Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.03.2010, 21:32   #1
Legolas
 
Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... - Standard

Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...



Ich muss Passwörter, obwohl 100% korrekt eingeben auf einmal bis zu 3 mal eingeben (bei gmx z.B.) bis sie akzeptiert werden und Pop Up Fenster lassen sich nicht mehr blockieren. Das Häkchen im Firefox 3.6 ist sofort wieder weg und ich werde mit Werbung zugemüllt. Kaspersky findet nichts, Spyware Doctor findet nichts, Spybot findet nix, Malwarebytes findet nichts.
Aber ich habe deutlich den Eindruck, ich werde ferngesteuert o.ä.

Weiss jemand Rat? Ach ja: gerade entdecke ich, dass sich die "Remoteunterstützung", obwohl von mir deaktiviert sich auf einmal quitschlebendig bei den Programmen befindet.

Ich poste mal hier den info.txt und darunter den log.txt

info.txt logfile of random's system information tool 1.06 2010-03-23 20:56:22

======Uninstall list======

-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programme\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1-abc.net Hard Drive Washer (Remove only)-->"C:\Programme\1-abc\Hard Drive Washer\uninst.exe"
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adaptec ASPI XP v4.71.1-->C:\PROGRA~1\ADAPTE~1.1\UNWISE.EXE C:\PROGRA~1\ADAPTE~1.1\INSTALL.LOG
Adobe After Effects 5.5-->MsiExec.exe /I{31851B85-C98E-44DE-8750-9843BCD63963}
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Encore DVD 1.0-->RunDll32 "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Programme\InstallShield Installation Information\{F2CF483C-7EEE-4B64-A730-14F83CD5AFFE}\setup.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe MPEG Encoder 1.2-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9811A185-3D3D-11D6-9E14-00036D172B00}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Programme\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Premiere 6.5-->C:\WINDOWS\UNINST.EXE -f"C:\Programme\Adobe\Premiere 6.5\DeIsL1.isu" -c"C:\Programme\Adobe\Premiere 6.5\Uninst.dll"
Adobe Premiere Pro-->RunDll32 "C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Programme\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced RealMedia Export Plug-in for Premiere 6.0-->C:\Programme\Adobe\Premiere 6.0\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audiograbber 1.83 SE -->"C:\Programme\Audiograbber\Uninstall.exe"
AVM FRITZ!Box Dokumentation-->C:\Programme\FRITZ!Box\install.exe -d
AVM FRITZ!Box Druckeranschluss-->C:\Programme\FRITZ!BoxPrint\install.exe -d
AVM FRITZ!DSL-->MsiExec.exe /X{2457326B-C110-40C3-89B0-889CC913871A}
BlueSoleil-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x7
Browser Defender 2.0.6.11-->"C:\Programme\Spyware Doctor\BDT\unins000.exe"
Cain & Abel v4.9.34-->C:\PROGRA~1\Cain\UNINSTAL.EXE C:\PROGRA~1\Cain\Install.log
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
CompuPic Pro-->C:\Programme\Photodex\CompuPicPro\compupic.exe . -u
Cool Edit Pro 2.0-->C:\Programme\coolpro2\cep2unin.exe
Creatix V.92 Data Fax Modem-->agrsmdel
Digitale Bibliothek 4-->"C:\Programme\Digitale Bibliothek 4\uninstall.exe"
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
doPDF 6.1 printer-->"C:\Programme\Softland\doPDF 6\unins000.exe"
DVD Decrypter (Remove Only)-->"C:\Programme\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 deutsch (DeCSS-frei)-->"C:\Programme\DVD Shrink DE\unins000.exe"
Easy Thumbnails (Remove only)-->"C:\Programme\Easy Thumbnails\unins000.exe"
Eazy VCD 1.15a-->C:\PROGRA~1\EAZYVC~1\UNWISE.EXE C:\PROGRA~1\EAZYVC~1\INSTALL.LOG
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x7 uninst
EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x7 uninst
EPSON PhotoStarter3.1-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x7 uninst
EPSON Print CD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x7 -SYSTEM
EPSON-Drucker-Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Eraser-->C:\Programme\Eraser\unins000.exe
ESPR300 Softwarehandbuch-->C:\Programme\EPSON\ESPR300\PQU_G\DOCUNINS.EXE
File Shredder 2.0-->"C:\Programme\File Shredder\unins000.exe"
FLV Player 1.3.3-->"C:\Programme\FLVPlayer\uninstall.exe"
Foxit PDF IFilter-->MsiExec.exe /I{98420797-89A5-4387-833F-E306F38E4E35}
Foxit Reader-->C:\Programme\Foxit Software\Foxit Reader\Uninstall.exe
Free HD Converter V 1.3-->"C:\Programme\Free HD Converter\unins000.exe"
Free PDF to Word Doc Converter v1.1-->"C:\Programme\Free PDF to Word Doc Converter\unins000.exe"
FreeUndelete-->C:\Programme\FreeUndelete\GLFC.exe /handle:fru
Generic USB CardReader 2.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9 -wUninst
GnuPG For Windows-->"C:\Programme\GNU\GnuPG\gpg4win-uninstall.exe"
GoGo DVD Ripper-->"C:\Programme\GoGo DVD Ripper\unins000.exe"
Google Earth-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x7 -removeonly
Google Video Player-->"C:\Programme\Google\Google Video Player\Uninstall.exe"
GSpot Codec Information Appliance-->C:\Programme\GSpot\Uninstall.exe
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Programme\hijack\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Officejet All-In-One Series-->C:\Programme\HP\Digital Imaging\{2D0DF835-98AB-487e-8514-0E0941F728C4}\setup\hpzscr01.exe -datfile hpwscr10.dat
Informationen über Ihren PC-->MsiExec.exe /I{3D1A6B70-3E02-49BC-88B0-916C80274632}
Ipswitch WS_FTP Professional 2006-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Java(TM) SE Development Kit 6 Update 13-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160130}
KeyStat-->C:\WINDOWS\unin0407.exe -fC:\Programme\Medion\KeyStat\DeIsL1.isu -cC:\Programme\Medion\KeyStat\_ISREG32.DLL
Knoll Light Factory EZ Studio-->C:\WINDOWS\unvise32.exe C:\Programme\Pinnacle\Studio 14\Plugins\RTFx\klfezstudio.log
LCP 5.04-->MsiExec.exe /I{1EFAF492-9A3B-48C3-9349-234B146FDA46}
LightScribe System Software 1.10.27.1-->MsiExec.exe /X{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX 2004-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MXa-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
MediaShow 3.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 97, Professional Edition-->C:\Programme\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Picture It! Foto Premium 10-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Windows-Journal-Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Word 2002-->MsiExec.exe /I{911B0407-6000-11D3-8CFE-0050048383C9}
Microsoft Works Suite-Add-Ins für Microsoft Word-->MsiExec.exe /I{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}
Microsoft Works-->MsiExec.exe /I{B26E3B0D-C2FA-4370-B068-7C476766F029}
Mozilla Firefox (3.6)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.24)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x7 -uninst
Nero 7 Essentials-->MsiExec.exe /X{1596098A-FCEC-48F0-B7C7-08A31B771031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NTFS Undelete v0.93-->"C:\Programme\NTFS Undelete\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCR Software by I.R.I.S 7.0-->C:\Programme\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenOffice.org 3.2-->MsiExec.exe /I{192A107E-C6B9-41B9-BDBF-38E3AA226054}
Orbit Downloader-->"C:\Programme\Orbitdownloader\unins000.exe"
PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{23B59B9F-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x7 anything
Pinnacle Hollywood FX 4.6-->C:\WINDOWS\unvise32.exe C:\Programme\Pinnacle\Hollywood FX 4.6\uninstal.log
Pinnacle Studio 14-->MsiExec.exe /I{AADD1C8F-D59F-4D55-A726-768C71A205A8}
Pinnacle Studio Ultimate Plugins-->MsiExec.exe /I{65173BC2-60E7-4DE8-A61D-A81FCB96EE93}
Pinnacle Video Treiber-->MsiExec.exe /X{6DE721A5-5E89-4D74-994C-652BB3C0672E}
PowerCinema 4.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
PowerDirector-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Red Giant ToonIt Studio-->C:\WINDOWS\unvise32.exe C:\Programme\Pinnacle\Studio 14\Plugins\RTFx\rgtoonitstudio.log
Riva FLV Encoder 2.0-->"C:\Programme\Riva\Riva FLV Encoder 2.0\unins000.exe"
RT2500 USB Wireless LAN Card-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}\setup.exe" -l0x7 -removeonly
ScanToWeb-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
Security Task Manager 1.7-->C:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager"
Setup-Start von Microsoft Works 2005-->C:\Programme\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP G:\
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Skype 1.1-->C:\Programme\Skype\Phone\unins000.exe
Smart Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1E02403C-C469-4937-9B94-7DF9F78888FA}\Setup.exe" -l0x7
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 7.0-->C:\Programme\Spyware Doctor\unins000.exe /LOG
SWF & FLV Toolbox 3.5 (build 3.5.17.252)-->"C:\Programme\Eltima Software\SWF & FLV Toolbox\unins000.exe"
TMPGEnc 4.0 XPress-->MsiExec.exe /I{CCACF8A1-13A2-45F8-B91F-73EBF0E2ED30}
Total Commander (Remove or Repair)-->C:\Programme\totalcmd\tcuninst.exe
TrueCrypt-->"C:\Programme\TrueCrypt\TrueCrypt Setup.exe" /u C:\Programme\TrueCrypt\
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6d-->C:\Programme\VideoLAN\VLC\uninstall.exe
videon-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{261D0486-9127-4071-BA1D-FE784310752E}\Setup.exe" -l0x7
Viewpoint Media Player-->C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
W83L518D-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CD815603-AB71-4CFB-B3AC-522298037ACC}\Setup.exe" -l0x7
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Sicherungsprogramm-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
WinXMedia DVD Ripper 3.2-->C:\Programme\WinXMedia\WinXMedia DVD Ripper\uninst.exe
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}
X10 Hardware(TM)-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - hxxp://www.moviegroup.tv/activex/DownloadMgr.cab [2009-02-09]
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203 [2009-02-09]
O4 - Global Startup: Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe [2009-02-09]
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204 [2009-02-09]
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - hxxp://musicstore.connect.com/XSL/mb_us//html/activexplayer/SMALStreaming.cab [2009-02-09]
O14 - IERESET.INF: START_PAGE_URL=hxxp://www.aldi.com [2009-02-09]
O23 - Service: ScsiAccess - Unknown owner - C:\Programme\Photodex\CompuPicPro\ScsiAccess.exe (file missing) [2009-02-09]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://www.aldi.com/ [2009-02-09]
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202 [2009-02-09]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com [2009-02-09]
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201 [2009-02-09]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe [2009-02-09]
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') [2009-02-09]
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') [2009-02-09]
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') [2009-02-09]
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') [2009-02-09]
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (file missing) [2009-02-10]
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe [2009-02-10]
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (file missing) [2009-02-10]
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (file missing) [2009-02-10]
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe (file missing) [2009-02-10]
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (file missing) [2009-02-10]
O23 - Service: CyberLink Media Library Service - Unknown owner - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (file missing) [2009-02-10]
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe [2009-02-10]
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (file missing) [2009-02-10]
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [2009-02-10]
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [2009-02-10]
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe (file missing) [2009-02-10]
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe (file missing) [2009-02-10]
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe [2009-02-10]
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe [2009-02-10]
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe [2009-02-10]
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe [2009-02-10]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106843944468 [2009-02-10]
O4 - Global Startup: Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe [2009-02-11]
O4 - Global Startup: Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe [2009-02-18]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll [2009-02-18]
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [2009-02-18]
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [2009-02-20]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll [2009-03-18]
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (file missing) [2009-03-18]
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [2009-03-19]
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASP ER~1\kloehk.dll [2009-03-19]
O4 - Global Startup: Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe [2009-03-19]
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe (file missing) [2009-03-19]
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (file missing) [2009-03-19]
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [2009-03-30]
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [2009-03-30]
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe (file missing) [2009-03-30]
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2009-04-04]
O4 - Global Startup: Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe [2009-04-04]
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [2009-04-04]
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe (file missing) [2009-04-04]
O4 - HKLM\..\Run: [RestartNeroSetup] "G:\CDS\Nero\Installation\Setupx.exe" [2009-04-04]
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2009-04-10]
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2009-04-10]
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden [2009-04-12]
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2009-04-12]
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2009-04-12]
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [2009-04-12]
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2009-04-13]
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2009-04-13]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-04-18]
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll [2009-04-18]
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204 [2009-04-18]
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201 [2009-04-18]
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203 [2009-04-18]
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-04-18]
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll [2009-04-18]
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202 [2009-04-18]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe [2009-04-19]
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2009-04-19]
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-19]
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2009-04-19]
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) [2009-05-07]
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll [2009-05-07]
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file) [2009-05-07]
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll [2009-05-07]
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202 [2009-05-07]
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203 [2009-05-07]
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll [2009-05-07]
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201 [2009-05-07]
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file) [2009-05-07]
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204 [2009-05-07]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [2009-05-07]
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (file missing) [2009-05-07]
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (file missing) [2009-05-11]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [2009-05-11]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe [2009-05-13]
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (file missing) [2009-05-13]
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe [2009-05-14]
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (file missing) [2009-05-14]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [2009-05-14]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe [2009-05-14]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [2009-05-14]
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (file missing) [2009-05-14]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe [2009-05-14]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe [2009-05-18]
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (file missing) [2009-06-08]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [2009-06-08]
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing) [2009-06-18]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [2009-06-18]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [2009-06-18]
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (file missing) [2009-08-06]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [2009-08-06]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe [2009-08-06]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [2009-08-19]
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - hxxp://www.moviegroup.tv/activex/DownloadMgr.cab [2009-09-09]
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll [2009-10-17]
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [2009-10-23]
O23 - Service: Abel - oxid.it - C:\WINDOWS\Abel.exe [2009-10-23]
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programme\WinPcap\rpcapd.exe [2009-10-23]
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe [2009-10-23]
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programme\WinPcap\rpcapd.exe [2009-10-23]
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programme\WinPcap\rpcapd.exe [2009-10-23]
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programme\WinPcap\rpcapd.exe [2009-10-23]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-10-26]
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-10-26]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe [2009-10-26]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe [2009-10-26]
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [2009-11-03]
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2009-11-03]
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-08]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe [2009-11-08]
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-11-08]
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2009-11-08]
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [2009-11-08]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe [2009-11-08]
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [2009-11-24]
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [2009-11-24]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [2009-11-24]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [2009-11-24]
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [2010-02-26]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [2010-02-26]
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe [2010-02-26]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [2010-02-26]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-03-06]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2010-03-06]
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-03-09]
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09]
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-03-09]
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing) [2010-03-09]
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe [2010-03-09]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [2010-03-09]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.7.1098 [VPS 080214-0]

======System event log======

Computer Name: NAME-7340A84D73
Event Code: 7036
Message: Dienst "RAS-Verbindungsverwaltung" befindet sich jetzt im Status "Ausgeführt".

Record Number: 5675
Source Name: Service Control Manager
Time Written: 20100128111746.000000+060
Event Type: Informationen
User:

Computer Name: NAME-7340A84D73
Event Code: 7036
Message: Dienst "Fax" befindet sich jetzt im Status "Beendet".

Record Number: 5674
Source Name: Service Control Manager
Time Written: 20100128111746.000000+060
Event Type: Informationen
User:

Computer Name: NAME-7340A84D73
Event Code: 268
Message: The driver initialization status is 0:0:0:0:0:0:0:0:0:0.

Record Number: 5673
Source Name: PCTCore
Time Written: 20100128111743.000000+060
Event Type: Informationen
User:

Computer Name: NAME-7340A84D73
Event Code: 7036
Message: Dienst "NLA (Network Location Awareness)" befindet sich jetzt im Status "Ausgeführt".

Record Number: 5672
Source Name: Service Control Manager
Time Written: 20100128111739.000000+060
Event Type: Informationen
User:

Computer Name: NAME-7340A84D73
Event Code: 7035
Message: Der Steuerbefehl "beenden" wurde erfolgreich an den Dienst "Fax" gesendet.

Record Number: 5671
Source Name: Service Control Manager
Time Written: 20100128111739.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: NAME-7340A84D73
Event Code: 4099
Message: Dienst konnte nicht geöffnet werden.

Record Number: 13090
Source Name: WmiAdapter
Time Written: 20090507235239.000000+120
Event Type: Fehler
User: VORDEFINIERT\Administratoren

Computer Name: NAME-7340A84D73
Event Code: 4099
Message: Dienst konnte nicht geöffnet werden.

Record Number: 13089
Source Name: WmiAdapter
Time Written: 20090507235238.000000+120
Event Type: Fehler
User: VORDEFINIERT\Administratoren

Computer Name: NAME-7340A84D73
Event Code: 4099
Message: Dienst konnte nicht geöffnet werden.

Record Number: 13088
Source Name: WmiAdapter
Time Written: 20090507235237.000000+120
Event Type: Fehler
User: VORDEFINIERT\Administratoren

Computer Name: NAME-7340A84D73
Event Code: 4099
Message: Dienst konnte nicht geöffnet werden.

Record Number: 13087
Source Name: WmiAdapter
Time Written: 20090507235236.000000+120
Event Type: Fehler
User: VORDEFINIERT\Administratoren

Computer Name: NAME-7340A84D73
Event Code: 4099
Message: Dienst konnte nicht geöffnet werden.

Record Number: 13086
Source Name: WmiAdapter
Time Written: 20090507235231.000000+120
Event Type: Fehler
User: VORDEFINIERT\Administratoren

=====Security event log=====

Computer Name: NAME-7340A84D73
Event Code: 850
Message: Ein Port war als Ausnahme aufgelistet, als der Windows-Firewall gestartet wurde.



Richtlinienursprung: Lokale Richtlinie

Verwendetes Profil: Standard

Schnittstelle: Alle Schnittstellen

Name: Windows Media Player-Netzwerkfreigabedienst

Portnummer: 10283

Protokoll: UDP

Status: Aktiviert

Bereich: Nur lokales Subnetz

Record Number: 273662
Source Name: Security
Time Written: 20100311023603.000000+060
Event Type: Überwachung erfolgreich
User: NT-AUTORITÄT\SYSTEM

Computer Name: NAME-7340A84D73
Event Code: 850
Message: Ein Port war als Ausnahme aufgelistet, als der Windows-Firewall gestartet wurde.



Richtlinienursprung: Lokale Richtlinie

Verwendetes Profil: Standard

Schnittstelle: Alle Schnittstellen

Name: Windows Media Player-Netzwerkfreigabedienst

Portnummer: 10282

Protokoll: UDP

Status: Aktiviert

Bereich: Nur lokales Subnetz

Record Number: 273661
Source Name: Security
Time Written: 20100311023603.000000+060
Event Type: Überwachung erfolgreich
User: NT-AUTORITÄT\SYSTEM

Computer Name: NAME-7340A84D73
Event Code: 850
Message: Ein Port war als Ausnahme aufgelistet, als der Windows-Firewall gestartet wurde.



Richtlinienursprung: Lokale Richtlinie

Verwendetes Profil: Standard

Schnittstelle: Alle Schnittstellen

Name: Windows Media Player-Netzwerkfreigabedienst

Portnummer: 10281

Protokoll: UDP

Status: Aktiviert

Bereich: Nur lokales Subnetz

Record Number: 273660
Source Name: Security
Time Written: 20100311023603.000000+060
Event Type: Überwachung erfolgreich
User: NT-AUTORITÄT\SYSTEM

Computer Name: NAME-7340A84D73
Event Code: 850
Message: Ein Port war als Ausnahme aufgelistet, als der Windows-Firewall gestartet wurde.



Richtlinienursprung: Lokale Richtlinie

Verwendetes Profil: Standard

Schnittstelle: Alle Schnittstellen

Name: Windows Media Player-Netzwerkfreigabedienst

Portnummer: 10280

Protokoll: UDP

Status: Aktiviert

Bereich: Nur lokales Subnetz

Record Number: 273659
Source Name: Security
Time Written: 20100311023603.000000+060
Event Type: Überwachung erfolgreich
User: NT-AUTORITÄT\SYSTEM

Computer Name: NAME-7340A84D73
Event Code: 850
Message: Ein Port war als Ausnahme aufgelistet, als der Windows-Firewall gestartet wurde.



Richtlinienursprung: Lokale Richtlinie

Verwendetes Profil: Standard

Schnittstelle: Alle Schnittstellen

Name: Windows Media Player-Netzwerkfreigabedienst

Portnummer: 10243

Protokoll: TCP

Status: Aktiviert

Bereich: Nur lokales Subnetz

Record Number: 273658
Source Name: Security
Time Written: 20100311023603.000000+060
Event Type: Überwachung erfolgreich
User: NT-AUTORITÄT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DEVMGR_SHOW_DETAILS"=1
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\GNU\GnuPG\pub;C:\Programme\Gemeinsame Dateien\DivX Shared\;C:\Programme\QuickTime\QTSystem\;C:\Programme\Pinnacle\Shared Files\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0403
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by ron at 2010-03-23 20:56:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 31 GB (41%) free of 76 GB
Total RAM: 1023 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:17, on 23.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\FRITZ!DSL\FwebProt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Dokumente und Einstellungen\ron\Eigene Dateien\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\hijack\ron.exe

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - S-1-5-18 Startup: FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe (User 'Default user')
O4 - .DEFAULT Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (User 'Default user')
O4 - Startup: FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ?
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe

--
End of file - 3111 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISTray"=C:\Programme\Spyware Doctor\pctsTray.exe [2009-11-18 1243088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Keyboard Status]
C:\PROGRA~1\Medion\KeyStat\KeyStat.exe [2005-01-25 411648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2009-10-07 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3
"avast! Antivirus"=2
"aswUpdSv"=2

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
FRITZ!DSL Startcenter.lnk - C:\WINDOWS\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe

C:\Dokumente und Einstellungen\ron\Startmenü\Programme\Autostart
FRITZ!DSL Internet.lnk - C:\Programme\FRITZ!DSL\FritzDsl.exe
FRITZ!DSL Protect.lnk - C:\Programme\FRITZ!DSL\FwebProt.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\Messenger\msmsgs.exe"="%ProgramFiles%\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%ProgramFiles%\AOL 9.0\AOL.exe"="%ProgramFiles%\AOL 9.0\AOL.exe:*:enabled:AOL 9.0"
"%ProgramFiles%\AOL 9.0\WAOL.exe"="%ProgramFiles%\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0"
"%CommonProgramFiles%\AOL\ACS\AOLACSD.exe"="%CommonProgramFiles%\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
"%CommonProgramFiles%\AOL\ACS\AOLDIAL.exe"="%CommonProgramFiles%\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
"%WinDir%\system32\fxsclnt.exe"="%WinDir%\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console"
"%ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe"="%ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:enabled:BlueSoleil"
"C:\Programme\Windows Media Components\Encoder\wmenc.exe"="C:\Programme\Windows Media Components\Encoder\wmenc.exe:*:Enabled:Windows Media Encoder"
"C:\Programme\totalcmd\TOTALCMD.EXE"="C:\Programme\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Programme\Azureus\Azureus.exe"="C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\WS_FTP\WS_FTP95.exe"="C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"="C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Programme\DAP\DAP.exe"="C:\Programme\DAP\DAP.exe:*:Enabledownload Accelerator Plus (DAP)"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\Orbitdownloader\orbitdm.exe"="C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Programme\Orbitdownloader\orbitnet.exe"="C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe"="C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"G:\fsetup.exe"="G:\fsetup.exe:*:Enabled:AVM FSetup Application"
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE"="C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe"
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE"="C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe"
"C:\Programme\FRITZ!DSL\WebwaIgd.exe"="C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe"
"G:\CDS\Nero\Installation\Setupx.exe"="G:\CDS\Nero\Installation\Setupx.exe:*:Enabled:Nero ProductSetup"
"C:\Programme\Pinnacle\Studio 14\Programs\RM.exe"="C:\Programme\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Programme\Pinnacle\Studio 14\Programs\Studio.exe"="C:\Programme\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio"
"C:\Programme\Pinnacle\Studio 14\Programs\umi.exe"="C:\Programme\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\Messenger\msmsgs.exe"="%ProgramFiles%\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%ProgramFiles%\AOL 9.0\AOL.exe"="%ProgramFiles%\AOL 9.0\AOL.exe:*:enabled:AOL 9.0"
"%ProgramFiles%\AOL 9.0\WAOL.exe"="%ProgramFiles%\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0"
"%CommonProgramFiles%\AOL\ACS\AOLACSD.exe"="%CommonProgramFiles%\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)"
"%CommonProgramFiles%\AOL\ACS\AOLDIAL.exe"="%CommonProgramFiles%\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)"
"%WinDir%\system32\fxsclnt.exe"="%WinDir%\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console"
"%ProgramFiles%\Skype\Phone\Skype.exe"="%ProgramFiles%\Skype\Phone\Skype.exe:*:enabled:Skype"
"%ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe"="%ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:enabled:BlueSoleil"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open - "C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2010-03-23 20:56:01 ----D---- C:\rsit
2010-03-23 20:46:09 ----D---- C:\Dokumente und Einstellungen\ron\Anwendungsdaten\Malwarebytes
2010-03-23 20:45:58 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-03-23 20:45:56 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-02-27 08:35:50 ----D---- C:\Programme\JRE
2010-02-27 08:30:17 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
2010-02-27 08:30:01 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-27 08:30:01 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-27 08:30:01 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2010-03-23 20:56:14 ----D---- C:\WINDOWS\Prefetch
2010-03-23 20:56:04 ----D---- C:\WINDOWS\Temp
2010-03-23 20:56:04 ----D---- C:\Programme\hijack
2010-03-23 20:46:44 ----D---- C:\Dokumente und Einstellungen\ron\Anwendungsdaten\FRITZ!
2010-03-23 20:46:07 ----D---- C:\Programme\Spyware Doctor
2010-03-23 20:46:01 ----D---- C:\WINDOWS\system32\drivers
2010-03-23 20:45:56 ----D---- C:\Programme
2010-03-23 20:43:46 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2010-03-23 20:08:09 ----D---- C:\Programme\Mozilla Thunderbird
2010-03-23 15:32:49 ----D---- C:\WINDOWS
2010-03-23 13:49:53 ----D---- C:\WINDOWS\system32
2010-03-23 11:42:43 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
2010-03-23 11:42:43 ----A---- C:\WINDOWS\ModemLog_Bluetooth DUN Modem.txt
2010-03-23 11:42:38 ----A---- C:\WINDOWS\ModemLog_Creatix V.92 Data Fax Modem.txt
2010-03-23 11:42:11 ----D---- C:\Config.Msi
2010-03-23 11:38:45 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-03-23 11:38:44 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-22 22:00:00 ----SHD---- C:\WINDOWS\Installer
2010-03-22 21:59:38 ----D---- C:\Programme\Kaspersky Lab
2010-03-22 21:58:15 ----HD---- C:\WINDOWS\inf
2010-03-21 20:01:17 ----D---- C:\Dokumente und Einstellungen\ron\Anwendungsdaten\Orbit
2010-03-15 12:58:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-03-15 12:57:27 ----A---- C:\WINDOWS\WININIT.INI
2010-03-14 23:59:35 ----D---- C:\WINDOWS\system32\LogFiles
2010-03-14 02:15:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2010-03-03 18:30:34 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-27 09:24:28 ----D---- C:\Programme\Gemeinsame Dateien\Java
2010-02-27 09:21:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-02-27 08:57:40 ----D---- C:\Programme\Foxit Software
2010-02-27 08:52:17 ----D---- C:\Programme\Mozilla Firefox
2010-02-27 08:36:56 ----RSD---- C:\WINDOWS\assembly
2010-02-27 08:36:02 ----RSD---- C:\WINDOWS\Fonts
2010-02-27 08:35:48 ----D---- C:\Programme\OpenOffice.org 3
2010-02-27 08:22:50 ----D---- C:\Downloads
2010-02-26 16:10:36 ----D---- C:\Dokumente und Einstellungen\ron\Anwendungsdaten\Adobe
2010-02-26 16:02:17 ----D---- C:\Programme\Adobe
2010-02-26 15:50:17 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2010-02-26 02:19:04 ----D---- C:\WINDOWS\Minidump
2010-02-25 00:15:22 ----SHD---- C:\WINDOWS\ftpcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-11-26 36776]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-11-26 38440]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2007-05-03 188672]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.0.0.5; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-01-27 15939]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-05-06 16512]
R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-02-09 666368]
R3 AgereSoftModem;Creatix V.92 Data Fax Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-08 1270540]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-01-13 12500]
R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 1272000]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-06-27 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-11-05 82148]
R3 wbscr;Winbond Smartcard Reader for I/O; C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 19928]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-11-26 118952]
S3 61883;61883-Einheitsgerät; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC-Gerät; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 Bridge;MAC-Brücke; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC-Brückenminiport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2004-12-01 22488]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 CardReaderFilter;Card Reader Filter; \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 esiasdrv;esiasdrv; \??\C:\DOKUME~1\ron\LOKALE~1\Temp\esiasdrv.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys []
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Microsoft UAA-Funktionstreiber für den High Definition Audio-Dienst; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 RT2500USB;RT2500 USB Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-12-03 140544]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2004-01-16 17408]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 IGDCTRL;AVM IGD CTRL Service; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344]
R2 InCDsrv;InCD Helper; C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [2007-11-26 1554728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-02-27 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Programme\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
R2 sdCoreService;PC Tools Security Service; C:\Programme\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe []
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe [2005-10-12 68096]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe []
S4 Browser Defender Update Service;Browser Defender Update Service; C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
S4 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe []
S4 CLSched;CyberLink Task Scheduler (CTS); C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [2005-02-13 110669]
S4 CyberLink Media Library Service;CyberLink Media Library Service; C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe []
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe []
S4 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe []
S4 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 ScsiAccess;ScsiAccess; C:\Programme\Photodex\CompuPicPro\ScsiAccess.exe []
S4 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe []
S4 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]

-----------------EOF-----------------

Alt 24.03.2010, 14:53   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... - Standard

Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...



Hallo und

Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:



3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
ATTFilter
files to delete:
C:\DOKUME~1\ron\LOKALE~1\Temp\esiasdrv.sys
C:\WINDOWS\system32\ntsim.sys

drivers to delete:
esiasdrv
ntsim
         
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken
__________________

__________________

Alt 24.03.2010, 23:42   #3
Legolas
 
Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... - Standard

Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...



Habe grade mit SpywareDoctor Backdoor.Bredolab gefunden und entfernt.
__________________

Alt 25.03.2010, 11:45   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... - Standard

Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...



Die Aussage hilft mir ohne komplette Pfadangaben nicht weiter. Was ist mit dem Avenger?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.03.2010, 19:36   #5
Legolas
 
Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... - Standard

Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...



Vielen Dank für die Hilfe!


Habe avenger laufen lassen, hier ist der Text. Beim wiederhochfahren gab es folgendeError Message: EXEPTION PROCESS MESSAGE c0000013 Parameters 75b0bf7c 4 75b0bf7c 75b0bf7c

BackdoorBredolab befand sich hier: C:\WINDOWS\Installer\{AADD1C8F-D59F-4D55-A726-768C71A205A8}\SC_ReadMe.exe


Avenger.txt:

Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\DOKUME~1\ron\LOKALE~1\Temp\esiasdrv.sys" not found!
Deletion of file "C:\DOKUME~1\ron\LOKALE~1\Temp\esiasdrv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\ntsim.sys" deleted successfully.
Driver "esiasdrv" deleted successfully.
Driver "ntsim" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Alt 25.03.2010, 19:46   #6
Legolas
 
Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... - Standard

Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...



hxxp://www.file-upload.net/download-2378618/backup.zip.html

Alt 28.03.2010, 14:06   #7
Legolas
 
Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... - Standard

Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...



Mhmm, bekomme ich hier kene Hilfe mehr?

Alt 29.03.2010, 05:18   #8
Legolas
 
Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... - Standard

Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...



Hallo Arne,

schade, dass ich nix mehr von Dir / Euch höre. Ich wäre Dir wirklich verbunden, wenn Du Dir noch mal Zeit für meine Avenger etc. Ergebnisse nehmen würdest. Das Problem besteht nämlich weiter, trotz gelöschtem Trojaner.

Beste Grüsse
Legolas

Alt 29.03.2010, 09:02   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... - Standard

Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...



Sry, hab Deinen Strang übersehen
Ich seh mir das gleich an.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.03.2010, 09:17   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... - Standard

Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...



Mach bitte ein Log mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.03.2010, 10:18   #11
Legolas
 
Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... - Standard

Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...



Hallo Arne und danke!

Combofix mache ich gleich. Jetzt hat Malwarebytes ROOTKIT.AGENT in c://system volume information\restore 52DFAB03-4BF1-4DFE-A55B-7F2CCDD8D2DE\RP289\A0086486.sys gefunden und beseitigt.

Da wird wohl kräftig nachgeladen....

Bevor ich Deinen Post gelesen habe, habe ich TrojanQhost Removal Tool von Symantec eingesetzt, dass jetzt grade läuft. Ich hoffe das ist nicht kontraproduktiv....

VG
Legolas

Alt 29.03.2010, 17:02   #12
Legolas
 
Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... - Standard

Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...



Zitat:
Zitat von cosinus Beitrag anzeigen
Mach bitte ein Log mit CF:[/indent]
Ich habe das merkwürdige Phänomen, das CF mir meldet, dass der Real-Time Scanner von AVAST! antivirus 4.7.1098 aktiv sei.

Das kann aber gar nicht sein, da das Programm sich nicht auf meinem PC befindet und auch mit keinerlei Instrumentarium auszumachen ist....

Was ist da bloß los?

Alt 29.03.2010, 17:09   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... - Standard

Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...



Ähm, wenn Avast garnicht installiert ist, kannst Du die Meldung ignorieren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.03.2010, 17:58   #14
Legolas
 
Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... - Standard

Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...



Zitat:
Zitat von cosinus Beitrag anzeigen
Mach bitte ein Log mit CF:.[/indent]
Hallo Arne,

UND HIER IST ES UND ICH BIN MEGAGESPANNT WAS DU DAZU SAGST:

ComboFix 10-03-28.03 - ron 29.03.2010 17:21:03.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.581 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\ron\Desktop\cofi.exe
AV: avast! antivirus 4.7.1098 [VPS 080214-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABEL
-------\Legacy_NPF


((((((((((((((((((((((( Dateien erstellt von 2010-02-28 bis 2010-03-29 ))))))))))))))))))))))))))))))
.

2010-03-23 19:56 . 2010-03-23 19:56 -------- d-----w- C:\rsit
2010-03-23 19:46 . 2010-03-23 19:46 -------- d-----w- c:\dokumente und einstellungen\ron\Anwendungsdaten\Malwarebytes
2010-03-23 19:46 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-23 19:45 . 2010-03-23 19:45 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-03-23 19:45 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 19:45 . 2010-03-23 20:17 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 15:32 . 2008-05-30 17:09 -------- d-----w- c:\dokumente und einstellungen\ron\Anwendungsdaten\FRITZ!
2010-03-29 14:56 . 2009-02-09 13:28 -------- d-----w- c:\programme\hijack
2010-03-29 14:04 . 2005-01-27 03:59 82912 ----a-w- c:\windows\system32\perfc007.dat
2010-03-29 14:04 . 2005-01-27 03:59 453880 ----a-w- c:\windows\system32\perfh007.dat
2010-03-29 13:37 . 2006-02-20 13:18 -------- d-----w- c:\programme\EPSON
2010-03-29 13:37 . 2005-01-27 06:46 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-03-29 13:08 . 2007-06-07 21:10 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-03-29 13:08 . 2009-04-10 14:24 -------- d-----w- c:\programme\Spyware Doctor
2010-03-29 13:07 . 2006-08-02 18:57 -------- d-----w- c:\programme\Mozilla Thunderbird
2010-03-29 13:04 . 2008-02-11 10:22 -------- d-----w- c:\programme\CCleaner
2010-03-25 18:50 . 2005-05-06 19:52 45696 ----a-w- c:\dokumente und einstellungen\ron\Anwendungsdaten\wklnhst.dat
2010-03-25 18:26 . 2008-02-18 21:57 90112 ----a-w- c:\windows\DUMP6cd3.tmp
2010-03-25 15:32 . 2009-04-28 18:42 1 ----a-w- c:\dokumente und einstellungen\ron\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-22 20:59 . 2008-02-15 10:15 -------- d-----w- c:\programme\Kaspersky Lab
2010-03-21 19:01 . 2007-09-18 13:47 -------- d-----w- c:\dokumente und einstellungen\ron\Anwendungsdaten\Orbit
2010-03-15 11:58 . 2006-03-11 13:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-03-14 01:15 . 2005-05-03 21:27 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2010-02-28 14:16 . 2005-05-03 19:44 115416 -c--a-w- c:\dokumente und einstellungen\ron\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-02-27 08:24 . 2005-01-27 17:13 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2010-02-27 08:21 . 2009-04-18 13:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-27 07:57 . 2009-04-19 15:59 -------- d-----w- c:\programme\Foxit Software
2010-02-27 07:35 . 2010-02-27 07:35 -------- d-----w- c:\programme\JRE
2010-02-27 07:35 . 2009-04-18 14:17 -------- d-----w- c:\programme\OpenOffice.org 3
2010-02-26 14:50 . 2005-01-27 17:03 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe
2010-02-26 10:00 . 2009-10-26 15:46 676080 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2010-02-23 15:25 . 2008-10-21 16:37 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DVD Shrink
2009-06-27 01:57 . 2009-10-18 06:46 48128 ----a-w- c:\programme\pwdcrack.exe
2009-06-10 16:24 . 2009-10-18 06:46 801 ----a-w- c:\programme\Cesky.lng
2009-06-10 16:22 . 2009-10-18 06:46 2028 ----a-w- c:\programme\Ukrainian.lng
2009-06-10 16:20 . 2009-10-18 06:46 691 ----a-w- c:\programme\Espaniol.lng
2009-06-10 16:19 . 2009-10-18 06:46 955 ----a-w- c:\programme\French.lng
2009-06-10 16:19 . 2009-10-18 06:46 855 ----a-w- c:\programme\German.lng
2009-06-10 16:18 . 2009-10-18 06:46 2335 ----a-w- c:\programme\Russian.lng
2009-05-18 22:40 . 2009-10-18 06:46 12696 ----a-w- c:\programme\ReadMe_Ru.htm
2009-05-18 22:37 . 2009-10-18 06:46 3782 ----a-w- c:\programme\ReadMe_En.htm
2009-03-24 16:11 . 2009-10-18 06:46 6144 ----a-w- c:\programme\pchook.dll
2009-02-28 11:46 . 2009-10-18 06:46 1133 ----a-w- c:\programme\Nederlands.lng
2008-10-21 16:52 . 2008-10-21 16:49 29962241 ----a-w- c:\programme\SUPERsetup200833.exe
2008-10-21 16:34 . 2008-10-21 16:34 1258692 ----a-w- c:\programme\dvdshrink.3.2.de._decss-frei_.setup.exe
2008-10-21 15:40 . 2008-10-21 15:40 1705312 ----a-w- c:\programme\taskmanager17.exe
2008-06-02 11:58 . 2009-10-18 06:46 748 ----a-w- c:\programme\Chinese[RPC].lng
2008-02-26 22:16 . 2008-02-26 22:16 235 ----a-w- c:\programme\Widgets.xml
2008-01-30 02:10 . 2009-10-18 06:46 546 ----a-w- c:\programme\Portugues [BR].lng
2007-11-11 13:17 . 2008-02-26 22:16 40960 ----a-w- c:\programme\Uninstallinfo.exe
2007-10-16 19:48 . 2008-02-26 22:16 253120 ----a-w- c:\programme\appface.dll
2006-10-22 18:38 . 2006-10-22 18:39 1355912 ----a-w- c:\programme\install_flash_player.exe
2006-07-16 01:51 . 2008-02-26 22:16 1060864 ----a-w- c:\programme\MFC71.dll
2006-03-13 10:12 . 2006-03-12 15:37 19243 ----a-w- c:\programme\Regdellnull.zip
2006-03-12 15:22 . 2006-03-12 15:22 212984 ----a-w- c:\programme\RootkitRevealer.zip
2005-12-16 14:42 . 2008-02-26 22:16 499712 ----a-w- c:\programme\msvcp71.dll
2003-02-21 04:42 . 2008-02-26 22:16 348160 ----a-w- c:\programme\msvcr71.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 1E5218FBE323C375B488318950E10FB4 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 19D9B6B139F09A72AE71758BDF28308E . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . D3D765E8455A961AE567B408F767D4F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . D45BBCDDC74A1B0259A0C4B00C190D20 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . 8AFBC2E1E5555A1C29953AF854F0FCA5 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . DBA9F9C00A7A2B45EB8E451C2B6D10E9 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . 434A27912D53BF3FB6C1CE37BAFA5CF6 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-01-14 . 64F7E6B27B790365A910ECE21134A680 . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll

[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . F0A7D59AF279326528715B206669B86C . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . 65F6B774819BD727358157CEDEA67B8E . 111104 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-09 . A07CA23EA361A01E627D911CF139B950 . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe

[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . EE82D1393169AC6BDF6016F4EA8D2B79 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL

[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:30 . D68ED3908C7A0DB446111D34AC40DC18 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . ADA7241C16F3F42C7F210539FAD5F3AA . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:16 . 3912BEF896D1D687B6053409E5F5F2A6 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:29 . 0D0F85237E32538F58278D673032676A . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . A6F4977F9D2C9506050BFF0EF0B574B5 . 1059840 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 3EB703BFC2ED26A3D8ACB8626AB2C006 . 1065472 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . B6053A5FA67EAC4A292A44F585881FFF . 1062912 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 5D0974BD58808FACA5D2C437B6FC8D85 . 1059840 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2006-07-05 . 0BEFE0BF274818EC0785B7B842967313 . 1058816 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . F2AFE60F01040B23207D8EB7DC26EC96 . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . 0E2B88912BF78549D5177A84A3375D52 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2009-10-29 . D473C3526B86547643858E40FD096422 . 3091968 . . [6.00.2900.5897] . . c:\windows\SoftwareDistribution\Download\2d9722df19adf2c85c9cdfda8aac9614\sp3gdr\mshtml.dll
[-] 2009-10-29 . 0B59B93A2524462E02EB2084FEA2E9C1 . 3094016 . . [6.00.2900.5897] . . c:\windows\SoftwareDistribution\Download\2d9722df19adf2c85c9cdfda8aac9614\sp3qfe\mshtml.dll
[-] 2009-09-25 . 95BD53D5AB4AA7BD8098CCBA7D01C5D1 . 3084288 . . [6.00.2900.3627] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[-] 2009-09-25 . C6F8947BB5076B0C7C8E8ECFCC394F84 . 3091968 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB974455\SP2QFE\mshtml.dll
[-] 2009-09-25 . 848FD0FC3725E859C7512047BF447510 . 3091968 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3GDR\mshtml.dll
[-] 2009-09-25 . 848FD0FC3725E859C7512047BF447510 . 3091968 . . [6.00.2900.5880] . . c:\windows\system32\mshtml.dll
[-] 2009-09-25 . 848FD0FC3725E859C7512047BF447510 . 3091968 . . [6.00.2900.5880] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-09-25 . CB479559434C766DCC26D0489BA84EF1 . 3093504 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\mshtml.dll
[-] 2008-12-12 . 785EF0996D7ED3F685C39FED77C50408 . 3088384 . . [6.00.2900.3492] . . c:\windows\$hf_mig$\KB960714\SP2QFE\mshtml.dll
[-] 2008-12-12 . D3BC95D72D732C2F05CB24E56EC5D7D3 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . E8002EA2A6DB0FC061D7E6436C9AFF58 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3GDR\mshtml.dll
[-] 2008-10-16 . 8A93A35B05C15780BE61D16F1B673B2C . 3088384 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\mshtml.dll
[-] 2008-10-16 . C25684D7A6272BE0ECF749BFD7EF83F9 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[-] 2008-10-16 . 2F6089996C26EE36DE46A2CC90A9996C . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll
[-] 2008-08-20 . 921840757FDDD0DCF947EBBF5D8C6FE9 . 3088384 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\mshtml.dll
[-] 2008-08-20 . 9F3A80616E64425D2E22DB8C689C98E8 . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll
[-] 2008-08-20 . F10BD57696EF088685D8548AE2A23572 . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
[-] 2008-06-25 . F9F693A6E17EC05CDDA3949789710F5D . 3088896 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3QFE\mshtml.dll
[-] 2008-06-23 . 1C95CFF9357A5E39D57F340D0891EA53 . 3088384 . . [6.00.2900.3395] . . c:\windows\$hf_mig$\KB953838\SP2QFE\mshtml.dll
[-] 2008-06-23 . 8B13E2409FE52E03A9AF548E20505EDC . 3088384 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3GDR\mshtml.dll
[-] 2008-04-21 . 97F3A3011FEFD8EC231365767B6203D6 . 3087872 . . [6.00.2900.3354] . . c:\windows\$hf_mig$\KB950759\SP2QFE\mshtml.dll
[-] 2008-04-21 . 324308768813C0518F677DDD631A94A0 . 3087872 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\mshtml.dll
[-] 2008-04-21 . 031FF37B530D76C23BCC2E21B709DB7F . 3088384 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\mshtml.dll
[-] 2008-04-14 . 72AE55A9FFBC60650339CB12E35C7DD5 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-02-16 . DDAD436E163284C7115F5C5A429A9D6A . 3087872 . . [6.00.2900.3314] . . c:\windows\$hf_mig$\KB947864\SP2QFE\mshtml.dll
[-] 2007-12-07 . 35161A288701DCCF7951D9BA647A9F52 . 3087360 . . [6.00.2900.3268] . . c:\windows\$hf_mig$\KB944533\SP2QFE\mshtml.dll
[-] 2007-10-30 . 7E44238B71A821276EEA8D704191D848 . 3086848 . . [6.00.2900.3243] . . c:\windows\$hf_mig$\KB942615\SP2QFE\mshtml.dll
[-] 2007-08-22 . A9AC1654BE9D4081A824DC22CAF63092 . 3085824 . . [6.00.2900.3199] . . c:\windows\$hf_mig$\KB939653\SP2QFE\mshtml.dll
[-] 2007-06-15 . E5F541C10D5331D423AD393C30C1A778 . 3085312 . . [6.00.2900.3157] . . c:\windows\$hf_mig$\KB937143\SP2QFE\mshtml.dll
[-] 2007-05-04 . 8F87BE2AA266298CA99EE74FE3A0C8C6 . 3085312 . . [6.00.2900.3132] . . c:\windows\$hf_mig$\KB933566\SP2QFE\mshtml.dll
[-] 2007-02-19 . F47848CC1F6776FB28C69958DCFADDF8 . 3084288 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\mshtml.dll
[-] 2007-01-04 . 02F001F5EEA6D5C85806D39CA6578E45 . 3083264 . . [6.00.2900.3059] . . c:\windows\$hf_mig$\KB928090\SP2QFE\mshtml.dll
[-] 2006-10-23 . 436E162A6965F7EF0F2A868E1E1A21B2 . 3082240 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll
[-] 2006-09-14 . 04CEC77F09043C0B728E335B3E88FCE5 . 3075584 . . [6.00.2900.2995] . . c:\windows\SoftwareDistribution\Download\899c6c1db0fd855169fd0adde7af38d4\sp2gdr\mshtml.dll
[-] 2006-09-14 . A09E8EEAE6D29E90BC292631528EFCDB . 3079680 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-09-14 . A09E8EEAE6D29E90BC292631528EFCDB . 3079680 . . [6.00.2900.2995] . . c:\windows\SoftwareDistribution\Download\899c6c1db0fd855169fd0adde7af38d4\sp2qfe\mshtml.dll
[-] 2006-07-28 . A395AD5E6C72F198C8E507BC2B27BC6B . 3079168 . . [6.00.2900.2963] . . c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-05-19 . EBCB892F2439A5FF6E882816A6EF79F0 . 3076096 . . [6.00.2900.2912] . . c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2006-03-23 . 60567BC15560DDED9CA83D5275BA911A . 3076608 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2005-11-24 . 8ABDBAE6032562F17DCF962847ABB811 . 3016192 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2005-01-27 . 19F79F718CABBFC3DAD25D7914D5601B . 3008000 . . [6.00.2900.2604] . . c:\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll
[-] 2004-09-29 . EF245F9603EF899E9A5B3A2D107BC32E . 3004928 . . [6.00.2900.2524] . . c:\windows\$hf_mig$\KB834707\SP2QFE\mshtml.dll

[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL

[-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 774274C487493452DF3B0126DBE7FF3B . 247296 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . EB55B1D9978B61E9913EDCD27EEC4C7C . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll

[-] 2009-02-06 . ED4BBAD725A21632FB205452749FC8F5 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . ED4BBAD725A21632FB205452749FC8F5 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2009-08-04 . 121AEDCE2F5A65D63C9D51B9198FA7B3 . 2191488 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . 121AEDCE2F5A65D63C9D51B9198FA7B3 . 2191488 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-04 . 121AEDCE2F5A65D63C9D51B9198FA7B3 . 2191488 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-08-04 . 96D6882D49438D58B0DE0F7E8C8D241B . 2147840 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . 4B86421F2D85D9A4ECB06885C40B8EEB . 2191616 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 2D5CFDE135E502FB4290F6C280FDE252 . 2188288 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[-] 2009-08-04 . 5EA5FC2BEA33395C728B920A2DC22AFE . 2138624 . . [5.1.2600.3610] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2009-02-10 . D3453310FC92736E674FFDC6E3F455B7 . 2191488 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . E22124EC3A33F40755DCD2F4B1BE8A87 . 2188416 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 . FEE1600B76B196D9993CD468DA7524F7 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . 59282EFE7147C011530E51FF92BA86AC . 2191488 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . C7153F3F41C63C8CB912E973F2780495 . 2188288 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 934FBEA25F8DE017ABFC6169B8446D94 . 2191488 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-04-14 . 354C9291513BCE4D0ED6B0C6A15470F8 . 2191360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . E1DE7A10D46959560C3B617227D95C19 . 2184448 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . 00C476049FECF1D3A05C783015B9B518 . 2184320 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . EB5538A452E0E99169E2B6CDB62FF9D2 . 2181888 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . F07061E18613F336A3120229097F7635 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 427D7EB3B453347082C8F4B370065D60 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 78785EFF8CB90CEC1862A4CCFD9A3C3A . 579584 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 492E166CFD26A50FB9160DB536FF7D2B . 579072 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 4C90159A69A5FD3EB39C71411F28FCFF . 578560 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-10-29 . 547B7FF3C91C09E7EE82760DA4323706 . 672768 . . [6.00.2900.5897] . . c:\windows\SoftwareDistribution\Download\2d9722df19adf2c85c9cdfda8aac9614\sp3gdr\wininet.dll
[-] 2009-10-29 . 132C1D9C2DDCDFF55746D73508250362 . 674304 . . [6.00.2900.5897] . . c:\windows\SoftwareDistribution\Download\2d9722df19adf2c85c9cdfda8aac9614\sp3qfe\wininet.dll
[-] 2009-09-25 . 85C9ABE5F08AF31EF47933B4926F17C6 . 667648 . . [6.00.2900.3627] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2009-09-25 . 1B6142BB8574BD070105289B55D43168 . 674304 . . [6.00.2900.3627] . . c:\windows\$hf_mig$\KB974455\SP2QFE\wininet.dll
[-] 2009-09-25 . C9ACEFE3BE286B40A84D47498CF73CB8 . 672768 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3GDR\wininet.dll
[-] 2009-09-25 . C9ACEFE3BE286B40A84D47498CF73CB8 . 672768 . . [6.00.2900.5880] . . c:\windows\system32\wininet.dll
[-] 2009-09-25 . C9ACEFE3BE286B40A84D47498CF73CB8 . 672768 . . [6.00.2900.5880] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-09-25 . 8DA0021A5283AFC13EF3932EDD5D1CDA . 674304 . . [6.00.2900.5880] . . c:\windows\$hf_mig$\KB974455\SP3QFE\wininet.dll
[-] 2008-10-16 . 3BDCD8E52A29A36F2A4D76789DF37FE1 . 673280 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[-] 2008-10-16 . 7DBE34DA22CAB4BE922638540048379F . 672768 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . 10A2C485838D5B95CCF7905E21E9A80A . 671744 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-08-20 . 66AF60C255953898C67993CD665A2D22 . 673280 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[-] 2008-08-20 . C5326257F4FEE83E24B06CD4BC08EBA2 . 671744 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[-] 2008-08-20 . 503D9BE987B9A3964816FED082F45771 . 672256 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[-] 2008-06-23 . 878F506D7F69E06BCCDC86C2A4D17633 . 672768 . . [6.00.2900.3395] . . c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
[-] 2008-06-23 . 978542595CF09A86E2EF60552A35C937 . 671744 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[-] 2008-06-23 . 6432638B5CE374D912C0C4F2A9F03DAE . 672256 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[-] 2008-04-21 . 018ADED93507A4AEA4F55741863DBC9E . 672256 . . [6.00.2900.3354] . . c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
[-] 2008-04-21 . 11D26D87E041000EA4C0128CD0010F7A . 671744 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[-] 2008-04-21 . 645A4A4884EB5EB8453C01531FCBEC3A . 672256 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[-] 2008-04-14 . B4AEE98A48917B274FACFB78BBE0BC84 . 671744 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-02-16 . 6C49192217DF0509BC6A576535545529 . 671744 . . [6.00.2900.3314] . . c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
[-] 2007-12-07 . 273F4B37B80C8D398713A88B788FE59B . 671744 . . [6.00.2900.3268] . . c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
[-] 2007-10-11 . 6BE2CDDC28610D9E73E54678A131B253 . 671744 . . [6.00.2900.3231] . . c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[-] 2007-08-22 . D6140D5095E62BD609DF3201C7B854AC . 671232 . . [6.00.2900.3199] . . c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[-] 2007-06-26 . 8FFB79A006666912364801AE679E618E . 671232 . . [6.00.2900.3164] . . c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[-] 2007-04-18 . AF95C8D19C4391550DBB9FB78D078FA2 . 671232 . . [6.00.2900.3121] . . c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[-] 2007-02-19 . E2CB4D46FF3638BFF234AE4253BC6430 . 671232 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
[-] 2007-01-04 . 04A670155A6D86DFBF562F45544E1908 . 670720 . . [6.00.2900.3059] . . c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[-] 2006-10-23 . 47BBFEB4909D45064A992C3068610B06 . 670208 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2006-09-14 . 792DF201F5E3DBE2C91BC40DE0F62972 . 664576 . . [6.00.2900.2995] . . c:\windows\SoftwareDistribution\Download\899c6c1db0fd855169fd0adde7af38d4\sp2gdr\wininet.dll
[-] 2006-09-14 . C98F3024049AAEAFAE1340D94C16FDC8 . 670208 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-09-14 . C98F3024049AAEAFAE1340D94C16FDC8 . 670208 . . [6.00.2900.2995] . . c:\windows\SoftwareDistribution\Download\899c6c1db0fd855169fd0adde7af38d4\sp2qfe\wininet.dll
[-] 2006-06-23 . 05E47EA6708BD99DF2D8E4ABD55DF079 . 670208 . . [6.00.2900.2937] . . c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-05-10 . 2E9FFFC696613E2E38F2263ADE718C67 . 669184 . . [6.00.2900.2904] . . c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-03-04 . C91B7839095133064F9C898897F8D64C . 669184 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2005-10-21 . F3118DF4ABD118B11326D1C7A0093867 . 667136 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2005-01-27 . D9460271895ADBB382769AF1FC701169 . 663552 . . [6.00.2900.2598] . . c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2004-09-29 . 1C035CB755ED9204176668209A3B498D . 662528 . . [6.00.2900.2518] . . c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll

[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 64D320C0E301EEDC5A4ADBBDC5024F7F . 1036288 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . 331ED93570BAF3CFE30340298762CD56 . 1036288 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2009-02-09 17:26 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 521A4CB71CC419FDF60DB83E7308AE2B . 135168 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . B5B37E7C51A551F60A1254E63C878FA9 . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . 1850BC10DE5DCCCEDE063FC2D0F2CEDA . 297472 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2004-08-04 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2004-08-04 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . B80F1D82969BD31392F1867936E96448 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 06:53 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 06:53 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 12:00 . D68CC4EBF7B03FD770D5962295AD814E . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2009-08-04 . C50ED62BB5CDC5AD4F3985ED39C6AE87 . 2068480 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 602A85B23E5D9E6402D7205AFBE6FEB4 . 2068352 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . 602A85B23E5D9E6402D7205AFBE6FEB4 . 2068352 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 602A85B23E5D9E6402D7205AFBE6FEB4 . 2068352 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-08-04 . 1FF1F43613BA7510A5A975ED034EB8E0 . 2026496 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . BAA0FD3FF565346D0C5EE3F7F8E10001 . 2065280 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 3EF0836DBA4B56F6136D60D08737B20B . 2018304 . . [5.1.2600.3610] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2009-02-10 . 321917CFF934663C48C1E91A930E5D71 . 2068352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 . 84C1C109552E9E276FF004E181B80C25 . 2065280 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 . 1F9DA92672B8B5720C5FB1E87D8F249F . 2068480 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . C789B5AEA9AB71C5BEF6DD568F744842 . 2068352 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 8F54D426024BC7E45A6F32253BBB572E . 2065280 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . 326C258774EB791E78FEA8A9E14D5C3E . 2068352 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-04-14 . E51980EF65CED4490A7395A06C08DA34 . 2068224 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 9B9CA27AD315C02B71510238574894B2 . 2061696 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . D3767E1A7E6674CE671A8A8254945C29 . 2061696 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . AE8364004BBFD70461D2EF34888D3360 . 2059264 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 12:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 5C686B95470AC24E133AB4DAC4639A6C . 185856 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . 855790C1BACED245A6B210AF430ED17B . 185856 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:22 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Keyboard Status]
2005-01-25 10:03 411648 ----a-w- c:\progra~1\Medion\KeyStat\KeyStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-07 20:04 198160 ----a-w- c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programme\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Programme\\totalcmd\\TOTALCMD.EXE"=
"c:\\Programme\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Programme\\Windows Media Components\\Encoder\\wmenc.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [06.01.2010 17:54 207792]
R2 IGDCTRL;AVM IGD CTRL Service;c:\programme\FRITZ!DSL\IGDCTRL.EXE [04.09.2007 10:14 87344]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [14.02.2005 20:51 666368]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [27.01.2005 08:37 1272000]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [27.01.2005 10:37 19928]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [27.01.2005 10:31 17408]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\programme\Spyware Doctor\BDT\BDTUpdateService.exe [06.01.2010 18:02 112592]
S4 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [24.11.2009 11:36 359624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
LSP: c:\programme\FRITZ!DSL\\sarah.dll
FF - ProfilePath - c:\dokumente und einstellungen\ron\Anwendungsdaten\Mozilla\Firefox\Profiles\0euibm5q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
pref(dom.disable_open_during_load, false);c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Notify-AtiExtEvent - (no file)
MSConfigStartUp-OODefragTray - c:\windows\system32\oodtray.exe
MSConfigStartUp-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe
ActiveSetup-{10880D85-AAD9-4558-ABDC-2AB1552D831F} - c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-03-29 17:32
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-427689881-2684411073-443654619-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2E507E2F-8DE2-B600-388E74CEB17F3DFF}\{1B0F221A-E59F-0B42-732631A91276FA51}\{D15813DF-5A02-67D8-CCD20FCB931DE0AB}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3024A848-7C77-6F90-8B14B36A94BB61F2}\{6CDD5654-07A8-13D8-C2EB636328E10F29}\{AF593ADC-BF32-7E11-B704756686EE805B}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{40886FA5-87BC-FDA7-0C1FAC01C243999B}\{19E564B2-522B-7AA8-1ACCCD0705265332}\{1F2DE655-6E2E-2DD5-8638E8D01A513D14}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{564572D7-BA6B-A81E-17332C14105A24EF}\{35AC4256-1B84-66D8-7C4583AC3B4AA35B}\{791C0703-8CF5-813B-67470F66B09458B3}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AB53ABC9-60C7-8B2C-A2AB126EB1F03A59}\{6511FF0A-0202-CA71-9BBA47A5377501DE}\{CE12CB05-B8C7-0E6B-6DC342F04A20B600}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:80,50,49,e4,90,23,27,00,d1,0a,23,85,42,03,61,09,6c,b1,ef,03,03,
d1,a7,86,67,c2,d5,d3,b4,53,69,7f,5c,a6,61,ce,91,1e,d4,84,8c,19,01,93,04,ef,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EE14E6F1-2126-B92D-85C1E367ED532B77}\{B41DACD9-CA91-C5AB-B721AF64407C4FEE}\{02A113E6-1FE6-618B-B5A2DF9FB3CCBD20}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="753754DCCB2055AAEB3ADA5130AFFA9C4ED59A6BBCBF48EE13000F0B64DBE3CAF6F4BA0969B35E261466927941EE2AE48E7501A584DA20C64B8C EBE5F2DD981DC17B5DC386C18FE0CE65A973934E5C05A407340E7DAFF6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BEC C74CA6A0AC4980AC7933A2D97226D213B5559DB7CE019D40AA5C8EDD5E5BE2F6E667F7F11B316D62DD1315A679AFE6B62BA7CEB77F195794DAA3FB90979DD060F9BCDEAC0CA0D401186FFD 83477F1593B2C0D683DE558DAF6C15D4977C62E4361697A04906F2A53805B13A63A463BAE5C08E69B38FAECB92F3B4F5503307DEC53DA938F41C8CCB6140AB70EBB804824F13767989EB2B 9CC775174134EC15C4A158D7148474976C37B5343D6A41CACAD3BC5EF1E7E719B8BC48D48C6070D9CC41A28C176E4B035958A726314D8E68A6DB2532AE5A860791C3170A21181865E67C2E 351ACCEF801E48ACDF4F2A83505C338663028CE14AC910E258BD40518D3013604367DEC508776FAC4410B71AB7678AEEE3304FA67AB83D00E49562206BFEA8F0AC3C87C250D79868B96052 5D9A747643AB71971873EA4695564EAD195C5B426DE94DCDF4D9E374EE2B9E7A6EB8E66F38B6747E09D61F0F9E5A00F2E6018149367A415C78E6F49327072053019555D1590558C06407C8 DA6CA2BA29C8BEE18E7F5E338282FC196FCA40ACA45E778A5D8519B33F272C8F55A161FEE80FBFA243D29C32B25A6612E2E64C7EDA616984B7EEFB8FFE62B34F8A3652C4F0A26F9B7D8CBD 41045A30D42E5F274905FABA76E89DB7682ABBCD98EB763074237BFED7375E5158B2F12E0BF267CFADD72F7FC55CEA5DAE0B6B6E2C4F023B6C8429E419D0CBE5DF1BA47613B90A47C52B96 0E0E64867F48943F4B836D4B397E40CD5AD30B2E9339428BE1FC6EA5169C7ADD811EB273B60E5A19E4C9E31DF2F1A31F5C310D3373374DCD8F0F60EA45B167C4B87662071E4D96EDF75E34 10347FA1672B8B61D9A21F092EE0C3C05F64FAB29E58CFEEED56C5A4470A5544954E55CD86CB7575F6C32E627F7D472ADE86DE4655C493B62581AE07C0E2755C70151664EC08B31C35FB92 6E274DFA161541B9AEE4AC618101C72EE18D0E3B2CB962D741A1EDBD8B11746E622201F564042F5C1ADC7C0B75A7D5E4FC73DD54425C11A3E8BECC405F59DA5A1A7F89FED8827089DD62E7 162093D960C7C8E32616180478FD71BA1B943461DF14621C979839A5F9F0ACE6BD7193882851FD7AC87F811F484DFE91640F9A3E7FF202B36DB326775AEE89B4F13DCB99B34F933C843D00 C9F7C3BAED6392D8A9AB7D291068151D8F4919D74F53BCB0C771991D89DB6F4F7163F210AF15CC8F62CA9FB7312112C09B5B528CF93A0C8E5240AE4507821D7E0857"
"OOSAFEERASE03.00.00.01MSWINDOWS"="EC399BC8E95CF1F0D268B5B8796D693116B905AF3E8A117D29495F4B99E92BD05BF2E2962E545DCD9291BEC145E4D938E2D1435E8AE4E2806B8 A4A3994B00F5B86B0EA363DABEDF24C517D4644C86D19DF246EE9D0A39B971528E44335212E095AD0393608ABE4C17FC5B4208C75B0CC423226146B52B4F4AFA3CD333A9A8D62567588FEB C9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5558EDD5E5BE2F6E667FEBC9E127 BECC74C333B3B57C23F50FC2F9A1B4A7FD951C164732F917B56E090E9D937F92F27889BB4CE79C87B981EC7F04BAC87C6FB2FE05E946B201F2C7B224567BA4B7FDF8C8978EE244A11C24C7 8E91157F40C6DB7ABC98165199FA31A00BB2B021E6B61600596EE5F8C0C4172E53BA4905333272593F176036658463857618904AB68ED601B8D7653361929EE96EB92515443B2F7BE07063 0E9C735138A2FB73BA08E59AD8ABC012C600DA4E24AE53C979EE7316F069B17DA7714A530B08141A71F1B8D2AC56C5E1D9ADB73326E78D465CDEDD3147828E175D604DE541518844E3BEE8 87FF5C433D6E59F6586A955E63E71C8E22ED407F5764483BD0D351934367F0FDA9AF552F5163917E3CDD393CE2F8B10B84C927732D86FA23127438A58EAE52529295486F1947D23663978A BBCC3147EC6C15C9ECE1CFB15BEB727D9C9FB62FBAEA2D638491411C9FCBCD97E368EF5738E248C81564103337E947AD8B87CD906B6BC7220EE59C5354992EACC13A38F70A7CCB68D23D08 FF81DDA0D39A705A2D8A373555BA92DE2B402B6D53F019D349E3DDA2110E95322055AE65E95EBB18CAB6A885C6C955B21B7EFEB745D809BAB468FAFC23F3059AF1C0A5DA7E933A058DC937 F1D3723B5AFD4F3375A96663DAF5870F1CBB0CDF49E279426D215F976B8ECBE20DD05958F2EC7FD60CABD5BA8EFE6C88B9BDE723C4C3077EA7E5D145A59FE9AF69A8404C235EB95743E885 C081029122BC92B1F4907E8429BFCEAA778D55E6D538347DCAACE4554C56113B90826785DC29E582ABD9423196C54493000407711CA7BC05CA9767868E993D918DC3DD5CC08170E3C382C5 9B3523FE8FA259C5A723499CC19A2A0CE95B86B407138546317F566D6D4E27AA5DF092D1FAD9E643C912D2A26798032383050308B9156DF688949EFA2C3651F477C90BFA3BB2904760693A CF0B82D0645A3915E68987545CE8185CEC430712D24FD2C4E92F184DD85770FD331681BE92CED21A6637DD5602773EFD0759337AEC36DE1E2EDEEF2C50AA30408CFEABE1FC6A0E7EDEE073 D00A2E593F64EBBED1ED0E5FD3B1824BD064ADAA0E41B78115B13E3144D61D2F4E698F43DF5CFC9D16B1C1A8FCAD95AAE59AD8455B8441D8CCA32EF170FF551CB4C83"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:80,50,49,e4,90,23,27,00,d1,0a,23,85,42,03,61,09,6c,b1,ef,03,03,
d1,a7,86,67,c2,d5,d3,b4,53,69,7f,5c,a6,61,ce,91,1e,d4,84,8c,19,01,93,04,ef,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(812)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\windows\system32\imapi.exe
c:\programme\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-03-29 17:39:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-03-29 15:39

Vor Suchlauf: 19 Verzeichnis(se), 36.298.158.080 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 36.163.473.408 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 21EEDDA32EAA5AA1DDA71AE484D0FE70

Alt 30.03.2010, 16:43   #15
Legolas
 
Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... - Standard

Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...



Hallo Arne,

habe ich etwas falsch gemacht? Oder hast Du einfach zu viel zu tun um mir zu antworten?

Bei mir ist übrigens jetzt das komplette Windows Startmenü verschwunden und Drucker etc gehen nicht mehr. Kannst Du mir da beim wiederbeschafen helfen?

Danke und Gruss
Legolas

Antwort

Themen zu Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...
1.exe, 100%, 32 bit, antivirus, auf einmal, avast!, avp.exe, awareness, bho, browser guard, components, decrypter, defender, druck, einstellungen, ferngesteuert, firefox, flash player, fontcache, ftp, hdaudio.sys, hkus\s-1-5-18, home, hotfix.exe, install.exe, installation, internet, internet explorer, jusched.exe, kaspersky, location, logfile, msiexec.exe, officejet, passworte wiederholen, plug-ins, pop up fenster, pop ups, popup werbung, registry, rundll, security, security update, skype.exe, software, spyware, system, updates, usb, vlc media player, werbung, wieder weg, windows, windows-firewall, wireless lan



Ähnliche Themen: Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren...


  1. Avira Antivir lässt sich nicht mehr installieren/ Programme lassen sich nicht öffnen
    Antiviren-, Firewall- und andere Schutzprogramme - 23.03.2015 (10)
  2. AVG lässt sich nicht öffnen oder deinstallieren (Gruppenrichtlinien blockieren) , brauche Anweisung was zu tun ist
    Plagegeister aller Art und deren Bekämpfung - 12.01.2015 (17)
  3. Zone Alarm Antivirus wird ausgeschaltet und lässt sich nicht einschalten/ Online Games und Webseiten mit Passwort lassen sich nicht besuchen
    Log-Analyse und Auswertung - 14.11.2014 (26)
  4. Zone Alarm Antivirus wird ausgeschaltet und lässt sich nicht einschalten/ Online Games und Webseiten mit Passwort lassen sich nicht besuchen
    Plagegeister aller Art und deren Bekämpfung - 05.10.2014 (4)
  5. Win Vista: Virus oder Registry durcheinander? Gruppenrichtilien blockieren / Programme lassen sich nicht installieren
    Plagegeister aller Art und deren Bekämpfung - 09.09.2014 (38)
  6. Windows XP: Fragmente verschiedener Programme lassen sich nicht deinstallieren, Desktophintergrund verändert sich
    Log-Analyse und Auswertung - 18.02.2014 (12)
  7. .exe files lassen sich nicht ausführen, malware lässt sich nicht ausführen, system wiederherstellung nicht möglich
    Log-Analyse und Auswertung - 25.03.2013 (0)
  8. Passwortsicherheit: Passwörter speichern oder jedes mal eingeben?
    Diskussionsforum - 08.05.2012 (2)
  9. Programme lassen sich nicht mehr öffnen -> löschen sich bei Öffnungsversuch
    Plagegeister aller Art und deren Bekämpfung - 01.12.2011 (29)
  10. Prozesse lassen sich nicht beenden, Malwarebytes und HouseCall hängen sich auf
    Plagegeister aller Art und deren Bekämpfung - 26.08.2011 (4)
  11. Antivirenprogramme lassen sich nicht öffnen und Werbeantivirenprogramme melden sich ständig
    Plagegeister aller Art und deren Bekämpfung - 11.07.2011 (3)
  12. Fenster verkleinern/verstecken sich, lassen sich nicht mehr öffnen
    Plagegeister aller Art und deren Bekämpfung - 28.12.2010 (2)
  13. Norton/Firewall schalten sich regelmässig ab und lassen sich nicht mehr aktivieren
    Log-Analyse und Auswertung - 24.11.2009 (3)
  14. trojaner befall - muss ich nun meine passwörter ändern?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2009 (9)
  15. Einstellungen lassen sich nciht mehr ändern, div. webseiten lassen sich nicht öffnen
    Plagegeister aller Art und deren Bekämpfung - 23.02.2009 (82)
  16. Dumm gelaufen: Passwörter von Windows XP lassen sich kinderleicht austricksen
    Plagegeister aller Art und deren Bekämpfung - 17.02.2003 (2)

Zum Thema Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... - Ich muss Passwörter, obwohl 100% korrekt eingeben auf einmal bis zu 3 mal eingeben (bei gmx z.B.) bis sie akzeptiert werden und Pop Up Fenster lassen sich nicht mehr blockieren. - Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren......
Archiv
Du betrachtest: Muss Passwörter 3 mal eingeben und Pop Ups lassen sich nicht blockieren... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.