Trojanerbefall führt zu Extremausfall

**hares** · 16.08.2010 20:53

Ich habe seit ein paar Stunden ein schweres Problem. Nach einigen Bluescreens, poppte ein Anti-Virus Programm auf, welches NICHT von mir installiert wurde. Es wollte mich dazu bringen die Software zu aktivieren.

Ich versuchte mein Anti-Virenprogramm zu starten a2. Dies gelang aber nicht. Es poppten sehr viele Fehlermeldungen auf.

Im abgesicherten Modus funktionierte a2 und zeigte auch zwei Trojaner an. Jedoch startete Windows neu bevor es zu Ende scannte. Ein Versuch einen vorherigen restore point wiederherzustellen klappte ebenso nicht.

Wenn ich mein Notebook mit dem Internet verbinde, kommt sofort von Windows die Meldung, dass es in einer Minute heruntergefahren wird.

Ich habe übrigens PGP und TrueCrypt auf meinem Computer laufen.

Hier die LOGS:

Info.txt

Code:

info.txt logfile of random's system information tool 1.08 2010-08-16 20:06:52

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat 8.2.3 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Agere Systems HDA Modem-->C:\Windows\agrsmdel
Any Video Converter Professional 2.7.0-->"C:\Program Files\Any Video Converter Professional\unins000.exe"
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Application Installer 4.00.B14-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x9 
a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"
Audio Editor Gold v9.2.11 Build 533-->"C:\Program Files\Audio Editor Gold\unins000.exe"
AV Voice Changer Software DIAMOND 6.0-->C:\PROGRA~1\AVVCS6~1.0DI\UNWISE.EXE C:\PROGRA~1\AVVCS6~1.0DI\INSTALL.LOG
BIOS Configuration for HP ProtectTools-->MsiExec.exe /X{64AE6DA6-8B61-4DF7-AFC0-7134E4C458FA}
BitTorrent-->C:\Program Files\BitTorrent\uninst.exe
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Brothers In Arms-->C:\Program Files\Ubisoft\Gearbox Software\BrothersInArms\System\Setup.exe uninstall "BrothersInArms"
Device Access Manager for HP ProtectTools-->MsiExec.exe /X{55B52830-024A-443E-AF61-61E1E71AFA1B}
ESU for Microsoft Vista-->MsiExec.exe /I{C5EDCC75-41E1-4510-B533-7B2ABA37BE45}
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}\setup.exe -runfromtemp -l0x0409
HP Backup & Recovery Manager Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x9  -uninst  -removeonly
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9  -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}\setup.exe" -l0x9  -removeonly
HP Help and Support-->MsiExec.exe /X{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}
HP Notebook Accessories Product Tour-->MsiExec.exe /I{521F72F4-FFE4-4959-AA88-EED06125211F}
HP ProtectTools Security Manager-->MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357}
HP Quick Launch Buttons 6.40 C2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP Total Care Advisor-->MsiExec.exe /X{9FE8E277-EBFC-4A5E-BD70-6F9B7F32AF0E}
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HP User Guides 0084-->MsiExec.exe /I{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Network Connections Drivers-->Prounstl.exe
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe"  REMOVEALL
iTunes-->MsiExec.exe /I{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LingoPad 2.6 (Build 360)-->"C:\Program Files\LingoPad\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Native Client-->MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /I{F7F3B252-E772-48AA-93EB-7964BC326067}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 3.1-->MsiExec.exe /I{99E862CC-6F69-4D39-99AA-DBF71BF3B585}
Opera 10.61-->MsiExec.exe /X{70858C67-8761-4444-895A-0A8B2E9E144E}
PGP Desktop-->MsiExec.exe /X{C0895AF2-3E62-4F99-AFBD-13FB41216CD5}
Power AMR MP3 WAV WMA M4A AC3 Audio Converter 2.1-->"C:\Program Files\AML Products\Power AMR MP3 WAV WMA M4A AC3 Audio Converter\unins000.exe"
QuickTime-->MsiExec.exe /I{3D9892BB-A751-4E48-ADC8-E4289956CE1D}
Rosetta Stone V3-->MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SecureW2 Client 3.1.2-->C:\Program Files\Alfa & Ariss\SecureW2 Client 3.1.2\Uninstall.exe
SecureW2 TTLS Client 3.3.1 for Windows-->C:\Program Files\SecureW2\SecureW2 TTLS Client\Uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
Street-Ads Browser Enhancer-->"C:\Windows\$NtUninstallMTF1011$\apUninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A} 
TerraTec Home Cinema-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\setup.exe" -l0x7 
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
TV-Browser 3.0-beta2-->C:\Program Files\TV-Browser\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Vista Default Settings-->MsiExec.exe /I{93D44E47-EBE0-43FC-A427-8AC3CD026536}
VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VSO Image Resizer 1.3.2-->"C:\Program Files\VSO\Image Resizer\unins000.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Movie Maker-->MsiExec.exe /X{3D5044A5-97B8-45C0-B956-BB2376569188}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Movie Maker 2.6-->MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Your Uninstaller! 2008 Version 6.2-->"C:\Program Files\Your Uninstaller 2008\unins000.exe"

======Hosts File======

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: 5thDivision
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB969898(Security Update) into Installed(Installed) state
Record Number: 501196
Source Name: Microsoft-Windows-Servicing
Time Written: 20100511184358.000000-000
Event Type: Warning
User: 5THDIVISION\Administrator

Computer Name: 5thDivision
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB969898(Security Update) into Installed(Installed) state
Record Number: 501195
Source Name: Microsoft-Windows-Servicing
Time Written: 20100511184358.000000-000
Event Type: Warning
User: 5THDIVISION\Administrator

Computer Name: 5thDivision
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948465(Service Pack) into Installed(Installed) state
Record Number: 501194
Source Name: Microsoft-Windows-Servicing
Time Written: 20100511184358.000000-000
Event Type: Warning
User: 5THDIVISION\Administrator

Computer Name: 5thDivision
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948465(Service Pack) into Installed(Installed) state
Record Number: 501193
Source Name: Microsoft-Windows-Servicing
Time Written: 20100511184358.000000-000
Event Type: Warning
User: 5THDIVISION\Administrator

Computer Name: 5thDivision
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948465(Service Pack) into Installed(Installed) state
Record Number: 501192
Source Name: Microsoft-Windows-Servicing
Time Written: 20100511184358.000000-000
Event Type: Warning
User: 5THDIVISION\Administrator

=====Application event log=====

Computer Name: 5thDivision
Event Code: 20
Message: 
Record Number: 148019
Source Name: Google Update
Time Written: 20091219170808.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: 5thDivision
Event Code: 20
Message: 
Record Number: 147994
Source Name: Google Update
Time Written: 20091219160815.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: 5thDivision
Event Code: 20
Message: 
Record Number: 147953
Source Name: Google Update
Time Written: 20091219150810.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: 5thDivision
Event Code: 20
Message: 
Record Number: 147951
Source Name: Google Update
Time Written: 20091219140807.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: 5thDivision
Event Code: 20
Message: 
Record Number: 147948
Source Name: Google Update
Time Written: 20091219130809.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: 5thDivision
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
	Security ID:		S-1-5-18
	Account Name:		5THDIVISION$
	Account Domain:		BLACKWATER
	Logon ID:		0x3e7
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
	Account Name:		SYSTEM
	Account Domain:		NT AUTHORITY
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Target Server:
	Target Server Name:	localhost
	Additional Information:	localhost

Process Information:
	Process ID:		0x27c
	Process Name:		C:\WINDOWS\System32\services.exe

Network Information:
	Network Address:	-
	Port:			-

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 135499
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091228064013.855554-000
Event Type: Audit Success
User: 

Computer Name: 5thDivision
Event Code: 5056
Message: A cryptographic self test was performed.

Subject:
	Security ID:		S-1-5-18
	Account Name:		5THDIVISION$
	Account Domain:		BLACKWATER
	Logon ID:		0x3e7

Module:		ncrypt.dll

Return Code:	0x0
Record Number: 135498
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091228064012.937154-000
Event Type: Audit Success
User: 

Computer Name: 5thDivision
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
	Security ID:		S-1-5-18
	Account Name:		SYSTEM
	Account Domain:		NT AUTHORITY
	Logon ID:		0x3e7

Privileges:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 135497
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091228064010.043738-000
Event Type: Audit Success
User: 

Computer Name: 5thDivision
Event Code: 4624
Message: An account was successfully logged on.

Subject:
	Security ID:		S-1-5-18
	Account Name:		5THDIVISION$
	Account Domain:		BLACKWATER
	Logon ID:		0x3e7

Logon Type:			5

New Logon:
	Security ID:		S-1-5-18
	Account Name:		SYSTEM
	Account Domain:		NT AUTHORITY
	Logon ID:		0x3e7
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Process Information:
	Process ID:		0x27c
	Process Name:		C:\WINDOWS\System32\services.exe

Network Information:
	Workstation Name:	
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		Advapi  
	Authentication Package:	Negotiate
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
	- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 135496
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091228064010.043738-000
Event Type: Audit Success
User: 

Computer Name: 5thDivision
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
	Security ID:		S-1-5-18
	Account Name:		5THDIVISION$
	Account Domain:		BLACKWATER
	Logon ID:		0x3e7
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
	Account Name:		SYSTEM
	Account Domain:		NT AUTHORITY
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Target Server:
	Target Server Name:	localhost
	Additional Information:	localhost

Process Information:
	Process ID:		0x27c
	Process Name:		C:\WINDOWS\System32\services.exe

Network Information:
	Network Address:	-
	Port:			-

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 135495
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091228064010.043738-000
Event Type: Audit Success
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=0f0a
"NUMBER_OF_PROCESSORS"=1
"PLATFORM"=BNB
"OnlineServices"=Online Services
"asl.log"=Destination=file;OnFirstLog=command,environment,parent
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

log.txt

Code:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-08-16 20:17:25
Microsoft® Windows Vista™ Home Basic  Service Pack 2
System drive C: has 7 GB (7%) free of 104 GB
Total RAM: 1015 MB (59% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{BD4BC8F0-18E3-4538-A5AC-6027C0DDD2E0}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-16 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C1A13DE-C9B6-4CCD-B6F9-F0D86E302BEA}]
adShotHlpr Object - C:\Windows\system32\dkngp.dll [2010-07-16 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2010-06-16 320928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6A4807A-32BE-4430-83E5-F09FEDE607EE}]
moigh Object - C:\Windows\system32\zkngp.dll [2010-07-16 246784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-15 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2010-06-16 320928]
{AD6E6555-FB2C-47D4-8339-3E2965509877} - &TerraTec Home Cinema - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL [2008-04-16 536576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]
"sta"=rundll32 dkngp.dll,,Run []
"MChk"=C:\Windows\system32\qkngp.exe [2010-07-14 40581]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cmummsse"=C:\Users\Administrator\AppData\Local\hhwousgfr\bvkocyyshdw.exe [2010-08-16 257024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\CCleaner.exe]
CCleaner.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SynTPEnh.lnk - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Eigene Dateien - Shortcut.lnk - C:\Users\Administrator\Desktop\Eigene Dateien

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="PGPmapih.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\Windows\system32\DeviceNP.dll [2007-06-08 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-09-13 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
PGPpwflt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-16 20:06:47 ----D---- C:\Program Files\trend micro
2010-08-16 20:06:46 ----D---- C:\rsit
2010-08-16 16:57:02 ----D---- C:\Windows\$NtUninstallMTF1011$
2010-08-16 16:56:50 ----A---- C:\Windows\system32\drivers\ttbis.sys
2010-08-16 16:55:20 ----D---- C:\Users\Administrator\AppData\Roaming\146B927A0BC2AF5D5B1D4D21F7F9CD1B
2010-08-06 19:33:05 ----D---- C:\Users\Administrator\AppData\Roaming\TV-Browser
2010-08-03 19:06:21 ----D---- C:\Program Files\iPod
2010-07-27 21:54:55 ----D---- C:\Program Files\The KMPlayer
2010-07-26 14:38:50 ----D---- C:\Program Files\Mozilla Firefox
2010-07-26 14:21:04 ----D---- C:\Program Files\Minefield
2010-07-25 22:29:19 ----D---- C:\ProgramData\Rosetta Stone
2010-07-25 22:29:18 ----D---- C:\Program Files\Rosetta Stone
2010-07-21 16:02:49 ----D---- C:\Program Files\ICQ6Toolbar
2010-07-21 16:02:00 ----D---- C:\Users\Administrator\AppData\Roaming\Mozilla
2010-07-21 16:02:00 ----D---- C:\ProgramData\ICQ

======List of files/folders modified in the last 1 months======

2010-08-16 20:16:47 ----A---- C:\Windows\ntbtlog.txt
2010-08-16 20:15:13 ----D---- C:\Windows\Temp
2010-08-16 20:06:47 ----D---- C:\Program Files
2010-08-16 20:00:29 ----D---- C:\Windows\System32
2010-08-16 20:00:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-16 19:45:38 ----D---- C:\Windows\Prefetch
2010-08-16 19:45:38 ----D---- C:\WINDOWS
2010-08-16 19:17:40 ----D---- C:\Windows\Minidump
2010-08-16 19:12:57 ----D---- C:\Program Files\a-squared Free
2010-08-16 17:19:32 ----D---- C:\ProgramData\FLEXnet
2010-08-16 17:13:10 ----D---- C:\Windows\system32\wbem
2010-08-16 17:12:22 ----D---- C:\Windows\Tasks
2010-08-16 17:12:22 ----D---- C:\Windows\system32\spool
2010-08-16 17:12:22 ----D---- C:\Windows\system32\Msdtc
2010-08-16 17:12:22 ----D---- C:\Windows\system32\drivers
2010-08-16 17:12:22 ----D---- C:\Windows\system32\CodeIntegrity
2010-08-16 17:12:22 ----D---- C:\Windows\system32\catroot2
2010-08-16 17:12:22 ----D---- C:\Windows\inf
2010-08-16 17:12:22 ----D---- C:\Users\Administrator\AppData\Roaming\vlc
2010-08-16 17:12:22 ----D---- C:\Users\Administrator\AppData\Roaming\BitTorrent
2010-08-16 17:12:20 ----D---- C:\Windows\registration
2010-08-16 16:42:26 ----D---- C:\Users\Administrator\AppData\Roaming\Adobe
2010-08-16 16:42:26 ----D---- C:\Program Files\Common Files\Adobe
2010-08-16 06:20:12 ----D---- C:\Program Files\LingoPad
2010-08-15 18:43:51 ----D---- C:\System Volume Information
2010-08-14 19:41:40 ----AD---- C:\ProgramData\TEMP
2010-08-12 22:14:48 ----D---- C:\Users\Administrator\AppData\Roaming\dvdcss
2010-08-12 14:51:59 ----SHD---- C:\Windows\Installer
2010-08-12 14:51:36 ----D---- C:\Program Files\Opera
2010-08-06 19:32:44 ----D---- C:\Program Files\TV-Browser
2010-08-05 19:47:56 ----D---- C:\Users\Administrator\AppData\Roaming\Vso
2010-08-03 19:16:31 ----D---- C:\Program Files\iTunes
2010-08-03 19:06:19 ----D---- C:\Program Files\Common Files\Apple
2010-07-25 22:29:19 ----HD---- C:\ProgramData
2010-07-21 16:03:48 ----D---- C:\Users\Administrator\AppData\Roaming\ICQ
2010-07-21 16:02:01 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-18 20:00:58 ----D---- C:\Program1

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-03-21 304920]
R0 pgpfs;PGP File Sharing; C:\Windows\System32\Drivers\PGPfsfd.sys [2008-08-22 128568]
R0 PGPwded;PGPwded Storage Filter Service; C:\Windows\system32\drivers\PGPwded.sys [2008-08-22 210488]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2007-10-17 685816]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-23 1331192]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-12-05 217728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
S1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2010-01-04 223432]
S2 PGPdisk;PGPdisk; C:\Windows\system32\drivers\PGPdisk.sys [2008-08-22 245816]
S2 PGPsdkDriver;PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [2008-08-22 40504]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2008-04-24 309248]
S3 AF15BDA;Cinergy T USB XE (MKII) service; C:\Windows\system32\drivers\AF15BDA.sys [2006-11-20 283776]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]
S3 AVMUNET;AVM FRITZ!Box; C:\Windows\system32\DRIVERS\avmunet.sys [2005-02-22 15104]
S3 aya0bz8t;aya0bz8t; C:\Windows\system32\drivers\aya0bz8t.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-23 1331192]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2007-07-27 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2007-07-27 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2007-07-27 29184]
S3 DAMDrv;DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 1925632]
S3 IPSECSHM;Nortel IPSECSHM Adapter; C:\Windows\system32\DRIVERS\ipsecw2k.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NDNdisprot;NetDetect NDIS Driver; C:\Windows\system32\DRIVERS\ndndisprot.sys [2008-01-01 21504]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-19 2219520]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 rockusb;Driver for rockusb Device; C:\Windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2009-09-15 32768]
S3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-02 128104]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2010-07-14 1872320]
S2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-02-06 69632]
S2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
S2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 HDD & SSD access service;HDD & SSD access service; C:\Program Files\Common Files\BinarySense\disksvc.exe []
S2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-25 148832]
S2 PGPserv;PGPserv; C:\Windows\system32\PGPserv.exe [2008-08-22 104504]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
S3 de_serv;AVM FRITZ!web Routing Service; C:\Program Files\Common Files\AVM\de_serv.exe []
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\Windows\system32\flcdlock.exe [2007-06-08 172131]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-07 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 BthServ;Bluetooth Support Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S4 gupdate1ca168b3cb2a5e3;Google Update Service (gupdate1ca168b3cb2a5e3); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-06 133104]
S4 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
S4 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]

-----------------EOF-----------------

defrogger log

Code:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:20 on 16/08/2010 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
Unable to read ttbis.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

gmer log

Code:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-16 20:27:01
Windows 6.0.6002 Service Pack 2
Running: w8qrjbxq.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxlyqpob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                    PGPfsfd.sys (PGP FSFD/PGP Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0   Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device           -> \Driver\iaStor \Device\Harddisk0\DR0  854A7EC5

---- Files - GMER 1.0.15 ----

File            C:\Windows\system32\drivers\iaStor.sys    suspicious modification

---- EOF - GMER 1.0.15 ----

Vielen, vielen Dank schonmal für die Hilfe

**pc-jedi** · 16.08.2010 21:21

Willkommen im HijackThis.de Supportforum hares,

ein System zu bereinigen ist unter Umständen aufwändig und mit einiger Arbeit für Dich verbunden.
Bitte folgende Punkte beachten:

Respektiere unsere Forenregeln und sei nicht zu ungeduldig, wenn es mal etwas länger dauert.
Während der Bereinigung alle vorhandenen externen Speichermedien (USB Sticks, Festplatten) anschließen,
und keine Programme ohne Absprache installieren oder deinstallieren.
Programme ausschließlich von den in unserer Anleitung angegebenen Links herunterladen!
Logfiles in Code-Tags posten und ggfs. persönliche Daten anonymisieren.
Arbeite jeden Punkt der Reihe nach ab und berichte, dass Du ihn erledigt hast.
Wenn es ein Problem gibt, stoppen und es so genau wie möglich beschreiben.

Achtung: Das Verschwinden der Symptome bedeutet nicht das Dein Rechner schon sauber ist.
Bitte arbeite solange mit bis wir sagen, dass der Rechner sauber ist.
Nur Anleitungen/Anweisungen eines hier aufgeführten Team-Mitglieds ausführen.
Es gibt grundsätzlich keinen Support per PN oder Mail.
Wir bereinigen keine Rechner, die geschäftlich genutzt werden.
Der Besitz legaler Software ist Vorraussetzung für die Support.
Sollten wir illegale Software finden, wird der Support eingestellt.

Vista und Win7 User:

Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1
TDSSKiller von Kaspersky

Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
Starte die TDSSKiller.exe durch Doppelklick.
Vista- und Windows7-User mit Rechtsklick und als Administrator starten.
Klicke auf Start Scan, um den Suchlauf zu starten.
Nach Beendigung der Arbeit schlägt das Tool u. U. vor, das System neu zu starten.
Bestätige das ggfs. mit Y(es).
Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
Wenn keine Funde gemacht wurden, wird das angezeigt.
Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.

Schritt 2
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal-Ausgabe
Unter Extra-Registrierung, wähle bitte Benutze SafeList
Klicke nun auf Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in Code-Tags hier in den Thread.

Schritt 3
Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Gmer ist geeignet für => NT/W2K/XP/VISTA/WIN 7 (nur 32Bit).
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.

Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird Gmer beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
Poste bitte bei deiner nächsten Antwort

OTL Logfiles
GMER Logfile

**hares** · 16.08.2010 23:36

Vielen Dank das mir hilfst PC-Jedi.

TDSS Killer Log:

Code:

2010/08/16 22:01:24.0935	TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/16 22:01:24.0935	================================================================================
2010/08/16 22:01:24.0935	SystemInfo:
2010/08/16 22:01:24.0935	
2010/08/16 22:01:24.0935	OS Version: 6.0.6002 ServicePack: 2.0
2010/08/16 22:01:24.0935	Product type: Workstation
2010/08/16 22:01:24.0935	ComputerName: 5THDIVISION
2010/08/16 22:01:24.0935	UserName: Administrator
2010/08/16 22:01:24.0935	Windows directory: C:\Windows
2010/08/16 22:01:24.0935	System windows directory: C:\Windows
2010/08/16 22:01:24.0935	Processor architecture: Intel x86
2010/08/16 22:01:24.0935	Number of processors: 1
2010/08/16 22:01:24.0935	Page size: 0x1000
2010/08/16 22:01:24.0935	Boot type: Safe boot with network
2010/08/16 22:01:24.0935	================================================================================
2010/08/16 22:01:25.0637	Initialize success
2010/08/16 22:02:03.0014	================================================================================
2010/08/16 22:02:03.0014	Scan started
2010/08/16 22:02:03.0014	Mode: Manual;
2010/08/16 22:02:03.0014	================================================================================
2010/08/16 22:02:04.0434	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/08/16 22:02:04.0652	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/08/16 22:02:04.0746	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/08/16 22:02:04.0855	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/08/16 22:02:04.0949	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/08/16 22:02:05.0120	AF15BDA         (ad0565605d67500ca1c25d3a415d3dce) C:\Windows\system32\drivers\AF15BDA.sys
2010/08/16 22:02:05.0245	AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/08/16 22:02:05.0464	AgereSoftModem  (3712986cc3abf0dc656b43525b9d1279) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/08/16 22:02:05.0620	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/08/16 22:02:05.0729	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/08/16 22:02:05.0838	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/08/16 22:02:05.0947	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/08/16 22:02:06.0025	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/08/16 22:02:06.0134	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/08/16 22:02:06.0197	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/16 22:02:06.0368	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/08/16 22:02:06.0478	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/08/16 22:02:06.0618	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/16 22:02:06.0712	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/08/16 22:02:06.0946	AVMUNET         (077b3692f4376d1539755761feef659a) C:\Windows\system32\DRIVERS\avmunet.sys
2010/08/16 22:02:07.0086	b57nd60x        (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/08/16 22:02:07.0273	BCM43XV         (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/08/16 22:02:07.0445	BCM43XX         (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/08/16 22:02:07.0554	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/08/16 22:02:07.0757	bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/16 22:02:07.0882	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/08/16 22:02:07.0991	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/08/16 22:02:08.0100	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/08/16 22:02:08.0178	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/08/16 22:02:08.0272	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/08/16 22:02:08.0365	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/08/16 22:02:08.0506	BthEnum         (064fbc56921051de1075495d628b815f) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/08/16 22:02:08.0599	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/08/16 22:02:08.0708	BthPan          (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2010/08/16 22:02:08.0818	BTHPORT         (b24757d9154cca035e1bbd3db92966d7) C:\Windows\system32\Drivers\BTHport.sys
2010/08/16 22:02:08.0942	BTHUSB          (d42cf5f0c7635b3f1578810fe34d9e41) C:\Windows\system32\Drivers\BTHUSB.sys
2010/08/16 22:02:09.0052	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/16 22:02:09.0161	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/16 22:02:09.0254	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/08/16 22:02:09.0364	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/08/16 22:02:09.0551	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/16 22:02:09.0629	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/08/16 22:02:09.0754	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/16 22:02:09.0816	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/08/16 22:02:09.0894	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/08/16 22:02:10.0050	DAMDrv          (5d5984255a4bfaa4262fb750df7cd537) C:\Windows\system32\DRIVERS\DAMDrv.sys
2010/08/16 22:02:10.0222	DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/08/16 22:02:10.0378	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/08/16 22:02:10.0518	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/08/16 22:02:10.0627	DXGKrnl         (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/16 22:02:10.0783	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/08/16 22:02:10.0939	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/08/16 22:02:11.0048	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/08/16 22:02:11.0236	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/08/16 22:02:11.0360	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/08/16 22:02:11.0516	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/16 22:02:11.0641	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/08/16 22:02:11.0750	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/08/16 22:02:11.0891	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/16 22:02:11.0984	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/08/16 22:02:12.0125	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/16 22:02:12.0203	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/08/16 22:02:12.0328	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/08/16 22:02:12.0484	HBtnKey         (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2010/08/16 22:02:12.0577	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/08/16 22:02:12.0702	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/16 22:02:12.0874	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/08/16 22:02:12.0967	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/08/16 22:02:13.0076	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/16 22:02:13.0217	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/08/16 22:02:13.0373	HpqKbFiltr      (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/08/16 22:02:13.0513	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/08/16 22:02:13.0669	HSF_DPV         (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/08/16 22:02:13.0841	HTTP            (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2010/08/16 22:02:13.0950	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/08/16 22:02:14.0059	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/16 22:02:14.0215	iaStor          (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2010/08/16 22:02:14.0293	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/08/16 22:02:14.0480	igfx            (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/08/16 22:02:14.0621	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/08/16 22:02:14.0761	intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2010/08/16 22:02:14.0855	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/16 22:02:14.0980	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/16 22:02:15.0151	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/08/16 22:02:15.0276	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/08/16 22:02:15.0510	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/08/16 22:02:15.0619	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/08/16 22:02:15.0744	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/16 22:02:15.0822	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/08/16 22:02:15.0900	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/08/16 22:02:16.0087	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/16 22:02:16.0196	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/16 22:02:16.0290	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/16 22:02:16.0430	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/16 22:02:16.0586	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/08/16 22:02:16.0696	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/08/16 22:02:16.0805	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/08/16 22:02:16.0898	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/08/16 22:02:16.0976	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/08/16 22:02:17.0101	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/08/16 22:02:17.0179	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/16 22:02:17.0273	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/16 22:02:17.0382	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/16 22:02:17.0491	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/08/16 22:02:17.0600	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/08/16 22:02:17.0694	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/16 22:02:17.0788	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/08/16 22:02:17.0897	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/08/16 22:02:18.0006	mrxsmb          (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/16 22:02:18.0068	mrxsmb10        (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/16 22:02:18.0146	mrxsmb20        (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/16 22:02:18.0318	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/08/16 22:02:18.0412	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/08/16 22:02:18.0552	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/08/16 22:02:18.0630	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/08/16 22:02:18.0755	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/16 22:02:18.0864	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/16 22:02:18.0942	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/08/16 22:02:19.0036	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/08/16 22:02:19.0129	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/16 22:02:19.0223	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/08/16 22:02:19.0301	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/08/16 22:02:19.0426	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/16 22:02:19.0550	NDIS            (880139e592df531a834226d40d9ceccb) C:\Windows\system32\drivers\ndis.sys
2010/08/16 22:02:19.0550	Suspicious file (Forged): C:\Windows\system32\drivers\ndis.sys. Real md5: 880139e592df531a834226d40d9ceccb, Fake md5: 1357274d1883f68300aeadd15d7bbb42
2010/08/16 22:02:19.0566	NDIS - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/16 22:02:19.0644	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/16 22:02:19.0738	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/16 22:02:19.0831	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/16 22:02:19.0940	NDNdisprot      (8f619cc242442dfa6d42a8227866fd57) C:\Windows\system32\DRIVERS\ndndisprot.sys
2010/08/16 22:02:20.0050	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/08/16 22:02:20.0159	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/16 22:02:20.0268	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/16 22:02:20.0393	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/08/16 22:02:20.0486	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/08/16 22:02:20.0611	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/16 22:02:20.0767	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/08/16 22:02:20.0892	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/08/16 22:02:21.0017	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/08/16 22:02:21.0126	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/08/16 22:02:21.0220	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/08/16 22:02:21.0313	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/08/16 22:02:21.0516	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/16 22:02:21.0656	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2010/08/16 22:02:21.0781	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/08/16 22:02:21.0859	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2010/08/16 22:02:21.0953	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/08/16 22:02:22.0078	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
2010/08/16 22:02:22.0202	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/16 22:02:22.0343	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/08/16 22:02:22.0577	PGPdisk         (80a1a12e3d72df9f1c26d5a64b94d275) C:\Windows\system32\drivers\PGPdisk.sys
2010/08/16 22:02:22.0686	pgpfs           (f6f2fe39689c6bdb4988908539a26424) C:\Windows\system32\Drivers\PGPfsfd.sys
2010/08/16 22:02:22.0826	PGPsdkDriver    (00015281b6bc347bd9fca75eb7cac6ec) C:\Windows\system32\Drivers\PGPsdk.sys
2010/08/16 22:02:22.0951	PGPwded         (d50339559ae5e0b7f7113f349fdac35d) C:\Windows\system32\drivers\PGPwded.sys
2010/08/16 22:02:23.0138	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/16 22:02:23.0248	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/08/16 22:02:23.0372	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/16 22:02:23.0544	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/08/16 22:02:23.0684	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/08/16 22:02:23.0809	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/16 22:02:23.0996	R300            (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/08/16 22:02:24.0137	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/16 22:02:24.0277	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/16 22:02:24.0386	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/16 22:02:24.0496	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/16 22:02:24.0589	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/16 22:02:24.0714	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/16 22:02:24.0839	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/08/16 22:02:24.0917	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/16 22:02:25.0010	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/08/16 22:02:25.0135	RFCOMM          (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/08/16 22:02:25.0260	rockusb         (cd71d0d7985051be10306d67725f5a7c) C:\Windows\system32\DRIVERS\rockusb.sys
2010/08/16 22:02:25.0385	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/16 22:02:25.0494	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/08/16 22:02:25.0634	sdbus           (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
2010/08/16 22:02:25.0775	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/16 22:02:25.0868	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/08/16 22:02:25.0962	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/08/16 22:02:26.0071	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/08/16 22:02:26.0196	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/08/16 22:02:26.0321	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/08/16 22:02:26.0414	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/08/16 22:02:26.0492	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/08/16 22:02:26.0617	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/08/16 22:02:26.0695	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/08/16 22:02:26.0804	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/08/16 22:02:26.0945	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/08/16 22:02:27.0085	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/08/16 22:02:27.0210	sptd            (d390675b8ce45e5fb359338e5e649329) C:\Windows\System32\Drivers\sptd.sys
2010/08/16 22:02:27.0366	srv             (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
2010/08/16 22:02:27.0491	srv2            (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/16 22:02:27.0600	srvnet          (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/16 22:02:27.0756	ssmdrv          (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/08/16 22:02:27.0896	StarOpen        (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2010/08/16 22:02:27.0990	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/16 22:02:28.0099	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/08/16 22:02:28.0193	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/08/16 22:02:28.0318	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/08/16 22:02:28.0411	SynTP           (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
2010/08/16 22:02:28.0520	taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2010/08/16 22:02:28.0676	tapvpn          (27a2c318cd28cfb3eb2200fd96af1e58) C:\Windows\system32\DRIVERS\tapvpn.sys
2010/08/16 22:02:28.0848	Tcpip           (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
2010/08/16 22:02:28.0973	Tcpip6          (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/16 22:02:29.0066	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/16 22:02:29.0191	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/08/16 22:02:29.0300	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/08/16 22:02:29.0394	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/16 22:02:29.0503	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/16 22:02:29.0628	TPM             (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
2010/08/16 22:02:29.0784	truecrypt       (6ec1d6ed5471c99ffc38abe498a6df08) C:\Windows\system32\drivers\truecrypt.sys
2010/08/16 22:02:29.0893	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/16 22:02:30.0002	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/08/16 22:02:30.0112	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/16 22:02:30.0221	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/08/16 22:02:30.0330	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/16 22:02:30.0470	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/08/16 22:02:30.0564	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/08/16 22:02:30.0689	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/08/16 22:02:30.0814	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/08/16 22:02:30.0923	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/16 22:02:31.0110	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/16 22:02:31.0188	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/08/16 22:02:31.0391	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/16 22:02:31.0516	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/16 22:02:31.0672	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/16 22:02:31.0812	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/16 22:02:31.0937	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/16 22:02:32.0046	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/16 22:02:32.0155	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/16 22:02:32.0296	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/16 22:02:32.0389	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/08/16 22:02:32.0483	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/08/16 22:02:32.0561	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/08/16 22:02:32.0654	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/08/16 22:02:32.0748	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/08/16 22:02:32.0888	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/08/16 22:02:32.0998	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/08/16 22:02:33.0107	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/08/16 22:02:33.0232	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/08/16 22:02:33.0341	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/16 22:02:33.0372	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/16 22:02:33.0481	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/08/16 22:02:33.0606	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/16 22:02:33.0793	WimFltr         (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2010/08/16 22:02:33.0934	winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/08/16 22:02:34.0152	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/16 22:02:34.0292	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/08/16 22:02:34.0433	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/16 22:02:34.0573	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/16 22:02:34.0729	================================================================================
2010/08/16 22:02:34.0729	Scan finished
2010/08/16 22:02:34.0729	================================================================================
2010/08/16 22:02:34.0760	Detected object count: 1
2010/08/16 22:03:07.0224	C:\Windows\system32\drivers\ndis.sys - processing error
2010/08/16 22:03:07.0224	Rootkit.Win32.TDSS.tdl3(NDIS) - User select action: Cure
2010/08/16 22:03:15.0679	Deinitialize success

OTL Extras Log

Code:

OTL Extras logfile created on: 16.08.2010 22:03:43 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Administrator\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 303,00 Mb Available Physical Memory | 30,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,45 Gb Total Space | 7,03 Gb Free Space | 6,93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,23% Space Free | Partition Type: NTFS
Drive F: | 6,88 Gb Total Space | 0,68 Gb Free Space | 9,85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 1,90 Gb Total Space | 0,67 Gb Free Space | 35,35% Space Free | Partition Type: NTFS
Drive I: | 1,92 Gb Total Space | 1,24 Gb Free Space | 64,66% Space Free | Partition Type: FAT
 
Computer Name: 5THDIVISION
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4B80EF81-5BCB-4099-8D05-B712BE27FA89}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface | 
"{6DB865FD-D8F9-4ECF-BBE9-B04A300399F8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{79C7DACE-31A4-426E-BD52-2A4FA7ED19EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8AECC37F-F123-40ED-8E72-92DA53B2BA8F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{91B5AABE-10C3-43D9-AB54-FB04279F7057}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{930DB663-AF8D-408B-92D2-E6524EA6FDAE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A67F92BD-9968-4938-85FA-37553981F262}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B80C16F3-E24D-4C56-BC2C-FE43AF414EA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01672948-D552-4273-AED9-E89CF27E7888}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{04AD6EA0-A2AB-42D9-B85A-04A7548783B0}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe | 
"{078BC69C-37C0-4068-889B-E972AF26A583}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsbcbb.tmp\symnrt.exe | 
"{0B1151A3-50B5-4E54-885F-84781BB9657B}" = protocol=17 | dir=in | app=c:\program files\novalogic\delta force xtreme 2 beta\dfx2beta.exe | 
"{116D38B4-BE1A-41E8-8BBE-63DC7BE268D7}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\channeleditor\cinergydvrchanneleditor.exe | 
"{135D2F78-EB2A-4BF1-8777-DCC4A0B1B5F9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{14261476-F859-4F34-A192-A2678CB6EAD8}" = protocol=17 | dir=in | app=c:\program files\opera2\opera.exe | 
"{1DABCF28-241A-4F9C-B2F8-93908B90CF25}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsc1e9.tmp\symnrt.exe | 
"{1EA5C4AD-DDB3-490F-B58E-DB4D72B72F5F}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsc1e9.tmp\symnrt.exe | 
"{1FF57C9D-3897-4E6A-9F2A-C6ECF946CCDD}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 
"{23CC21A7-2AE7-4312-A0D2-6544535DF7DC}" = protocol=17 | dir=in | app=c:\program files\nortel networks\extranet.exe | 
"{26A25C19-1101-4347-94D1-B31233DF7C50}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{2C046DA5-2ED4-4308-95FB-D69EB0BE96C8}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{2E05033B-D5CB-4C89-8E57-618477D10A36}" = protocol=17 | dir=in | app=c:\program files\novalogic\delta force xtreme 2 beta\update.exe | 
"{2F38D468-2140-4705-9647-5280B8C1B02A}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{4856ED74-57C6-4917-83D4-465F71226502}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{4907006D-4305-4E8B-9830-55DEFB024098}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe | 
"{4C40CC91-6622-426E-957B-9F2E2F6F9A51}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{4DD7C9CC-90DB-4719-ADED-D8CD219AFD69}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{4F4093E4-AD87-42BA-87B8-6D19346D5CEB}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"{52EDBEEC-19B6-47DE-9C04-135153884983}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{54F5D2B2-2461-4C77-852E-185674B22CF2}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsb8f8.tmp\symnrt.exe | 
"{5558EB74-4D29-4772-9A24-99FFFB98C579}" = dir=in | app=c:\program files\rosetta stone\rosetta stone v3\support\bin\win\rosettastoneltdservices.exe | 
"{5703A185-B927-4D8A-8089-480EB83FE110}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5D3110B0-03D6-476D-A2C2-0A40294A5D8C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{5D701362-2A7B-4918-81A4-4AE6DDEE2D6E}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 
"{637C4ADB-1FD0-4667-85C0-B92A6FEFD7F7}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsb8f8.tmp\symnrt.exe | 
"{654BA3B2-B7D1-49ED-B5CD-20A7B768B2C2}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{6DC84B11-4626-4EAD-890B-2425F278BADC}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{6EF17E5D-9C32-42D2-8AAD-A153C5154FBE}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{7209D551-392B-465F-ADF2-4D59197309E9}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{72BBAD8D-1C13-4B86-AAB4-4711B6DEF0A4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{760F001A-A921-427E-A699-3EB6B0B75770}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{84EEE2EB-CCB6-471B-A59C-F99FBF9BC2B4}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{89447EEA-3012-4458-8BA3-6243B7AFC8D7}" = protocol=6 | dir=in | app=c:\program files\nortel networks\extranet.exe | 
"{98BAF6AF-61B6-47E5-A0A7-1DA4E3E27787}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{9EF0E1CF-E600-4927-A7BF-578AF4B4B579}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone v3\rosettastoneversion3.exe | 
"{9F1F2EEC-E5D1-41BF-9392-8F9F5D0145E8}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\channeleditor\cinergydvrchanneleditor.exe | 
"{9FDB44F6-73A5-4B6A-8794-EFD56C1C275A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A5B3EFE8-1620-4B33-97AF-8EE2CFBDD349}" = protocol=6 | dir=in | app=c:\program files\lg pc suite 2\lgpcsuitelanucher_setup.exe | 
"{AB16A782-21DC-40BB-8B9B-E13472D5C398}" = dir=in | app=c:\program files\rosetta stone\rosetta stone v3\rosettastoneversion3.exe | 
"{AC7F8311-3E74-46E9-9FF6-E5712F36D71A}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{AF8A7409-1243-4423-A5F4-989855B35A43}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 
"{B652A4FE-8C60-40C1-83FE-29C10B149AE2}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{C830B73F-7DB7-486C-8361-E5EA202421AA}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{CA5D4B33-F18E-48BD-A311-525A5649B2E0}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsbcbb.tmp\symnrt.exe | 
"{CA7A8A33-F580-4F47-A668-E7DEFCE84D17}" = protocol=17 | dir=in | app=c:\program files\lg pc suite 2\lgpcsuitelanucher_setup.exe | 
"{CAF1E927-D9BE-44B0-92C5-E8D093FFE02C}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{D1ED9A39-4C9A-4D00-A441-42CA86C7A90F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D51541CF-6954-4C08-9979-FCEBBC8070EA}" = protocol=6 | dir=in | app=c:\program files\opera2\opera.exe | 
"{D6F1C8EC-FBF2-4EE4-AEDA-87A899E01819}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe | 
"{E457D6D7-6209-4EB1-A090-3DEBFA486E26}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{EB64D66D-2E67-4262-9DDB-F54FB9BE7010}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{EC012FFC-5C4A-477F-B4CD-C6F302110E7D}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{EFA5C40B-48F3-4EC6-9DE5-55D393F37F57}" = protocol=6 | dir=in | app=c:\program files\novalogic\delta force xtreme 2 beta\dfx2beta.exe | 
"{EFBD88EA-6691-448F-982B-3BEE4CC55866}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe | 
"{F1900A91-57B5-40F0-BBCF-61351B4D3DE9}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"{FB1EF48B-4837-4A90-90EC-482FC83A4EDE}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{FBD66116-5B66-471E-BC26-19F823230B17}" = protocol=6 | dir=in | app=c:\program files\novalogic\delta force xtreme 2 beta\update.exe | 
"{FED33A82-A507-452E-B59C-D80A26CD7749}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 
"TCP Query User{02E1653D-1D89-4246-9962-6444F1E4FAEC}C:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe | 
"TCP Query User{05438640-91AD-4C73-83AC-1A4BD232DA0A}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"TCP Query User{09050517-7C12-4B49-AA0A-9D5835111A75}C:\program files\adventnet\me\wifimanager\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\java.exe | 
"TCP Query User{0C2FD8E4-1F26-4E90-BC3A-1A4FE6C5C261}C:\program files\activision value\wsop 2008\wsopbftb.exe" = protocol=6 | dir=in | app=c:\program files\activision value\wsop 2008\wsopbftb.exe | 
"TCP Query User{15303ACB-CCF3-4592-84DB-FA0C1A35EF4E}C:\users\administrator\desktop\eigene dateien\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\eigene dateien\battlefield 2\bf2.exe | 
"TCP Query User{1CF5E7EE-048B-48C9-8C8F-1CBEC1FED375}C:\program files\ubisoft\demo\ghost recon advanced warfighter demo\graw_demo.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\demo\ghost recon advanced warfighter demo\graw_demo.exe | 
"TCP Query User{1E006593-E637-4B2E-9BCA-507BA2DD81B8}C:\program files\adventnet\me\wifimanager\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\program files\adventnet\me\wifimanager\mysql\bin\mysqld-nt.exe | 
"TCP Query User{1E8A4186-CCA2-43D8-96C5-921F00D121D4}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{28072226-F10F-45CE-8287-0612C73FA899}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe | 
"TCP Query User{32931EB5-397B-41FE-9932-ABEB961CA989}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{4CCD0BF3-0FE7-466A-BBBB-E55914E30B2C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{51C54298-8F6A-4FAE-BA47-85D1039DFCC4}C:\program files\java\jre1.6.0_01\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\java.exe | 
"TCP Query User{563C230A-EADD-4D3B-8903-7EE618E32492}C:\program files\adventnet\me\wifimanager\jre\bin\rmiregistry.exe" = protocol=6 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\rmiregistry.exe | 
"TCP Query User{6AE6D744-8E5D-4EF9-92E0-2D715065D627}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"TCP Query User{6BAA2A63-7432-4CEF-8103-38B101CC67C8}C:\program files\the political machine\polmachine.exe" = protocol=6 | dir=in | app=c:\program files\the political machine\polmachine.exe | 
"TCP Query User{6FCE3FD1-8085-41DB-8331-20309C40CAC3}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{73E292D9-93F2-4246-9007-93B18B747EFA}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{742BC9E8-7FA4-4B6D-9006-2E71F4692F26}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{7605C22D-D207-4178-94F9-0B78BDB7F2E8}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{766198D1-382F-4BFB-B9CE-24F4BA188590}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=6 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe | 
"TCP Query User{8898FBA4-347B-4D67-8FD3-EBCD5EAB974B}C:\program files\fritz!dsl\fboxupd.exe" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"TCP Query User{8937277E-8435-4084-8483-9A686FA2869D}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{95F49E31-5219-4972-BE88-280C633F6A80}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{AC0D90B2-F861-4DA1-AF72-84EE9406DC03}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{AC28F2D1-FB55-4606-BC94-6E6FB3A0EF6E}C:\users\administrator\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{B5446CF9-CF8A-4881-B8D9-0F0D8696011B}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{C224D2CE-E6D9-4572-A13D-102B7501B00B}C:\program files\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe | 
"TCP Query User{DF29CF28-EF35-400E-BDCC-973CAA0B0465}C:\program files\java\jre1.6.0_01\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\launch4j-tmp\jdownloader.exe | 
"TCP Query User{E1DA06E3-F31E-4201-B1CD-96841B9FA5AC}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{E88BAA2A-427F-4F41-A217-EED4C3757C71}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{FA19DF02-D06C-4251-A002-375518C24E04}C:\program files\halite\halite.exe" = protocol=6 | dir=in | app=c:\program files\halite\halite.exe | 
"TCP Query User{FBD5DE27-512C-4892-B022-0B635133C8B9}C:\users\administrator\desktop\eigene dateien\iron man\ironman.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\eigene dateien\iron man\ironman.exe | 
"TCP Query User{FC594059-01EB-4EEC-B5DF-225807ADADDC}C:\program files\winhttrack\winhttrack.exe" = protocol=6 | dir=in | app=c:\program files\winhttrack\winhttrack.exe | 
"UDP Query User{0350CA5A-4DC0-4B5F-B092-0BA4474EF44D}C:\program files\ubisoft\demo\ghost recon advanced warfighter demo\graw_demo.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\demo\ghost recon advanced warfighter demo\graw_demo.exe | 
"UDP Query User{0A508B6C-CEA3-4ED3-9D75-CAC6EDA4E8AF}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{0F3FE63C-C0F4-4430-B849-8288F79B203A}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{2A08413E-CC00-4F90-96BA-D07C3D492A8E}C:\program files\halite\halite.exe" = protocol=17 | dir=in | app=c:\program files\halite\halite.exe | 
"UDP Query User{2B7B9747-5BBD-49CC-B081-72522D1BC99C}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{3623793C-BF82-44C3-BB9C-9C72815DD46D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{3A06553B-AC54-485C-A463-72D6A6143055}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{3FCC1646-D742-432F-B168-7E8DC91804E3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{499424AB-1B27-4718-94BB-0892081F463C}C:\program files\adventnet\me\wifimanager\jre\bin\rmiregistry.exe" = protocol=17 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\rmiregistry.exe | 
"UDP Query User{4C9178B5-E1EE-4F89-A906-426364747E08}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe | 
"UDP Query User{52FEFAB3-1FCD-4D83-A050-3489A54E3624}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{53512F8C-5113-4C01-AA59-DCA994C223F3}C:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe | 
"UDP Query User{582B3479-561D-471A-BDA4-C927A45A08B1}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{5904DC66-130D-4CFB-B46A-F854CF292462}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=17 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe | 
"UDP Query User{5B8DF1C6-5089-4E68-9B97-68C7E7B81F6C}C:\program files\fritz!dsl\fboxupd.exe" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"UDP Query User{5D91D26F-856C-4794-A5B9-0575B955A134}C:\program files\winhttrack\winhttrack.exe" = protocol=17 | dir=in | app=c:\program files\winhttrack\winhttrack.exe | 
"UDP Query User{627BBED1-8AFE-4EF1-A731-EBB61861CA1E}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{7A3A3887-3FB2-426F-83CF-04C00ECACC89}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"UDP Query User{8B20CE25-E1DC-4415-A254-11A697570454}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{97FDE305-5139-4664-A196-46A5287E2B48}C:\users\administrator\desktop\eigene dateien\iron man\ironman.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\eigene dateien\iron man\ironman.exe | 
"UDP Query User{9CC135B6-A435-4174-B22D-024A03EE5B0B}C:\users\administrator\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{A8AC7C94-57A1-416A-8ACD-1B72AC5BF7C7}C:\program files\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe | 
"UDP Query User{B12AF9FB-24E4-4D95-A544-5F4DDAB8C173}C:\program files\java\jre1.6.0_01\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\java.exe | 
"UDP Query User{B52A1393-A45B-481D-9469-251CFCF42868}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{BD972EF3-4C32-487B-B2EC-7A6F5851A32D}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{C4B8A8EE-4710-4E63-A58F-30F2BB3C6191}C:\program files\java\jre1.6.0_01\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\launch4j-tmp\jdownloader.exe | 
"UDP Query User{D3D579DE-114A-483F-AB96-A9EC5013AF4A}C:\users\administrator\desktop\eigene dateien\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\eigene dateien\battlefield 2\bf2.exe | 
"UDP Query User{D57FE6D1-CF62-4863-8E8D-0D8CF287195D}C:\program files\adventnet\me\wifimanager\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\program files\adventnet\me\wifimanager\mysql\bin\mysqld-nt.exe | 
"UDP Query User{DC2CB21C-EC55-4E58-BEDD-05FD580618C1}C:\program files\the political machine\polmachine.exe" = protocol=17 | dir=in | app=c:\program files\the political machine\polmachine.exe | 
"UDP Query User{DF223FCB-F81C-4C77-B182-822022DFC3FF}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{E0E6333F-B6D9-4072-AC9C-A894738929CF}C:\program files\adventnet\me\wifimanager\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\java.exe | 
"UDP Query User{E73495B7-79B8-4DBF-ACF1-0AE4D9F30C3D}C:\program files\activision value\wsop 2008\wsopbftb.exe" = protocol=17 | dir=in | app=c:\program files\activision value\wsop 2008\wsopbftb.exe | 
"UDP Query User{EAC9A772-97AD-44E7-B098-6538BCBF1739}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 C2
"{34D8A788-9397-4695-86BF-B6920284CC65}_is1" = Power AMR MP3 WAV WMA M4A AC3 Audio Converter 2.1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup & Recovery Manager Installer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{64AE6DA6-8B61-4DF7-AFC0-7134E4C458FA}" = BIOS Configuration for HP ProtectTools
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{93D44E47-EBE0-43FC-A427-8AC3CD026536}" = Vista Default Settings
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9FE8E277-EBFC-4A5E-BD70-6F9B7F32AF0E}" = HP Total Care Advisor
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{C0895AF2-3E62-4F99-AFBD-13FB41216CD5}" = PGP Desktop
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5EDCC75-41E1-4510-B533-7B2ABA37BE45}" = ESU for Microsoft Vista
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"7-Zip" = 7-Zip 4.42
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.2.3 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Any Video Converter Professional_is1" = Any Video Converter Professional 2.7.0
"a-squared Free_is1" = a-squared Free 4.5
"Audio Editor Gold_is1" = Audio Editor Gold v9.2.11 Build 533
"AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0
"BitTorrent" = BitTorrent
"BrothersInArms" = Brothers In Arms
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"OpenAL" = OpenAL
"PROSet" = Intel(R) Network Connections Drivers
"SecureW2 Client" = SecureW2 Client 3.1.2
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.1 for Windows
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"TrueCrypt" = TrueCrypt
"tvbrowser" = TV-Browser 3.0-beta2
"VLC media player" = VLC media player 1.0.5
"VSO Image Resizer_is1" = VSO Image Resizer 1.3.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.08.2010 13:50:45 | Computer Name = 5thDivision | Source = EventSystem | ID = 4609
Description = 
 
Error - 16.08.2010 14:00:26 | Computer Name = 5thDivision | Source = LoadPerf | ID = 3012
Description = 
 
Error - 16.08.2010 14:00:26 | Computer Name = 5thDivision | Source = LoadPerf | ID = 3011
Description = 
 
Error - 16.08.2010 14:17:01 | Computer Name = 5thDivision | Source = EventSystem | ID = 4609
Description = 
 
Error - 16.08.2010 14:24:03 | Computer Name = 5thDivision | Source = EventSystem | ID = 4609
Description = 
 
Error - 16.08.2010 14:27:51 | Computer Name = 5thDivision | Source = LoadPerf | ID = 3012
Description = 
 
Error - 16.08.2010 14:27:51 | Computer Name = 5thDivision | Source = LoadPerf | ID = 3011
Description = 
 
Error - 16.08.2010 14:30:18 | Computer Name = 5thDivision | Source = Perflib | ID = 1008
Description = 
 
Error - 16.08.2010 14:30:18 | Computer Name = 5thDivision | Source = Perflib | ID = 1010
Description = 
 
Error - 16.08.2010 14:30:20 | Computer Name = 5thDivision | Source = PerfNet | ID = 2004
Description = 
 
[ System Events ]
Error - 16.08.2010 14:21:13 | Computer Name = 5thDivision | Source = DCOM | ID = 10010
Description = 
 
Error - 16.08.2010 14:23:44 | Computer Name = 5thDivision | Source = DCOM | ID = 10005
Description = 
 
Error - 16.08.2010 14:23:44 | Computer Name = 5thDivision | Source = LSM | ID = 1048
Description = 
 
Error - 16.08.2010 14:23:52 | Computer Name = 5thDivision | Source = DCOM | ID = 10005
Description = 
 
Error - 16.08.2010 14:24:03 | Computer Name = 5thDivision | Source = DCOM | ID = 10005
Description = 
 
Error - 16.08.2010 14:24:02 | Computer Name = 5thDivision | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 16.08.2010 14:24:12 | Computer Name = 5thDivision | Source = DCOM | ID = 10005
Description = 
 
Error - 16.08.2010 14:24:14 | Computer Name = 5thDivision | Source = DCOM | ID = 10005
Description = 
 
Error - 16.08.2010 14:24:33 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 16.08.2010 14:24:33 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

OTL Log

Code:

OTL logfile created on: 16.08.2010 22:03:43 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Administrator\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 303,00 Mb Available Physical Memory | 30,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,45 Gb Total Space | 7,03 Gb Free Space | 6,93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,23% Space Free | Partition Type: NTFS
Drive F: | 6,88 Gb Total Space | 0,68 Gb Free Space | 9,85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 1,90 Gb Total Space | 0,67 Gb Free Space | 35,35% Space Free | Partition Type: NTFS
Drive I: | 1,92 Gb Total Space | 1,24 Gb Free Space | 64,66% Space Free | Partition Type: FAT
 
Computer Name: 5THDIVISION
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HDD & SSD access service) -- C:\Program Files\Common Files\BinarySense\disksvc.exe File not found
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\de_serv.exe File not found
SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (PGPserv) -- C:\WINDOWS\System32\PGPserv.exe (PGP Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FLCDLOCK) -- C:\WINDOWS\System32\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (AEADIFilters) -- C:\WINDOWS\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBModem) -- C:\Windows\System32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- C:\Windows\System32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- C:\Windows\System32\DRIVERS\lgusbbus.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IPSECSHM) -- C:\Windows\System32\DRIVERS\ipsecw2k.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\DRIVERS\avipbb.sys File not found
DRV - (truecrypt) -- C:\WINDOWS\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (taphss) -- C:\WINDOWS\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (BCM43XX) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (PGPdisk) -- C:\Windows\System32\drivers\PGPdisk.sys (PGP Corporation)
DRV - (PGPsdkDriver) -- C:\WINDOWS\System32\drivers\PGPsdk.sys (PGP Corporation)
DRV - (PGPwded) -- C:\Windows\System32\drivers\PGPwded.sys (PGP Corporation)
DRV - (pgpfs) -- C:\Windows\System32\Drivers\PGPfsfd.sys (PGP Corporation)
DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tapvpn) -- C:\WINDOWS\System32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (NDNdisprot) -- C:\WINDOWS\System32\drivers\NDNdisprot.sys (Windows (R) 2000 DDK provider)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (igfx) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (DAMDrv) -- C:\WINDOWS\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (AF15BDA) Cinergy T USB XE (MKII) -- C:\WINDOWS\System32\drivers\af15bda.sys (AfaTech                  )
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (WimFltr) -- C:\WINDOWS\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\WINDOWS\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\WINDOWS\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rockusb) -- C:\WINDOWS\System32\drivers\rockusb.sys (Fuzhou Rockchip Electronics Co,Ltd.)
DRV - (AVMUNET) -- C:\WINDOWS\System32\drivers\avmunet.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.7amo
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.7.5
FF - prefs.js..extensions.enabledItems: video.downloader.plugin@ffpimp.com:2.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8a6
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..network.proxy.type: 2
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.26 14:39:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.26 14:38:55 | 000,000,000 | ---D | M]
 
[2010.07.26 14:39:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2010.08.15 17:12:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions
[2010.07.26 15:33:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.26 14:42:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.26 14:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.08.15 17:12:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.07.29 19:29:04 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.08.11 12:23:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\facepad@lazyrussian.com
[2010.07.26 14:54:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\firegestures@xuldev.org
[2010.07.26 14:54:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\isreaditlater@ideashower.com
[2010.08.14 18:56:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\SkipScreen@SkipScreen
[2010.08.14 19:03:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\tineye@ideeinc.com
[2010.07.26 15:33:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\video.downloader.plugin@ffpimp.com
[2010.07.26 14:38:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.01.03 03:39:50 | 000,249,971 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 8713 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (adShotHlpr Object) - {9C1A13DE-C9B6-4CCD-B6F9-F0D86E302BEA} - C:\WINDOWS\System32\dkngp.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (moigh Object) - {B6A4807A-32BE-4430-83E5-F09FEDE607EE} - C:\WINDOWS\System32\zkngp.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MChk] C:\WINDOWS\System32\qkngp.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [sta] C:\Windows\System32\dkngp.dll ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [cmummsse] C:\Users\Administrator\AppData\Local\hhwousgfr\bvkocyyshdw.exe ()
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eigene Dateien - Shortcut.lnk = C:\Users\Administrator\Desktop\Eigene Dateien [2010.08.16 21:15:53 | 000,000,000 | ---D | M]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\PGPlsp.dll (PGP Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\PGPlsp.dll (PGP Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([*] in Local intranet)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (Reg Error: Key error.)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} http://mywebcast.cc/tvants/tvants.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\sdra64.exe) - C:\Windows\System32\sdra64.exe File not found
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.05.01 02:01:00 | 000,000,053 | -HS- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{65904e1e-7c97-11dc-9c53-001a73821145}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\{ede6d121-e2e3-11dc-b91c-001a73821145}\Shell - "" = AutoRun
O33 - MountPoints2\{ede6d121-e2e3-11dc-b91c-001a73821145}\Shell\AutoRun\command - "" = H:\preinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Windows\system32\config\systemprofile\AppData\Local\Windows Server\qfnhry.dll) - C:\Windows\System32\config\systemprofile\AppData\Local\Windows Server\qfnhry.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.16 22:01:14 | 001,198,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2010.08.16 21:40:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010.08.16 20:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.16 20:06:46 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.16 20:06:20 | 001,178,320 | ---- | C] (Piriform Ltd) -- C:\Users\Administrator\Desktop\ccsetup234_slim.exe
[2010.08.16 20:06:13 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HiJackThis204.exe
[2010.08.16 16:56:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\hhwousgfr
[2010.08.16 16:55:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\146B927A0BC2AF5D5B1D4D21F7F9CD1B
[2010.08.06 19:33:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TV-Browser
[2010.08.03 19:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.07.27 21:58:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\The KMPlayer
[2010.07.27 21:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2010.07.26 15:33:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\dwhelper
[2010.07.26 14:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.07.26 14:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Minefield
[2010.07.25 22:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2010.07.25 22:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2010.07.23 20:29:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Picmeta
[2010.07.21 16:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2010.07.21 16:02:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2010.07.21 16:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.07.21 16:01:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AOL
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.16 22:03:30 | 007,340,032 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat
[2010.08.16 21:38:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010.08.16 21:36:06 | 001,133,429 | ---- | M] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2010.08.16 20:27:54 | 005,436,854 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.16 20:27:54 | 004,750,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.16 20:27:54 | 000,005,940 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.16 20:23:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.16 20:22:17 | 000,785,408 | ---- | M] () -- C:\Windows\System32\drivers\ttbis.sys
[2010.08.16 20:21:14 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2010.08.16 20:21:14 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010.08.16 20:21:06 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2010.08.16 19:45:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.16 19:45:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.16 19:45:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BD4BC8F0-18E3-4538-A5AC-6027C0DDD2E0}.job
[2010.08.16 19:44:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.16 19:44:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.16 19:31:02 | 000,293,376 | ---- | M] () -- C:\Users\Administrator\Desktop\w8qrjbxq.exe
[2010.08.16 19:30:38 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2010.08.16 19:29:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HiJackThis204.exe
[2010.08.16 19:29:02 | 000,339,991 | ---- | M] () -- C:\Users\Administrator\Desktop\RSIT.exe
[2010.08.16 19:17:23 | 183,588,740 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.16 17:46:22 | 001,178,320 | ---- | M] (Piriform Ltd) -- C:\Users\Administrator\Desktop\ccsetup234_slim.exe
[2010.08.16 17:29:16 | 000,146,432 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.16 16:57:21 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010.08.16 16:19:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.16 09:49:10 | 001,198,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2010.08.15 22:21:54 | 000,002,215 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010.08.12 14:51:40 | 000,000,698 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010.08.12 14:51:40 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.06 19:32:54 | 000,001,685 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\TV-Browser.lnk
[2010.08.06 19:32:54 | 000,001,661 | ---- | M] () -- C:\Users\Public\Desktop\TV-Browser.lnk
[2010.08.03 19:34:51 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.07.27 21:55:07 | 000,000,792 | ---- | M] () -- C:\Users\Administrator\Desktop\KMPlayer.lnk
[2010.07.26 14:39:03 | 000,001,708 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.07.26 14:39:03 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.23 21:51:29 | 000,136,096 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
 
========== Files Created - No Company Name ==========
 
[2010.08.16 21:40:57 | 001,133,429 | ---- | C] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2010.08.16 20:20:05 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2010.08.16 20:06:20 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2010.08.16 20:06:09 | 000,339,991 | ---- | C] () -- C:\Users\Administrator\Desktop\RSIT.exe
[2010.08.16 20:06:09 | 000,293,376 | ---- | C] () -- C:\Users\Administrator\Desktop\w8qrjbxq.exe
[2010.08.16 16:57:10 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010.08.16 16:56:50 | 000,785,408 | ---- | C] () -- C:\Windows\System32\drivers\ttbis.sys
[2010.08.06 19:32:54 | 000,001,685 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\TV-Browser.lnk
[2010.08.06 19:32:54 | 000,001,661 | ---- | C] () -- C:\Users\Public\Desktop\TV-Browser.lnk
[2010.08.03 21:28:47 | 000,002,215 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010.08.03 19:16:49 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.07.27 21:55:07 | 000,000,792 | ---- | C] () -- C:\Users\Administrator\Desktop\KMPlayer.lnk
[2010.07.26 14:39:03 | 000,001,708 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.07.26 14:39:03 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.23 21:51:29 | 000,136,096 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.07.16 06:19:46 | 000,246,784 | ---- | C] () -- C:\Windows\System32\zkngp.dll
[2010.07.16 06:19:32 | 000,294,912 | ---- | C] () -- C:\Windows\System32\dkngp.dll
[2010.06.27 13:24:20 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009.09.08 22:12:17 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.08.30 20:02:41 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll
[2009.08.12 18:17:57 | 000,000,040 | ---- | C] () -- C:\Users\Administrator\AppData\Local\73648-88365-27475-00IP7-22847
[2009.08.10 14:39:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.27 15:57:29 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.03.31 20:24:35 | 000,000,080 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2009.03.20 04:46:02 | 000,001,024 | ---- | C] () -- C:\ProgramData\1pdfdec.dll
[2009.03.20 04:45:59 | 000,000,048 | ---- | C] () -- C:\Windows\System32\pdfutil.ini
[2008.08.31 18:38:40 | 000,000,115 | ---- | C] () -- C:\Windows\MXSkypeRecorder.INI
[2008.08.22 19:48:58 | 000,000,280 | ---- | C] () -- C:\Windows\System32\PGPsdk.dll.sig
[2008.05.31 23:16:06 | 000,000,147 | ---- | C] () -- C:\Windows\ae_mini.INI
[2008.05.31 23:13:55 | 000,000,230 | ---- | C] () -- C:\Windows\asr.INI
[2008.04.26 18:18:25 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.04.16 05:38:09 | 000,000,077 | ---- | C] () -- C:\Windows\System32\winitn.dll
[2008.04.16 05:37:53 | 000,000,001 | ---- | C] () -- C:\Windows\sslzdlt.dll
[2008.02.05 14:18:21 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.30 16:10:46 | 000,274,432 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2007.12.22 21:42:58 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2007.12.09 20:42:28 | 000,000,184 | ---- | C] () -- C:\Windows\game.ini
[2007.10.31 09:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007.10.30 13:38:07 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.10.29 17:32:54 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2007.10.29 17:17:11 | 002,729,472 | ---- | C] () -- C:\Windows\System32\fun_avcodec.dll
[2007.10.23 18:13:37 | 000,000,019 | ---- | C] () -- C:\Windows\retrieve.ini
[2007.10.17 02:50:41 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\QSwitch.txt
[2007.10.17 02:50:41 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DSwitch.txt
[2007.10.17 02:50:41 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\AtStart.txt
[2007.10.17 02:47:50 | 000,021,849 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png
[2007.10.17 02:37:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.10.17 02:37:00 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.10.17 02:37:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.10.17 02:37:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.10.17 02:37:00 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.10.17 02:37:00 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.10.16 22:22:37 | 000,146,432 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.09.13 23:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007.09.13 23:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.09.13 23:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007.07.29 23:51:44 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.06.08 18:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll
[2007.06.07 04:26:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1287.dll
[2007.06.07 03:15:28 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.05.17 13:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007.03.10 13:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.02.25 20:09:38 | 000,774,144 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:C4252FE0
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:6900017D
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:0E08FC17
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:661DFA1C
< End of report >

Gmer Log

Code:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-16 23:29:10
Windows 6.0.6002 Service Pack 2
Running: w8qrjbxq.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxlyqpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc           C:\Windows\system32\drivers\ndis.sys                                                                                                entry point in ".rsrc" section [0x82375014]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\svchost.exe[932] ntdll.dll!NtProtectVirtualMemory                                                               77CD4D34 5 Bytes  JMP 0021000A 
.text           C:\Windows\system32\svchost.exe[932] ntdll.dll!NtWriteVirtualMemory                                                                 77CD5674 5 Bytes  JMP 0022000A 
.text           C:\Windows\system32\svchost.exe[932] ntdll.dll!KiUserExceptionDispatcher                                                            77CD5DC8 5 Bytes  JMP 0020000A 
.text           C:\Windows\system32\svchost.exe[932] ole32.dll!CoCreateInstance                                                                     76369EA6 5 Bytes  JMP 00A2000A 
.text           C:\Windows\system32\svchost.exe[932] USER32.dll!GetCursorPos                                                                        773B0B88 5 Bytes  JMP 0116000A 
.text           C:\Windows\Explorer.EXE[1576] ntdll.dll!NtProtectVirtualMemory                                                                      77CD4D34 5 Bytes  JMP 0047000A 
.text           C:\Windows\Explorer.EXE[1576] ntdll.dll!NtWriteVirtualMemory                                                                        77CD5674 5 Bytes  JMP 0048000A 
.text           C:\Windows\Explorer.EXE[1576] ntdll.dll!KiUserExceptionDispatcher                                                                   77CD5DC8 5 Bytes  JMP 0046000A 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                               [74CB7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                [74D0A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                            [74CBBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                      [74CAF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                [74CB75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                             [74CAE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                 [74CE8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                    [74CBDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                            [74CAFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                             [74CAFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                              [74CA71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                      [74D3CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                         [74CDC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                            [74CAD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                      [74CA6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                     [74CA687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1576] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                        [74CB2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device           -> \Driver\iaStor \Device\Harddisk0\DR0                                                                                            854A7EC5

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b884a5e                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                 C:\Program Files\DAEMON Tools\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                              0x82 0x69 0x4B 0xAB ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                     0x06 0x04 0x01 0xF3 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                               0x89 0x8C 0xFB 0xD5 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet)                                     
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b884a5e (not active ControlSet)                                     
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                     C:\Program Files\DAEMON Tools\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                     0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                  0x82 0x69 0x4B 0xAB ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                       
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                         0x06 0x04 0x01 0xF3 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                   0x89 0x8C 0xFB 0xD5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{2DE89BFF-E132-853A-E20D-320167E63033}\InProcServer32                                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{2DE89BFF-E132-853A-E20D-320167E63033}\InProcServer32@kagolagpfbkoffmdpmjabl                            0x62 0x61 0x67 0x6A ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{2DE89BFF-E132-853A-E20D-320167E63033}\InProcServer32@jagogpodkogmhpijddca                              0x63 0x61 0x62 0x6A ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28FAB9E2-8056-C399-CA16-FD317BB72F73}                     
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28FAB9E2-8056-C399-CA16-FD317BB72F73}@iahajioljmcloppjcl  0x6A 0x61 0x65 0x63 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28FAB9E2-8056-C399-CA16-FD317BB72F73}@hanaphjeohkoaiee    0x6A 0x61 0x65 0x63 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2DE89BFF-E132-853A-E20D-320167E63033}                     
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8923014A-46E6-8B98-1CD9-1623C5A77CEE}                     
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8923014A-46E6-8B98-1CD9-1623C5A77CEE}@hanfgllpamcnhhgd    0x6A 0x61 0x6B 0x63 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8923014A-46E6-8B98-1CD9-1623C5A77CEE}@iapgihbadbmlihojgn  0x6A 0x61 0x6B 0x63 ...

---- Files - GMER 1.0.15 ----

File            C:\Windows\system32\drivers\ndis.sys                                                                                                suspicious modification
File            C:\Windows\system32\drivers\iaStor.sys                                                                                              suspicious modification

---- EOF - GMER 1.0.15 ----

**pc-jedi** · 17.08.2010 07:33

Guten Morgen

Dann geht es jetzt wie folgt weiter:
Schritt 1
Java aktualisieren

Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.
Downloade nun die Offline-Version von Java Version 6 Update 21 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

Schritt 2
Sicherheitsrisiko Adobe Arcrobat Reader

Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Wir empfehlen daher, die alte Version über Systemsteuerung => Software zu deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Starte den Rechner neu und downloade den aktuellen Acrobat-Reader 9.3.x herunter und installiere ihn.

Schritt 3
Filesharing

Ich poste mal folgenden Hinweis, nicht mit erhobenem Zeigefinger, sondern weil Du Dir dessen vielleicht nicht bewusst bist. Du benutzt P2P-Programme. Wenn Du ein sauberes System bekommen respektive behalten möchtest, solltest Du auf den Download von Software aus solchen Quellen verzichten, denn auch wenn das P2P-Programm selbst "sauber" ist, bewahrt es Dich nicht davor, evtl. schädliche Programme auf Deinen Rechner zu holen.

Filesharing P2P Programme (Internet-Tauschbörsen) wie z. B. BitTorrent, eMule, KaZaa, Morpheus, Shareaza gehören leider zu den unseriösesten Anbietern von Downloads. Es werden sehr viele Schädlinge verbreitet, wenn überhaupt, nur ganz besonders vorsichtig damit umgehen und die Downloads vor dem Entpacken/Benutzen bei VirusTotal online prüfen lassen! Laut Studien sind 45% der über Tauschbörsen zum Download angebotenen Dateien mit Viren, Trojanern, Würmern oder sonstigen Schädlinge verseucht. Wie sollen die Viren-Programmierer auch sonst ihre Schätzchen verteilen! Hinzu kommt, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind und Du als Nutzer dadurch u. U. verleitet wirst, Straftaten zu begehen!

Du siehst, die Gefahr ist sehr groß, sich über diese Wege zu infizieren. Aus diesem Grund bereinige ich lieber Systeme, die keine solchen Programme installiert haben und bitte Dich daher alle Programme, die in diese Richtung gehen, während unserer Bereinigung komplett und rückstandlos über Systemsteuerung => Software zu deinstallieren =>

Code:

BitTorrent

Schritt 4
Fixen mit OTL

Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Benutzerdefinierte Scans/Fixes Textbox.

Code:

:OTL
O4 - HKCU..\Run: [cmummsse] C:\Users\Administrator\AppData\Local\hhwousgfr\bvkocyyshdw.exe ()
O4 - HKLM..\Run: [MChk] C:\WINDOWS\System32\qkngp.exe ()
O36 - AppCertDlls: AppSecDll - (C:\Windows\system32\config\systemprofile\AppData\Local\Windows Server\qfnhry.dll) - C:\Windows\System32\config\systemprofile\AppData\Local\Windows Server\qfnhry.dll File not found
:Commands
[purity]
[emptytemp]
[resethosts]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Run Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread

Schritt 5
Bereinigung mit Malwarebytes' Anti-Malware (Vollständiger Suchlauf)

Lade Malwarebytes Anti-Malware (ca. 2 MB) von einem dieser Downloadspiegel herunter:

Malwarebytes - MajorGeeks.com - BestTechie

Anwendbar auf Windows 2000, XP, Vista und Windows 7.
Installiere das Programm in den vorgegebenen Pfad.
Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
Aktiviere "Komplett Scan durchführen" => Scan.
Wähle alle verfügbaren Laufwerke aus und starte den Scan.
Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Löschen".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
Berichte, wie der Rechner nun läuft.

Hier findest Du eine ausführliche und bebilderte Anleitung.

Sind die Probleme noch vorhanden?

**hares** · 17.08.2010 12:50

Das Problem ist, dass nur im abgesicherten Modus Windows nicht alle 2 Minuten runterfährt. Im abgesicherten Modus aber sagt er mir wenn ich versuche die Programme zu deinstallieren, dass der Windows Installation Service im abgesicherten Modus nicht erreichbar ist.

Soll ich zu Schritt 4 übergehen und danach im normalen Windows die Anderen Schritte nachholen?

Danke nochmals für deine Mühe

**pc-jedi** · 17.08.2010 14:03

Ja überspringe schritt 3 und hole ihn später nach.

**hares** · 17.08.2010 14:47

Die fake Virenmeldungen sind jetzt verschwunden. Windows fährt auch nicht mehr einfach runter. Dafür habe ich jetzt zwei andere Fehlermeldungen.

Einmal von Soundmax(ich hab keinerlei Sound):

Code:

Sound Max-Ihre Audiohardwarekonfiguration hat sich geändert. Sie müssen SoundMAX neu installieren.

und RunDDL:

Code:

 Error Loading dkngp.dll. The specific Module could not be found.

Außerdem ist der Computer außergewöhnlich langsam.

Hier die geforderten Logs:

OTL Log

Code:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cmummsse deleted successfully.
C:\Users\Administrator\AppData\Local\hhwousgfr\bvkocyyshdw.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MChk deleted successfully.
C:\WINDOWS\System32\qkngp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\AppSecDll:C:\Windows\system32\config\systemprofile\AppData\Local\Windows Server\qfnhry.dll deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 9776668 bytes
->Temporary Internet Files folder emptied: 622778 bytes
->Java cache emptied: 1888673 bytes
->FireFox cache emptied: 36232834 bytes
->Opera cache emptied: 111202687 bytes
->Flash cache emptied: 4140014 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 60357 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Opera cache emptied: 304 bytes
->Flash cache emptied: 41 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 182352260 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 8762336 bytes
 
Total Files Cleaned = 339,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.10.0 log created on 08172010_125351

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Malwarebytes Log:

Code:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18928

17.08.2010 14:32:48
mbam-log-2010-08-17 (14-32-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|H:\|)
Durchsuchte Objekte: 337118
Laufzeit: 1 Stunde(n), 21 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 10
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9c1a13de-c9b6-4ccd-b6f9-f0d86e302bea} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9c1a13de-c9b6-4ccd-b6f9-f0d86e302bea} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9c1a13de-c9b6-4ccd-b6f9-f0d86e302bea} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c1a13de-c9b6-4ccd-b6f9-f0d86e302bea} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\System32\dkngp.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Program Files\Portable Photoshop 7\Photoshop\Shfolder.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\Rosetta Stone\Rosetta Stone V3\Patch_-_Rosetta_Stone_v3.2.11.exe (Trojan.Agent) -> Quarantined and deleted successfully.

**pc-jedi** · 17.08.2010 15:41

Hi

Dann mach mal bitte folgendes:
Schritt 1
Fixen mit OTL

Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Benutzerdefinierte Scans/Fixes Textbox.

Code:

:OTL
[2010.07.16 06:19:46 | 000,246,784 | ---- | C] () -- C:\Windows\System32\zkngp.dll
O4 - HKLM..\Run: [sta] C:\Windows\System32\dkngp.dll ()
:Commands
[purity]
[emptytemp]
[resethosts]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Run Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread

Schritt 2
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

**hares** · 17.08.2010 16:54

Die DLL-Fehlermeldung ist jezt weg. Die SoundMax meldung poppt immernoch auf. Das Notebook ist auch immer noch extrem langsam.

1.OTL Log:

Code:

All processes killed
========== OTL ==========
C:\WINDOWS\System32\zkngp.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sta deleted successfully.
File C:\Windows\System32\dkngp.dll not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 180041 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524288 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 17436388 bytes
 
Total Files Cleaned = 17,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.10.0 log created on 08172010_163623

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL.txt

Code:

OTL logfile created on: 17.08.2010 16:42:15 - Run 2
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Administrator\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 279,00 Mb Available Physical Memory | 28,00% Memory free
2,00 Gb Paging File | 0,00 Gb Available in Paging File | 10,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,45 Gb Total Space | 9,43 Gb Free Space | 9,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,23% Space Free | Partition Type: NTFS
Drive F: | 6,88 Gb Total Space | 0,68 Gb Free Space | 9,85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 1,90 Gb Total Space | 0,67 Gb Free Space | 35,35% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: 5THDIVISION
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\PGPserv.exe (PGP Corporation)
PRC - C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\System32\AEADISRV.EXE (Andrea Electronics Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HDD & SSD access service) -- C:\Program Files\Common Files\BinarySense\disksvc.exe File not found
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\de_serv.exe File not found
SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (PGPserv) -- C:\WINDOWS\System32\PGPserv.exe (PGP Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FLCDLOCK) -- C:\WINDOWS\System32\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (AEADIFilters) -- C:\WINDOWS\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBModem) -- C:\Windows\System32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- C:\Windows\System32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- C:\Windows\System32\DRIVERS\lgusbbus.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IPSECSHM) -- C:\Windows\System32\DRIVERS\ipsecw2k.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\DRIVERS\avipbb.sys File not found
DRV - (taphss) -- C:\WINDOWS\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (BCM43XX) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (PGPdisk) -- C:\Windows\System32\drivers\PGPdisk.sys (PGP Corporation)
DRV - (PGPsdkDriver) -- C:\WINDOWS\System32\drivers\PGPsdk.sys (PGP Corporation)
DRV - (PGPwded) -- C:\Windows\System32\drivers\PGPwded.sys (PGP Corporation)
DRV - (pgpfs) -- C:\Windows\System32\Drivers\PGPfsfd.sys (PGP Corporation)
DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tapvpn) -- C:\WINDOWS\System32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (NDNdisprot) -- C:\WINDOWS\System32\drivers\NDNdisprot.sys (Windows (R) 2000 DDK provider)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (igfx) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (DAMDrv) -- C:\WINDOWS\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (AF15BDA) Cinergy T USB XE (MKII) -- C:\WINDOWS\System32\drivers\af15bda.sys (AfaTech                  )
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (WimFltr) -- C:\WINDOWS\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\WINDOWS\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\WINDOWS\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rockusb) -- C:\WINDOWS\System32\drivers\rockusb.sys (Fuzhou Rockchip Electronics Co,Ltd.)
DRV - (AVMUNET) -- C:\WINDOWS\System32\drivers\avmunet.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.7amo
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.7.5
FF - prefs.js..extensions.enabledItems: video.downloader.plugin@ffpimp.com:2.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8a6
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..network.proxy.type: 2
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.26 14:39:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.26 14:38:55 | 000,000,000 | ---D | M]
 
[2010.07.26 14:39:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2010.08.15 17:12:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions
[2010.07.26 15:33:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.26 14:42:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.26 14:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.08.15 17:12:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.07.29 19:29:04 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.08.11 12:23:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\facepad@lazyrussian.com
[2010.07.26 14:54:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\firegestures@xuldev.org
[2010.07.26 14:54:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\isreaditlater@ideashower.com
[2010.08.14 18:56:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\SkipScreen@SkipScreen
[2010.08.14 19:03:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\tineye@ideeinc.com
[2010.07.26 15:33:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\video.downloader.plugin@ffpimp.com
[2010.07.26 14:38:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.17 16:36:25 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (moigh Object) - {B6A4807A-32BE-4430-83E5-F09FEDE607EE} - C:\Windows\System32\zkngp.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eigene Dateien - Shortcut.lnk = C:\Users\Administrator\Desktop\Eigene Dateien [2010.08.17 00:39:46 | 000,000,000 | ---D | M]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\PGPlsp.dll (PGP Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\PGPlsp.dll (PGP Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([*] in Local intranet)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (Reg Error: Key error.)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} http://mywebcast.cc/tvants/tvants.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.05.01 02:01:00 | 000,000,053 | -HS- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{65904e1e-7c97-11dc-9c53-001a73821145}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\{ede6d121-e2e3-11dc-b91c-001a73821145}\Shell - "" = AutoRun
O33 - MountPoints2\{ede6d121-e2e3-11dc-b91c-001a73821145}\Shell\AutoRun\command - "" = H:\preinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.17 16:35:42 | 016,299,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Administrator\Desktop\jre-6u21-windows-i586-s.exe
[2010.08.17 13:06:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.17 13:06:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.17 13:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.17 13:05:32 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Administrator\Desktop\mbam-setup-1.46.exe
[2010.08.17 12:53:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.17 00:12:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010.08.16 22:01:14 | 001,198,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2010.08.16 21:40:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010.08.16 20:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.16 20:06:46 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.16 20:06:20 | 001,178,320 | ---- | C] (Piriform Ltd) -- C:\Users\Administrator\Desktop\ccsetup234_slim.exe
[2010.08.16 20:06:13 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HiJackThis204.exe
[2010.08.16 16:56:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\hhwousgfr
[2010.08.16 16:55:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\146B927A0BC2AF5D5B1D4D21F7F9CD1B
[2010.08.06 19:33:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TV-Browser
[2010.08.03 19:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.07.27 21:58:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\The KMPlayer
[2010.07.27 21:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2010.07.26 15:33:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\dwhelper
[2010.07.26 14:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.07.26 14:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Minefield
[2010.07.25 22:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2010.07.25 22:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2010.07.23 20:29:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Picmeta
[2010.07.21 16:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2010.07.21 16:02:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2010.07.21 16:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.07.21 16:01:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AOL
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.17 16:46:00 | 005,456,310 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.17 16:46:00 | 004,768,758 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.17 16:45:59 | 000,005,940 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.17 16:45:35 | 007,340,032 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat
[2010.08.17 16:45:26 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BD4BC8F0-18E3-4538-A5AC-6027C0DDD2E0}.job
[2010.08.17 16:38:36 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.17 16:38:36 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.17 16:38:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.17 16:38:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.17 16:37:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.17 16:37:18 | 1062,547,456 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.17 16:36:32 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2010.08.17 16:36:32 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010.08.17 16:36:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010.08.17 13:06:20 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.17 12:43:14 | 016,299,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Administrator\Desktop\jre-6u21-windows-i586-s.exe
[2010.08.17 12:40:03 | 000,000,680 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2010.08.17 12:37:00 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Administrator\Desktop\mbam-setup-1.46.exe
[2010.08.17 12:31:38 | 164,456,244 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.17 00:00:55 | 002,335,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.16 21:38:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010.08.16 20:22:17 | 000,785,408 | ---- | M] () -- C:\Windows\System32\drivers\ttbis.sys
[2010.08.16 20:21:06 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2010.08.16 19:31:02 | 000,293,376 | ---- | M] () -- C:\Users\Administrator\Desktop\w8qrjbxq.exe
[2010.08.16 19:30:38 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2010.08.16 19:29:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HiJackThis204.exe
[2010.08.16 19:29:02 | 000,339,991 | ---- | M] () -- C:\Users\Administrator\Desktop\RSIT.exe
[2010.08.16 17:46:22 | 001,178,320 | ---- | M] (Piriform Ltd) -- C:\Users\Administrator\Desktop\ccsetup234_slim.exe
[2010.08.16 17:29:16 | 000,146,432 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.16 16:57:21 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010.08.16 16:19:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.16 09:49:10 | 001,198,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2010.08.15 22:21:54 | 000,002,215 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010.08.12 14:51:40 | 000,000,698 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010.08.12 14:51:40 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.06 19:32:54 | 000,001,685 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\TV-Browser.lnk
[2010.08.06 19:32:54 | 000,001,661 | ---- | M] () -- C:\Users\Public\Desktop\TV-Browser.lnk
[2010.08.03 19:34:51 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.07.27 21:55:07 | 000,000,792 | ---- | M] () -- C:\Users\Administrator\Desktop\KMPlayer.lnk
[2010.07.26 14:39:03 | 000,001,708 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.07.26 14:39:03 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.23 21:51:29 | 000,136,096 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
 
========== Files Created - No Company Name ==========
 
[2010.08.17 14:34:12 | 1062,547,456 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.17 13:06:20 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.16 20:20:05 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2010.08.16 20:06:20 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2010.08.16 20:06:09 | 000,339,991 | ---- | C] () -- C:\Users\Administrator\Desktop\RSIT.exe
[2010.08.16 20:06:09 | 000,293,376 | ---- | C] () -- C:\Users\Administrator\Desktop\w8qrjbxq.exe
[2010.08.16 16:57:10 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010.08.16 16:56:50 | 000,785,408 | ---- | C] () -- C:\Windows\System32\drivers\ttbis.sys
[2010.08.06 19:32:54 | 000,001,685 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\TV-Browser.lnk
[2010.08.06 19:32:54 | 000,001,661 | ---- | C] () -- C:\Users\Public\Desktop\TV-Browser.lnk
[2010.08.03 21:28:47 | 000,002,215 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010.08.03 19:16:49 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.07.27 21:55:07 | 000,000,792 | ---- | C] () -- C:\Users\Administrator\Desktop\KMPlayer.lnk
[2010.07.26 14:39:03 | 000,001,708 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.07.26 14:39:03 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.23 21:51:29 | 000,136,096 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.06.27 13:24:20 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009.09.08 22:12:17 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.08.30 20:02:41 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll
[2009.08.12 18:17:57 | 000,000,040 | ---- | C] () -- C:\Users\Administrator\AppData\Local\73648-88365-27475-00IP7-22847
[2009.08.10 14:39:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.27 15:57:29 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.03.31 20:24:35 | 000,000,080 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2009.03.20 04:46:02 | 000,001,024 | ---- | C] () -- C:\ProgramData\1pdfdec.dll
[2009.03.20 04:45:59 | 000,000,048 | ---- | C] () -- C:\Windows\System32\pdfutil.ini
[2008.08.31 18:38:40 | 000,000,115 | ---- | C] () -- C:\Windows\MXSkypeRecorder.INI
[2008.08.22 19:48:58 | 000,000,280 | ---- | C] () -- C:\Windows\System32\PGPsdk.dll.sig
[2008.05.31 23:16:06 | 000,000,147 | ---- | C] () -- C:\Windows\ae_mini.INI
[2008.05.31 23:13:55 | 000,000,230 | ---- | C] () -- C:\Windows\asr.INI
[2008.04.26 18:18:25 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.04.16 05:38:09 | 000,000,077 | ---- | C] () -- C:\Windows\System32\winitn.dll
[2008.04.16 05:37:53 | 000,000,001 | ---- | C] () -- C:\Windows\sslzdlt.dll
[2008.02.05 14:18:21 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.30 16:10:46 | 000,274,432 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2007.12.22 21:42:58 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2007.12.09 20:42:28 | 000,000,184 | ---- | C] () -- C:\Windows\game.ini
[2007.10.31 09:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007.10.30 13:38:07 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.10.29 17:32:54 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2007.10.29 17:17:11 | 002,729,472 | ---- | C] () -- C:\Windows\System32\fun_avcodec.dll
[2007.10.23 18:13:37 | 000,000,019 | ---- | C] () -- C:\Windows\retrieve.ini
[2007.10.17 02:50:41 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\QSwitch.txt
[2007.10.17 02:50:41 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DSwitch.txt
[2007.10.17 02:50:41 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\AtStart.txt
[2007.10.17 02:47:50 | 000,021,849 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png
[2007.10.17 02:37:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.10.17 02:37:00 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.10.17 02:37:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.10.17 02:37:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.10.17 02:37:00 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.10.17 02:37:00 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.10.16 22:22:37 | 000,146,432 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.09.13 23:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007.09.13 23:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.09.13 23:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007.07.29 23:51:44 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.06.08 18:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll
[2007.06.07 04:26:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1287.dll
[2007.06.07 03:15:28 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.05.17 13:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007.03.10 13:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.02.25 20:09:38 | 000,774,144 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
 
========== LOP Check ==========
 
[2008.07.02 22:45:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.doos
[2010.08.16 16:55:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\146B927A0BC2AF5D5B1D4D21F7F9CD1B
[2009.01.26 20:10:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Any Video Converter
[2010.06.23 18:34:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Any Video Converter Professional
[2010.08.16 17:12:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BitTorrent
[2008.05.31 22:34:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Cool Record Edit Deluxe
[2009.09.08 09:15:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\eBookPro6
[2007.11.02 02:41:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FRITZ!
[2009.09.06 22:06:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gearbox Software
[2008.09.21 05:45:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gena01
[2010.05.05 22:34:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HDRsoft
[2010.07.21 16:03:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ
[2007.10.17 07:56:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQLite
[2009.02.17 06:58:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\JAM Software
[2009.01.15 14:38:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LG Electronics
[2010.06.23 16:02:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lingo4u
[2008.10.07 17:43:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Livestation
[2008.08.11 19:03:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mp3 Audio Editor
[2009.08.15 17:56:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2010.05.26 12:26:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2009.01.28 22:13:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2009.03.26 16:39:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PGP Corporation
[2008.02.24 21:49:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\putzi4win
[2007.10.17 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SampleView
[2007.12.22 21:45:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2009.09.06 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2008.05.31 21:54:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sytexis Software
[2010.05.30 17:14:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TerraTec
[2010.03.23 15:30:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TrueCrypt
[2010.08.16 13:32:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TV-Browser
[2008.02.04 22:36:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\URSoft
[2010.08.05 19:47:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vso
[2008.08.16 23:14:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Web-Recherche
[2008.02.04 22:16:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WNR
[2010.08.17 16:36:35 | 000,032,548 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010.08.17 16:45:26 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BD4BC8F0-18E3-4538-A5AC-6027C0DDD2E0}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:C4252FE0
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:6900017D
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:0E08FC17
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:661DFA1C
< End of report >

Code:

OTL Extras logfile created on: 17.08.2010 16:42:15 - Run 2
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Administrator\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 279,00 Mb Available Physical Memory | 28,00% Memory free
2,00 Gb Paging File | 0,00 Gb Available in Paging File | 10,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,45 Gb Total Space | 9,43 Gb Free Space | 9,30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,23% Space Free | Partition Type: NTFS
Drive F: | 6,88 Gb Total Space | 0,68 Gb Free Space | 9,85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 1,90 Gb Total Space | 0,67 Gb Free Space | 35,35% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: 5THDIVISION
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4B80EF81-5BCB-4099-8D05-B712BE27FA89}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface | 
"{6DB865FD-D8F9-4ECF-BBE9-B04A300399F8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{79C7DACE-31A4-426E-BD52-2A4FA7ED19EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8AECC37F-F123-40ED-8E72-92DA53B2BA8F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{91B5AABE-10C3-43D9-AB54-FB04279F7057}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{930DB663-AF8D-408B-92D2-E6524EA6FDAE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A67F92BD-9968-4938-85FA-37553981F262}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B80C16F3-E24D-4C56-BC2C-FE43AF414EA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01672948-D552-4273-AED9-E89CF27E7888}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{04AD6EA0-A2AB-42D9-B85A-04A7548783B0}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe | 
"{078BC69C-37C0-4068-889B-E972AF26A583}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsbcbb.tmp\symnrt.exe | 
"{0B1151A3-50B5-4E54-885F-84781BB9657B}" = protocol=17 | dir=in | app=c:\program files\novalogic\delta force xtreme 2 beta\dfx2beta.exe | 
"{116D38B4-BE1A-41E8-8BBE-63DC7BE268D7}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\channeleditor\cinergydvrchanneleditor.exe | 
"{135D2F78-EB2A-4BF1-8777-DCC4A0B1B5F9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{14261476-F859-4F34-A192-A2678CB6EAD8}" = protocol=17 | dir=in | app=c:\program files\opera2\opera.exe | 
"{1DABCF28-241A-4F9C-B2F8-93908B90CF25}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsc1e9.tmp\symnrt.exe | 
"{1EA5C4AD-DDB3-490F-B58E-DB4D72B72F5F}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsc1e9.tmp\symnrt.exe | 
"{1FF57C9D-3897-4E6A-9F2A-C6ECF946CCDD}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 
"{23CC21A7-2AE7-4312-A0D2-6544535DF7DC}" = protocol=17 | dir=in | app=c:\program files\nortel networks\extranet.exe | 
"{26A25C19-1101-4347-94D1-B31233DF7C50}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{2C046DA5-2ED4-4308-95FB-D69EB0BE96C8}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{2E05033B-D5CB-4C89-8E57-618477D10A36}" = protocol=17 | dir=in | app=c:\program files\novalogic\delta force xtreme 2 beta\update.exe | 
"{2F38D468-2140-4705-9647-5280B8C1B02A}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{4856ED74-57C6-4917-83D4-465F71226502}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{4907006D-4305-4E8B-9830-55DEFB024098}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe | 
"{4C40CC91-6622-426E-957B-9F2E2F6F9A51}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{4DD7C9CC-90DB-4719-ADED-D8CD219AFD69}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{4F4093E4-AD87-42BA-87B8-6D19346D5CEB}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"{52EDBEEC-19B6-47DE-9C04-135153884983}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{54F5D2B2-2461-4C77-852E-185674B22CF2}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsb8f8.tmp\symnrt.exe | 
"{5558EB74-4D29-4772-9A24-99FFFB98C579}" = dir=in | app=c:\program files\rosetta stone\rosetta stone v3\support\bin\win\rosettastoneltdservices.exe | 
"{5703A185-B927-4D8A-8089-480EB83FE110}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5D3110B0-03D6-476D-A2C2-0A40294A5D8C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{5D701362-2A7B-4918-81A4-4AE6DDEE2D6E}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 
"{637C4ADB-1FD0-4667-85C0-B92A6FEFD7F7}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsb8f8.tmp\symnrt.exe | 
"{654BA3B2-B7D1-49ED-B5CD-20A7B768B2C2}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{6DC84B11-4626-4EAD-890B-2425F278BADC}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{6EF17E5D-9C32-42D2-8AAD-A153C5154FBE}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{7209D551-392B-465F-ADF2-4D59197309E9}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{72BBAD8D-1C13-4B86-AAB4-4711B6DEF0A4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{760F001A-A921-427E-A699-3EB6B0B75770}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{84EEE2EB-CCB6-471B-A59C-F99FBF9BC2B4}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{89447EEA-3012-4458-8BA3-6243B7AFC8D7}" = protocol=6 | dir=in | app=c:\program files\nortel networks\extranet.exe | 
"{98BAF6AF-61B6-47E5-A0A7-1DA4E3E27787}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{9EF0E1CF-E600-4927-A7BF-578AF4B4B579}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone v3\rosettastoneversion3.exe | 
"{9F1F2EEC-E5D1-41BF-9392-8F9F5D0145E8}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\channeleditor\cinergydvrchanneleditor.exe | 
"{9FDB44F6-73A5-4B6A-8794-EFD56C1C275A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A5B3EFE8-1620-4B33-97AF-8EE2CFBDD349}" = protocol=6 | dir=in | app=c:\program files\lg pc suite 2\lgpcsuitelanucher_setup.exe | 
"{AB16A782-21DC-40BB-8B9B-E13472D5C398}" = dir=in | app=c:\program files\rosetta stone\rosetta stone v3\rosettastoneversion3.exe | 
"{AC7F8311-3E74-46E9-9FF6-E5712F36D71A}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{AF8A7409-1243-4423-A5F4-989855B35A43}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 
"{B652A4FE-8C60-40C1-83FE-29C10B149AE2}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{C830B73F-7DB7-486C-8361-E5EA202421AA}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{CA5D4B33-F18E-48BD-A311-525A5649B2E0}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsbcbb.tmp\symnrt.exe | 
"{CA7A8A33-F580-4F47-A668-E7DEFCE84D17}" = protocol=17 | dir=in | app=c:\program files\lg pc suite 2\lgpcsuitelanucher_setup.exe | 
"{CAF1E927-D9BE-44B0-92C5-E8D093FFE02C}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{D1ED9A39-4C9A-4D00-A441-42CA86C7A90F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D51541CF-6954-4C08-9979-FCEBBC8070EA}" = protocol=6 | dir=in | app=c:\program files\opera2\opera.exe | 
"{D6F1C8EC-FBF2-4EE4-AEDA-87A899E01819}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe | 
"{E457D6D7-6209-4EB1-A090-3DEBFA486E26}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{EB64D66D-2E67-4262-9DDB-F54FB9BE7010}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{EC012FFC-5C4A-477F-B4CD-C6F302110E7D}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{EFA5C40B-48F3-4EC6-9DE5-55D393F37F57}" = protocol=6 | dir=in | app=c:\program files\novalogic\delta force xtreme 2 beta\dfx2beta.exe | 
"{EFBD88EA-6691-448F-982B-3BEE4CC55866}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe | 
"{F1900A91-57B5-40F0-BBCF-61351B4D3DE9}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"{FB1EF48B-4837-4A90-90EC-482FC83A4EDE}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{FBD66116-5B66-471E-BC26-19F823230B17}" = protocol=6 | dir=in | app=c:\program files\novalogic\delta force xtreme 2 beta\update.exe | 
"{FED33A82-A507-452E-B59C-D80A26CD7749}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 
"TCP Query User{02E1653D-1D89-4246-9962-6444F1E4FAEC}C:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe | 
"TCP Query User{05438640-91AD-4C73-83AC-1A4BD232DA0A}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"TCP Query User{09050517-7C12-4B49-AA0A-9D5835111A75}C:\program files\adventnet\me\wifimanager\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\java.exe | 
"TCP Query User{0C2FD8E4-1F26-4E90-BC3A-1A4FE6C5C261}C:\program files\activision value\wsop 2008\wsopbftb.exe" = protocol=6 | dir=in | app=c:\program files\activision value\wsop 2008\wsopbftb.exe | 
"TCP Query User{15303ACB-CCF3-4592-84DB-FA0C1A35EF4E}C:\users\administrator\desktop\eigene dateien\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\eigene dateien\battlefield 2\bf2.exe | 
"TCP Query User{1CF5E7EE-048B-48C9-8C8F-1CBEC1FED375}C:\program files\ubisoft\demo\ghost recon advanced warfighter demo\graw_demo.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\demo\ghost recon advanced warfighter demo\graw_demo.exe | 
"TCP Query User{1E006593-E637-4B2E-9BCA-507BA2DD81B8}C:\program files\adventnet\me\wifimanager\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\program files\adventnet\me\wifimanager\mysql\bin\mysqld-nt.exe | 
"TCP Query User{1E8A4186-CCA2-43D8-96C5-921F00D121D4}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{28072226-F10F-45CE-8287-0612C73FA899}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe | 
"TCP Query User{32931EB5-397B-41FE-9932-ABEB961CA989}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{4CCD0BF3-0FE7-466A-BBBB-E55914E30B2C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{51C54298-8F6A-4FAE-BA47-85D1039DFCC4}C:\program files\java\jre1.6.0_01\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\java.exe | 
"TCP Query User{563C230A-EADD-4D3B-8903-7EE618E32492}C:\program files\adventnet\me\wifimanager\jre\bin\rmiregistry.exe" = protocol=6 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\rmiregistry.exe | 
"TCP Query User{6AE6D744-8E5D-4EF9-92E0-2D715065D627}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"TCP Query User{6BAA2A63-7432-4CEF-8103-38B101CC67C8}C:\program files\the political machine\polmachine.exe" = protocol=6 | dir=in | app=c:\program files\the political machine\polmachine.exe | 
"TCP Query User{6FCE3FD1-8085-41DB-8331-20309C40CAC3}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{73E292D9-93F2-4246-9007-93B18B747EFA}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{742BC9E8-7FA4-4B6D-9006-2E71F4692F26}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{7605C22D-D207-4178-94F9-0B78BDB7F2E8}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{766198D1-382F-4BFB-B9CE-24F4BA188590}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=6 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe | 
"TCP Query User{8898FBA4-347B-4D67-8FD3-EBCD5EAB974B}C:\program files\fritz!dsl\fboxupd.exe" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"TCP Query User{8937277E-8435-4084-8483-9A686FA2869D}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{95F49E31-5219-4972-BE88-280C633F6A80}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{AC0D90B2-F861-4DA1-AF72-84EE9406DC03}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{AC28F2D1-FB55-4606-BC94-6E6FB3A0EF6E}C:\users\administrator\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{B5446CF9-CF8A-4881-B8D9-0F0D8696011B}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{C224D2CE-E6D9-4572-A13D-102B7501B00B}C:\program files\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe | 
"TCP Query User{DF29CF28-EF35-400E-BDCC-973CAA0B0465}C:\program files\java\jre1.6.0_01\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\launch4j-tmp\jdownloader.exe | 
"TCP Query User{E1DA06E3-F31E-4201-B1CD-96841B9FA5AC}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{E88BAA2A-427F-4F41-A217-EED4C3757C71}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{FA19DF02-D06C-4251-A002-375518C24E04}C:\program files\halite\halite.exe" = protocol=6 | dir=in | app=c:\program files\halite\halite.exe | 
"TCP Query User{FBD5DE27-512C-4892-B022-0B635133C8B9}C:\users\administrator\desktop\eigene dateien\iron man\ironman.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\eigene dateien\iron man\ironman.exe | 
"TCP Query User{FC594059-01EB-4EEC-B5DF-225807ADADDC}C:\program files\winhttrack\winhttrack.exe" = protocol=6 | dir=in | app=c:\program files\winhttrack\winhttrack.exe | 
"UDP Query User{0350CA5A-4DC0-4B5F-B092-0BA4474EF44D}C:\program files\ubisoft\demo\ghost recon advanced warfighter demo\graw_demo.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\demo\ghost recon advanced warfighter demo\graw_demo.exe | 
"UDP Query User{0A508B6C-CEA3-4ED3-9D75-CAC6EDA4E8AF}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{0F3FE63C-C0F4-4430-B849-8288F79B203A}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{2A08413E-CC00-4F90-96BA-D07C3D492A8E}C:\program files\halite\halite.exe" = protocol=17 | dir=in | app=c:\program files\halite\halite.exe | 
"UDP Query User{2B7B9747-5BBD-49CC-B081-72522D1BC99C}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{3623793C-BF82-44C3-BB9C-9C72815DD46D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{3A06553B-AC54-485C-A463-72D6A6143055}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{3FCC1646-D742-432F-B168-7E8DC91804E3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{499424AB-1B27-4718-94BB-0892081F463C}C:\program files\adventnet\me\wifimanager\jre\bin\rmiregistry.exe" = protocol=17 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\rmiregistry.exe | 
"UDP Query User{4C9178B5-E1EE-4F89-A906-426364747E08}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe | 
"UDP Query User{52FEFAB3-1FCD-4D83-A050-3489A54E3624}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{53512F8C-5113-4C01-AA59-DCA994C223F3}C:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe | 
"UDP Query User{582B3479-561D-471A-BDA4-C927A45A08B1}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{5904DC66-130D-4CFB-B46A-F854CF292462}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=17 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe | 
"UDP Query User{5B8DF1C6-5089-4E68-9B97-68C7E7B81F6C}C:\program files\fritz!dsl\fboxupd.exe" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"UDP Query User{5D91D26F-856C-4794-A5B9-0575B955A134}C:\program files\winhttrack\winhttrack.exe" = protocol=17 | dir=in | app=c:\program files\winhttrack\winhttrack.exe | 
"UDP Query User{627BBED1-8AFE-4EF1-A731-EBB61861CA1E}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{7A3A3887-3FB2-426F-83CF-04C00ECACC89}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"UDP Query User{8B20CE25-E1DC-4415-A254-11A697570454}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{97FDE305-5139-4664-A196-46A5287E2B48}C:\users\administrator\desktop\eigene dateien\iron man\ironman.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\eigene dateien\iron man\ironman.exe | 
"UDP Query User{9CC135B6-A435-4174-B22D-024A03EE5B0B}C:\users\administrator\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{A8AC7C94-57A1-416A-8ACD-1B72AC5BF7C7}C:\program files\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe | 
"UDP Query User{B12AF9FB-24E4-4D95-A544-5F4DDAB8C173}C:\program files\java\jre1.6.0_01\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\java.exe | 
"UDP Query User{B52A1393-A45B-481D-9469-251CFCF42868}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{BD972EF3-4C32-487B-B2EC-7A6F5851A32D}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{C4B8A8EE-4710-4E63-A58F-30F2BB3C6191}C:\program files\java\jre1.6.0_01\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\launch4j-tmp\jdownloader.exe | 
"UDP Query User{D3D579DE-114A-483F-AB96-A9EC5013AF4A}C:\users\administrator\desktop\eigene dateien\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\eigene dateien\battlefield 2\bf2.exe | 
"UDP Query User{D57FE6D1-CF62-4863-8E8D-0D8CF287195D}C:\program files\adventnet\me\wifimanager\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\program files\adventnet\me\wifimanager\mysql\bin\mysqld-nt.exe | 
"UDP Query User{DC2CB21C-EC55-4E58-BEDD-05FD580618C1}C:\program files\the political machine\polmachine.exe" = protocol=17 | dir=in | app=c:\program files\the political machine\polmachine.exe | 
"UDP Query User{DF223FCB-F81C-4C77-B182-822022DFC3FF}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{E0E6333F-B6D9-4072-AC9C-A894738929CF}C:\program files\adventnet\me\wifimanager\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\java.exe | 
"UDP Query User{E73495B7-79B8-4DBF-ACF1-0AE4D9F30C3D}C:\program files\activision value\wsop 2008\wsopbftb.exe" = protocol=17 | dir=in | app=c:\program files\activision value\wsop 2008\wsopbftb.exe | 
"UDP Query User{EAC9A772-97AD-44E7-B098-6538BCBF1739}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 C2
"{34D8A788-9397-4695-86BF-B6920284CC65}_is1" = Power AMR MP3 WAV WMA M4A AC3 Audio Converter 2.1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup & Recovery Manager Installer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{64AE6DA6-8B61-4DF7-AFC0-7134E4C458FA}" = BIOS Configuration for HP ProtectTools
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{93D44E47-EBE0-43FC-A427-8AC3CD026536}" = Vista Default Settings
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9FE8E277-EBFC-4A5E-BD70-6F9B7F32AF0E}" = HP Total Care Advisor
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{C0895AF2-3E62-4F99-AFBD-13FB41216CD5}" = PGP Desktop
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5EDCC75-41E1-4510-B533-7B2ABA37BE45}" = ESU for Microsoft Vista
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"7-Zip" = 7-Zip 4.42
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.2.3 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Any Video Converter Professional_is1" = Any Video Converter Professional 2.7.0
"a-squared Free_is1" = a-squared Free 4.5
"Audio Editor Gold_is1" = Audio Editor Gold v9.2.11 Build 533
"AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0
"BitTorrent" = BitTorrent
"BrothersInArms" = Brothers In Arms
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"OpenAL" = OpenAL
"PROSet" = Intel(R) Network Connections Drivers
"SecureW2 Client" = SecureW2 Client 3.1.2
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.1 for Windows
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"TrueCrypt" = TrueCrypt
"tvbrowser" = TV-Browser 3.0-beta2
"VLC media player" = VLC media player 1.0.5
"VSO Image Resizer_is1" = VSO Image Resizer 1.3.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.08.2010 08:41:10 | Computer Name = 5thDivision | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.08.2010 08:41:10 | Computer Name = 5thDivision | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.08.2010 08:43:58 | Computer Name = 5thDivision | Source = LoadPerf | ID = 3012
Description = 
 
Error - 17.08.2010 08:43:58 | Computer Name = 5thDivision | Source = LoadPerf | ID = 3011
Description = 
 
Error - 17.08.2010 08:50:59 | Computer Name = 5thDivision | Source = Google Update | ID = 20
Description = 
 
Error - 17.08.2010 10:32:43 | Computer Name = 5thDivision | Source = Google Update | ID = 20
Description = 
 
Error - 17.08.2010 10:38:25 | Computer Name = 5thDivision | Source = Google Update | ID = 20
Description = 
 
Error - 17.08.2010 10:40:34 | Computer Name = 5thDivision | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "I:\zzzzz\jre-6u21-windows-i586-s.exe".Error
 in manifest or policy file "I:\zzzzz\jre-6u21-windows-i586-s.exe" on line 0.  Invalid
 Xml syntax.
 
Error - 17.08.2010 10:45:56 | Computer Name = 5thDivision | Source = LoadPerf | ID = 3012
Description = 
 
Error - 17.08.2010 10:45:56 | Computer Name = 5thDivision | Source = LoadPerf | ID = 3011
Description = 
 
[ System Events ]
Error - 17.08.2010 10:32:05 | Computer Name = 5thDivision | Source = EventLog | ID = 6008
Description = The previous system shutdown at 14:56:08 on 17.08.2010 was unexpected.
 
Error - 17.08.2010 10:32:36 | Computer Name = 5thDivision | Source = LSM | ID = 1048
Description = 
 
Error - 17.08.2010 10:32:47 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.08.2010 10:32:47 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 17.08.2010 10:36:24 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 17.08.2010 10:38:10 | Computer Name = 5thDivision | Source = LSM | ID = 1048
Description = 
 
Error - 17.08.2010 10:38:26 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.08.2010 10:38:26 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 17.08.2010 10:43:05 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 17.08.2010 10:45:27 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >

Ich habe mittlerweile auch wie von dir gefordert Bittorent, Adobe Acrobat und alle java Versionen deinstalliert. Die neue Java-Version ist jetzt auch installiert.

Ich bekomme ab und zu folgenden Microsoft Error:

Code:

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    svchost.exe
  Application Version:    6.0.6001.18000
  Application Timestamp:    47918b89
  Fault Module Name:    ntdll.dll
  Fault Module Version:    6.0.6002.18005
  Fault Module Timestamp:    49e03821
  Exception Code:    c000071b
  Exception Offset:    000888f5
  OS Version:    6.0.6002.2.2.0.768.2
  Locale ID:    1031
  Additional Information 1:    0e02
  Additional Information 2:    b21b56b606e7544720668ce364087082
  Additional Information 3:    0e02
  Additional Information 4:    b21b56b606e7544720668ce364087082

**pc-jedi** · 17.08.2010 19:06

Hi

Ich bräuchte noch mal ein GMER Logfile:
Schritt 1
Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Gmer ist geeignet für => NT/W2K/XP/VISTA/WIN 7 (nur 32Bit).
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.

Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird Gmer beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

Schritt 2
MBRChecker

Download MBRCheck.exe und speichere es auf deinem Desktop.
Starte bitte die MBRCheck.exe.
Vista und Windows 7 Benutzer > rechts Klick auf MBRCheck.exe und Als Administrator starten wählen.
Es wird sich ein schwarzes Fenster mit einigen Daten drin öffnen.
Dürcke N und dann Enter um das Fenster zu schließen.
Auf dem Desktop wirst du nun eine MBRCheck.txt finden. Öffne dies und poste den Inhalt in den Thread.

Thema: Trojanerbefall führt zu Extremausfall

Themen-Optionen

Trojanerbefall führt zu Extremausfall

AW: Trojanerbefall führt zu Extremausfall

AW: Trojanerbefall führt zu Extremausfall

AW: Trojanerbefall führt zu Extremausfall

AW: Trojanerbefall führt zu Extremausfall

AW: Trojanerbefall führt zu Extremausfall

AW: Trojanerbefall führt zu Extremausfall

AW: Trojanerbefall führt zu Extremausfall

AW: Trojanerbefall führt zu Extremausfall

Aktive Benutzer

Aktive Benutzer

Ähnliche Themen

Trojanerbefall

Trojanerbefall?

Trojanerbefall?

Trojanerbefall????

Trojanerbefall?

Forumregeln