsiExec.exe /X{415CD877-0970-4CB6-B178-1E72F7DC60E7} Nero 7 Essentials-->MsiExec.exe /X{63B75E16-F290-4FCD-AF67-A9134CD01031} Nokia Connectivity Cable Driver-->MsiExec.exe /I{6869591A-7DD8-46D2-837F-57CBF7358955} Nokia PC Suite-->C:\ProgramData\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_ger.exe Nokia PC Suite-->MsiExec.exe /I{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568} NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI PC Connectivity Solution-->MsiExec.exe /I{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0} PDFCreator-->C:\Program Files\PDFCreator\unins000.exe PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall PowerDV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\Setup.exe" -uninstall PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall QUICKfind server v1.1-->"C:\Program Files\IDM\QUICKfind\qf_uninstall.exe" Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly RedMon - Redirection Port Monitor-->C:\Windows\system32\unredmon.exe Riva FLV Encoder 2.0-->"C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe" Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A} Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} SMART Notebook-->MsiExec.exe /X{0A0719F0-AD56-42BA-B68C-EFFC330B6F13} SMART Product Drivers-->MsiExec.exe /X{2623A1E3-478A-4F4A-A522-3A3D784A0C9C} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" TVsweeper-->MsiExec.exe /I{CCC8E84E-AB61-4EC0-890D-8B553915B3AD} Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive" VLC media player 1.1.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows 7 Upgrade Advisor-->MsiExec.exe /I{4B719A70-F14A-4f5c-90B5-346B24B7FFF1} Windows Driver Package - Intel (NETw2v32) net (03/06/2007 9.1.1.15)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\Windows\system32\DRVSTORE\netw2_79E5AFE170EFB3D69731535527AE861E8F0D5E3C\netw2.inf Windows Driver Package - Intel (NETw4v32) net (08/08/2007 11.1.1.22)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\Windows\system32\DRVSTORE\netw4v32_17B3A614B731DFCC0BB57C308A976E19828BF324\netw4v32.inf Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_3a2e1afb\nokbtmdm.inf Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_d5bc047a\nokia_bluetooth.inf Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf =====HijackThis Backups===== O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2010-02-18] O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm [2010-05-03] O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-03] O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) [2010-05-03] O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) [2010-05-26] ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AS: Spybot - Search and Destroy (disabled) AS: Windows-Defender (disabled) ======System event log====== Computer Name: Admin-PC Event Code: 4371 Message: Windows-Wartung hat begonnen, den Status des Pakets KB973917(Update) von Installiert(Installed) in Installiert(Installed) zu ändern. Record Number: 116193 Source Name: Microsoft-Windows-Servicing Time Written: 20100715120325.000000-000 Event Type: Informationen User: Admin-PC\Admin Computer Name: Admin-PC Event Code: 4371 Message: Windows-Wartung hat begonnen, den Status des Pakets KB973917(Update) von Installiert(Installed) in Installiert(Installed) zu ändern. Record Number: 116192 Source Name: Microsoft-Windows-Servicing Time Written: 20100715120325.000000-000 Event Type: Informationen User: Admin-PC\Admin Computer Name: Admin-PC Event Code: 4371 Message: Windows-Wartung hat begonnen, den Status des Pakets KB973917(Update) von Installiert(Installed) in Installiert(Installed) zu ändern. Record Number: 116191 Source Name: Microsoft-Windows-Servicing Time Written: 20100715120325.000000-000 Event Type: Informationen User: Admin-PC\Admin Computer Name: Admin-PC Event Code: 4371 Message: Windows-Wartung hat begonnen, den Status des Pakets KB973917(Update) von Installiert(Installed) in Installiert(Installed) zu ändern. Record Number: 116190 Source Name: Microsoft-Windows-Servicing Time Written: 20100715120325.000000-000 Event Type: Informationen User: Admin-PC\Admin Computer Name: Admin-PC Event Code: 4371 Message: Windows-Wartung hat begonnen, den Status des Pakets KB973917(Update) von Installiert(Installed) in Installiert(Installed) zu ändern. Record Number: 116189 Source Name: Microsoft-Windows-Servicing Time Written: 20100715120325.000000-000 Event Type: Informationen User: Admin-PC\Admin =====Application event log===== Computer Name: MEDIONM-JASTJYY Event Code: 8225 Message: Der VSS-Dienst wird aufgrund eines Ereignisses vom Dienststeuerungs-Manager heruntergefahren. Record Number: 53 Source Name: VSS Time Written: 20061211041903.000000-000 Event Type: Informationen User: Computer Name: MEDIONM-JASTJYY Event Code: 901 Message: Der Softwarelizenzierungsdienst wird beendet. Record Number: 52 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20061211041903.000000-000 Event Type: Informationen User: Computer Name: MEDIONM-JASTJYY Event Code: 1003 Message: Softwarelizenzierungsdienst hat die Überprüfung des Lizenzierungsstatus abgeschlossen. Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f Lizenzierungsstatus= {1,[9e042223-03bf-49ae-808f-ff37f128d40d, 8, 0xC004F014,0x0]} {1,[a4eec485-e375-48b4-8f51-80d13a4086b6, 8, 0xC004F014,0x0]} {1,[b6795467-dc45-4acf-af87-e948ee3f15f4, 8, 0xC004F014,0x0]} {1,[bffdc375-bbd5-499d-8ef1-4f37b61c895f, 0, 0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]} {1,[f3acdd3c-119a-4932-a3d7-0b6f33a1dca9, 8, 0xC004F014,0x0]} {1,[afd5f68f-b70f-4000-a21d-28dbc8be8b07, 8, 0xC004F014,0x0]} Record Number: 51 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20061211041858.000000-000 Event Type: Informationen User: Computer Name: MEDIONM-JASTJYY Event Code: 1033 Message: Die Richtlinien werden ausgeschlossen, da sie nur mit dem override-only-Attribut definiert wurden. Richtliniennamen=(IIS-W3SVC-MaxConcurrentRequests) (Telnet-Client-EnableTelnetClient) (Telnet-Client-EnableTelnetClient_w) (Telnet-Server-EnableTelnetServer) (Telnet-Server-EnableTelnetServer_w) Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f SKU-ID=bffdc375-bbd5-499d-8ef1-4f37b61c895f Record Number: 50 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20061211041858.000000-000 Event Type: Informationen User: Computer Name: MEDIONM-JASTJYY Event Code: 1013 Message: Der Windows-Suchdienst wurde normal beendet. Record Number: 49 Source Name: Microsoft-Windows-Search Time Written: 20061211041849.000000-000 Event Type: Informationen User: =====Security event log===== Computer Name: MEDIONM-JASTJYY Event Code: 4647 Message: Benutzerinitiierte Abmeldung: Antragsteller: Sicherheits-ID: S-1-5-21-2530909885-2164797152-889956923-500 Kontoname: Administrator Kontodomäne: MEDIONM-JASTJYY Anmelde-ID: 0x33631 Dieses Ereignis wird generiert, wenn eine Abmeldung initiiert wird, aber die Anzahl der Tokenreferenzen nicht Null ist und die Anmeldesitzung nicht zerstört werden kann. Es kann keiner Benutzerinitiierte Aktion erfolgen. Dieses Ereignis kann als Abmeldeereignis interpretiert werden. Record Number: 99 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20061211041904.987250-000 Event Type: Überwachung erfolgreich User: Computer Name: MEDIONM-JASTJYY Event Code: 4634 Message: Ein Konto wurde abgemeldet. Antragsteller: Sicherheits-ID: S-1-5-7 Kontoname: ANONYMOUS-ANMELDUNG Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x23c76 Anmeldetyp: 3 Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig. Record Number: 98 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20061211041903.940375-000 Event Type: Überwachung erfolgreich User: Computer Name: MEDIONM-JASTJYY Event Code: 4616 Message: Die Systemzeit wurde geändert. Antragsteller: Sicherheits-ID: S-1-5-19 Kontoname: LOKALER DIENST Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e5 Prozessinformationen: Prozess-ID: 0x43c Name: C:\Windows\System32\svchost.exe Vorherige Zeit: 05:19:03 11.12.2006 Neue Zeit: 05:19:03 11.12.2006 Dieses Ereignis wird generiert, wenn die Systemzeit geändert wird. Es ist normal, dass der mit Systemberechtigung ausgeführte Windows-Zeitdienst die Systemzeit regelmäßig ändert. Andere Änderungen der Systemzeit können darauf hinweisen, dass der Computer manipuliert wird. Record Number: 97 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20061211041903.690375-000 Event Type: Überwachung erfolgreich User: Computer Name: MEDIONM-JASTJYY Event Code: 1100 Message: Der Ereignisprotokollierungsdienst wurde heruntergefahren. Record Number: 96 Source Name: Microsoft-Windows-Eventlog Time Written: 20061211041903.721625-000 Event Type: Überwachung erfolgreich User: Computer Name: MEDIONM-JASTJYY Event Code: 1102 Message: Das Überwachungsprotokoll wurde gelöscht. Subjekt: Sicherheits- ID: S-1-5-21-2530909885-2164797152-889956923-500 Kontoname: Administrator Domänenname: MEDIONM-JASTJYY Logon-ID: 0x33631 Record Number: 95 Source Name: Microsoft-Windows-Eventlog Time Written: 20061211041846.034543-000 Event Type: Überwachung erfolgreich User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 -----------------EOF-----------------
Code:$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ º º hjtscanlist v2.0 º º $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Microsoft Windows [Version 6.0.6002] ECHO ist ausgeschaltet (OFF). 21.07.2010 20:43 \rsit --------- 0 21.07.2010 20:37 \Program Files --------- 24576 21.07.2010 19:47 \programmes --------- 0 \hiberfil.sys --------- \pagefile.sys --------- 21.07.2010 14:52 \Windows --------- 28672 20.07.2010 23:57 \System Volume Information --------- 12288 03.05.2010 00:13 \Users --------- 4096 01.04.2010 00:19 \ProgramData --------- 8192 27.03.2010 15:43 \v --------- 0 21.12.2009 00:01 \fpRedmon.log --------- 480 19.11.2009 23:05 \ATI --------- 0 12.09.2009 05:21 \Boot --------- 4096 18.05.2009 00:29 \PerfLogs --------- 0 17.05.2009 19:02 \$RECYCLE.BIN --------- 0 17.05.2009 17:51 \MSOCache --------- 0 17.05.2009 17:39 \BOOTSECT.BAK --------- 8192 17.05.2009 17:03 \MyWorks --------- 0 17.05.2009 16:50 \Programme --------- 0 17.05.2009 16:50 \Dokumente und Einstellungen --------- 0 11.04.2009 08:36 \bootmgr --------- 333257 02.11.2006 15:02 \Documents and Settings --------- 0 18.09.2006 23:43 \config.sys --------- 10 18.09.2006 23:43 \autoexec.bat --------- 24 ---------------------------------------- C:\Windows 21.07.2010 20:58 C:\Windows\WindowsUpdate.log --------- 1055068 21.07.2010 17:32 C:\Windows\bootstat.dat --------- 67584 21.07.2010 17:30 C:\Windows\ntbtlog.txt --------- 306398 21.07.2010 14:51 C:\Windows\PFRO.log --------- 340 21.07.2010 14:50 C:\Windows\bthservsdp.dat --------- 12 10.06.2010 23:38 C:\Windows\win.ini --------- 240 06.09.2009 04:05 C:\Windows\SPInstall.etl --------- 327680 07.06.2009 17:44 C:\Windows\ODBC.INI --------- 400 18.05.2009 00:37 C:\Windows\WindowsShell.Manifest --------- 749 17.05.2009 20:14 C:\Windows\nsreg.dat --------- 0 17.05.2009 17:47 C:\Windows\NeroDigital.ini --------- 49 17.05.2009 17:33 C:\Windows\DIFxAPI.dll --------- 319456 17.05.2009 17:33 C:\Windows\HideWin.exe --------- 315392 11.04.2009 08:27 C:\Windows\explorer.exe --------- 2926592 18.01.2008 23:33 C:\Windows\regedit.exe --------- 134656 18.01.2008 23:33 C:\Windows\notepad.exe --------- 151040 18.01.2008 23:33 C:\Windows\fveupdate.exe --------- 13312 18.01.2008 23:33 C:\Windows\HelpPane.exe --------- 498176 18.01.2008 23:33 C:\Windows\bfsvc.exe --------- 58880 17.08.2007 13:27 C:\Windows\RtHDVCpl.exe --------- 4702208 10.08.2007 14:46 C:\Windows\RtDefLvl.ini --------- 1500 03.08.2007 13:22 C:\Windows\SkyTel.exe --------- 1826816 26.07.2007 18:06 C:\Windows\RtlUpd.exe --------- 1191936 26.07.2007 17:09 C:\Windows\RtlExUpd.dll --------- 520192 02.11.2006 14:35 C:\Windows\WMSysPr9.prx --------- 316640 02.11.2006 14:34 C:\Windows\twunk_16.exe --------- 49680 02.11.2006 14:34 C:\Windows\twain_32.dll --------- 50688 02.11.2006 14:34 C:\Windows\twunk_32.exe --------- 31232 02.11.2006 14:34 C:\Windows\twain.dll --------- 94784 02.11.2006 11:45 C:\Windows\winhlp32.exe --------- 9216 02.11.2006 11:45 C:\Windows\hh.exe --------- 14848 02.11.2006 09:46 C:\Windows\mib.bin --------- 43131 19.09.2006 13:41 C:\Windows\HomePremium.xml --------- 8328 18.09.2006 23:46 C:\Windows\system.ini --------- 219 18.09.2006 23:43 C:\Windows\_default.pif --------- 707 18.09.2006 23:43 C:\Windows\winhelp.exe --------- 256192 18.09.2006 23:30 C:\Windows\msdfmap.ini --------- 1405 14.07.2006 16:29 C:\Windows\UNNeroShowTime.exe --------- 966656 14.07.2006 16:29 C:\Windows\UNNeroMediaHome.exe --------- 966656 14.07.2006 16:29 C:\Windows\UNNeroVision.exe --------- 966656 14.07.2006 16:29 C:\Windows\UNNeroBackItUp.exe --------- 966656 14.07.2006 16:29 C:\Windows\UNRecode.exe --------- 966656 15.09.2005 13:35 C:\Windows\UNNeroMediaHome.cfg --------- 50 30.08.2005 20:37 C:\Windows\UNNeroVision.cfg --------- 50 30.08.2005 20:37 C:\Windows\UNNeroShowTime.cfg --------- 50 30.08.2005 20:36 C:\Windows\UNRecode.cfg --------- 50 30.08.2005 20:33 C:\Windows\UNNeroBackItUp.cfg --------- 50 14.01.2004 03:10 C:\Windows\BJPSUNST.EXE --------- 163840 11.12.2002 20:11 C:\Windows\WMPrfEsp.prx --------- 35590 11.12.2002 20:11 C:\Windows\WMPrfFra.prx --------- 37916 11.12.2002 20:11 C:\Windows\WMPrfIta.prx --------- 35680 11.12.2002 20:11 C:\Windows\WMPrfNLd.prx --------- 32964 11.12.2002 20:11 C:\Windows\WMPrfPtg.prx --------- 35916 11.12.2002 20:11 C:\Windows\WMPrfDEU.prx --------- 33820 11.12.2002 20:11 C:\Windows\WMPrfDan.prx --------- 31712 17.11.1998 13:44 C:\Windows\IsUn0407.exe --------- 328704 ---------------------------------------- C:\Windows\System 15.06.2007 18:08 C:\Windows\System\DriveIcon.dll --------- 4840232 02.11.2006 14:34 C:\Windows\System\mciseq.drv --------- 25264 02.11.2006 14:34 C:\Windows\System\mciwave.drv --------- 28160 02.11.2006 14:34 C:\Windows\System\avicap.dll --------- 69584 02.11.2006 14:34 C:\Windows\System\avifile.dll --------- 109456 02.11.2006 14:34 C:\Windows\System\mciavi.drv --------- 73376 02.11.2006 14:34 C:\Windows\System\msvideo.dll --------- 126912 02.11.2006 09:10 C:\Windows\System\OLESVR.DLL --------- 24064 02.11.2006 09:10 C:\Windows\System\WFWNET.DRV --------- 12704 02.11.2006 09:10 C:\Windows\System\COMMDLG.DLL --------- 32816 02.11.2006 09:10 C:\Windows\System\TIMER.DRV --------- 4048 02.11.2006 09:10 C:\Windows\System\MMSYSTEM.DLL --------- 68992 02.11.2006 09:10 C:\Windows\System\mmtask.tsk --------- 1152 02.11.2006 09:10 C:\Windows\System\mouse.drv --------- 2032 02.11.2006 09:10 C:\Windows\System\vga.drv --------- 2176 02.11.2006 09:10 C:\Windows\System\sound.drv --------- 1744 02.11.2006 09:10 C:\Windows\System\keyboard.drv --------- 2000 02.11.2006 09:10 C:\Windows\System\SHELL.DLL --------- 5120 02.11.2006 09:10 C:\Windows\System\system.drv --------- 3360 18.09.2006 23:43 C:\Windows\System\ver.dll --------- 9008 18.09.2006 23:43 C:\Windows\System\olecli.dll --------- 82944 18.09.2006 23:43 C:\Windows\System\lzexpand.dll --------- 9936 18.09.2006 23:35 C:\Windows\System\stdole.tlb --------- 5532 ---------------------------------------- C:\Windows\System32 21.07.2010 21:03 C:\Windows\system32\hjtscanlist.txt --------- 7220 21.07.2010 19:32 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3264 21.07.2010 19:32 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3264 19.07.2010 18:24 C:\Windows\system32\catroot2 --------- 8192 14.07.2010 02:44 C:\Windows\system32\catroot --------- 4096 10.07.2010 20:44 C:\Windows\system32\javaws.exe --------- 153376 10.07.2010 20:44 C:\Windows\system32\javaw.exe --------- 145184 10.07.2010 20:44 C:\Windows\system32\java.exe --------- 145184 10.07.2010 20:44 C:\Windows\system32\deployJava1.dll --------- 423656 05.07.2010 23:51 C:\Windows\system32\perfh009.dat --------- 591320 05.07.2010 23:51 C:\Windows\system32\perfh007.dat --------- 623280 05.07.2010 23:51 C:\Windows\system32\perfc009.dat --------- 103194 05.07.2010 23:51 C:\Windows\system32\perfc007.dat --------- 125184 05.07.2010 23:51 C:\Windows\system32\PerfStringBackup.INI --------- 1432694 02.07.2010 21:39 C:\Windows\system32\mrt.exe --------- 34045896 27.06.2010 02:07 C:\Windows\system32\en-US --------- 8192 16.06.2010 18:32 C:\Windows\system32\drivers --------- 65536 10.06.2010 23:42 C:\Windows\system32\FNTCACHE.DAT --------- 282176 10.06.2010 23:40 C:\Windows\system32\migration --------- 0 10.06.2010 23:32 C:\Windows\system32\wbem --------- 61440 26.05.2010 19:06 C:\Windows\system32\atmlib.dll --------- 34304 26.05.2010 16:47 C:\Windows\system32\atmfd.dll --------- 289792 26.05.2010 02:25 C:\Windows\system32\de-DE --------- 262144 21.05.2010 17:25 C:\Windows\system32\Tasks --------- 4096 13.05.2010 11:17 C:\Windows\system32\WDI --------- 8192 04.05.2010 07:59 C:\Windows\system32\wininet.dll --------- 916480 04.05.2010 07:59 C:\Windows\system32\urlmon.dll --------- 1209344 04.05.2010 07:58 C:\Windows\system32\occache.dll --------- 206848 04.05.2010 07:56 C:\Windows\system32\mstime.dll --------- 611840 04.05.2010 07:56 C:\Windows\system32\mshtml.dll --------- 5950976 04.05.2010 07:56 C:\Windows\system32\msfeeds.dll --------- 599040 04.05.2010 07:56 C:\Windows\system32\msfeedsbs.dll --------- 55296 04.05.2010 07:55 C:\Windows\system32\jsproxy.dll --------- 25600 04.05.2010 07:55 C:\Windows\system32\inetcpl.cpl --------- 1469440 04.05.2010 07:55 C:\Windows\system32\ieui.dll --------- 164352 04.05.2010 07:55 C:\Windows\system32\iesysprep.dll --------- 109056 04.05.2010 07:55 C:\Windows\system32\iertutil.dll --------- 1985536 04.05.2010 07:55 C:\Windows\system32\iesetup.dll --------- 71680 04.05.2010 07:55 C:\Windows\system32\iernonce.dll --------- 55808 04.05.2010 07:55 C:\Windows\system32\iepeers.dll --------- 184320 04.05.2010 07:55 C:\Windows\system32\ieframe.dll --------- 11076096 04.05.2010 07:55 C:\Windows\system32\iedkcs32.dll --------- 387584 04.05.2010 06:31 C:\Windows\system32\ieUnatt.exe --------- 133632 04.05.2010 06:30 C:\Windows\system32\ie4uinit.exe --------- 173056 04.05.2010 06:30 C:\Windows\system32\msfeedssync.exe --------- 13312 04.05.2010 06:30 C:\Windows\system32\mshtml.tlb --------- 1638912 01.05.2010 16:13 C:\Windows\system32\win32k.sys --------- 2037248 30.04.2010 12:31 C:\Windows\system32\sbbd.exe --------- 27984 23.04.2010 16:13 C:\Windows\system32\tzres.dll --------- 2048 16.04.2010 18:43 C:\Windows\system32\Apphlpdm.dll --------- 28672 16.04.2010 16:39 C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384 05.04.2010 19:01 C:\Windows\system32\asycfilt.dll --------- 67072 31.03.2010 19:48 C:\Windows\system32\sdkinst.log --------- 3211 18.03.2010 13:16 C:\Windows\system32\msvcr100_clr0400.dll --------- 771424 05.03.2010 16:01 C:\Windows\system32\vbscript.dll --------- 420352 21.02.2010 01:06 C:\Windows\system32\nshhttp.dll --------- 24064 21.02.2010 01:05 C:\Windows\system32\httpapi.dll --------- 30720 18.02.2010 16:07 C:\Windows\system32\ntkrnlpa.exe --------- 3600776 18.02.2010 16:07 C:\Windows\system32\ntoskrnl.exe --------- 3548040 18.02.2010 15:30 C:\Windows\system32\iphlpsvc.dll --------- 200704 12.02.2010 12:32 C:\Windows\system32\browserchoice.exe --------- 293376 29.01.2010 17:40 C:\Windows\system32\inetcomm.dll --------- 738816 25.01.2010 14:00 C:\Windows\system32\secproc_ssp_isv.dll --------- 152576 25.01.2010 14:00 C:\Windows\system32\secproc_ssp.dll --------- 152064 25.01.2010 14:00 C:\Windows\system32\secproc_isv.dll --------- 471552 25.01.2010 14:00 C:\Windows\system32\secproc.dll --------- 471552 25.01.2010 13:58 C:\Windows\system32\msdrm.dll --------- 332288 25.01.2010 10:21 C:\Windows\system32\RMActivate_ssp_isv.exe --------- 346624 25.01.2010 10:21 C:\Windows\system32\RMActivate_isv.exe --------- 526336 25.01.2010 10:21 C:\Windows\system32\RMActivate_ssp.exe --------- 347136 25.01.2010 10:21 C:\Windows\system32\RMActivate.exe --------- 518144 21.01.2010 17:05 C:\Windows\system32\l3codeca.acm --------- 62464 13.01.2010 19:34 C:\Windows\system32\cabview.dll --------- 98304 06.01.2010 17:39 C:\Windows\system32\gameux.dll --------- 1696256 05.01.2010 14:44 C:\Windows\system32\Smart Bulb Saver.scr --------- 480552 31.12.2009 02:06 C:\Windows\system32\DRVSTORE --------- 0 23.12.2009 13:33 C:\Windows\system32\wintrust.dll --------- 172032 19.12.2009 04:38 C:\Windows\system32\NDF --------- 0 11.12.2009 18:31 C:\Windows\system32\LogFiles --------- 0 04.12.2009 20:30 C:\Windows\system32\tsbyuv.dll --------- 12288 04.12.2009 20:29 C:\Windows\system32\quartz.dll --------- 1314816 04.12.2009 20:28 C:\Windows\system32\msyuv.dll --------- 22528 04.12.2009 20:28 C:\Windows\system32\msvfw32.dll --------- 123904 04.12.2009 20:28 C:\Windows\system32\msvidc32.dll --------- 31744 04.12.2009 20:28 C:\Windows\system32\msrle32.dll --------- 13312 04.12.2009 20:28 C:\Windows\system32\mciavi32.dll --------- 82944 04.12.2009 20:28 C:\Windows\system32\iyuv_32.dll --------- 50176 04.12.2009 20:27 C:\Windows\system32\avifil32.dll --------- 91136 04.12.2009 09:19 C:\Windows\system32\jscript.dll --------- 726528 03.12.2009 08:54 C:\Windows\system32\smrtlocalmon.dll --------- 33064 11.11.2009 11:33 C:\Windows\system32\XceedZip.dll --------- 634048 08.11.2009 10:55 C:\Windows\system32\mscoree.dll --------- 297808 08.11.2009 10:55 C:\Windows\system32\PresentationHost.exe --------- 295264 08.11.2009 10:55 C:\Windows\system32\netfxperf.dll --------- 49472 08.11.2009 10:55 C:\Windows\system32\PresentationHostProxy.dll --------- 99176 08.11.2009 10:55 C:\Windows\system32\dfshim.dll --------- 1130824 27.10.2009 23:36 C:\Windows\system32\pt-BR --------- 0 27.10.2009 23:36 C:\Windows\system32\bg-BG --------- 4096 27.10.2009 23:36 C:\Windows\system32\he-IL --------- 0 27.10.2009 23:36 C:\Windows\system32\it-IT --------- 0 ---------------------------------------- C:\Windows\Prefetch 21.07.2010 21:03 C:\Windows\Prefetch\CMD.EXE-89305D47.pf --------- 11868 21.07.2010 21:03 C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf --------- 16660 21.07.2010 21:03 C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf --------- 98402 21.07.2010 21:02 C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf --------- 16484 21.07.2010 21:02 C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf --------- 17700 21.07.2010 21:02 C:\Windows\Prefetch\VERCLSID.EXE-4D95F5A7.pf --------- 16210 21.07.2010 21:00 C:\Windows\Prefetch\UI0DETECT.EXE-B742F20E.pf --------- 24310 21.07.2010 21:00 C:\Windows\Prefetch\HFY.EXE-29B248C4.pf --------- 20566 21.07.2010 21:00 C:\Windows\Prefetch\ROOTKITREVEALER.EXE-A21F7886.pf --------- 16174 21.07.2010 21:00 C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf --------- 16210 21.07.2010 20:58 C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf --------- 98762 21.07.2010 20:57 C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf --------- 195642 21.07.2010 20:57 C:\Windows\Prefetch\SKYPENAMES2.EXE-9C9B11B0.pf --------- 14006 21.07.2010 20:57 C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf --------- 16454 21.07.2010 20:57 C:\Windows\Prefetch\SBAMTRAY.EXE-3DD103F0.pf --------- 22976 21.07.2010 20:56 C:\Windows\Prefetch\DLLHOST.EXE-A1CD8B86.pf --------- 82894 21.07.2010 20:56 C:\Windows\Prefetch\RUNDLL32.EXE-B9EF4314.pf --------- 50042 21.07.2010 20:56 C:\Windows\Prefetch\CONTROL.EXE-9459D5A0.pf --------- 31352 21.07.2010 20:56 C:\Windows\Prefetch\SBAMSVC.EXE-F456BF34.pf --------- 53966 21.07.2010 20:56 C:\Windows\Prefetch\SBAMUI.EXE-2A9DF626.pf --------- 135782 21.07.2010 20:54 C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf --------- 22762 21.07.2010 20:47 C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf --------- 16922 21.07.2010 20:43 C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf --------- 27494 21.07.2010 20:43 C:\Windows\Prefetch\ADMIN.EXE-7DD81EA7.pf --------- 33598 21.07.2010 20:43 C:\Windows\Prefetch\RSIT.EXE-9A4CF6F8.pf --------- 24652 21.07.2010 20:38 C:\Windows\Prefetch\CONIME.EXE-B273009A.pf --------- 11264 21.07.2010 20:38 C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3422163174-322343488-803143304-1001.db --------- 1030671 21.07.2010 20:38 C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3422163174-322343488-803143304-1001.db --------- 1779530 21.07.2010 20:38 C:\Windows\Prefetch\EXLAOP.EXE-9083E6F6.pf --------- 20692 21.07.2010 20:38 C:\Windows\Prefetch\ROOTKITREVEALER.EXE-7E04B0CD.pf --------- 15542 21.07.2010 20:37 C:\Windows\Prefetch\DLLHOST.EXE-7D2183B8.pf --------- 40000 21.07.2010 20:34 C:\Windows\Prefetch\WINWORD.EXE-138CEB57.pf --------- 130270 21.07.2010 20:33 C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1427298 21.07.2010 20:33 C:\Windows\Prefetch\AgGlFaultHistory.db --------- 876167 21.07.2010 20:33 C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 3810322 21.07.2010 20:33 C:\Windows\Prefetch\AgRobust.db --------- 280236 21.07.2010 19:55 C:\Windows\Prefetch\GMER.EXE-5CD0826D.pf --------- 23214 21.07.2010 19:49 C:\Windows\Prefetch\AN.EXE-7669DCDC.pf --------- 20684 21.07.2010 19:49 C:\Windows\Prefetch\ROOTKITREVEALER.EXE-7F4715F2.pf --------- 25598 21.07.2010 19:48 C:\Windows\Prefetch\TQCWWBGQQ.EXE-CC4E7A9E.pf --------- 21554 21.07.2010 18:46 C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf --------- 32170 21.07.2010 18:42 C:\Windows\Prefetch\HIJACKTHIS.EXE-4187566C.pf --------- 31478 21.07.2010 17:36 C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf --------- 15644 21.07.2010 17:35 C:\Windows\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf --------- 28542 21.07.2010 17:34 C:\Windows\Prefetch\SVCHOST.EXE-F03E4D6B.pf --------- 24640 21.07.2010 17:34 C:\Windows\Prefetch\MSCORSVW.EXE-FAA88858.pf --------- 10742 21.07.2010 17:33 C:\Windows\Prefetch\ReadyBoot --------- 4096 21.07.2010 17:33 C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 1453404 21.07.2010 14:50 C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508 21.07.2010 14:50 C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf --------- 31164 21.07.2010 14:48 C:\Windows\Prefetch\SPYBOTSD.EXE-8CD4E785.pf --------- 164410 21.07.2010 14:45 C:\Windows\Prefetch\CCLEANER.EXE-CC440CDB.pf --------- 40330 21.07.2010 14:38 C:\Windows\Prefetch\_IU14D2N.TMP-77A23EEA.pf --------- 29064 21.07.2010 14:38 C:\Windows\Prefetch\UNINS000.EXE-38A66966.pf --------- 26846 21.07.2010 14:29 C:\Windows\Prefetch\SDUPDATE.EXE-EBE406BF.pf --------- 53500 21.07.2010 14:28 C:\Windows\Prefetch\TEATIMER.EXE-A3BEBA3C.pf --------- 63072 21.07.2010 14:25 C:\Windows\Prefetch\SPYBOTSD_INCLUDES.EXE-92A9B58C.pf --------- 54906 21.07.2010 14:22 C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1D5F6C6B.pf --------- 47832 21.07.2010 01:04 C:\Windows\Prefetch\FOXIT READER.EXE-EB9DED68.pf --------- 167784 21.07.2010 00:15 C:\Windows\Prefetch\POWERPNT.EXE-43D2F8F0.pf --------- 69186 21.07.2010 00:00 C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf --------- 30134 21.07.2010 00:00 C:\Windows\Prefetch\RUNDLL32.EXE-F452D79D.pf --------- 224980 20.07.2010 23:54 C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf --------- 18238 20.07.2010 23:45 C:\Windows\Prefetch\Layout.ini --------- 1188774 20.07.2010 22:24 C:\Windows\Prefetch\AgCx_SC2.db --------- 799396 19.07.2010 23:42 C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf --------- 90218 19.07.2010 21:14 C:\Windows\Prefetch\TRUEIMAGEHOMENOTIFY.EXE-6695DB4D.pf --------- 67492 19.07.2010 20:25 C:\Windows\Prefetch\RUNDLL32.EXE-9C6AC545.pf --------- 242246 19.07.2010 20:24 C:\Windows\Prefetch\INSTALLPDFREADERPLUGIN.EXE-F9A820A2.pf --------- 30064 19.07.2010 20:22 C:\Windows\Prefetch\FOXIT READER SETUP.EXE-B895F1B1.pf --------- 108998 19.07.2010 20:22 C:\Windows\Prefetch\ASKINSTALLCHECKER.EXE-2AE568DA.pf --------- 30136 19.07.2010 20:22 C:\Windows\Prefetch\FOXITREADER40_ENU_SETUP.EXE-B90B97AE.pf --------- 298498 19.07.2010 20:20 C:\Windows\Prefetch\FOX75D3.EXE-2430D7D1.pf --------- 36544 19.07.2010 20:20 C:\Windows\Prefetch\UNINSTALLPDFREADERPLUGIN.EXE-33AEBB55.pf --------- 21712 19.07.2010 20:20 C:\Windows\Prefetch\UNINSTALL.EXE-774EBDB1.pf --------- 240946 19.07.2010 20:20 C:\Windows\Prefetch\FOXIT READER SETUP.EXE-1AD2E1B9.pf --------- 113888 19.07.2010 20:00 C:\Windows\Prefetch\WSQMCONS.EXE-E2CE6542.pf --------- 5152 19.07.2010 19:34 C:\Windows\Prefetch\DOAS.EXE-36E56F47.pf --------- 18686 19.07.2010 13:07 C:\Windows\Prefetch\EXCEL.EXE-1D21A632.pf --------- 206938 18.07.2010 01:42 C:\Windows\Prefetch\DFRGNTFS.EXE-4F838A89.pf --------- 54090 18.07.2010 01:42 C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf --------- 13388 17.07.2010 02:57 C:\Windows\Prefetch\WUDFHOST.EXE-81420B07.pf --------- 18890 16.07.2010 19:31 C:\Windows\Prefetch\RUNDLL32.EXE-75AD81E9.pf --------- 22788 16.07.2010 15:27 C:\Windows\Prefetch\POWERDVD.EXE-E71FD611.pf --------- 117080 16.07.2010 15:27 C:\Windows\Prefetch\OLRSTATECHECK.EXE-D85C3297.pf --------- 13752 15.07.2010 23:23 C:\Windows\Prefetch\WERCON.EXE-FE5CD389.pf --------- 189824 15.07.2010 23:23 C:\Windows\Prefetch\AgCx_SC1.db --------- 665207 15.07.2010 23:22 C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 288118 15.07.2010 15:55 C:\Windows\Prefetch\SNDVOL.EXE-783DCB11.pf --------- 29504 15.07.2010 15:36 C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf --------- 14882 15.07.2010 15:36 C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf --------- 19512 15.07.2010 15:36 C:\Windows\Prefetch\TABTIP.EXE-13F8016C.pf --------- 42090 15.07.2010 15:36 C:\Windows\Prefetch\WISPTIS.EXE-6C347CFA.pf --------- 18192 15.07.2010 14:03 C:\Windows\Prefetch\OPTIONALFEATURES.EXE-5A453A3C.pf --------- 28740 15.07.2010 14:02 C:\Windows\Prefetch\TASKMGR.EXE-72398DC0.pf --------- 29976 15.07.2010 13:52 C:\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf --------- 60520 15.07.2010 13:39 C:\Windows\Prefetch\RUNDLL32.EXE-13104A5D.pf --------- 25382 15.07.2010 13:22 C:\Windows\Prefetch\VLC.EXE-CE8E9BE1.pf --------- 142948 14.07.2010 19:56 C:\Windows\Prefetch\LAME.EXE-B4C1D339.pf --------- 80006 14.07.2010 19:56 C:\Windows\Prefetch\FFMPEG.EXE-5E378C0F.pf --------- 184242 14.07.2010 19:55 C:\Windows\Prefetch\FREEYOUTUBEDOWNLOAD.EXE-D42D3E10.pf --------- 92476 14.07.2010 19:53 C:\Windows\Prefetch\FREEYOUTUBETOMP3CONVERTER.EXE-26C99F2E.pf --------- 92580 14.07.2010 12:50 C:\Windows\Prefetch\POWERPNT.EXE-C9E5FA4A.pf --------- 79168 14.07.2010 02:45 C:\Windows\Prefetch\MSOHTMED.EXE-972D2D6A.pf --------- 18636 14.07.2010 02:45 C:\Windows\Prefetch\MSIEXEC.EXE-B5AFA339.pf --------- 222990 14.07.2010 02:42 C:\Windows\Prefetch\MRT.EXE-C3C3D3DA.pf --------- 167392 14.07.2010 02:42 C:\Windows\Prefetch\WINDOWS-KB890830-V3.9-DELTA.E-82C488EC.pf --------- 59750 14.07.2010 02:42 C:\Windows\Prefetch\MRTSTUB.EXE-2D946717.pf --------- 196166 14.07.2010 02:42 C:\Windows\Prefetch\OSE.EXE-3816C9F4.pf --------- 6146 14.07.2010 02:41 C:\Windows\Prefetch\WUAUCLT.EXE-830BCC14.pf --------- 179550 13.07.2010 02:26 C:\Windows\Prefetch\FIREFOX.EXE-A6486302.pf --------- 165942 13.07.2010 02:26 C:\Windows\Prefetch\BROWSERHELPERSINSTALLER.EXE-19E59B8F.pf --------- 52884 13.07.2010 02:26 C:\Windows\Prefetch\FIXCOMPONENTSSILENT.EXE-91A8753A.pf --------- 17004 13.07.2010 02:26 C:\Windows\Prefetch\COMMON.EXE-B5EC9961.pf --------- 25096 13.07.2010 02:26 C:\Windows\Prefetch\FREEAUDIOCDBURNERNO.EXE-9A51F6B2.pf --------- 24794 13.07.2010 02:26 C:\Windows\Prefetch\REGSVR32.EXE-55A4EE79.pf --------- 45476 13.07.2010 02:25 C:\Windows\Prefetch\FREEYOUTUBETOMP3CONVERTER.TMP-B4AAA4D4.pf --------- 23560 13.07.2010 02:25 C:\Windows\Prefetch\FREEYOUTUBETOMP3CONVERTER.EXE-4AC1C2E8.pf --------- 29482 13.07.2010 02:19 C:\Windows\Prefetch\SETUP.EXE-B30CCED9.pf --------- 34596 13.07.2010 02:19 C:\Windows\Prefetch\FIREFOX SETUP 4.0 BETA 1.EXE-36DF38DD.pf --------- 490748 13.07.2010 02:15 C:\Windows\Prefetch\FREEYOUTUBEDOWNLOAD.TMP-AD5A8A88.pf --------- 72808 13.07.2010 02:15 C:\Windows\Prefetch\FREEYOUTUBEDOWNLOAD.EXE-893CABB9.pf --------- 27780 13.07.2010 02:13 C:\Windows\Prefetch\UNINS000.EXE-D55A419E.pf --------- 30130 12.07.2010 11:32 C:\Windows\Prefetch\JAVAW.EXE-C4EA16F0.pf --------- 147902 12.07.2010 11:32 C:\Windows\Prefetch\JAVAWS.EXE-25FD1E0F.pf --------- 21974 10.07.2010 20:45 C:\Windows\Prefetch\JAUREG.EXE-DF073ACE.pf --------- 15798 10.07.2010 20:45 C:\Windows\Prefetch\WMIC.EXE-B77E8CD6.pf --------- 34796 10.07.2010 20:44 C:\Windows\Prefetch\UNPACK200.EXE-3B408797.pf --------- 113106 10.07.2010 20:44 C:\Windows\Prefetch\ZIPPER.EXE-7348E61C.pf --------- 73592 10.07.2010 20:42 C:\Windows\Prefetch\MSIC756.TMP-D2389602.pf --------- 18414 10.07.2010 20:42 C:\Windows\Prefetch\JRE-6U21-WINDOWS-I586.EXE-5F367C5F.pf --------- 117784 10.07.2010 20:33 C:\Windows\Prefetch\MSI5C28.TMP-975B6ED9.pf --------- 8990 10.07.2010 00:16 C:\Windows\Prefetch\OUTLOOK.EXE-62B566A6.pf --------- 58070 09.07.2010 19:48 C:\Windows\Prefetch\OIS.EXE-6B1F868E.pf --------- 50048 26.05.2010 23:42 C:\Windows\Prefetch\AgCx_S1_S-1-5-21-3422163174-322343488-803143304-1001.snp.db --------- 2490948 06.09.2009 22:52 C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3422163174-322343488-803143304-1000.db --------- 721364 06.09.2009 22:52 C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3422163174-322343488-803143304-1000.db --------- 861869 17.05.2009 16:43 C:\Windows\Prefetch\AgAppLaunch.db --------- 332116 ---------------------------------------- C:\Windows\Tasks 21.07.2010 20:50 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1090 21.07.2010 20:50 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1094 21.07.2010 17:32 C:\Windows\Tasks\SA.DAT --------- 6 21.07.2010 14:50 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32554 ---------------------------------------- C:\Windows\Temp ---------------------------------------- C:\Users\Admin\AppData\Local\Temp 21.07.2010 21:00 C:\Users\Admin\AppData\Local\Temp\HFY.exe --------- 342912 21.07.2010 20:37 C:\Users\Admin\AppData\Local\Temp\EXLAOP.exe --------- 355200 21.07.2010 19:49 C:\Users\Admin\AppData\Local\Temp\AN.exe --------- 478080 21.07.2010 19:48 C:\Users\Admin\AppData\Local\Temp\TQCWWBGQQ.exe --------- 514944 06.09.2009 16:18 C:\Users\Admin\AppData\Local\Temp\Low --------- 0 ---------------------------------------- C:\Program Files 21.07.2010 20:37 C:\Program Files\rootkit revealer --------- 4096 19.07.2010 20:24 C:\Program Files\Mozilla Firefox 4.0 Beta 1 --------- 12288 19.07.2010 20:23 C:\Program Files\Foxit Software --------- 0 14.07.2010 02:44 C:\Program Files\Windows Mail --------- 4096 13.07.2010 02:15 C:\Program Files\DVDVideoSoft --------- 4096 10.07.2010 20:45 C:\Program Files\Common Files --------- 4096 10.07.2010 20:43 C:\Program Files\Java --------- 0 03.07.2010 00:40 C:\Program Files\Mozilla Firefox --------- 12288 27.06.2010 02:07 C:\Program Files\Microsoft.NET --------- 0 24.06.2010 20:48 C:\Program Files\CCleaner --------- 0 16.06.2010 00:32 C:\Program Files\PDFCreator --------- 4096 10.06.2010 23:40 C:\Program Files\Internet Explorer --------- 4096 21.05.2010 17:25 C:\Program Files\Skype --------- 0 01.05.2010 01:14 C:\Program Files\Malwarebytes' Anti-Malware --------- 4096 18.04.2010 02:16 C:\Program Files\SpywareBlaster --------- 0 27.03.2010 16:40 C:\Program Files\SMART Technologies --------- 4096 27.03.2010 16:25 C:\Program Files\National Instruments --------- 0 18.03.2010 21:32 C:\Program Files\Movie Maker --------- 4096 28.02.2010 17:34 C:\Program Files\Apple Software Update --------- 4096 30.01.2010 14:10 C:\Program Files\InstallShield Installation Information --------- 4096 31.12.2009 02:07 C:\Program Files\Nokia --------- 0 31.12.2009 02:05 C:\Program Files\PC Connectivity Solution --------- 12288 16.12.2009 21:23 C:\Program Files\Mozilla Firefox 3.6 Beta 3 --------- 0 12.12.2009 14:27 C:\Program Files\HiJackThis --------- 0 07.12.2009 22:47 C:\Program Files\FreePDF_XP --------- 8192 19.11.2009 23:06 C:\Program Files\ATI Technologies --------- 0 19.11.2009 19:15 C:\Program Files\Riva --------- 0 14.11.2009 20:56 C:\Program Files\Spybot - Search & Destroy --------- 8192 14.11.2009 18:18 C:\Program Files\Falk --------- 0 30.10.2009 02:08 C:\Program Files\Microsoft Office --------- 0 30.10.2009 02:08 C:\Program Files\MSECache --------- 0 27.10.2009 23:36 C:\Program Files\Windows Portable Devices --------- 0 27.10.2009 23:25 C:\Program Files\Windows Media Player --------- 4096 25.10.2009 19:43 C:\Program Files\Microsoft Windows 7 Upgrade Advisor --------- 4096 11.10.2009 16:47 C:\Program Files\gs --------- 0 17.09.2009 09:49 C:\Program Files\DIFX --------- 4096 12.09.2009 19:22 C:\Program Files\Elaborate Bytes --------- 0 12.09.2009 05:14 C:\Program Files\Windows Calendar --------- 0 12.09.2009 05:14 C:\Program Files\Windows Sidebar --------- 4096 12.09.2009 05:14 C:\Program Files\Windows Collaboration --------- 4096 12.09.2009 05:14 C:\Program Files\Windows Journal --------- 4096 12.09.2009 05:14 C:\Program Files\Windows Photo Gallery --------- 4096 12.09.2009 05:14 C:\Program Files\Windows Defender --------- 4096 06.09.2009 19:19 C:\Program Files\Oxford --------- 0 06.09.2009 19:14 C:\Program Files\IDM --------- 0 06.09.2009 19:06 C:\Program Files\Longman --------- 0 06.09.2009 16:03 C:\Program Files\MSXML 4.0 --------- 0 06.09.2009 12:41 C:\Program Files\Acronis --------- 0 06.09.2009 12:35 C:\Program Files\Sunbelt Software --------- 0 06.09.2009 04:02 C:\Program Files\Trend Micro --------- 0 06.09.2009 04:01 C:\Program Files\DVD Shrink --------- 4096 06.09.2009 03:34 C:\Program Files\VideoLAN --------- 0 05.09.2009 14:22 C:\Program Files\Mozilla Firefox 3.5 Beta 4 --------- 0 18.05.2009 00:37 C:\Program Files\desktop.ini --------- 174 17.05.2009 19:42 C:\Program Files\Canon --------- 4096 17.05.2009 18:06 C:\Program Files\Microsoft Encarta --------- 0 17.05.2009 17:37 C:\Program Files\Toshiba --------- 0 17.05.2009 17:36 C:\Program Files\Genesys PC Camera Device --------- 4096 17.05.2009 17:33 C:\Program Files\Realtek --------- 0 17.05.2009 17:20 C:\Program Files\Nero --------- 0 17.05.2009 17:18 C:\Program Files\CyberLink --------- 0 17.05.2009 17:17 C:\Program Files\Sonavis --------- 0 17.05.2009 17:08 C:\Program Files\HomeCinema --------- 4096 17.05.2009 16:50 C:\Program Files\Windows NT --------- 4096 17.05.2009 16:50 C:\Program Files\Gemeinsame Dateien --------- 0 02.11.2006 15:01 C:\Program Files\Uninstall Information --------- 0 02.11.2006 14:37 C:\Program Files\Microsoft Games --------- 4096 02.11.2006 14:37 C:\Program Files\Reference Assemblies --------- 0 02.11.2006 14:37 C:\Program Files\MSBuild --------- 0 ---------------------------------------- C:\ProgramData\.. Admin.V2 Admin Karin desktop.ini Default All Users Default User Public ---------------------------------------- C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 www.123topsearch.com 127.0.0.1 123topsearch.com 127.0.0.1 www.132.com 127.0.0.1 132.com 127.0.0.1 www.136136.net 127.0.0.1 136136.net 127.0.0.1 www.163ns.com 127.0.0.1 163ns.com 127.0.0.1 171203.com 127.0.0.1 17-plus.com 127.0.0.1 www.1800searchonline.com 127.0.0.1 1800searchonline.com 127.0.0.1 www.180searchassistant.com 127.0.0.1 180searchassistant.com 127.0.0.1 www.180solutions.com 127.0.0.1 180solutions.com 127.0.0.1 www.181.365soft.info 127.0.0.1 181.365soft.info 127.0.0.1 www.1987324.com 127.0.0.1 1987324.com 127.0.0.1 www.1-domains-registrations.com 127.0.0.1 1-domains-registrations.com 127.0.0.1 www.1sexparty.com 127.0.0.1 1sexparty.com 127.0.0.1 www.1stantivirus.com 127.0.0.1 1stantivirus.com 127.0.0.1 www.1stpagehere.com 127.0.0.1 1stpagehere.com 127.0.0.1 www.1stsearchportal.com 127.0.0.1 1stsearchportal.com 127.0.0.1 2.82211.net 127.0.0.1 www.2006ooo.com 127.0.0.1 2006ooo.com 127.0.0.1 www.2007-download.com 127.0.0.1 2007-download.com 127.0.0.1 www.2020search.com 127.0.0.1 2020search.com 127.0.0.1 20x2p.com 127.0.0.1 www.24.365soft.info 127.0.0.1 24.365soft.info 127.0.0.1 www.24-7pharmacy.info 127.0.0.1 24-7pharmacy.info 127.0.0.1 www.24-7searching-and-more.com 127.0.0.1 24-7searching-and-more.com 127.0.0.1 www.24teen.com 127.0.0.1 24teen.com 127.0.0.1 2ndpower.com 127.0.0.1 www.2search.com 127.0.0.1 2search.com 127.0.0.1 www.2search.org 127.0.0.1 2search.org 127.0.0.1 www.2squared.com 127.0.0.1 2squared.com 127.0.0.1 www.3322.org 127.0.0.1 3322.org 127.0.0.1 365soft.info 127.0.0.1 www.36site.com 127.0.0.1 36site.com 127.0.0.1 3721.com 127.0.0.1 39-93.com 127.0.0.1 www.3bay.it 127.0.0.1 3bay.it 127.0.0.1 www.3xclipsonline.com 127.0.0.1 3xclipsonline.com ---------------------------------------- Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung ========================= ======== ================ =========== =============== System Idle Process 0 Services 0 24 K System 4 Services 0 9.536 K smss.exe 668 Services 0 1.052 K csrss.exe 812 Services 0 8.204 K wininit.exe 864 Services 0 6.524 K csrss.exe 876 Console 1 18.544 K services.exe 908 Services 0 10.728 K lsass.exe 920 Services 0 2.852 K lsm.exe 932 Services 0 6.948 K svchost.exe 1068 Services 0 10.944 K svchost.exe 1192 Services 0 11.232 K winlogon.exe 1252 Console 1 8.664 K svchost.exe 1340 Services 0 16.512 K svchost.exe 1408 Services 0 81.680 K svchost.exe 1436 Services 0 96.184 K audiodg.exe 1536 Services 0 17.240 K svchost.exe 1560 Services 0 8.188 K SLsvc.exe 1576 Services 0 15.832 K svchost.exe 1608 Services 0 21.124 K svchost.exe 1808 Services 0 30.164 K wisptis.exe 1888 Console 1 8.816 K TabTip.exe 1908 Console 1 1.136 K spoolsv.exe 604 Services 0 17.268 K svchost.exe 768 Services 0 14.572 K schedul2.exe 1796 Services 0 14.064 K svchost.exe 124 Services 0 7.992 K LSSrvc.exe 2072 Services 0 11.052 K svchost.exe 2132 Services 0 9.244 K RichVideo.exe 2148 Services 0 13.212 K SBPIMSvc.exe 2228 Services 0 464 K svchost.exe 2288 Services 0 17.372 K TosBtSrv.exe 2316 Services 0 12.300 K svchost.exe 2364 Services 0 4.020 K SearchIndexer.exe 2404 Services 0 46.472 K SDWinSec.exe 2488 Services 0 17.456 K taskeng.exe 2956 Services 0 15.604 K wisptis.exe 2964 Console 1 16.016 K TabTip.exe 2972 Console 1 21.932 K dwm.exe 3020 Console 1 8.292 K taskeng.exe 3108 Console 1 24.220 K explorer.exe 3244 Console 1 66.240 K RtHDVCpl.exe 3500 Console 1 17.768 K sidebar.exe 3524 Console 1 51.212 K ehtray.exe 3568 Console 1 12.304 K ehmsas.exe 3628 Console 1 7.800 K svchost.exe 3824 Services 0 10.140 K InputPersonalization.exe 1552 Console 1 17.824 K UI0Detect.exe 5276 Services 0 22.460 K WINWORD.EXE 1904 Console 1 70.216 K conime.exe 4600 Console 1 3.576 K SBAMSvc.exe 5864 Services 0 9.228 K SBAMTray.exe 2864 Console 1 9.024 K SearchProtocolHost.exe 5676 Services 0 8.100 K SearchFilterHost.exe 3192 Services 0 5.968 K cmd.exe 5032 Console 1 3.008 K tasklist.exe 5272 Console 1 4.632 K WmiPrvSE.exe 1044 Services 0 5.592 K ***** Ende des Scans 21.07.2010 um 21:04:15,57 ***
Code:Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:11:06, on 21.07.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Windows\system32\conime.exe C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-21-3422163174-322343488-803143304-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Karin') O4 - HKUS\S-1-5-21-3422163174-322343488-803143304-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Karin') O4 - Global Startup: SMART Board Tools.lnk.disabled O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AN - Sysinternals - www.sysinternals.com - C:\Users\Admin\AppData\Local\Temp\AN.exe O23 - Service: EXLAOP - Sysinternals - www.sysinternals.com - C:\Users\Admin\AppData\Local\Temp\EXLAOP.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: HFY - Sysinternals - www.sysinternals.com - C:\Users\Admin\AppData\Local\Temp\HFY.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: VIPRE Antivirus Premium (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TQCWWBGQQ - Sysinternals - www.sysinternals.com - C:\Users\Admin\AppData\Local\Temp\TQCWWBGQQ.exe -- End of file - 6151 bytesCode:OTL logfile created on: 23.07.2010 22:17:54 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = E:\dokumente und einstellungen\karin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 7,03 Gb Free Space | 14,40% Space Free | Partition Type: NTFS Drive D: | 27,07 Gb Total Space | 27,07 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive E: | 97,65 Gb Total Space | 37,16 Gb Free Space | 38,06% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 59,31 Gb Total Space | 50,70 Gb Free Space | 85,48% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ADMIN-PC Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.07.23 22:13:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Karin\Desktop\OTL.exe PRC - [2010.04.30 12:39:36 | 001,291,600 | ---- | M] (Sunbelt Software) -- C:\Programme\Sunbelt Software\CounterSpy\SBAMTray.exe PRC - [2010.04.30 12:31:50 | 002,730,120 | ---- | M] (Sunbelt Software) -- C:\Programme\Sunbelt Software\CounterSpy\SBAMSvc.exe PRC - [2010.04.30 12:30:46 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Programme\Sunbelt Software\CounterSpy\SBPIMSvc.exe PRC - [2009.04.11 08:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe PRC - [2009.04.11 08:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.11.27 17:37:24 | 000,554,264 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2008.01.18 23:33:14 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2007.08.17 13:27:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe ========== Modules (SafeList) ========== MOD - [2010.07.23 22:13:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Karin\Desktop\OTL.exe MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008.01.18 23:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Users\Admin\AppData\Local\Temp\TQCWWBGQQ.exe -- (TQCWWBGQQ) SRV - File not found [Disabled | Stopped] -- C:\Users\Admin\AppData\Local\Temp\HFY.exe -- (HFY) SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate) SRV - File not found [Disabled | Stopped] -- C:\Users\Admin\AppData\Local\Temp\EXLAOP.exe -- (EXLAOP) SRV - File not found [Disabled | Stopped] -- C:\Users\Admin\AppData\Local\Temp\AN.exe -- (AN) SRV - [2010.04.30 12:31:50 | 002,730,120 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc) SRV - [2010.04.30 12:30:46 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe -- (SBPIMSvc) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2008.11.27 17:37:24 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.18 23:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.18 23:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.04.28 15:12:40 | 000,322,904 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw) DRV - [2010.04.28 15:12:40 | 000,204,632 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis) DRV - [2010.04.28 15:12:40 | 000,086,232 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sbhips.sys -- (SbHips) DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010.01.14 05:42:42 | 000,067,800 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL) DRV - [2010.01.04 06:29:42 | 000,069,720 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs) DRV - [2009.12.15 21:46:58 | 000,014,120 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86) DRV - [2009.12.15 21:46:54 | 000,013,440 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86) DRV - [2009.12.15 21:46:54 | 000,011,048 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86) DRV - [2009.10.13 09:02:36 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE) DRV - [2009.09.06 12:42:04 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174) DRV - [2009.09.06 12:41:58 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2009.09.06 12:41:58 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2009.09.06 12:41:54 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380) DRV - [2009.05.23 01:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.02.17 19:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.08.22 18:44:18 | 001,950,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.08.08 08:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007.07.09 02:57:00 | 007,140,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.06.26 13:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene) DRV - [2007.06.15 21:47:26 | 000,047,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR) DRV - [2007.06.11 14:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007.05.24 14:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2007.04.24 13:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007.03.01 16:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007.01.22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2006.11.20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.10.10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2005.01.06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.22 02:08:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.22 02:08:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 1\components [2010.07.13 02:19:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 1\plugins [2010.07.19 20:24:00 | 000,000,000 | ---D | M] [2009.09.06 03:37:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2010.05.01 19:58:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g5px74w6.default\extensions [2009.09.07 00:17:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g5px74w6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.01 19:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\g5px74w6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.13 02:17:18 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.02.28 02:21:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.07.10 20:45:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.03.27 16:25:52 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Programme\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262} [2010.07.10 20:44:10 | 000,423,656 | ---- | M] (Oracle) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.19 20:22:10 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll O1 HOSTS File: ([2010.06.16 21:55:42 | 000,408,850 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 14139 more lines... O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programme\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Encarta Web Companion) - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programme\Common Files\microsoft shared\Encarta Web Companion\2007\ENCWCBAR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe (Sunbelt Software) O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.23 01:24:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com [2010.07.23 01:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.07.23 01:24:49 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.07.22 22:56:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.22 22:56:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.22 19:24:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\FW History [2010.07.21 20:43:24 | 000,000,000 | ---D | C] -- C:\rsit [2010.07.21 20:37:36 | 000,000,000 | ---D | C] -- C:\Programme\rootkit revealer [2010.07.21 19:47:49 | 000,000,000 | ---D | C] -- C:\programmes [2010.07.13 02:19:28 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 1 [2010.07.10 20:45:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.07.10 20:44:57 | 000,153,376 | ---- | C] (Oracle) -- C:\Windows\System32\javaws.exe [2010.07.10 20:44:57 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\System32\javaw.exe [2010.07.10 20:44:57 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\System32\java.exe [2010.07.10 20:43:40 | 000,000,000 | ---D | C] -- C:\Programme\Java ========== Files - Modified Within 30 Days ========== [2010.07.23 22:01:23 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.23 22:01:23 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.23 21:50:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.23 20:50:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.07.23 19:43:46 | 006,029,312 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT [2010.07.23 19:42:04 | 001,432,694 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.23 19:42:04 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.23 19:42:04 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.23 19:42:04 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.23 19:42:04 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.23 14:43:05 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.07.23 14:43:05 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.07.23 12:01:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.23 12:01:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.23 12:01:14 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2010.07.23 02:41:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.07.23 01:24:51 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.07.22 22:56:08 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.22 00:20:27 | 000,000,000 | ---- | M] () -- C:\settings.dat [2010.07.19 02:05:44 | 000,000,160 | -HS- | M] () -- C:\Users\Admin\ntuser.ini [2010.07.13 02:23:13 | 000,000,336 | ---- | M] () -- C:\Users\Admin\Documents\cc_20100713_022310.reg [2010.07.10 20:44:05 | 000,153,376 | ---- | M] (Oracle) -- C:\Windows\System32\javaws.exe [2010.07.10 20:44:04 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\System32\javaw.exe [2010.07.10 20:44:03 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\System32\java.exe [2010.07.10 20:44:00 | 000,423,656 | ---- | M] (Oracle) -- C:\Windows\System32\deployJava1.dll [2010.06.24 20:48:41 | 000,000,840 | ---- | M] () -- C:\Users\Admin\Desktop\CCleaner.lnk ========== Files Created - No Company Name ========== [2010.07.23 01:24:51 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.07.23 00:57:43 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys [2010.07.22 22:56:08 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.22 00:20:27 | 000,000,000 | ---- | C] () -- C:\settings.dat [2010.07.13 02:23:12 | 000,000,336 | ---- | C] () -- C:\Users\Admin\Documents\cc_20100713_022310.reg [2010.06.16 00:31:42 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.12.25 23:53:00 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.10.11 16:49:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.09.11 17:55:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.17 17:54:54 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.05.17 17:47:09 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.05.17 17:45:45 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2009.05.17 17:35:54 | 000,515,328 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE1.sys [2009.05.17 17:35:54 | 000,232,704 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE0.sys [2009.05.17 17:33:59 | 000,001,500 | R--- | C] () -- C:\Windows\RtDefLvl.ini [2007.01.23 14:11:20 | 000,141,312 | ---- | C] () -- C:\Windows\System32\QFClient2.dll [2006.12.05 13:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI < End of report >
Code:OTL Extras logfile created on: 23.07.2010 22:17:54 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = E:\dokumente und einstellungen\karin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 7,03 Gb Free Space | 14,40% Space Free | Partition Type: NTFS Drive D: | 27,07 Gb Total Space | 27,07 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive E: | 97,65 Gb Total Space | 37,16 Gb Free Space | 38,06% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 59,31 Gb Total Space | 50,70 Gb Free Space | 85,48% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ADMIN-PC Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 1\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0CFE2468-351E-477A-85E2-ED1DE6EB7B70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{356A559D-407D-4008-9E0D-99F5EA93DB01}" = lport=139 | protocol=6 | dir=in | app=system | "{48E416D5-0CFE-4B7C-9DD7-AB711A3A5556}" = rport=137 | protocol=17 | dir=out | app=system | "{6F2C8F97-6698-462D-AAB9-6102BB21D2E2}" = rport=445 | protocol=6 | dir=out | app=system | "{752DF2D3-1A15-4D89-9544-A2933575A4DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A023866A-B326-45DC-93B0-A02E62D4287F}" = rport=139 | protocol=6 | dir=out | app=system | "{A1870413-4A1F-4AEF-AEEB-62F1036364AC}" = rport=138 | protocol=17 | dir=out | app=system | "{AB957FE9-EA9C-46AE-A917-BFD515DA7284}" = lport=445 | protocol=6 | dir=in | app=system | "{C26BA71B-32B0-4731-B68F-C755BD84DF4A}" = lport=137 | protocol=17 | dir=in | app=system | "{E3589BB4-20A3-496C-A5F2-7FD0734519A3}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{216366B5-5FB6-4B60-A948-B87F4E618A78}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe | "{277E52FB-4432-4B0C-ABCF-F838DD745E36}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | "{396FCDDD-7C23-415E-9CFB-06D9ADC86B70}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe | "{3F0C2126-D39F-485A-A5B6-B53645EAB244}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{4777C034-F21C-42C9-BC13-5719FAADDEFF}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe | "{50470F86-2D21-4762-9F98-7114A0813A1A}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\webserver.exe | "{7362AD90-2307-4912-A56D-48EF6ACE50E5}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe | "{79A6B799-2786-4E77-94B9-764763EF07C5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7BB41976-C926-4BAE-8594-91DF2D0A4D11}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | "{82B2E8F8-2519-40CF-BF7D-DFDA891D1331}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8AB07D63-E4F5-48D0-A164-11D0E8EF4B62}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9E786466-1688-4B1B-BBB1-261C595AFAF4}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe | "{BBE74740-4DED-4920-92D7-8083DB0BC601}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\webserver.exe | "{D347A751-E652-43B9-9A9A-28B9A260A001}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe | "{D75D3C61-C60C-4CE8-B130-6630046352B8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E8765D2A-0FEC-46DA-AAC8-49D3E014D461}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe | "{F246EC3F-CB20-4357-B870-1834E2559D5F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{66E5C844-8E49-4E0D-BFD0-4B59C56ACE56}C:\program files\sunbelt software\personal firewall\sbpfcl.exe" = protocol=6 | dir=in | app=c:\program files\sunbelt software\personal firewall\sbpfcl.exe | "UDP Query User{540D4F0B-E68C-481E-85FC-178CB53E464B}C:\program files\sunbelt software\personal firewall\sbpfcl.exe" = protocol=17 | dir=in | app=c:\program files\sunbelt software\personal firewall\sbpfcl.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07040081-E9B4-4DF6-A845-CAAFD093E477}" = Microsoft Encarta Premium 2007 "{0A0719F0-AD56-42BA-B68C-EFFC330B6F13}" = SMART Notebook "{1BF9524E-AF30-4A21-A55F-162EB1F72358}" = Falk Navi-Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{2623A1E3-478A-4F4A-A522-3A3D784A0C9C}" = SMART Product Drivers "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{29977CB8-72E4-4D5E-94B2-BE6B568216C1}" = VIPRE Antivirus Premium "{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager "{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys PC Camera Device "{415CD877-0970-4CB6-B178-1E72F7DC60E7}" = MyScript HWR (German) "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor "{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV "{B8934332-6BD6-4736-9898-DBFE80AC0468}" = Falk Navi-Manager "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{D37B24D2-D4F8-40ED-A8D4-0D03F56D6838}" = Falk Navi-Manager "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2) "1713EFD0409BCDF53DED33020E5FE8E4FB97BA41" = Windows Driver Package - Intel (NETw2v32) net (03/06/2007 9.1.1.15) "196975E9A3E5B992C14D7CA82B2D4A22ABF690FA" = Windows Driver Package - Intel (NETw4v32) net (08/08/2007 11.1.1.22) "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "Canon Setup Utility 2.0" = Canon Setup Utility 2.0 "CCleaner" = CCleaner "DVD Shrink_is1" = DVD Shrink 3.2 "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "Easy-WebPrint" = Easy-WebPrint "Foxit Reader" = Foxit Reader "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.1 "Free YouTube Download_is1" = Free YouTube Download 2.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.6 "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 8.70" = GPL Ghostscript 8.70 "HijackThis" = HijackThis 2.0.2 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7) "Mozilla Firefox (4.0b1)" = Mozilla Firefox (4.0b1) "Nokia PC Suite" = Nokia PC Suite "NSIS_doas" = Das große Oxford Wörterbuch "NSIS_ldoce5" = Longman Dictionary of Contemporary English 5th Edition "NVIDIA Drivers" = NVIDIA Drivers "QUICKfind" = QUICKfind server v1.1 "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0 "Uninstall_is1" = Uninstall 1.0.0.1 "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.1.1 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >
vielen Dank zunächst einmal. glückskäfer
P.S. Ich vergaß noch, zu erwähnen, dass ich seit geraumer Zeit den Internet Explorer nicht öffnen kann. Ich benutze Firefox als default browser, wollte aber - um auf der Firmenwebsite arbeiten zu können - zwischendurch den normalen Internet Explorer benutzen. Es hieß dann, "konnte nicht geöffnet werden".
Habe mittlerweile versucht, mit meinem Problem weiterzukommen.
Habe eben die Details im Sunbelt Firewall bzgl. der High, Medium und Low Priority Intrusions angesehen und habe dort - ähnlich wie ich es vor 2 Jahren schon einmal erlebt habe - z. B. folgende Einträge gesehen:
z.B.
Win32.Gimmiv trojan activity
MISC OpenSSL Worm traffic
Backdoor trojan active BackOrifice dir
Backdoor trojan active BackOrifice info
Backdoor Trojan active DeepThroat
Backdoor Trojan acitive hack-a-tack-2000
Low priority intrusions
Backdoor signature – Q ICMP
Viele Ereignisse wurden als "attempted" oder "unsuccessful" bezeichnet, es gab aber auch mehrere "successful attempts".
Ich fürchte, dass mir erneut nichts anderes übrig bleibt, als den Laptop neu aufzusetzen. Seht Ihr das auch so?
War nach dem letzten Neuaufsetzen im vorigen Jahr so vorsichtig, habe alle -damaligen- Dateien auf einem Rechner geparkt, der nicht mehr am Netz ist, habe über filehippo ständig die neuesten Updates installiert, aktualisiere die Virensignaturen ständig, bin vorsichtig mit allem, was ich installiere. Es macht sehr ratlos, wenn man dann trotzdem wieder einen verseuchten PC hat.
Danke, Glückskäfer
. Nach dem Formatieren ist alles weg! Wenn Dein Rechner mit einer Backdoor, einem Passwort-Stealer oder einem Keylogger infiziert war, bitte neue Passwörter benutzen. Wenn Du das alles erledigt hast, kannst Du die Windows-CD einlegen und die Festplatte neu formatieren und Windows installieren. Beim Formatieren solltest Du Dein Windows auf einer separaten Partition speichern, dazu reichen ca. 20 GB. Der erste Weg im Netz sollte Dich zur Windows-Update-Seite führen. Lasse nach verfügbaren Updates/Patches suchen und installiere alle angebotenen Patches (auch 
Zitat von Petra
AW: trojan.win32.Generic!BT
