Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: FF öfnet Tabs und Google verlinkt auf attackierende Seiten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.11.2010, 22:41   #1
tylon
 
FF öfnet Tabs und Google verlinkt auf attackierende Seiten - Ausrufezeichen

FF öfnet Tabs und Google verlinkt auf attackierende Seiten



Hallo,

ich hab schon mehrere User hier entdeckt die auch dieses Phänomen haben.
Ich surfe als Benutzer mit eingeschränkten Rechten auf XP Pro. AntiVir meldet machnmal Verdächtiges im Profilordner von FF, wenn ich mal als Admin sufe.

Code:
ATTFilter
Typ:	Datei
Quelle:	P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\otsff5j9.default\Cache\60AA4C5Dd01
Status:	Infiziert
Quarantäne-Objekt:	4f76f459.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows 2000/XP/VISTA Workstation
Suchengine:	8.02.04.98
Virendefinitionsdatei:	7.10.14.11
Meldung:	Enthält Erkennungsmuster des Exploits EXP/MS05-013
Datum/Uhrzeit:	22.11.2010, 12:33
         
Seitweise verlinkt Google auf fehlerhafte Seiten und es werden auch Tabs geöffnet die eine Seite enthalten die vor kurzen besucht habe.

Als ich das bemerkt habe, habe ich mal den Link kopiert der geöffnet wird, bevor die vermeintliche Originale Seite göffnet wird:

Code:
ATTFilter
hxxp://cfci.com/?xurl=hxxp://a0g7ya1i0.com/qkF1AWZE6o5jToU955d3696675c61190972fce79dccc0a8535A&xref=hxxp://cfci.com/search.php
         
Mich würde ja mal interssieren wohin der Link euch leitet.

MalewareByte findet im kompletten Suchlauf auch nichts.

Vielleicht kann ja jemand mit diesen Infos etwas anfangen.

Gruß

Alt 28.11.2010, 10:32   #2
tylon
 
FF öfnet Tabs und Google verlinkt auf attackierende Seiten - Standard

FF öfnet Tabs und Google verlinkt auf attackierende Seiten



eben hat sich wieder ein Tab mit folgenden Link geöffnet:

Code:
ATTFilter
h**p://go.tracking202.com/?url=http%3A%2F%2Fwww.pjtra.com%2Ft%2FSj9GSkJKP0ZIS0tDP0dDRURL%3Fsid%3DMNVHA302873154
         
bzw. weitergeleitet auf
Code:
ATTFilter
h**p://go.tracking202.com/go.php?url=http%3A%2F%2Fwww.pjtra.com%2Ft%2FSj9GSkJKP0ZIS0tDP0dDRURL%3Fsid%3DMNVHA302873154
         
und am Ende hab ich eine noch nie besuchte Abnehm-Seite:
Code:
ATTFilter
h**p://www.beachbody.com/product/fitness_programs/best_sellers/slim_in_6.do?tnt=SI6_CTA_C1&code=BBHOME_CONTROL_SI6
         
__________________


Alt 28.11.2010, 11:40   #3
markusg
/// Malware-holic
 
FF öfnet Tabs und Google verlinkt auf attackierende Seiten - Standard

FF öfnet Tabs und Google verlinkt auf attackierende Seiten



ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.
__________________
__________________

Alt 28.11.2010, 13:26   #4
tylon
 
FF öfnet Tabs und Google verlinkt auf attackierende Seiten - Standard

FF öfnet Tabs und Google verlinkt auf attackierende Seiten



Hallo,

Avira hat eben noch folgendes geblockt
Code:
ATTFilter
Typ:	Datei
Quelle:	P:\Profile\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\58SFAFJT\show[1].php
Status:	Infiziert
Quarantäne-Objekt:	4fb5e4f3.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows 2000/XP/VISTA Workstation
Suchengine:	8.02.04.114
Virendefinitionsdatei:	7.10.14.126
Meldung:	Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen
Datum/Uhrzeit:	28.11.2010, 13:03
         
Und hier die OTL Ergebniss

Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 28.11.2010 13:07:37 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = D:\Download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
958,00 Mb Total Physical Memory | 413,00 Mb Available Physical Memory | 43,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 46,00% Paging File free
Paging file location(s): X:\pagefile.sys 500 2000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 15,00 Gb Total Space | 5,40 Gb Free Space | 36,00% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 10,45 Gb Free Space | 69,65% Space Free | Partition Type: NTFS
Drive E: | 4,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive P: | 50,00 Gb Total Space | 15,19 Gb Free Space | 30,38% Space Free | Partition Type: NTFS
Drive X: | 5,23 Gb Total Space | 4,58 Gb Free Space | 87,61% Space Free | Partition Type: NTFS
 
Computer Name: ACER3000 | User Name: Rene | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-1879216082-1162323016-502169195-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\Java\jre6\bin\javaw.exe" = D:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\WinPcap\rpcapd.exe" = C:\Programme\WinPcap\rpcapd.exe:*:Disabled:Remote Packet Capture Daemon -- File not found
"D:\Programme\uTorrent\uTorrent.exe" = D:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Programme\Google\Google Earth\plugin\geplugin.exe" = D:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
"P:\Profile\Administrator\Lokale Einstellungen\Temp\OnlineUpdate8\SetupXu.exe" = P:\Profile\Administrator\Lokale Einstellungen\Temp\OnlineUpdate8\SetupXu.exe:*:Enabled:Nero ControlCenter -- (Nero AG)
"C:\Programme\Gemeinsame Dateien\Nero\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter -- (Nero AG)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3ECA0079-088F-4E69-B66A-65D5E687B092}" = KOBIL Chipkartenterminal Treiber V2.2s  Build: 20090625.3 
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B9289B87-B17E-4C45-81F3-A82EAF83F24B}" = Microcat For Ford (Europe)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ColorPic" = ColorPic
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Foxit Reader" = Foxit Reader
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Password Unmask 2.0" = Password Unmask 2.0
"Picasa 3" = Picasa 3
"Recuva" = Recuva
"RunAsAdmin" = RunAsAdmin
"SB_ClipboardPath" = ClipboardPath
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tag&Rename_is1" = Tag&Rename 3.5.7
"TeamViewer 5" = TeamViewer 5
"Tweak UI 2.10" = Tweak UI
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"uTorrent" = µTorrent
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 1.1.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >
         

Alt 28.11.2010, 13:31   #5
tylon
 
FF öfnet Tabs und Google verlinkt auf attackierende Seiten - Standard

FF öfnet Tabs und Google verlinkt auf attackierende Seiten



oh mann... meine OTL.txt ist zu groß daher auf einen extra Server:

hxxp://rene.wollsau.de/schaun/OTL.Txt


Alt 28.11.2010, 15:44   #6
markusg
/// Malware-holic
 
FF öfnet Tabs und Google verlinkt auf attackierende Seiten - Standard

FF öfnet Tabs und Google verlinkt auf attackierende Seiten



bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
--> FF öfnet Tabs und Google verlinkt auf attackierende Seiten

Alt 28.11.2010, 23:45   #7
tylon
 
FF öfnet Tabs und Google verlinkt auf attackierende Seiten - Standard

FF öfnet Tabs und Google verlinkt auf attackierende Seiten



hier mein Rückmeldung:
ich hab mich sicherheitshalber für den Test als Admin angemeldet. Scan durchgeführt und es wurden "Aktivitäten im Rootkit" und "Masterboot infiziert" gemeldet.
Dadurch wurde ein Neustart durchgeführt, auch als Admin. Nachdem die Bereinigung fertig war, wurde anscheinend noch ein Neustart durchgeführt, aber durch meine "Logon as" diesmal als eingeschränkter User -> "limitedblankpassword" write with Date "1" failed

Daraufhin meine Logon auf Admin geändert und Combofix erneut gestartet:
Hier die LOG:
Code:
ATTFilter
ComboFix 10-11-28.01 - Administrator 28.11.2010  23:27:45.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.958.489 [GMT 1:00]
ausgeführt von:: p:\profile\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-10-28 bis 2010-11-28  ))))))))))))))))))))))))))))))
.

2010-11-27 14:58 . 2010-11-27 14:58	--------	d-----w-	d:\programme\VirtualDJ
2010-11-24 21:20 . 2010-11-27 15:00	--------	d-----w-	d:\programme\uploaded Tool 2009
2010-11-23 14:32 . 2010-11-23 14:58	--------	d-----w-	d:\programme\TagRename
2010-11-23 14:17 . 2010-11-23 14:17	--------	d-----w-	d:\programme\Citavi 3
2010-11-23 10:39 . 2010-03-18 21:27	24440	----a-w-	c:\windows\system32\udcpm.dll
2010-11-23 10:38 . 2010-11-23 10:39	--------	d-----w-	d:\programme\Universal Document Converter
2010-11-22 18:31 . 2010-11-22 18:31	--------	d-----w-	c:\windows\Performance
2010-11-22 18:28 . 2010-11-22 18:28	--------	d-----w-	d:\programme\Windows Media Connect 2
2010-11-22 18:18 . 2010-11-22 18:23	--------	d-----w-	c:\windows\system32\drivers\UMDF
2010-11-22 18:18 . 2010-11-22 18:18	--------	d-----w-	c:\windows\system32\LogFiles
2010-11-22 11:02 . 2010-11-22 11:02	--------	d-----w-	d:\programme\Nero
2010-11-21 17:21 . 2008-06-24 11:45	1414440	----a-w-	c:\windows\system32\ShellManager310E2D762.dll
2010-11-21 16:40 . 2010-11-22 11:03	--------	d-----w-	c:\programme\Gemeinsame Dateien\Nero
2010-11-21 15:42 . 2006-11-01 17:31	1669120	----a-w-	d:\programme\Windows Media Player\wmsetsdk.exe
2010-11-21 15:42 . 2004-08-11 00:45	47616	----a-w-	d:\programme\Windows Media Player\msoobci.dll
2010-11-20 18:23 . 2010-11-20 18:23	--------	d-----w-	d:\programme\Alcohol Soft
2010-11-18 23:13 . 2005-07-28 07:18	685056	----a-w-	c:\windows\system32\drivers\hardlock.sys
2010-11-18 23:13 . 2010-11-18 23:13	6656	----a-w-	c:\windows\system32\haspvdd.dll
2010-11-18 23:13 . 2010-11-18 23:13	47616	----a-w-	c:\windows\system32\drivers\Haspnt.sys
2010-11-18 23:13 . 2010-11-18 23:13	383	----a-w-	c:\windows\system32\haspdos.sys
2010-11-18 23:13 . 2010-04-10 08:37	21760	----a-w-	c:\windows\system32\Mg16.dll
2010-11-18 23:13 . 1998-03-03 10:45	30208	----a-w-	c:\windows\system32\Mg32.dll
2010-11-18 23:13 . 1998-03-03 12:55	40480	----a-w-	c:\windows\system32\drivers\mgnt.sys
2010-11-18 23:13 . 2006-01-19 16:10	132704	------w-	c:\windows\system32\textexpt.dll
2010-11-18 23:13 . 2006-01-19 16:10	210528	------w-	c:\windows\system32\rtfexpt.dll
2010-11-18 23:13 . 2006-01-19 16:10	374368	------w-	c:\windows\system32\pdfexpt.dll
2010-11-18 23:13 . 2000-12-06 00:00	209608	------w-	c:\windows\system32\tabctl32.ocx
2010-11-18 23:13 . 1997-08-29 12:39	195104	------w-	c:\windows\system32\mem32x20.ocx
2010-11-18 23:11 . 2004-07-15 23:19	266240	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2010-11-18 23:11 . 2004-07-15 23:18	172032	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2010-11-18 23:11 . 2005-03-22 16:50	733184	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2010-11-18 23:11 . 2004-07-15 23:20	69715	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2010-11-18 23:11 . 2004-07-15 23:18	5632	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2010-11-18 23:11 . 2010-11-18 23:11	180356	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2010-11-18 23:11 . 2010-11-18 23:11	303236	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2010-11-18 22:11 . 2010-05-31 22:20	--------	d-----w-	d:\programme\MICROCAT
2010-11-18 21:10 . 2010-11-18 21:13	--------	d-----w-	d:\programme\SUPER
2010-11-18 19:39 . 2010-11-18 19:40	--------	d-----w-	p:\profile\Gast
2010-11-17 21:17 . 2010-11-17 21:17	--------	d-----w-	c:\programme\Gemeinsame Dateien\Vbox
2010-11-17 21:16 . 2010-11-17 21:16	--------	d-----w-	d:\programme\Macromedia
2010-11-17 20:42 . 2010-11-18 21:12	--------	d-----w-	d:\programme\phase5
2010-11-12 07:58 . 2010-11-12 07:58	--------	d-----w-	d:\programme\MousOmeter
2010-11-11 21:34 . 2010-11-11 21:34	--------	d-----w-	d:\programme\bin
2010-11-11 21:25 . 2010-11-11 21:25	--------	d-----w-	d:\programme\Iolo
2010-11-09 17:39 . 2010-11-09 18:08	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-11-09 17:39 . 2009-01-28 19:04	23168	----a-w-	c:\windows\system32\drivers\KOBCCEX.sys
2010-11-09 17:39 . 2009-01-28 19:04	83840	----a-w-	c:\windows\system32\drivers\KOBCCID.sys
2010-11-09 17:39 . 2009-04-02 15:10	430080	----a-w-	c:\windows\system32\CT32.dll
2010-11-09 17:39 . 2008-07-17 16:00	1712128	----a-w-	c:\windows\system32\CTAPI_Control.cpl
2010-11-09 17:39 . 2009-04-02 15:15	466944	----a-w-	c:\windows\system32\CTAPIUtilities.dll
2010-11-09 17:39 . 2010-11-09 19:16	--------	d-----w-	d:\programme\KOBIL Systems
2010-11-08 21:40 . 2010-11-08 21:40	--------	d-----w-	d:\programme\PWUnmask
2010-11-08 21:05 . 2010-11-08 21:05	--------	d-----w-	d:\programme\Desktop Icon Manager
2010-11-08 17:02 . 2010-11-08 17:02	--------	d-----w-	d:\programme\Lavalys
2010-11-07 16:51 . 2010-11-07 16:51	134016	----a-w-	c:\windows\ColorPic Uninstaller.exe
2010-11-07 16:51 . 2010-11-07 17:11	--------	d-----w-	d:\programme\ColorPic 4.1
2010-11-06 13:52 . 2010-11-27 11:37	--------	d-sh--w-	p:\profile\LocalService
2010-11-06 13:52 . 2010-11-26 07:51	--------	d-sh--w-	p:\profile\NetworkService
2010-11-06 12:21 . 2010-11-06 12:22	--------	d-----w-	p:\profile\All Users
2010-11-06 12:08 . 2010-11-27 17:09	--------	d-----w-	p:\profile\Rene.ACER3000
2010-11-06 12:08 . 2010-11-28 22:21	--------	d--h--w-	p:\profile\Default User
2010-11-06 12:05 . 2010-11-27 17:19	--------	d-----w-	p:\profile\Janina
2010-11-06 12:00 . 2010-11-06 12:02	--------	d-----w-	p:\profile\Admin
2010-11-06 10:48 . 2010-11-06 10:48	--------	d-----r-	C:\MSOCache
2010-11-06 08:03 . 2010-11-06 08:03	--------	d-----w-	d:\programme\WildPackets
2010-11-06 07:58 . 2010-11-06 07:58	--------	d-----w-	d:\programme\VirusTotalUploader2
2010-11-06 07:22 . 2010-11-06 07:22	--------	d-----w-	d:\programme\uTorrent
2010-11-05 20:52 . 2003-06-25 15:05	266360	----a-w-	c:\windows\system32\TweakUI.exe
2010-11-05 20:42 . 2006-04-09 01:00	82744	----a-w-	c:\windows\system32\PICCLP32.OCX
2010-11-05 20:42 . 2006-04-09 01:00	125712	----a-w-	c:\windows\system32\VB6DE.DLL
2010-11-05 20:42 . 2006-04-09 01:00	10240	----a-w-	c:\windows\system32\PCCLPDE.DLL
2010-11-05 20:42 . 2006-04-09 01:00	101888	----a-w-	c:\windows\system32\VB6STKIT.DLL
2010-11-05 20:42 . 2006-04-09 01:00	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2010-11-05 20:42 . 2006-04-09 01:00	10752	----a-w-	c:\windows\system32\hh.exe
2010-11-05 20:42 . 2010-11-05 20:43	--------	d-----w-	d:\programme\RunAsAdmin
2010-11-05 20:42 . 2006-04-09 01:00	33792	----a-w-	c:\windows\system32\CMDLGDE.DLL
2010-11-05 20:42 . 2006-04-09 01:00	152848	----a-w-	c:\windows\system32\COMDLG32.OCX
2010-11-05 20:41 . 2000-10-06 23:13	106544	----a-w-	c:\windows\system32\TWEAKUI.CPL
2010-11-05 20:28 . 2010-11-05 20:28	--------	d-----w-	c:\windows\system32\XPSViewer
2010-11-05 20:28 . 2010-11-05 20:28	--------	d-----w-	d:\programme\MSBuild
2010-11-05 20:28 . 2010-11-05 20:28	--------	d-----w-	d:\programme\Reference Assemblies
2010-11-05 20:27 . 2008-07-06 12:06	89088	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-11-05 20:26 . 2008-07-06 12:06	89088	------w-	c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-11-05 20:26 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\xpsshhdr.dll
2010-11-05 20:26 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\dllcache\xpsshhdr.dll
2010-11-05 20:26 . 2008-07-06 12:06	117760	------w-	c:\windows\system32\prntvpt.dll
2010-11-05 20:26 . 2008-07-06 10:50	597504	------w-	c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-11-05 20:26 . 2008-07-06 10:50	597504	------w-	c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-11-05 20:26 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\xpssvcs.dll
2010-11-05 20:26 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\dllcache\xpssvcs.dll
2010-11-05 19:28 . 2010-11-05 19:29	--------	d-----w-	c:\programme\Gemeinsame Dateien\DivX Shared
2010-11-05 19:27 . 2010-11-05 19:30	--------	d-----w-	d:\programme\DivX
2010-11-05 19:19 . 2010-11-05 19:20	--------	d-----w-	d:\programme\Recuva
2010-11-05 18:07 . 2010-11-05 18:07	--------	d--h--w-	c:\windows\PIF
2010-11-05 18:03 . 2010-11-22 19:10	--------	d-----w-	d:\programme\Windows Desktop Search
2010-11-05 18:03 . 2010-11-05 18:03	--------	d-----w-	c:\windows\system32\GroupPolicy
2010-11-05 18:01 . 2008-03-07 17:02	98304	------w-	c:\windows\system32\dllcache\nlhtml.dll
2010-11-05 18:01 . 2008-03-07 17:02	29696	------w-	c:\windows\system32\dllcache\mimefilt.dll
2010-11-05 18:01 . 2008-03-07 17:02	192000	------w-	c:\windows\system32\dllcache\offfilt.dll
2010-11-05 08:14 . 2009-08-06 18:23	274288	----a-w-	c:\windows\system32\mucltui.dll
2010-11-05 07:32 . 2010-11-09 17:11	--------	d-----w-	d:\programme\Buhl
2010-11-04 23:42 . 2010-11-04 23:42	--------	d-----w-	d:\programme\GIMP-2.0
2010-11-04 23:09 . 2010-11-04 23:09	--------	d-----w-	c:\programme\Gemeinsame Dateien\Adobe AIR
2010-11-04 22:54 . 2010-11-07 10:12	--------	d-----w-	c:\programme\Gemeinsame Dateien\Adobe
2010-11-04 17:22 . 2010-11-04 17:22	--------	d-----w-	d:\programme\Foxit Software
2010-11-04 15:43 . 2010-11-18 20:42	--------	d-----w-	d:\programme\Google
2010-11-04 15:42 . 2010-11-04 15:42	--------	d-----w-	d:\programme\VideoLAN
2010-11-04 15:40 . 2010-11-04 15:40	--------	d-----w-	d:\programme\IrfanView
2010-11-04 15:38 . 2009-11-12 13:48	7168	----a-w-	c:\windows\system32\drivers\StarOpen.sys
2010-11-04 15:38 . 2010-11-04 15:38	--------	d-----w-	d:\programme\CDBurnerXP
2010-11-04 15:32 . 2008-11-04 02:30	30568	----a-w-	c:\windows\system32\mdimon.dll
2010-11-04 15:32 . 2006-10-26 18:58	30512	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-11-04 15:31 . 2006-09-15 16:25	77824	----a-w-	c:\windows\system32\WMTRAY.DLL
2010-11-04 15:30 . 2010-11-04 16:39	--------	d-----w-	d:\programme\Microsoft Works
2010-11-04 15:25 . 2010-11-04 15:30	--------	d-----w-	c:\windows\SHELLNEW
2010-11-04 15:11 . 2010-11-04 15:11	--------	d-----w-	d:\programme\Microsoft.NET
2010-11-04 14:19 . 2010-11-04 14:19	--------	d-----w-	d:\programme\MSXML 4.0
2010-11-04 14:17 . 2010-09-18 06:52	953856	------w-	c:\windows\system32\dllcache\mfc40u.dll
2010-11-04 14:17 . 2010-09-18 06:52	974848	------w-	c:\windows\system32\dllcache\mfc42.dll
2010-11-04 14:16 . 2010-08-23 16:11	617472	------w-	c:\windows\system32\dllcache\comctl32.dll
2010-11-04 14:10 . 2010-11-04 14:10	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-11-04 14:10 . 2010-11-04 14:10	--------	d-----w-	d:\programme\DAEMON Tools Lite
2010-11-04 06:02 . 2010-11-04 06:02	--------	d-----w-	d:\programme\TeamViewer
2010-11-04 05:23 . 2010-11-13 08:25	--------	d-----w-	c:\windows\system32\NtmsData
2010-11-03 23:41 . 2010-11-03 23:41	--------	d-----w-	d:\programme\Trend Micro

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-03 17:40 . 2005-03-09 11:28	6144	------w-	c:\windows\system32\drivers\NTIDrvr.sys
2010-11-03 17:31 . 2004-06-25 01:15	529	----a-w-	c:\windows\CLEANUP.CMD
2010-11-03 17:31 . 2004-06-25 01:13	634	----a-w-	c:\windows\HOTFIX.BAT
2010-10-14 23:44 . 2010-10-14 23:44	4280320	----a-w-	c:\windows\system32\GPhotos.scr
2010-09-18 11:22 . 2004-08-04 04:00	974848	----a-w-	c:\windows\system32\mfc42u.dll
2010-09-18 06:52 . 2004-08-04 04:00	974848	----a-w-	c:\windows\system32\mfc42.dll
2010-09-18 06:52 . 2004-08-04 04:00	954368	------w-	c:\windows\system32\mfc40.dll
2010-09-18 06:52 . 2004-08-04 04:00	953856	------w-	c:\windows\system32\mfc40u.dll
2010-09-10 05:47 . 2004-08-04 04:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-09-10 05:47 . 2004-08-04 04:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2010-09-10 05:47 . 2004-08-04 04:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-09-01 11:50 . 2004-08-04 04:00	285824	------w-	c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2004-08-04 04:00	1852928	------w-	c:\windows\system32\win32k.sys
2006-05-03 10:06	163328	--sh--r-	c:\windows\system32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\system32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 88363]
"SiSPower"="SiSPower.dll" [2005-02-25 49152]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"avgnt"="d:\avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Tweak UI 1.33 deutsch"="TWEAKUI.CPL" [2000-10-06 106544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

p:\profile\Rene.ACER3000\Startmen\Programme\Autostart\
Mousometer.lnk - d:\programme\MousOmeter\mousometer.exe [2010-11-2 140288]

p:\profile\All Users\Startmen\Programme\Autostart\
Logitech SetPoint.lnk - d:\programme\Logitech\SetPoint\SetPoint.exe [2010-11-4 813584]
Mousometer.lnk - d:\programme\MousOmeter\mousometer.exe [2010-11-2 140288]
Windows Search.lnk - d:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\P:^Profile^All Users^Startmenü^Programme^Autostart^Utility Tray.lnk]
path=p:\profile\All Users\Startmenü\Programme\Autostart\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07	932288	----a-r-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47	35760	----a-w-	d:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44	500208	------w-	c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57	406992	----a-w-	c:\programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 07:30	132392	----a-w-	c:\programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16	357696	----a-w-	d:\programme\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04	1164584	----a-w-	d:\programme\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2005-11-16 15:54	385024	----a-w-	c:\acer\Empowering Technology\eRecovery\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
d:\programme\Nero\Nero8\InCD\InCD.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-10-12 14:16	315392	----a-w-	c:\programme\Launch Manager\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
d:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-06 07:25	570664	----a-w-	c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
d:\programme\Nero\Nero8\InCD\NBHGui.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-02-23 17:13	77824	----a-w-	c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37	517096	----a-w-	c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-10-07 22:43	688218	----a-w-	c:\programme\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-10-07 22:44	98394	----a-w-	c:\programme\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"idsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
Inhalt des "geplante Tasks" Ordners

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\programme\Google\Update\GoogleUpdate.exe [2010-11-18 20:41]

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\programme\Google\Update\GoogleUpdate.exe [2010-11-18 20:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\firesheep@codebutler.com\platform\WINNT_x86-msvc\components\mozpopen.dll
FF - plugin: d:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: d:\programme\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: HTTPS-Everywhere: https-everywhere@eff.org - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\https-everywhere@eff.org
FF - Extension: Force-TLS: forcetls@sid.stamm - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\forcetls@sid.stamm
FF - Extension: Firesheep: firesheep@codebutler.com - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\firesheep@codebutler.com
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Greasefire: greasefire@skrul.com - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\greasefire@skrul.com
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Toggle Private Browsing: toggleprivatebrowsing@supernova00.biz - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\toggleprivatebrowsing@supernova00.biz
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Extension: Firebug: firebug@software.joehewitt.com - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\firebug@software.joehewitt.com
FF - Extension: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\elemhidehelper@adblockplus.org
FF - Extension: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - p:\profile\Rene.ACER3000\Anwendungsdaten\Mozilla\Firefox\Profiles\e119vvry.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Extension: Java Quick Starter: jqs@sun.com - d:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

---- FIREFOX Richtlinien ----
// This one makes a huge difference. Last value in milliseconds (default is 250) 
FF - user.js: nglayout.initialpaint.delay - 0
// Change to normal Google search: 
FF - user.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-28 23:34
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Memory Cache 4.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]
"ImagePath"="system32\DRIVERS\ACPIEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AgereSoftModem]
"ImagePath"="system32\DRIVERS\AGRSM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALCXWDM]
"ImagePath"="system32\drivers\ALCXWDM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AmdK8]
"ImagePath"="system32\DRIVERS\AmdK8.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\anbmService]
"ImagePath"="c:\acer\eManager\anbmServ.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AntiVirSchedulerService]
"ImagePath"="\"d:\avira\AntiVir Desktop\sched.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AntiVirService]
"ImagePath"="\"d:\avira\AntiVir Desktop\avguard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_4.0.30319]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avgio]
"ImagePath"="\??\d:\avira\AntiVir Desktop\avgio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avgntflt]
"ImagePath"="system32\DRIVERS\avgntflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avipbb]
"ImagePath"="system32\DRIVERS\avipbb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCM43XX]
"ImagePath"="system32\DRIVERS\bcmwl5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\p:\profile\ADMINI~1\LOKALE~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DKbFltr]
"ImagePath"="System32\Drivers\DKbFltr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gagp30kx]
"ImagePath"="system32\DRIVERS\gagp30kx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"="\"d:\programme\Google\Update\GoogleUpdate.exe\" /svc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"d:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Hardlock]
"ImagePath"="\??\c:\windows\system32\drivers\hardlock.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Haspnt]
"ImagePath"="\??\c:\windows\system32\drivers\Haspnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\int15.sys]
"ImagePath"="\??\c:\acer\Empowering Technology\eRecovery\int15.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"d:\programme\Java\jre6\bin\jqs.exe\" -service -config \"d:\programme\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KOBCCEX]
"ImagePath"="system32\drivers\KOBCCEX.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KOBCCID]
"ImagePath"="system32\drivers\KOBCCID.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kobknusb]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LBeepKE]
"ImagePath"="System32\Drivers\LBeepKE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceS]
"ImagePath"="c:\windows\system32\LEXBCES.EXE"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LHidFilt]
"ImagePath"="system32\DRIVERS\LHidFilt.Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LMouFilt]
"ImagePath"="system32\DRIVERS\LMouFilt.Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MicroGuard]
"ImagePath"="\??\c:\windows\system32\drivers\mgnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSSCNTRS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMIndexingService]
"ImagePath"="\"c:\programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMSAccess]
"ImagePath"="d:\programme\CDBurnerXP\NMSAccessU.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMSAccessU]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTIDrvr]
"ImagePath"="system32\DRIVERS\NTIDrvr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odserv]
"ImagePath"="\"c:\programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\osaio]
"ImagePath"="\SystemRoot\system32\drivers\osaio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\osanbm]
"ImagePath"="\SystemRoot\system32\drivers\osanbm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="\"c:\programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
"ImagePath"="system32\DRIVERS\pcmcia.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pfc]
"ImagePath"="system32\drivers\pfc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PQNTDrv]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiS315]
"ImagePath"="system32\DRIVERS\sisgrp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISAGP]
"ImagePath"="system32\DRIVERS\SISAGPX.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiSkp]
"ImagePath"="system32\DRIVERS\srvkp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISNICXP]
"ImagePath"="system32\DRIVERS\sisnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssmdrv]
"ImagePath"="system32\DRIVERS\ssmdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StarOpen]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StarWindServiceAE]
"ImagePath"="d:\programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwitchBoard]
"ImagePath"="\"c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{2ED0E438-07F2-4A0A-89D6-6C76572B957E}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TeamViewer5]
"ImagePath"="d:\programme\TeamViewer\Version5\TeamViewer_Service.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UBHelper]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UGatherer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UGTHRSVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USB]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wdf01000]
"ImagePath"="system32\DRIVERS\Wdf01000.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"d:\programme\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WPFFontCache_v0400]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSearchIdxPi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{00E8D545-A957-48B8-BFD1-B689FECE77C6}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{6492891F-2C61-471B-A761-93ACE126F16F}]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1879216082-1162323016-502169195-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,7e,a9,dc,f9,4f,ce,49,b4,3f,aa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,da,7e,a9,dc,f9,4f,ce,49,b4,3f,aa,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(2268)
d:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2010-11-28  23:36:34
ComboFix-quarantined-files.txt  2010-11-28 22:36
ComboFix2.txt  2010-11-28 22:21

Vor Suchlauf: 6.045.862.400 Bytes frei
Nach Suchlauf: 6.033.982.976 Bytes frei

- - End Of File - - 7297780A1F55A115067260DFA04EA247
         
Achja, FF war danach nicht mehr mein Standardbrowser. Es kam die Abfrage ob er es sein soll....

Alt 29.11.2010, 12:29   #8
markusg
/// Malware-holic
 
FF öfnet Tabs und Google verlinkt auf attackierende Seiten - Standard

FF öfnet Tabs und Google verlinkt auf attackierende Seiten



poste bitte mal nen GMER report.
http://www.trojaner-board.de/74908-a...t-scanner.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.11.2010, 18:27   #9
tylon
 
FF öfnet Tabs und Google verlinkt auf attackierende Seiten - Standard

FF öfnet Tabs und Google verlinkt auf attackierende Seiten



sind denn schon tendenzen ersichtbar?

Hinweis
C:\ Windows
D:\ Programme
P:\ Profildaten

Scan wurde nur auf C:\ durchgeführt

Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-29 18:22:15
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9100822A rev.3.01
Running: omksu7ly.exe; Driver: P:\Profile\ADMINI~1\LOKALE~1\Temp\uxlirpob.sys


---- System - GMER 1.0.15 ----

SSDT                                                                                                                                  F7B81026                                                                                                            ZwCreateKey
SSDT                                                                                                                                  F7B8101C                                                                                                            ZwCreateThread
SSDT                                                                                                                                  F7B8102B                                                                                                            ZwDeleteKey
SSDT                                                                                                                                  F7B81035                                                                                                            ZwDeleteValueKey
SSDT                                                                                                                                  spkh.sys                                                                                                            ZwEnumerateKey [0xF73AFDA4]
SSDT                                                                                                                                  spkh.sys                                                                                                            ZwEnumerateValueKey [0xF73B0132]
SSDT                                                                                                                                  F7B8103A                                                                                                            ZwLoadKey
SSDT                                                                                                                                  spkh.sys                                                                                                            ZwOpenKey [0xF73970C0]
SSDT                                                                                                                                  F7B81008                                                                                                            ZwOpenProcess
SSDT                                                                                                                                  F7B8100D                                                                                                            ZwOpenThread
SSDT                                                                                                                                  spkh.sys                                                                                                            ZwQueryKey [0xF73B020A]
SSDT                                                                                                                                  spkh.sys                                                                                                            ZwQueryValueKey [0xF73B008A]
SSDT                                                                                                                                  F7B81044                                                                                                            ZwReplaceKey
SSDT                                                                                                                                  F7B8103F                                                                                                            ZwRestoreKey
SSDT                                                                                                                                  F7B81030                                                                                                            ZwSetValueKey

INT 0x06                                                                                                                              \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems)     F1A9816D
INT 0x0E                                                                                                                              \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems)     F1A97FC2
INT 0x62                                                                                                                              ?                                                                                                                   859DABF8
INT 0x82                                                                                                                              ?                                                                                                                   859DABF8
INT 0x84                                                                                                                              ?                                                                                                                   8581CBF8
INT 0x94                                                                                                                              ?                                                                                                                   8581CBF8
INT 0xB1                                                                                                                              ?                                                                                                                   859DCBF8
INT 0xB4                                                                                                                              ?                                                                                                                   8581CBF8

Code                                                                                                                                  \??\P:\Profile\ADMINI~1\LOKALE~1\Temp\catchme.sys                                                                   pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

?                                                                                                                                     spkh.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text                                                                                                                                 USBPORT.SYS!DllUnload                                                                                               F6D0B8AC 5 Bytes  JMP 8581C1D8 
.text                                                                                                                                 aotnabtd.SYS                                                                                                        F6C5F386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text                                                                                                                                 aotnabtd.SYS                                                                                                        F6C5F3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text                                                                                                                                 aotnabtd.SYS                                                                                                        F6C5F3C4 3 Bytes  [00, 80, 02]
.text                                                                                                                                 aotnabtd.SYS                                                                                                        F6C5F3C9 1 Byte  [30]
.text                                                                                                                                 aotnabtd.SYS                                                                                                        F6C5F3C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text                                                                                                                                 ...                                                                                                                 
.text                                                                                                                                 C:\WINDOWS\system32\drivers\hardlock.sys                                                                            section is writeable [0xF17D2400, 0x7960C, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xF1874420]  C:\WINDOWS\system32\drivers\hardlock.sys                                                                            entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xF1874420]
.protectÿÿÿÿhardlockunknown last code section [0xF1874200, 0x5049, 0xE0000020]                                                        C:\WINDOWS\system32\drivers\hardlock.sys                                                                            unknown last code section [0xF1874200, 0x5049, 0xE0000020]
?                                                                                                                                     C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !
?                                                                                                                                     P:\Profile\ADMINI~1\LOKALE~1\Temp\catchme.sys                                                                       Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text                                                                                                                                 C:\WINDOWS\system32\SearchIndexer.exe[2408] kernel32.dll!WriteFile                                                  7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT                                                                                                                                   atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [F7398042] spkh.sys
IAT                                                                                                                                   atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [F739813E] spkh.sys
IAT                                                                                                                                   atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                 [F73980C0] spkh.sys
IAT                                                                                                                                   atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                         [F7398800] spkh.sys
IAT                                                                                                                                   atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                 [F73986D6] spkh.sys
IAT                                                                                                                                   \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [F73A7B90] spkh.sys
IAT                                                                                                                                   \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!KfAcquireSpinLock]                                                18C4830E
IAT                                                                                                                                   \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!READ_PORT_UCHAR]                                                  1C959E88
IAT                                                                                                                                   \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!KeGetCurrentIrql]                                                 9E880000
IAT                                                                                                                                   \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!KfRaiseIrql]                                                      00001CB1
IAT                                                                                                                                   \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!KfLowerIrql]                                                      0E798366
IAT                                                                                                                                   \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!HalGetInterruptVector]                                            74AAB000
IAT                                                                                                                                   \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!HalTranslateBusAddress]                                           8986C636
IAT                                                                                                                                   \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!KeStallExecutionProcessor]                                        1A00001C
IAT                                                                                                                                   \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!KfReleaseSpinLock]                                                1C8B86C6
IAT                                                                                                                                   \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          C6020000
IAT                                                                                                                                   \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!READ_PORT_USHORT]                                                 001C9686
IAT                                                                                                                                   \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                         86C60200
IAT                                                                                                                                   \SystemRoot\System32\Drivers\aotnabtd.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                 00001CB2
IAT                                                                                                                                   \SystemRoot\System32\Drivers\aotnabtd.SYS[WMILIB.SYS!WmiSystemControl]                                              8800001C
IAT                                                                                                                                   \SystemRoot\System32\Drivers\aotnabtd.SYS[WMILIB.SYS!WmiCompleteRequest]                                            001CB99E

---- Devices - GMER 1.0.15 ----

Device                                                                                                                                \FileSystem\Ntfs \Ntfs                                                                                              859D91F8
Device                                                                                                                                \FileSystem\Fastfat \FatCdrom                                                                                       854551F8

AttachedDevice                                                                                                                        \Driver\Kbdclass \Device\KeyboardClass0                                                                             SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice                                                                                                                        \Driver\Kbdclass \Device\KeyboardClass1                                                                             SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device                                                                                                                                \Driver\usbohci \Device\USBPDO-0                                                                                    85835500
Device                                                                                                                                \Driver\usbohci \Device\USBPDO-1                                                                                    85835500
Device                                                                                                                                \Driver\usbehci \Device\USBPDO-2                                                                                    8583B500
Device                                                                                                                                \Driver\NetBT \Device\NetBT_Tcpip_{00E8D545-A957-48B8-BFD1-B689FECE77C6}                                            855B0500
Device                                                                                                                                \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8596F1F8
Device                                                                                                                                \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8596F1F8
Device                                                                                                                                \Driver\Cdrom \Device\CdRom0                                                                                        8583D1F8
Device                                                                                                                                \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                         [F72F2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device                                                                                                                                \Driver\atapi \Device\Ide\IdePort0                                                                                  [F72F2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device                                                                                                                                \Driver\atapi \Device\Ide\IdePort1                                                                                  [F72F2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device                                                                                                                                \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                         [F72F2B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device                                                                                                                                \Driver\Ftdisk \Device\HarddiskVolume3                                                                              8596F1F8
Device                                                                                                                                \Driver\Cdrom \Device\CdRom1                                                                                        8583D1F8
Device                                                                                                                                \Driver\Ftdisk \Device\HarddiskVolume4                                                                              8596F1F8
Device                                                                                                                                \Driver\Ftdisk \Device\HarddiskVolume5                                                                              8596F1F8
Device                                                                                                                                \Driver\Ftdisk \Device\HarddiskVolume6                                                                              8596F1F8
Device                                                                                                                                \Driver\NetBT \Device\NetBt_Wins_Export                                                                             855B0500
Device                                                                                                                                \Driver\PCI_PNP0570 \Device\0000004b                                                                                spkh.sys
Device                                                                                                                                \Driver\NetBT \Device\NetbiosSmb                                                                                    855B0500
Device                                                                                                                                \Driver\usbohci \Device\USBFDO-0                                                                                    85835500
Device                                                                                                                                \Driver\usbohci \Device\USBFDO-1                                                                                    85835500
Device                                                                                                                                \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   855871F8
Device                                                                                                                                \Driver\usbehci \Device\USBFDO-2                                                                                    8583B500
Device                                                                                                                                \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         855871F8
Device                                                                                                                                \Driver\Ftdisk \Device\FtControl                                                                                    8596F1F8
Device                                                                                                                                \Driver\sptd \Device\3201611820                                                                                     spkh.sys
Device                                                                                                                                \Driver\aotnabtd \Device\Scsi\aotnabtd1Port2Path0Target0Lun0                                                        857F31F8
Device                                                                                                                                \Driver\aotnabtd \Device\Scsi\aotnabtd1                                                                             857F31F8
Device                                                                                                                                \FileSystem\Fastfat \Fat                                                                                            854551F8

AttachedDevice                                                                                                                        \FileSystem\Fastfat \Fat                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device                                                                                                                                \FileSystem\Cdfs \Cdfs                                                                                              85530500

---- Registry - GMER 1.0.15 ----

Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  2
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                    
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                 1
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                              0xFA 0x93 0x08 0x38 ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 D:\Programme\DAEMON Tools Lite\
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xB1 0x4F 0x29 0x31 ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x2D 0xE5 0xEA 0x8D ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x45 0xF4 0x5F 0xC4 ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                     1
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0xFA 0x93 0x08 0x38 ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     D:\Programme\DAEMON Tools Lite\
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xB1 0x4F 0x29 0x31 ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x2D 0xE5 0xEA 0x8D ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x45 0xF4 0x5F 0xC4 ...

---- Disk sectors - GMER 1.0.15 ----

Disk                                                                                                                                  \Device\Harddisk0\DR0                                                                                               sector 09: copy of MBR

---- EOF - GMER 1.0.15 ----
         

Alt 29.11.2010, 19:44   #10
markusg
/// Malware-holic
 
FF öfnet Tabs und Google verlinkt auf attackierende Seiten - Standard

FF öfnet Tabs und Google verlinkt auf attackierende Seiten



nein, leider.
kannst du mir noch mal ne neue otl.txt posten?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.11.2010, 21:18   #11
tylon
 
FF öfnet Tabs und Google verlinkt auf attackierende Seiten - Standard

FF öfnet Tabs und Google verlinkt auf attackierende Seiten



na klar

OTL
Code:
ATTFilter
OTL logfile created on: 29.11.2010 20:12:38 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = D:\Download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
958,00 Mb Total Physical Memory | 555,00 Mb Available Physical Memory | 58,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): X:\pagefile.sys 1500 2000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 15,00 Gb Total Space | 5,64 Gb Free Space | 37,63% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 10,54 Gb Free Space | 70,27% Space Free | Partition Type: NTFS
Drive P: | 50,00 Gb Total Space | 16,26 Gb Free Space | 32,52% Space Free | Partition Type: NTFS
Drive X: | 5,23 Gb Total Space | 3,61 Gb Free Space | 68,94% Space Free | Partition Type: NTFS
 
Computer Name: ACER3000 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.11.28 13:05:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe
PRC - [2010.10.19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- D:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.08.02 16:09:40 | 000,135,336 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\sched.exe
PRC - [2010.08.02 16:09:34 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.08.02 16:09:34 | 000,267,944 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- D:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.01.14 22:10:54 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.04 06:24:25 | 000,140,288 | ---- | M] () -- D:\Programme\MousOmeter\mousometer.exe
PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- D:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008.12.12 08:31:10 | 000,537,896 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
PRC - [2008.04.14 03:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.11.16 16:54:56 | 000,385,024 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005.03.04 13:13:04 | 000,032,768 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe
PRC - [2004.08.16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.11.28 13:05:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe
MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009.07.20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- D:\Programme\Logitech\SetPoint\lgscroll.dll
MOD - [2009.07.12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.10.19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- D:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.08.02 16:09:40 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.08.02 16:09:34 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008.12.12 08:31:10 | 000,537,896 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004.08.16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] -- P:\Profile\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2010.11.27 12:37:16 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.19 00:13:10 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010.11.04 15:10:40 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.03 18:40:06 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2010.08.02 16:09:48 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.06.17 15:27:04 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 15:26:54 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 17:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009.01.28 20:04:42 | 000,023,168 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KOBCCEX.sys -- (KOBCCEX)
DRV - [2009.01.28 20:04:18 | 000,083,840 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KOBCCID.sys -- (KOBCCID)
DRV - [2005.07.28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005.03.04 16:37:26 | 000,008,704 | ---- | M] (Avocent/OSA Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005.03.02 00:09:02 | 000,240,640 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005.02.25 19:45:32 | 000,013,312 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005.02.24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.01.14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004.12.21 10:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004.12.08 14:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004.11.05 01:43:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004.10.07 23:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004.10.07 19:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004.05.05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003.12.05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.07.18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [1998.03.03 13:55:58 | 000,040,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mgnt.sys -- (MicroGuard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.acer.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1879216082-1162323016-502169195-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1879216082-1162323016-502169195-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: d:\Programme\Mozilla Firefox\components [2010.11.03 19:13:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: d:\Programme\Mozilla Firefox\plugins [2010.11.18 23:25:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2010.11.03 22:30:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2010.11.18 23:25:14 | 000,000,000 | ---D | M]
 
[2010.11.06 13:39:48 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.11.22 06:43:04 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\otsff5j9.default\extensions
[2010.11.06 13:39:45 | 000,000,000 | ---D | M] (Adblock Plus) -- P:\Profile\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\otsff5j9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.29 15:27:54 | 000,000,000 | ---D | M] -- D:\Programme\Mozilla Firefox\extensions
[2010.11.03 22:05:51 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.03 22:05:38 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.11.04 18:22:23 | 000,075,208 | ---- | M] (Foxit Software Company) -- D:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.10.27 06:44:14 | 000,001,392 | ---- | M] () -- D:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:14 | 000,002,344 | ---- | M] () -- D:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.27 06:44:14 | 000,006,805 | ---- | M] () -- D:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:14 | 000,001,178 | ---- | M] () -- D:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:14 | 000,001,105 | ---- | M] () -- D:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.28 23:16:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Tweak UI 1.33 deutsch] C:\WINDOWS\System32\TWEAKUI.CPL (Brummelchen@gmx.at)
O4 - Startup: P:\Profile\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = D:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: P:\Profile\All Users\Startmenü\Programme\Autostart\Mousometer.lnk = D:\Programme\MousOmeter\mousometer.exe ()
O4 - Startup: P:\Profile\Rene.ACER3000\Startmenü\Programme\Autostart\Mousometer.lnk = D:\Programme\MousOmeter\mousometer.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1879216082-1162323016-502169195-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1879216082-1162323016-502169195-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1879216082-1162323016-502169195-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1879216082-1162323016-502169195-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1879216082-1162323016-502169195-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1288886940468 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.03.09 12:28:00 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "idsvc"
MsConfig - StartUpFolder: P:^Profile^All Users^Startmenü^Programme^Autostart^Utility Tray.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - D:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: eRecoveryService - hkey= - key= - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
MsConfig - StartUpReg: InCD - hkey= - key= - D:\Programme\Nero\Nero8\InCD\InCD.exe File not found
MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - D:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: SecurDisc - hkey= - key= - D:\Programme\Nero\Nero8\InCD\NBHGui.exe File not found
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: SynTPLpr - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup - 
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup - 
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183528496136192)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.28 23:36:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.11.28 22:50:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.11.28 22:46:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.11.28 22:46:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.11.28 22:46:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.11.28 22:46:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.11.28 22:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.11.28 22:45:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.11.28 21:19:06 | 000,000,000 | RH-D | C] -- P:\Profile\Administrator\Recent
[2010.11.28 10:45:32 | 000,000,000 | ---D | C] -- P:\Profile\NetworkService\Anwendungsdaten\Sun
[2010.11.27 15:58:32 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Eigene Dateien\VirtualDJ
[2010.11.27 15:58:32 | 000,000,000 | ---D | C] -- D:\Programme\VirtualDJ
[2010.11.26 08:52:36 | 000,000,000 | -HSD | C] -- P:\Profile\NetworkService\Anwendungsdaten\Microsoft
[2010.11.26 08:51:21 | 000,000,000 | ---D | C] -- P:\Profile\NetworkService\Anwendungsdaten\Macromedia
[2010.11.26 08:51:17 | 000,000,000 | ---D | C] -- P:\Profile\NetworkService\Anwendungsdaten\Adobe
[2010.11.25 11:03:52 | 000,000,000 | ---D | C] -- P:\Profile\LocalService\Anwendungsdaten\Sun
[2010.11.24 22:20:40 | 000,000,000 | ---D | C] -- D:\Programme\uploaded Tool 2009
[2010.11.23 19:19:38 | 000,000,000 | ---D | C] -- P:\Profile\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010.11.23 15:32:33 | 000,000,000 | ---D | C] -- D:\Programme\TagRename
[2010.11.23 15:17:14 | 000,000,000 | ---D | C] -- D:\Programme\Citavi 3
[2010.11.23 14:50:25 | 000,000,000 | ---D | C] -- P:\Profile\LocalService\Anwendungsdaten\Macromedia
[2010.11.23 14:07:55 | 000,000,000 | ---D | C] -- P:\Profile\LocalService\Anwendungsdaten\Adobe
[2010.11.23 13:41:13 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Swiss Academic Software
[2010.11.23 11:40:09 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\UDC Profiles
[2010.11.23 11:39:06 | 000,024,440 | ---- | C] (fCoder Group, Inc.) -- C:\WINDOWS\System32\udcpm.dll
[2010.11.23 11:39:04 | 000,000,000 | R--D | C] -- P:\Profile\Administrator\Eigene Dateien\UDC Output Files
[2010.11.23 11:38:47 | 000,000,000 | ---D | C] -- D:\Programme\Universal Document Converter
[2010.11.22 19:58:17 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Windows Desktop Search
[2010.11.22 19:31:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010.11.22 19:31:30 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft Corporation
[2010.11.22 19:29:35 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010.11.22 19:28:56 | 000,000,000 | ---D | C] -- D:\Programme\Windows Media Connect 2
[2010.11.22 19:18:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010.11.22 19:18:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010.11.22 12:02:09 | 000,000,000 | ---D | C] -- D:\Programme\Nero
[2010.11.21 18:21:05 | 001,414,440 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\ShellManager310E2D762.dll
[2010.11.21 17:40:37 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Nero
[2010.11.21 17:40:37 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Nero
[2010.11.21 17:06:30 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Nero
[2010.11.21 16:53:17 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Ahead
[2010.11.21 16:49:34 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Nero
[2010.11.21 16:41:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010.11.21 16:32:30 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010.11.21 16:32:27 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2010.11.20 19:23:11 | 000,000,000 | ---D | C] -- D:\Programme\Alcohol Soft
[2010.11.20 18:44:40 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Canneverbe Limited
[2010.11.19 00:17:02 | 000,000,000 | ---D | C] -- P:\Profile\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2010.11.19 00:13:19 | 000,685,056 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\hardlock.sys
[2010.11.19 00:13:10 | 000,047,616 | ---- | C] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\Haspnt.sys
[2010.11.19 00:13:10 | 000,006,656 | ---- | C] (Aladdin Knowledge Systems.) -- C:\WINDOWS\System32\haspvdd.dll
[2010.11.19 00:13:07 | 000,030,208 | ---- | C] (Micro Macro Technologies) -- C:\WINDOWS\System32\Mg32.dll
[2010.11.19 00:13:00 | 000,374,368 | ---- | C] (Data Dynamics) -- C:\WINDOWS\System32\pdfexpt.dll
[2010.11.19 00:13:00 | 000,210,528 | ---- | C] (Data Dynamics) -- C:\WINDOWS\System32\rtfexpt.dll
[2010.11.19 00:13:00 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tabctl32.ocx
[2010.11.19 00:13:00 | 000,195,104 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\mem32x20.ocx
[2010.11.19 00:13:00 | 000,132,704 | ---- | C] (Data Dynamics) -- C:\WINDOWS\System32\textexpt.dll
[2010.11.19 00:12:59 | 000,554,592 | ---- | C] (Data Dynamics) -- C:\WINDOWS\System32\htmlexpt.dll
[2010.11.19 00:12:59 | 000,468,224 | ---- | C] (Catalyst Development Corporation) -- C:\WINDOWS\System32\csimxctl.ocx
[2010.11.19 00:12:59 | 000,357,984 | ---- | C] (Data Dynamics) -- C:\WINDOWS\System32\exclexpt.dll
[2010.11.19 00:12:59 | 000,144,456 | ---- | C] (Catalyst Development Corporation) -- C:\WINDOWS\System32\csmtp32.ocx
[2010.11.19 00:12:59 | 000,136,224 | ---- | C] (Catalyst Development Corporation) -- C:\WINDOWS\System32\csmsg32.ocx
[2010.11.19 00:12:58 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2010.11.19 00:12:57 | 001,015,808 | ---- | C] (Data Dynamics) -- C:\WINDOWS\System32\ActRpt.dll
[2010.11.19 00:12:57 | 000,595,488 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\Edt32x20.ocx
[2010.11.19 00:12:57 | 000,329,600 | ---- | C] (Data Dynamics) -- C:\WINDOWS\System32\ARViewer.ocx
[2010.11.19 00:12:56 | 001,089,536 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2010.11.19 00:12:56 | 000,268,288 | ---- | C] (D.I. Management Services Pty Limited
ABN 78 083 210 584
<www.di-mgt.com.au> <www.cryptosys.net>) -- C:\WINDOWS\System32\diCryptoSys.dll
[2010.11.19 00:12:56 | 000,095,920 | ---- | C] (Catalyst Development Corporation) -- C:\WINDOWS\System32\CSICMP32.DLL
[2010.11.19 00:12:56 | 000,053,248 | ---- | C] (EllTech Development, Inc.) -- C:\WINDOWS\System32\MHENCD32.DLL
[2010.11.19 00:12:56 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.DLL
[2010.11.19 00:12:56 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010.11.19 00:12:40 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2010.11.19 00:08:32 | 000,329,600 | ---- | C] (Data Dynamics) -- C:\WINDOWS\System32\drivers\ARViewer.ocx
[2010.11.18 23:11:52 | 000,000,000 | ---D | C] -- D:\Programme\MICROCAT
[2010.11.18 22:11:25 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010.11.18 22:11:25 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010.11.18 22:11:25 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010.11.18 22:11:25 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010.11.18 22:11:25 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010.11.18 22:11:24 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010.11.18 22:11:24 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010.11.18 22:11:24 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010.11.18 22:11:24 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010.11.18 22:11:23 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010.11.18 22:11:23 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010.11.18 22:11:23 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010.11.18 22:11:23 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010.11.18 22:10:55 | 000,000,000 | ---D | C] -- D:\Programme\SUPER
[2010.11.18 21:41:45 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Temp
[2010.11.18 21:41:44 | 000,000,000 | ---D | C] -- P:\Profile\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2010.11.17 22:17:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Vbox
[2010.11.17 22:16:17 | 000,000,000 | ---D | C] -- D:\Programme\Macromedia
[2010.11.17 21:42:51 | 000,000,000 | ---D | C] -- D:\Programme\phase5
[2010.11.13 20:05:17 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Canneverbe Limited
[2010.11.12 11:06:12 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Malwarebytes
[2010.11.12 08:58:25 | 000,000,000 | ---D | C] -- D:\Programme\MousOmeter
[2010.11.11 22:34:02 | 000,000,000 | ---D | C] -- D:\Programme\bin
[2010.11.11 22:25:08 | 000,000,000 | ---D | C] -- D:\Programme\Iolo
[2010.11.11 22:23:42 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Eigene Dateien\My Macros
[2010.11.11 22:21:28 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Application Data
[2010.11.09 23:24:52 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\DivX
[2010.11.09 18:39:27 | 000,083,840 | ---- | C] (KOBIL Systems GmbH) -- C:\WINDOWS\System32\drivers\KOBCCID.sys
[2010.11.09 18:39:27 | 000,023,168 | ---- | C] (KOBIL Systems GmbH) -- C:\WINDOWS\System32\drivers\KOBCCEX.sys
[2010.11.09 18:39:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010.11.09 18:39:15 | 000,430,080 | ---- | C] (KOBIL Systems GmbH) -- C:\WINDOWS\System32\CT32.dll
[2010.11.09 18:39:14 | 001,712,128 | ---- | C] (KOBIL Systems) -- C:\WINDOWS\System32\CTAPI_Control.cpl
[2010.11.09 18:39:13 | 000,466,944 | ---- | C] (KOBIL Systems) -- C:\WINDOWS\System32\CTAPIUtilities.dll
[2010.11.09 18:39:05 | 000,000,000 | ---D | C] -- D:\Programme\KOBIL Systems
[2010.11.09 18:15:45 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Buhl Data Service
[2010.11.08 22:40:09 | 000,000,000 | ---D | C] -- D:\Programme\PWUnmask
[2010.11.08 22:05:06 | 000,000,000 | ---D | C] -- D:\Programme\Desktop Icon Manager
[2010.11.08 18:02:38 | 000,000,000 | ---D | C] -- D:\Programme\Lavalys
[2010.11.07 18:16:14 | 000,000,000 | ---D | C] -- P:\Profile\LocalService\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010.11.07 17:51:18 | 000,000,000 | ---D | C] -- D:\Programme\ColorPic 4.1
[2010.11.07 09:53:24 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2010.11.06 19:15:14 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Avira
[2010.11.06 14:52:40 | 000,000,000 | --SD | C] -- P:\Profile\LocalService\Anwendungsdaten\Microsoft
[2010.11.06 14:52:40 | 000,000,000 | ---D | C] -- P:\Profile\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010.11.06 14:52:38 | 000,000,000 | ---D | C] -- P:\Profile\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010.11.06 13:47:27 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\WINDOWS
[2010.11.06 13:47:25 | 000,000,000 | -H-D | C] -- P:\Profile\Administrator\Vorlagen
[2010.11.06 13:47:21 | 000,000,000 | R--D | C] -- P:\Profile\Administrator\Startmenü
[2010.11.06 13:47:20 | 000,000,000 | RH-D | C] -- P:\Profile\Administrator\SendTo
[2010.11.06 13:47:20 | 000,000,000 | -HSD | C] -- P:\Profile\Administrator\PrivacIE
[2010.11.06 13:47:20 | 000,000,000 | -H-D | C] -- P:\Profile\Administrator\Netzwerkumgebung
[2010.11.06 13:46:43 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010.11.06 13:46:42 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Help
[2010.11.06 13:46:42 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Google
[2010.11.06 13:46:42 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Buhl Data Service
[2010.11.06 13:46:39 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft Help
[2010.11.06 13:46:39 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010.11.06 13:45:10 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2010.11.06 13:45:10 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2010.11.06 13:40:02 | 000,000,000 | R--D | C] -- P:\Profile\Administrator\Favoriten
[2010.11.06 13:40:02 | 000,000,000 | -HSD | C] -- P:\Profile\Administrator\IETldCache
[2010.11.06 13:40:02 | 000,000,000 | -H-D | C] -- P:\Profile\Administrator\Lokale Einstellungen
[2010.11.06 13:40:02 | 000,000,000 | -H-D | C] -- P:\Profile\Administrator\Druckumgebung
[2010.11.06 13:40:01 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Desktop
[2010.11.06 13:39:59 | 000,000,000 | R--D | C] -- P:\Profile\Administrator\Eigene Dateien\Eigene Videos
[2010.11.06 13:39:59 | 000,000,000 | R--D | C] -- P:\Profile\Administrator\Eigene Dateien\Eigene Musik
[2010.11.06 13:39:59 | 000,000,000 | R--D | C] -- P:\Profile\Administrator\Eigene Dateien\Eigene Bilder
[2010.11.06 13:39:59 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Eigene Dateien\Downloads
[2010.11.06 13:39:55 | 000,000,000 | R--D | C] -- P:\Profile\Administrator\Eigene Dateien
[2010.11.06 13:39:55 | 000,000,000 | -HSD | C] -- P:\Profile\Administrator\Cookies
[2010.11.06 13:39:55 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Eigene Dateien\WISO Mein Geld
[2010.11.06 13:39:55 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Adobe
[2010.11.06 13:39:54 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Macromedia
[2010.11.06 13:39:54 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Logitech
[2010.11.06 13:39:54 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\LetsTrade
[2010.11.06 13:39:54 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Identities
[2010.11.06 13:39:54 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Help
[2010.11.06 13:39:54 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Foxit Software
[2010.11.06 13:39:54 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\DAEMON Tools Lite
[2010.11.06 13:39:54 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Buhl Data Service GmbH
[2010.11.06 13:39:48 | 000,000,000 | --SD | C] -- P:\Profile\Administrator\Anwendungsdaten\Microsoft
[2010.11.06 13:39:41 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Mozilla
[2010.11.06 13:39:33 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\TeamViewer
[2010.11.06 13:39:33 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Sun
[2010.11.06 13:39:31 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\uTorrent
[2010.11.06 13:39:30 | 000,000,000 | RH-D | C] -- P:\Profile\Administrator\Anwendungsdaten
[2010.11.06 13:39:30 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\WinRAR
[2010.11.06 13:39:30 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\Windows Search
[2010.11.06 13:39:30 | 000,000,000 | ---D | C] -- P:\Profile\Administrator\Anwendungsdaten\WildPackets
[2010.11.06 13:28:33 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Malwarebytes
[2010.11.06 13:27:26 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Logitech
[2010.11.06 13:27:26 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\LogiShrd
[2010.11.06 13:27:24 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\DivX
[2010.11.06 13:27:24 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010.11.06 13:27:24 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2010.11.06 13:26:22 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Avira
[2010.11.06 13:22:50 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Adobe
[2010.11.06 13:22:03 | 000,000,000 | --SD | C] -- P:\Profile\All Users\Anwendungsdaten\Microsoft
[2010.11.06 13:22:02 | 000,000,000 | RH-D | C] -- P:\Profile\All Users\Anwendungsdaten
[2010.11.06 13:22:02 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Windows Genuine Advantage
[2010.11.06 13:22:02 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Sun
[2010.11.06 13:22:02 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Anwendungsdaten\Microsoft Help
[2010.11.06 13:22:02 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Desktop
[2010.11.06 13:22:01 | 000,000,000 | R--D | C] -- P:\Profile\All Users\Dokumente\Eigene Bilder
[2010.11.06 13:22:00 | 000,000,000 | R--D | C] -- P:\Profile\All Users\Dokumente\Eigene Videos
[2010.11.06 13:22:00 | 000,000,000 | R--D | C] -- P:\Profile\All Users\Dokumente\Eigene Musik
[2010.11.06 13:22:00 | 000,000,000 | R--D | C] -- P:\Profile\All Users\Dokumente
[2010.11.06 13:22:00 | 000,000,000 | -HSD | C] -- P:\Profile\All Users\DRM
[2010.11.06 13:22:00 | 000,000,000 | ---D | C] -- P:\Profile\All Users\Favoriten
[2010.11.06 13:21:50 | 000,000,000 | R--D | C] -- P:\Profile\All Users\Startmenü
[2010.11.06 13:21:50 | 000,000,000 | -H-D | C] -- P:\Profile\All Users\Vorlagen
[2010.11.06 11:48:08 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010.11.06 09:03:19 | 000,000,000 | ---D | C] -- D:\Programme\WildPackets
[2010.11.06 08:58:49 | 000,000,000 | ---D | C] -- D:\Programme\VirusTotalUploader2
[2010.11.06 08:22:48 | 000,000,000 | ---D | C] -- D:\Programme\uTorrent
[2010.11.05 21:52:53 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2010.11.05 21:42:43 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6DE.DLL
[2010.11.05 21:42:43 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2010.11.05 21:42:43 | 000,082,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PICCLP32.OCX
[2010.11.05 21:42:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PCCLPDE.DLL
[2010.11.05 21:42:41 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCDE.DLL
[2010.11.05 21:42:40 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hh.exe
[2010.11.05 21:42:39 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2010.11.05 21:42:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGDE.DLL
[2010.11.05 21:42:39 | 000,000,000 | ---D | C] -- D:\Programme\RunAsAdmin
[2010.11.05 21:41:47 | 000,106,544 | ---- | C] (Brummelchen@gmx.at) -- C:\WINDOWS\System32\TWEAKUI.CPL
[2010.11.05 21:28:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010.11.05 21:28:43 | 000,000,000 | ---D | C] -- D:\Programme\MSBuild
[2010.11.05 21:28:31 | 000,000,000 | ---D | C] -- D:\Programme\Reference Assemblies
[2010.11.05 21:26:56 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010.11.05 21:26:56 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010.11.05 21:26:56 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010.11.05 21:26:56 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010.11.05 21:26:55 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010.11.05 21:26:55 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010.11.05 21:20:45 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.11.05 20:28:58 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DivX Shared
[2010.11.05 20:27:39 | 000,000,000 | ---D | C] -- D:\Programme\DivX
[2010.11.05 20:19:59 | 000,000,000 | ---D | C] -- D:\Programme\Recuva
[2010.11.05 19:07:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010.11.05 19:03:44 | 000,000,000 | ---D | C] -- D:\Programme\Windows Desktop Search
[2010.11.05 19:03:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010.11.05 19:01:58 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2010.11.05 19:01:58 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2010.11.05 19:01:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2010.11.05 09:14:01 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010.11.05 09:14:01 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010.11.05 08:32:35 | 000,000,000 | ---D | C] -- D:\Programme\Buhl
[2010.11.05 00:42:25 | 000,000,000 | ---D | C] -- D:\Programme\GIMP-2.0
[2010.11.05 00:09:50 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe AIR
[2010.11.05 00:09:49 | 000,000,000 | ---D | C] -- D:\Programme\Adobe
[2010.11.04 23:54:21 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2010.11.04 18:22:54 | 000,000,000 | ---D | C] -- D:\Programme\Foxit Software
[2010.11.04 16:43:41 | 000,000,000 | ---D | C] -- D:\Programme\Google
[2010.11.04 16:42:03 | 000,000,000 | ---D | C] -- D:\Programme\VideoLAN
[2010.11.04 16:40:15 | 000,000,000 | ---D | C] -- D:\Programme\IrfanView
[2010.11.04 16:38:42 | 000,000,000 | ---D | C] -- D:\Programme\CDBurnerXP
[2010.11.04 16:32:38 | 000,030,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2010.11.04 16:30:54 | 000,000,000 | ---D | C] -- D:\Programme\Microsoft Works
[2010.11.04 16:30:16 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DESIGNER
[2010.11.04 16:25:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010.11.04 16:24:57 | 000,000,000 | ---D | C] -- D:\Programme\Microsoft Office
[2010.11.04 16:13:31 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010.11.04 16:11:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010.11.04 16:11:32 | 000,000,000 | ---D | C] -- D:\Programme\Microsoft.NET
[2010.11.04 16:11:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010.11.04 15:19:26 | 000,000,000 | ---D | C] -- D:\Programme\MSXML 4.0
[2010.11.04 15:17:13 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010.11.04 15:17:12 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010.11.04 15:16:44 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010.11.04 15:10:29 | 000,000,000 | ---D | C] -- D:\Programme\DAEMON Tools Lite
[2010.11.04 15:01:24 | 000,286,720 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxblcomm.dll
[2010.11.04 15:01:24 | 000,201,216 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXP2P32.DLL
[2010.11.04 15:01:24 | 000,197,120 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEX2KUSB.DLL
[2010.11.04 15:01:24 | 000,147,456 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCE.DLL
[2010.11.04 15:01:24 | 000,073,728 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxblpwr.dll
[2010.11.04 15:01:23 | 000,200,192 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXLMPM.DLL
[2010.11.04 15:01:23 | 000,000,000 | ---D | C] -- D:\Programme\Lexmark Z700-P700 Series
[2010.11.04 15:01:22 | 000,983,101 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LXBLGF.DLL
[2010.11.04 15:01:22 | 000,458,752 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\LXBLJSWR.DLL
[2010.11.04 15:01:22 | 000,339,968 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\LXBLUTIL.DLL
[2010.11.04 15:01:22 | 000,155,648 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPING.EXE
[2010.11.04 15:01:22 | 000,094,208 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\LXBLCUR.DLL
[2010.11.04 15:01:22 | 000,069,632 | ---- | C] (Lexmark International Inc.) -- C:\WINDOWS\System32\LXBLCU.DLL
[2010.11.04 15:01:21 | 000,544,768 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LXBLLSNT.EXE
[2010.11.04 15:01:21 | 000,286,720 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LXBLPMNT.DLL
[2010.11.04 15:01:21 | 000,217,088 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LXBLLCNT.DLL
[2010.11.04 15:01:21 | 000,126,976 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LXBLCFG.EXE
[2010.11.04 15:01:17 | 000,299,008 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\unin0407.exe
[2010.11.04 07:02:24 | 000,000,000 | ---D | C] -- D:\Programme\TeamViewer
[2010.11.04 06:23:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.11.04 00:41:52 | 000,000,000 | ---D | C] -- D:\Programme\Trend Micro
[2010.11.04 00:37:47 | 000,000,000 | ---D | C] -- D:\Programme\CCleaner
[2010.11.04 00:37:16 | 000,000,000 | ---D | C] -- D:\Programme\Defraggler
[2010.11.04 00:18:15 | 000,010,384 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LBeepKE.sys
[2010.11.04 00:16:51 | 000,170,512 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\kemutb.dll
[2010.11.04 00:16:51 | 000,145,936 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemUtil.dll
[2010.11.04 00:16:51 | 000,117,264 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemWnd.dll
[2010.11.04 00:16:51 | 000,084,496 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemXML.dll
[2010.11.04 00:16:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Logishrd
[2010.11.04 00:16:00 | 000,000,000 | ---D | C] -- D:\Programme\Logitech
[2010.11.04 00:09:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010.11.03 23:37:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.03 23:37:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.03 23:37:01 | 000,000,000 | ---D | C] -- D:\Programme\Malwarebytes' Anti-Malware
[2010.11.03 23:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010.11.03 22:41:32 | 000,000,000 | ---D | C] -- D:\Programme\xerox
[2010.11.03 22:41:31 | 000,000,000 | ---D | C] -- D:\Programme\outlook express
[2010.11.03 22:41:30 | 000,000,000 | ---D | C] -- D:\Programme\netmeeting
[2010.11.03 22:41:30 | 000,000,000 | ---D | C] -- D:\Programme\msn gaming zone
[2010.11.03 22:41:30 | 000,000,000 | ---D | C] -- D:\Programme\microsoft frontpage
[2010.11.03 22:41:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.11.03 22:29:35 | 000,000,000 | ---D | C] -- D:\Programme\Messenger
[2010.11.03 22:29:00 | 000,000,000 | ---D | C] -- D:\Programme\msn
[2010.11.03 22:28:59 | 000,000,000 | ---D | C] -- D:\Programme\windows nt
[2010.11.03 22:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010.11.03 22:28:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2010.11.03 22:28:58 | 000,000,000 | ---D | C] -- D:\Programme\movie maker
[2010.11.03 22:28:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010.11.03 22:25:51 | 000,000,000 | ---D | C] -- D:\Programme\windows media player
[2010.11.03 22:24:38 | 000,000,000 | ---D | C] -- D:\Programme\MozBackup-1.4.10-DE
[2010.11.03 22:22:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010.11.03 22:22:19 | 000,000,000 | ---D | C] -- D:\Programme\Mozilla Thunderbird
[2010.11.03 22:20:01 | 000,000,000 | -H-D | C] -- D:\Programme\InstallShield Installation Information
[2010.11.03 22:18:49 | 000,000,000 | ---D | C] -- D:\Programme\Symantec
[2010.11.03 22:16:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010.11.03 22:16:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010.11.03 22:06:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2010.11.03 22:05:50 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.11.03 22:05:50 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.11.03 22:05:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.11.03 22:05:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.11.03 22:05:50 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.11.03 22:05:35 | 000,000,000 | ---D | C] -- D:\Programme\Java
[2010.11.03 22:04:38 | 000,000,000 | ---D | C] -- D:\Programme\JDownloader
[2010.11.03 21:30:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.11.03 21:06:35 | 000,000,000 | -H-D | C] -- D:\Programme\Uninstall Information
[2010.11.03 21:01:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010.11.03 21:01:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010.11.03 21:01:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010.11.03 21:01:23 | 001,986,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010.11.03 21:01:23 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010.11.03 21:01:22 | 011,080,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010.11.03 21:01:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010.11.03 21:01:00 | 000,000,000 | ---D | C] -- D:\Programme\Internet Explorer
[2010.11.03 21:00:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.11.03 21:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010.11.03 20:52:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010.11.03 20:41:10 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010.11.03 20:41:09 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2010.11.03 20:41:06 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010.11.03 20:41:06 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2010.11.03 20:41:05 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010.11.03 20:41:05 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2010.11.03 20:41:04 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010.11.03 20:41:01 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010.11.03 20:41:00 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2010.11.03 20:41:00 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010.11.03 20:41:00 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010.11.03 20:40:59 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010.11.03 20:40:58 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010.11.03 20:40:58 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010.11.03 20:40:58 | 000,144,384 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010.11.03 20:40:57 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010.11.03 20:40:57 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010.11.03 20:40:57 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010.11.03 20:40:56 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010.11.03 20:40:56 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010.11.03 20:40:54 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010.11.03 20:40:54 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010.11.03 20:40:54 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010.11.03 20:40:52 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010.11.03 20:40:49 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010.11.03 20:40:49 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010.11.03 20:40:48 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010.11.03 20:40:47 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010.11.03 20:40:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010.11.03 20:40:46 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010.11.03 20:40:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010.11.03 20:40:44 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010.11.03 20:40:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010.11.03 20:40:44 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010.11.03 20:40:43 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2010.11.03 20:40:43 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010.11.03 20:40:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010.11.03 20:40:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2010.11.03 20:40:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010.11.03 20:40:41 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010.11.03 20:40:41 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010.11.03 20:40:40 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010.11.03 20:40:38 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010.11.03 20:40:38 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010.11.03 20:40:32 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010.11.03 20:40:32 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010.11.03 20:40:31 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010.11.03 20:40:31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2010.11.03 20:40:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2010.11.03 20:40:29 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010.11.03 20:40:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010.11.03 20:40:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010.11.03 20:40:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010.11.03 20:40:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010.11.03 20:40:25 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010.11.03 20:40:22 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010.11.03 20:40:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010.11.03 20:40:16 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010.11.03 20:40:15 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010.11.03 20:40:15 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010.11.03 20:40:13 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010.11.03 20:40:13 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2010.11.03 20:40:13 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010.11.03 20:40:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010.11.03 20:40:13 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2010.11.03 20:40:12 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010.11.03 20:40:12 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010.11.03 20:40:12 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010.11.03 20:40:12 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010.11.03 20:40:12 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010.11.03 20:40:12 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010.11.03 20:40:11 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010.11.03 20:40:11 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010.11.03 20:40:10 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010.11.03 20:40:10 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010.11.03 20:40:10 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010.11.03 20:40:10 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010.11.03 20:40:09 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010.11.03 20:40:09 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010.11.03 20:40:09 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010.11.03 20:40:09 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010.11.03 20:40:08 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2010.11.03 20:40:08 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2010.11.03 20:40:08 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2010.11.03 20:40:08 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010.11.03 20:40:08 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010.11.03 20:40:08 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010.11.03 20:40:08 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010.11.03 20:40:08 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010.11.03 20:40:08 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010.11.03 20:40:08 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010.11.03 20:40:08 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010.11.03 20:40:08 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010.11.03 20:40:08 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010.11.03 20:40:08 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010.11.03 20:40:08 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010.11.03 20:40:08 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010.11.03 20:40:08 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010.11.03 20:40:08 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010.11.03 20:39:56 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010.11.03 20:39:56 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010.11.03 20:39:56 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010.11.03 20:39:56 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010.11.03 20:39:55 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010.11.03 20:39:55 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010.11.03 20:39:55 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010.11.03 20:39:55 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010.11.03 20:39:55 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010.11.03 20:39:54 | 000,701,952 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010.11.03 20:39:54 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010.11.03 20:39:52 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010.11.03 20:39:52 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010.11.03 20:39:52 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010.11.03 20:39:52 | 000,327,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010.11.03 20:39:52 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010.11.03 20:39:52 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010.11.03 20:39:52 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010.11.03 20:39:52 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010.11.03 20:39:52 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010.11.03 20:39:52 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010.11.03 20:39:52 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010.11.03 20:39:52 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010.11.03 20:39:52 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010.11.03 20:39:52 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010.11.03 20:39:51 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010.11.03 20:39:51 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010.11.03 20:39:51 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010.11.03 20:39:51 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010.11.03 20:39:51 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010.11.03 20:39:51 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010.11.03 20:39:51 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010.11.03 20:39:51 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010.11.03 20:39:51 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010.11.03 20:39:51 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010.11.03 20:39:51 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010.11.03 20:39:51 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010.11.03 20:39:51 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010.11.03 20:39:50 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010.11.03 20:23:06 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010.11.03 20:22:04 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010.11.03 20:21:36 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010.11.03 20:20:16 | 002,192,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010.11.03 20:20:13 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010.11.03 20:20:10 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010.11.03 20:10:50 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010.11.03 20:10:36 | 000,357,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010.11.03 20:10:22 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.11.03 20:10:14 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010.11.03 20:10:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010.11.03 20:08:59 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.11.03 20:08:40 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\WINDOWS\IsUn0407.exe
[2010.11.03 20:07:43 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010.11.03 19:49:47 | 000,000,000 | ---D | C] -- D:\Programme\WinRAR
[2010.11.03 19:12:55 | 000,000,000 | ---D | C] -- D:\Programme\Mozilla Firefox
[2010.11.03 19:11:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010.11.03 19:10:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010.11.03 19:10:55 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010.11.03 19:10:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010.11.03 19:04:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010.11.03 18:58:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.11.03 18:58:29 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.11.03 18:58:29 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.11.03 18:58:29 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.11.03 18:58:29 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.11.03 18:41:56 | 000,258,048 | ---- | C] (Acer Inc.) -- C:\WINDOWS\System32\Uninstall_eRecovery.exe
[2010.11.03 18:41:32 | 000,147,456 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\UNINST32.EXE
[2010.11.03 18:41:32 | 000,049,152 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\System32\QtBtLib.dll
[2010.11.03 18:41:32 | 000,016,896 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\System32\drivers\DKbFltr.SYS
[2010.11.03 18:36:32 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010.11.03 18:32:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010.11.03 18:31:04 | 000,163,840 | ---- | C] (Acer Inc.) -- C:\WINDOWS\AExec.exe
[2010.06.08 15:48:10 | 032,969,920 | ---- | C] (fCoder Group, Inc.                                          ) -- P:\Profile\Administrator\Anwendungsdaten\udc.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.29 20:10:04 | 000,001,323 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010.11.29 20:09:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.29 20:09:48 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.29 19:46:01 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.29 00:08:20 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.11.28 23:16:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2010.11.28 23:16:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.11.28 23:15:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.28 23:15:36 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.28 22:50:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010.11.28 22:16:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.11.28 21:08:09 | 003,981,348 | R--- | M] () -- P:\Profile\Administrator\Desktop\ComboFix.exe
[2010.11.27 22:18:38 | 000,000,223 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2010.11.27 18:11:51 | 003,658,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.11.27 12:37:16 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.11.23 18:27:46 | 000,002,225 | ---- | M] () -- P:\Profile\All Users\Desktop\Nero StartSmart.lnk
[2010.11.22 19:57:54 | 000,001,632 | ---- | M] () -- P:\Profile\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
[2010.11.22 19:57:33 | 000,542,640 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.11.22 19:57:33 | 000,111,194 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.11.22 19:51:42 | 000,494,290 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.22 19:51:42 | 000,084,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.22 19:42:37 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.11.22 19:41:18 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.11.22 19:41:18 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.11.22 19:24:18 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.11.22 19:18:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010.11.22 18:50:27 | 000,007,168 | ---- | M] () -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.21 18:05:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Irremote.ini
[2010.11.21 16:26:05 | 000,000,388 | ---- | M] () -- P:\Profile\Administrator\Desktop\Download.lnk
[2010.11.19 00:13:10 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\Haspnt.sys
[2010.11.19 00:13:10 | 000,006,656 | ---- | M] (Aladdin Knowledge Systems.) -- C:\WINDOWS\System32\haspvdd.dll
[2010.11.19 00:13:10 | 000,002,994 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.11.19 00:13:10 | 000,000,383 | ---- | M] () -- C:\WINDOWS\System32\haspdos.sys
[2010.11.19 00:10:44 | 000,079,136 | ---- | M] () -- P:\Profile\All Users\Dokumente\Ford Teile.jpg
[2010.11.18 23:16:04 | 000,000,581 | ---- | M] () -- P:\Profile\Administrator\Desktop\Microcat.lnk
[2010.11.18 06:53:47 | 000,000,766 | -H-- | M] () -- P:\Profile\All Users\Dokumente\os013378.bin
[2010.11.12 08:59:39 | 000,000,599 | ---- | M] () -- P:\Profile\All Users\Startmenü\Programme\Autostart\Mousometer.lnk
[2010.11.09 19:12:52 | 000,000,076 | ---- | M] () -- P:\Profile\Administrator\DoKobDir.bat
[2010.11.09 19:03:53 | 000,000,309 | ---- | M] () -- C:\WINDOWS\hbcikrnl.ini
[2010.11.09 18:13:25 | 000,000,663 | ---- | M] () -- P:\Profile\All Users\Desktop\WISO Mein Geld 2011.lnk
[2010.11.08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010.11.07 17:51:21 | 000,134,016 | ---- | M] () -- C:\WINDOWS\ColorPic Uninstaller.exe
[2010.11.06 08:22:48 | 000,000,537 | ---- | M] () -- P:\Profile\All Users\Desktop\µTorrent.lnk
[2010.11.04 16:38:45 | 000,001,503 | ---- | M] () -- P:\Profile\Administrator\Desktop\CDBurnerXP.lnk
[2010.11.04 15:44:15 | 000,000,611 | ---- | M] () -- P:\Profile\Administrator\Desktop\Firefox.lnk
[2010.11.04 15:41:59 | 000,000,575 | ---- | M] () -- P:\Profile\Administrator\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.04 15:41:51 | 000,001,593 | ---- | M] () -- P:\Profile\Administrator\Desktop\HijackThis.lnk
[2010.11.04 15:41:22 | 000,000,581 | ---- | M] () -- P:\Profile\Administrator\Desktop\CCleaner.lnk
[2010.11.04 15:10:40 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.11.04 00:28:59 | 000,000,239 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.11.04 00:18:07 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010.11.04 00:18:07 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010.11.04 00:18:04 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010.11.04 00:16:51 | 000,001,548 | ---- | M] () -- P:\Profile\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk
[2010.11.03 22:32:46 | 000,008,840 | ---- | M] () -- C:\WINDOWS\SEC1293.PNF
[2010.11.03 22:22:10 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010.11.03 22:20:26 | 000,002,948 | ---- | M] () -- C:\WINDOWS\SEC50.PNF
[2010.11.03 22:19:08 | 000,001,763 | ---- | M] () -- P:\Profile\Administrator\Desktop\Norton PartitionMagic.lnk
[2010.11.03 22:05:40 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.11.03 22:05:40 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.11.03 22:05:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.11.03 22:05:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.11.03 22:05:40 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.11.03 20:00:08 | 000,000,169 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2010.11.03 19:13:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010.11.03 19:05:24 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010.11.03 18:45:28 | 000,000,091 | ---- | M] () -- C:\WINDOWS\ALaunch.ini
[2010.11.03 18:45:22 | 000,000,088 | ---- | M] () -- C:\WINDOWS\GridV.UNI
[2010.11.03 18:41:36 | 000,000,079 | ---- | M] () -- C:\WINDOWS\QtZgAcer.UNI
[2010.11.03 18:40:36 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2010.11.03 18:40:10 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2010.11.03 18:40:10 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\NTIMP3.dll
[2010.11.03 18:40:10 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2010.11.03 18:40:10 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2010.11.03 18:40:06 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\System32\drivers\NTIDrvr.sys
[2010.11.03 18:39:52 | 000,201,552 | ---- | M] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2010.11.03 18:39:18 | 000,000,001 | ---- | M] () -- C:\WINDOWS\~sisRslt
[2010.11.03 18:36:34 | 000,000,807 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010.11.03 18:31:06 | 000,000,529 | ---- | M] () -- C:\WINDOWS\CLEANUP.CMD
[2010.11.03 18:31:00 | 000,000,634 | ---- | M] () -- C:\WINDOWS\HOTFIX.BAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.28 22:50:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.11.28 22:50:35 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2010.11.28 22:46:47 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.11.28 22:46:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.11.28 22:46:47 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.11.28 22:46:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.11.28 22:46:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.11.28 21:07:41 | 003,981,348 | R--- | C] () -- P:\Profile\Administrator\Desktop\ComboFix.exe
[2010.11.23 18:27:46 | 000,002,225 | ---- | C] () -- P:\Profile\All Users\Desktop\Nero StartSmart.lnk
[2010.11.22 19:57:54 | 000,001,632 | ---- | C] () -- P:\Profile\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
[2010.11.22 19:18:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010.11.21 18:21:06 | 000,773,120 | ---- | C] () -- C:\WINDOWS\System32\NEROINSTAEC43759.DB
[2010.11.21 18:05:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2010.11.21 17:10:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.11.21 16:55:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.11.21 16:25:28 | 000,000,388 | ---- | C] () -- P:\Profile\Administrator\Desktop\Download.lnk
[2010.11.21 12:50:19 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.19 00:13:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TempFile
[2010.11.19 00:13:10 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\config.hsp
[2010.11.19 00:13:10 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2010.11.19 00:13:07 | 000,021,760 | ---- | C] () -- C:\WINDOWS\System32\Mg16.dll
[2010.11.19 00:13:06 | 000,040,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\mgnt.sys
[2010.11.19 00:12:56 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2010.11.19 00:10:44 | 000,079,136 | ---- | C] () -- P:\Profile\All Users\Dokumente\Ford Teile.jpg
[2010.11.18 23:16:04 | 000,000,581 | ---- | C] () -- P:\Profile\Administrator\Desktop\Microcat.lnk
[2010.11.18 22:11:25 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010.11.18 22:11:25 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010.11.18 22:11:25 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010.11.18 22:11:24 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010.11.18 22:11:23 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010.11.18 22:11:23 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010.11.18 22:11:23 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010.11.18 22:11:23 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010.11.18 21:41:38 | 000,001,102 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.18 21:41:37 | 000,001,098 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.17 22:33:28 | 000,000,766 | -H-- | C] () -- P:\Profile\All Users\Dokumente\os013378.bin
[2010.11.13 08:47:28 | 000,001,763 | ---- | C] () -- P:\Profile\Administrator\Desktop\Norton PartitionMagic.lnk
[2010.11.09 23:24:53 | 000,007,168 | ---- | C] () -- P:\Profile\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.09 19:12:52 | 000,054,376 | ---- | C] () -- P:\Profile\Administrator\kobreport.txt
[2010.11.09 19:12:52 | 000,005,180 | ---- | C] () -- P:\Profile\Administrator\kobdir.txt
[2010.11.09 19:12:52 | 000,000,076 | ---- | C] () -- P:\Profile\Administrator\DoKobDir.bat
[2010.11.09 18:41:14 | 000,000,309 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini
[2010.11.09 18:13:25 | 000,000,663 | ---- | C] () -- P:\Profile\All Users\Desktop\WISO Mein Geld 2011.lnk
[2010.11.07 17:51:21 | 000,134,016 | ---- | C] () -- C:\WINDOWS\ColorPic Uninstaller.exe
[2010.11.06 13:22:02 | 000,000,537 | ---- | C] () -- P:\Profile\All Users\Desktop\µTorrent.lnk
[2010.11.06 13:21:51 | 000,001,548 | ---- | C] () -- P:\Profile\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk
[2010.11.05 21:52:53 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2010.11.04 18:37:05 | 000,000,599 | ---- | C] () -- P:\Profile\All Users\Startmenü\Programme\Autostart\Mousometer.lnk
[2010.11.04 16:38:45 | 000,001,503 | ---- | C] () -- P:\Profile\Administrator\Desktop\CDBurnerXP.lnk
[2010.11.04 16:38:44 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.11.04 16:31:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\WMTRAY.DLL
[2010.11.04 15:44:15 | 000,000,611 | ---- | C] () -- P:\Profile\Administrator\Desktop\Firefox.lnk
[2010.11.04 15:41:59 | 000,000,575 | ---- | C] () -- P:\Profile\Administrator\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.04 15:41:51 | 000,001,593 | ---- | C] () -- P:\Profile\Administrator\Desktop\HijackThis.lnk
[2010.11.04 15:10:39 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.11.04 15:02:06 | 000,000,223 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010.11.04 15:01:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2010.11.04 15:01:23 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\LXBL.LOC
[2010.11.04 15:01:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBLIH.EXE
[2010.11.04 15:01:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2010.11.04 15:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2010.11.04 00:37:48 | 000,000,581 | ---- | C] () -- P:\Profile\Administrator\Desktop\CCleaner.lnk
[2010.11.04 00:28:59 | 000,000,239 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.11.04 00:18:07 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010.11.04 00:18:07 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010.11.04 00:18:04 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010.11.03 22:32:45 | 000,008,840 | ---- | C] () -- C:\WINDOWS\SEC1293.PNF
[2010.11.03 22:20:25 | 000,002,948 | ---- | C] () -- C:\WINDOWS\SEC50.PNF
[2010.11.03 20:40:44 | 000,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010.11.03 20:40:33 | 000,079,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010.11.03 20:40:08 | 000,058,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010.11.03 20:40:06 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010.11.03 20:40:06 | 000,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010.11.03 20:40:06 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010.11.03 20:40:06 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010.11.03 20:40:06 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010.11.03 20:40:06 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010.11.03 20:40:06 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010.11.03 20:40:06 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010.11.03 20:40:06 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010.11.03 20:40:06 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010.11.03 20:40:06 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010.11.03 20:40:06 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010.11.03 20:40:05 | 000,002,524 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010.11.03 20:39:56 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010.11.03 20:39:56 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010.11.03 20:39:56 | 000,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010.11.03 20:39:56 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010.11.03 20:39:56 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010.11.03 20:39:55 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010.11.03 20:39:55 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010.11.03 20:39:55 | 000,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010.11.03 20:39:55 | 000,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010.11.03 20:39:55 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010.11.03 20:39:55 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010.11.03 20:39:54 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010.11.03 20:39:54 | 000,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010.11.03 20:39:53 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010.11.03 20:39:52 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010.11.03 20:39:52 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010.11.03 20:39:52 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010.11.03 20:39:52 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010.11.03 20:39:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010.11.03 20:39:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010.11.03 20:39:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010.11.03 20:39:52 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010.11.03 20:39:52 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010.11.03 20:39:52 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010.11.03 20:39:52 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010.11.03 20:39:52 | 000,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010.11.03 20:39:52 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010.11.03 20:39:52 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010.11.03 20:39:52 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010.11.03 20:39:52 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010.11.03 20:39:52 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010.11.03 20:39:52 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010.11.03 20:39:52 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010.11.03 20:39:52 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010.11.03 20:39:52 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010.11.03 20:39:52 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010.11.03 20:39:52 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010.11.03 20:39:52 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010.11.03 20:39:52 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010.11.03 20:39:52 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010.11.03 20:39:52 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010.11.03 20:39:52 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010.11.03 20:39:52 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010.11.03 20:39:52 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010.11.03 20:39:52 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010.11.03 20:39:52 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010.11.03 20:39:52 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010.11.03 20:39:52 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010.11.03 20:39:51 | 000,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010.11.03 20:39:51 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010.11.03 20:39:51 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010.11.03 20:39:51 | 000,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010.11.03 20:39:51 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010.11.03 20:39:51 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010.11.03 20:39:51 | 000,001,047 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010.11.03 20:39:51 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010.11.03 20:39:51 | 000,000,782 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010.11.03 20:39:51 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010.11.03 20:39:50 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010.11.03 20:39:50 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010.11.03 20:39:50 | 000,001,467 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010.11.03 20:39:50 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010.11.03 20:39:50 | 000,001,055 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010.11.03 20:39:50 | 000,000,807 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010.11.03 20:39:50 | 000,000,800 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010.11.03 20:39:50 | 000,000,779 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010.11.03 20:39:50 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010.11.03 20:39:50 | 000,000,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010.11.03 20:00:07 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2010.11.03 19:13:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.11.03 18:45:28 | 000,001,323 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2010.11.03 18:45:21 | 000,000,088 | ---- | C] () -- C:\WINDOWS\GridV.UNI
[2010.11.03 18:41:34 | 000,000,079 | ---- | C] () -- C:\WINDOWS\QtZgAcer.UNI
[2010.11.03 18:31:04 | 000,002,790 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2010.11.03 18:31:03 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2005.03.09 12:28:26 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005.03.09 12:27:32 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005.03.09 12:27:32 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005.03.09 12:27:32 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005.03.09 12:27:32 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005.03.08 10:31:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.03.08 10:30:54 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2005.03.08 10:28:02 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005.03.07 23:47:14 | 000,201,552 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2005.03.07 23:30:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.03.04 14:51:52 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2005.02.02 19:35:02 | 000,037,774 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004.09.07 14:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001.07.06 00:19:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
 
========== LOP Check ==========
 
[2010.11.06 13:02:19 | 000,000,000 | ---D | M] -- P:\Profile\Admin\Anwendungsdaten\TeamViewer
[2010.11.09 18:15:45 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Buhl Data Service
[2010.11.09 18:15:32 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Buhl Data Service GmbH
[2010.11.20 18:44:40 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Canneverbe Limited
[2010.11.13 08:54:48 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\DAEMON Tools Lite
[2010.11.06 13:39:54 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Foxit Software
[2010.11.06 13:39:54 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\LetsTrade
[2010.11.22 12:15:04 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\TeamViewer
[2010.11.23 11:40:10 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\UDC Profiles
[2010.11.06 13:39:33 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\uTorrent
[2010.11.06 13:39:30 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\WildPackets
[2010.11.22 19:58:17 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Windows Desktop Search
[2010.11.06 13:39:30 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Windows Search
[2010.11.06 13:27:24 | 000,000,000 | ---D | M] -- P:\Profile\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2010.11.13 20:05:17 | 000,000,000 | ---D | M] -- P:\Profile\All Users\Anwendungsdaten\Canneverbe Limited
[2010.11.06 13:27:24 | 000,000,000 | ---D | M] -- P:\Profile\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010.11.19 00:23:55 | 000,000,000 | ---D | M] -- P:\Profile\All Users\Anwendungsdaten\MCADMIN
[2010.11.07 09:59:27 | 000,000,000 | ---D | M] -- P:\Profile\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2010.11.23 15:17:56 | 000,000,000 | ---D | M] -- P:\Profile\All Users\Anwendungsdaten\Swiss Academic Software
[2010.11.18 20:41:42 | 000,000,000 | ---D | M] -- P:\Profile\Gast\Anwendungsdaten\Windows Desktop Search
[2010.11.14 12:16:24 | 000,000,000 | ---D | M] -- P:\Profile\Janina\Anwendungsdaten\Buhl Data Service GmbH
[2010.11.06 13:07:39 | 000,000,000 | ---D | M] -- P:\Profile\Janina\Anwendungsdaten\TeamViewer
[2010.11.06 19:22:00 | 000,000,000 | ---D | M] -- P:\Profile\Janina\Anwendungsdaten\Windows Desktop Search
[2010.11.14 13:19:43 | 000,000,000 | ---D | M] -- P:\Profile\Janina\Anwendungsdaten\Windows Search
[2010.11.06 13:20:17 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\Buhl Data Service
[2010.11.09 20:19:58 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\Buhl Data Service GmbH
[2010.11.13 20:05:18 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\Canneverbe Limited
[2010.11.07 12:53:15 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.11.13 23:26:07 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\DAEMON Tools Lite
[2010.11.06 13:20:16 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\DataDesign
[2010.11.07 10:58:36 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\Foxit Software
[2010.11.24 22:27:19 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\gtk-2.0
[2010.11.06 13:20:16 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\LetsTrade
[2010.11.23 15:20:36 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\Swiss Academic Software
[2010.11.08 19:36:18 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\TeamViewer
[2010.11.06 13:19:37 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\Thunderbird
[2010.11.23 11:41:00 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\UDC Profiles
[2010.11.06 13:10:57 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\uTorrent
[2010.11.06 13:10:55 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\Windows Desktop Search
[2010.11.08 22:09:50 | 000,000,000 | ---D | M] -- P:\Profile\Rene.ACER3000\Anwendungsdaten\Windows Search
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.11.07 16:50:18 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Adobe
[2010.11.06 19:15:14 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Avira
[2010.11.09 18:15:45 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Buhl Data Service
[2010.11.09 18:15:32 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Buhl Data Service GmbH
[2010.11.20 18:44:40 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Canneverbe Limited
[2010.11.13 08:54:48 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\DAEMON Tools Lite
[2010.11.09 23:24:52 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\DivX
[2010.11.06 13:39:54 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Foxit Software
[2010.11.06 13:39:54 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Help
[2010.11.06 13:39:54 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Identities
[2010.11.06 13:39:54 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\LetsTrade
[2010.11.06 13:39:54 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Logitech
[2010.11.06 13:39:54 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Macromedia
[2010.11.12 11:06:12 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Malwarebytes
[2010.11.20 18:46:58 | 000,000,000 | --SD | M] -- P:\Profile\Administrator\Anwendungsdaten\Microsoft
[2010.11.06 13:39:48 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Mozilla
[2010.11.21 16:49:34 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Nero
[2010.11.06 13:39:33 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Sun
[2010.11.22 12:15:04 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\TeamViewer
[2010.11.23 11:40:10 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\UDC Profiles
[2010.11.06 13:39:33 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\uTorrent
[2010.11.06 13:39:30 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\WildPackets
[2010.11.22 19:58:17 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Windows Desktop Search
[2010.11.06 13:39:30 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\Windows Search
[2010.11.06 13:39:30 | 000,000,000 | ---D | M] -- P:\Profile\Administrator\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.06.08 15:48:10 | 032,969,920 | ---- | M] (fCoder Group, Inc.                                          ) -- P:\Profile\Administrator\Anwendungsdaten\udc.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2010.11.03 22:16:56 | 023,898,261 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.11.03 22:16:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2010.11.03 22:16:56 | 023,898,261 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.11.03 22:16:56 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 05:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 03:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 03:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 03:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 03:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 05:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 05:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 03:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 03:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 03:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 05:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.11.04 15:10:40 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2005.03.07 23:22:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005.03.07 23:22:08 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.03.07 23:22:06 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >
         

Alt 29.11.2010, 21:18   #12
tylon
 
FF öfnet Tabs und Google verlinkt auf attackierende Seiten - Standard

FF öfnet Tabs und Google verlinkt auf attackierende Seiten



EXTRAS
Code:
ATTFilter
OTL Extras logfile created on: 29.11.2010 20:12:38 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = D:\Download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
958,00 Mb Total Physical Memory | 555,00 Mb Available Physical Memory | 58,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): X:\pagefile.sys 1500 2000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 15,00 Gb Total Space | 5,64 Gb Free Space | 37,63% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 10,54 Gb Free Space | 70,27% Space Free | Partition Type: NTFS
Drive P: | 50,00 Gb Total Space | 16,26 Gb Free Space | 32,52% Space Free | Partition Type: NTFS
Drive X: | 5,23 Gb Total Space | 3,61 Gb Free Space | 68,94% Space Free | Partition Type: NTFS
 
Computer Name: ACER3000 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-1879216082-1162323016-502169195-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\Java\jre6\bin\javaw.exe" = D:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Programme\uTorrent\uTorrent.exe" = D:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Programme\Google\Google Earth\plugin\geplugin.exe" = D:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
"C:\Programme\Gemeinsame Dateien\Nero\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter -- (Nero AG)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3ECA0079-088F-4E69-B66A-65D5E687B092}" = KOBIL Chipkartenterminal Treiber V2.2s  Build: 20090625.3 
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B9289B87-B17E-4C45-81F3-A82EAF83F24B}" = Microcat For Ford (Europe)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ColorPic" = ColorPic
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Foxit Reader" = Foxit Reader
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Password Unmask 2.0" = Password Unmask 2.0
"Picasa 3" = Picasa 3
"Recuva" = Recuva
"RunAsAdmin" = RunAsAdmin
"SB_ClipboardPath" = ClipboardPath
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tag&Rename_is1" = Tag&Rename 3.5.7
"TeamViewer 5" = TeamViewer 5
"Tweak UI 2.10" = Tweak UI
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"uTorrent" = µTorrent
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 1.1.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.11.2010 11:12:06 | Computer Name = ACER3000 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
 werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung 
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 29.11.2010 12:13:48 | Computer Name = ACER3000 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
 werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung 
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 29.11.2010 12:50:07 | Computer Name = ACER3000 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
 werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung 
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 29.11.2010 13:28:33 | Computer Name = ACER3000 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
 werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung 
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 29.11.2010 13:48:43 | Computer Name = ACER3000 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mg.exe, version 12.1.0.36, stamp 4c90ea1d, faulting
 module mg.exe, version 12.1.0.36, stamp 4c90ea1d, debug? 0, fault address 0x00005114.
 
Error - 29.11.2010 14:28:07 | Computer Name = ACER3000 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
 werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung 
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
Error - 29.11.2010 14:32:43 | Computer Name = ACER3000 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mg.exe, version 12.1.0.36, stamp 4c90ea1d, faulting
 module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482, debug? 0, fault address
 0x00012afb.
 
Error - 29.11.2010 14:42:29 | Computer Name = ACER3000 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mg.exe, version 12.1.0.36, stamp 4c90ea1d, faulting
 module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482, debug? 0, fault address
 0x00012afb.
 
Error - 29.11.2010 15:07:58 | Computer Name = ACER3000 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mg.exe, version 12.1.0.36, stamp 4c90ea1d, faulting
 module mg.exe, version 12.1.0.36, stamp 4c90ea1d, debug? 0, fault address 0x00005114.
 
Error - 29.11.2010 15:09:47 | Computer Name = ACER3000 | Source = Userenv | ID = 1090
Description = Der Sitzungsstatus des Richtlinienergebnissatzes konnte nicht protokolliert
 werden. Ein Verbindungsversuch mit WMI ist fehlgeschlagen. Für diese Anwendung 
der Richtlinie wird keine Richtlinienergebnissatz-Protokollierung durchgeführt.
 
[ System Events ]
Error - 27.11.2010 07:37:37 | Computer Name = ACER3000 | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
 "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem 
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
 eine Verbindung herzustellen.
 
Error - 27.11.2010 13:13:44 | Computer Name = ACER3000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 28.11.2010 15:33:57 | Computer Name = ACER3000 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst stisvc.
 
Error - 28.11.2010 16:15:52 | Computer Name = ACER3000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 28.11.2010 17:17:43 | Computer Name = ACER3000 | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Starten Sie
 den Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler:   %%1056
 
Error - 28.11.2010 17:43:11 | Computer Name = ACER3000 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 28.11.2010 17:44:40 | Computer Name = ACER3000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 28.11.2010 17:44:40 | Computer Name = ACER3000 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   gagp30kx
 
Error - 28.11.2010 18:01:53 | Computer Name = ACER3000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 28.11.2010 18:18:14 | Computer Name = ACER3000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
 
< End of report >
         

Alt 30.11.2010, 12:13   #13
markusg
/// Malware-holic
 
FF öfnet Tabs und Google verlinkt auf attackierende Seiten - Standard

FF öfnet Tabs und Google verlinkt auf attackierende Seiten



ok erst mal folgendes:
lade den CCleaner slim:
Piriform - Builds
falls der CCleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.11.2010, 19:36   #14
tylon
 
FF öfnet Tabs und Google verlinkt auf attackierende Seiten - Standard

FF öfnet Tabs und Google verlinkt auf attackierende Seiten



hi
ich hab mir mal die Mühe gemacht diese Liste auch übersichtlich zu gestallten
Sortiert nach Auswahl

Achja, da mein Rechner eh neu aufgesetzt wurde, ist die Liste relativ übersichtlich

Auswahl Name Hersteller Version
notwendig Acer GridVista 2.29.0728
notwendig Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 10.1.85.3
notwendig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.1.102.64
notwendig Adobe InDesign CS5 Adobe Systems Incorporated 7.0
notwendig Adobe Reader 9.4.1 - Deutsch Adobe Systems Incorporated 36990
notwendig Adobe Shockwave Player 11.5 Adobe Systems, Inc. 11.5.9.615
notwendig Avira AntiVir Personal - Free Antivirus Avira GmbH 10.0.0.596
notwendig CCleaner Piriform 3.00
notwendig CDBurnerXP CDBurnerXP 4.3.7.2423
notwendig Citavi Swiss Academic Software 3.0.0.6
notwendig ClipboardPath Stefan Bertels 37653
notwendig ColorPic Iconico 40182
notwendig Defraggler Piriform 2.00
notwendig Foxit Reader Foxit Corporation 4.2.0.928
notwendig GIMP 2.6.11 The GIMP Team 40696
notwendig Google Earth Plug-in Google 5.2.1.1588
notwendig HijackThis 2.0.2 TrendMicro 2.0.2
notwendig IrfanView (remove only) Irfan Skiljan 46478
notwendig Java(TM) 6 Update 20 Sun Microsystems, Inc. 6.0.200
notwendig JDownloader AppWork UG (haftungsbeschränkt)
notwendig KOBIL Chipkartenterminal Treiber V2.2s Build: 20090625.3 KOBIL Systems 2.2s
notwendig Launch Manager
notwendig Lexmark Z700-P700 Series
notwendig Logitech SetPoint Logitech 29312
notwendig Macromedia Flash MX Macromedia 6
notwendig Malwarebytes' Anti-Malware Malwarebytes Corporation
notwendig Microcat For Ford (Europe) Numele companiei dvs. 4.0
notwendig Microsoft Office Enterprise 2007 Microsoft Corporation 12.0.6425.1000
notwendig Mozilla Firefox (3.6.12) Mozilla 3.6.12 (de)
notwendig Mozilla Thunderbird (3.1.6) Mozilla 3.1.6 (de)
notwendig Nero 8 Nero AG 8.3.500
notwendig Norton PartitionMagic 8.0 Symantec 8.05.000
notwendig Password Unmask 2.0
notwendig Picasa 3 Google, Inc. 40393
notwendig Realtek AC'97 Audio
notwendig Recuva Piriform 13881
notwendig RunAsAdmin
notwendig Security Update for Windows Search 4 - KB963093 Microsoft Corporation
notwendig SiS 900 PCI Fast Ethernet Adapter Driver
notwendig SiS VGA Utilities
notwendig SUPER © Version 2010.bld.42 (Nov 7, 2010) eRightSoft Version 2010.bld.42 (Nov 7, 2010)
notwendig Tag&Rename 3.5.7 Softpointer Inc 39205
notwendig TeamViewer 5 TeamViewer GmbH 2733847
notwendig Tweak UI
notwendig Universal Document Converter (Demo) fCoder Group, Inc. 40183
notwendig Virtual DJ Home - Atomix Productions
notwendig VirusTotal Uploader 2.0
notwendig VLC media player 1.1.5 VideoLAN 38353
notwendig Windows Media Player 11
notwendig Windows Search 4.0 Microsoft Corporation 04.00.6001.503
notwendig Windows XP Service Pack 3 Microsoft Corporation 20080414031514
notwendig WinRAR
notwendig WISO Mein Geld 2011 Professional Buhl Data Service GmbH
notwendig µTorrent 2.0.4
unbekannt Acer eManager for Notebook Acer Inc. 1.0.34.52
unbekannt Adobe AIR Adobe Systems Inc. 1.5.3.9120
unbekannt Adobe Community Help Adobe Systems Incorporated 3.0.0.400
unbekannt DivX-Setup DivX, Inc. 2.1.2.2
unbekannt Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729
unbekannt Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729
unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation
unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 4.0.30319
unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 4.0.30319
unbekannt Microsoft .NET Framework 4 Extended Microsoft Corporation 4.0.30319
unbekannt Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 4.0.30319
unbekannt Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 1
unbekannt Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation
unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 8.0.50727.4053
unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8.0.56336
unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 9.0.30729.4148
unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 4.20.9870.0
unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 4.20.9876.0
unbekannt SiSAGP driver 7.2.0.1200
unbekannt Synaptics Pointing Device Driver 7.12.3.0
unbekannt Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Microsoft Corporation 1.0
unbekannt Windows Internet Explorer 8 Microsoft Corporation 20090308140743
unbekannt Windows Media Format 11 runtime
unnötig Agere Systems AC'97 Modem
unnötig EVEREST Ultimate Edition v5.50 Lavalys, Inc. 18384

Alt 30.11.2010, 20:50   #15
markusg
/// Malware-holic
 
FF öfnet Tabs und Google verlinkt auf attackierende Seiten - Standard

FF öfnet Tabs und Google verlinkt auf attackierende Seiten



ich sehe hier ja nen card reader, machst du banking /einkäufe?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu FF öfnet Tabs und Google verlinkt auf attackierende Seiten
administrator, antivir, antivir meldet, attackierende, avira, benutzer, besuch, besucht, cache, code, einstellungen, entdeck, entdeckt, firefox, gen, google, infos, kurze, lokale, mehrere user, melde, meldet, mozilla, phänomen, profile, rechte, seite, seiten




Ähnliche Themen: FF öfnet Tabs und Google verlinkt auf attackierende Seiten


  1. Google verlinkt auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (18)
  2. Google verlinkt auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 24.12.2011 (4)
  3. Google verlinkt mich zu trojaner Seiten
    Plagegeister aller Art und deren Bekämpfung - 02.07.2011 (10)
  4. Google verlinkt auf dubiose Seiten
    Log-Analyse und Auswertung - 03.11.2010 (8)
  5. Google verlinkt auf falsche bzw. verdächtige Seiten
    Plagegeister aller Art und deren Bekämpfung - 15.10.2010 (27)
  6. Google verlinkt auch falsche Seiten
    Log-Analyse und Auswertung - 12.08.2009 (1)
  7. Google verlinkt auf falsche Seiten (auch p****seiten)T_T
    Plagegeister aller Art und deren Bekämpfung - 22.05.2009 (2)
  8. Google verlinkt auf Spam-Seiten
    Log-Analyse und Auswertung - 12.03.2009 (11)
  9. Google verlinkt auf andere Seiten
    Log-Analyse und Auswertung - 26.01.2009 (3)
  10. Google verlinkt auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 03.12.2008 (11)
  11. google verlinkt falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 26.10.2008 (0)
  12. Google verlinkt zu falschen Seiten
    Log-Analyse und Auswertung - 03.10.2008 (16)
  13. Google verlinkt auf andere Seiten
    Log-Analyse und Auswertung - 01.10.2008 (4)
  14. Google verlinkt auf fremde Seiten
    Plagegeister aller Art und deren Bekämpfung - 26.08.2008 (2)
  15. Google verlinkt auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 21.03.2007 (5)
  16. Google verlinkt auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 09.12.2006 (15)
  17. Google verlinkt auf falsche Seiten
    Mülltonne - 24.05.2006 (1)

Zum Thema FF öfnet Tabs und Google verlinkt auf attackierende Seiten - Hallo, ich hab schon mehrere User hier entdeckt die auch dieses Phänomen haben. Ich surfe als Benutzer mit eingeschränkten Rechten auf XP Pro. AntiVir meldet machnmal Verdächtiges im Profilordner von - FF öfnet Tabs und Google verlinkt auf attackierende Seiten...
Archiv
Du betrachtest: FF öfnet Tabs und Google verlinkt auf attackierende Seiten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.