Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen (https://www.trojaner-board.de/86244-firefox-oeffnet-suche-google-mehrmals-falsche-links-richtigen.html)

roadrunner14 19.05.2010 13:43
Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen
 
Hallo!

Ich hab Probleme mit meinem Laptop. Seit einiger Zeit ruft Firefox falsche links auf. Wenn ich Google benutze und will ein Suchergebnis in einem neuen Tab öffnen, dann kommt meistens immer 2 mal Ebay oder irgendwas anderes. Erst danach beim 3. oder 4. versuch kommt die richtige Seite. Ich hab Bitdefender Internet-Security 2010 drauf. Ich hab schon paarmal komplett gescannt, bisher ohne Erfolg. Ich hab momentan den F-Secure Online-Scanner am laufen. Er hat eben 1 Malware und 7 Spyware gefunden. Was noch kommt weiß ich nicht. Was kann ich noch prüfen oder machen?

Das Problem hab ich zwar schonmal mit der Suche gefunden, aber das ist 3 Jahre her und manche Programme die empfohlen wurden gibts nicht mehr.

Es ist ein Core2Duo mit 2GB und Windows 7 Ultimate 32bit.

roadrunner14 19.05.2010 15:39
Hi!

Ich hab mal Combofix und Ccleaner durchlaufen lassen. Ich erhielt unter anderem auch Meldungen von gefundenen Rootkits.
Hier mal ein Logfile:

Zitat:
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\roadrunner1405\AppData\Roaming\cglogs.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\msdvdr.dat
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_iprip
-------\Service_msdvdDrv
-------\Service_msdvdr
-------\Service_NPF


((((((((((((((((((((((( Dateien erstellt von 2010-04-19 bis 2010-05-19 ))))))))))))))))))))))))))))))
.

2010-05-19 13:22 . 2010-05-19 13:22 -------- d-----w- c:\program files\CCleaner
2010-05-19 12:24 . 2010-05-19 12:24 -------- d-----w- c:\programdata\F-Secure
2010-05-17 12:28 . 2010-05-17 12:28 -------- d-----w- c:\program files\SweetIM
2010-05-17 12:28 . 2010-05-17 12:28 -------- d-----w- c:\programdata\SweetIM
2010-05-15 15:03 . 2010-05-15 15:33 -------- d-----w- c:\program files\ICQ7.1
2010-05-10 19:17 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-10 19:17 . 2009-10-10 02:31 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-05-10 18:42 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-05-10 18:42 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-10 18:42 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-05-07 19:15 . 2010-05-07 19:15 -------- d-----w- c:\program files\The KMPlayer
2010-05-07 19:02 . 2010-05-07 19:02 -------- d-----w- c:\users\roadrunner1405\AppData\Local\ratDVD
2010-05-07 19:02 . 2010-05-07 19:02 -------- d-----w- c:\program files\ratDVD
2010-05-07 13:32 . 2010-05-07 13:32 -------- d-----w- c:\users\roadrunner1405\AppData\Local\Diagnostics
2010-05-05 10:56 . 2010-05-05 10:56 -------- d-----w- c:\programdata\eBay
2010-05-05 10:56 . 2010-05-05 10:56 -------- d-----w- c:\program files\eBay
2010-05-04 10:12 . 2010-05-04 10:12 -------- d-----w- c:\users\roadrunner1405\AppData\Local\FixItCenter
2010-05-04 09:58 . 2010-05-04 09:58 -------- d-----w- c:\windows\CheckSur
2010-05-04 09:50 . 2010-05-04 09:50 -------- d-----w- c:\windows\MATS
2010-05-04 09:50 . 2010-05-04 09:50 -------- d-----w- c:\program files\Microsoft Fix it Center
2010-05-03 22:44 . 2010-05-04 10:06 -------- d-----w- c:\program files\Registry Easy
2010-05-03 17:18 . 2010-05-03 17:18 -------- d-----w- c:\program files\Trend Micro
2010-04-28 06:28 . 2010-04-28 08:34 -------- d-----w- c:\program files\a-squared Free
2010-04-27 13:59 . 2010-04-27 13:59 -------- d-----w- c:\programdata\Cloanto
2010-04-27 13:59 . 2010-04-27 13:59 -------- d-----w- c:\program files\Common Files\Cloanto
2010-04-27 13:59 . 2010-04-27 13:59 -------- d-----w- c:\program files\Cloanto
2010-04-27 10:25 . 2010-04-01 13:11 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-27 10:10 . 2010-04-01 13:17 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-27 10:09 . 2010-04-27 10:25 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-04-27 10:07 . 2010-04-27 10:07 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-27 09:45 . 2010-05-10 16:00 -------- d-----w- c:\program files\Unlocker
2010-04-26 20:35 . 2010-04-30 08:19 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-04-26 20:13 . 2010-04-26 20:13 -------- d-----w- c:\program files\QSoft
2010-04-26 20:12 . 2010-04-26 20:12 -------- d-----w- c:\program files\NoVirusThanks
2010-04-26 20:06 . 2006-06-19 10:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-04-26 20:06 . 2006-05-25 12:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-04-26 20:06 . 2005-08-25 22:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-04-26 20:06 . 2003-02-02 17:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-04-26 20:06 . 2002-03-05 22:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-04-26 20:06 . 2010-04-26 21:12 -------- d-----w- c:\program files\Trojan Remover
2010-04-26 20:06 . 2010-04-26 20:06 -------- d-----w- c:\users\roadrunner1405\AppData\Roaming\Simply Super Software
2010-04-26 20:06 . 2010-04-26 20:06 -------- d-----w- c:\programdata\Simply Super Software
2010-04-26 09:00 . 2010-04-26 09:01 -------- d-----w- C:\ZL_DB_CCcam_SoftCam_Control
2010-04-25 21:15 . 2010-04-25 21:15 -------- d-----w- c:\users\roadrunner1405\AppData\Local\Mozilla
2010-04-25 10:22 . 2010-04-25 12:30 -------- d-----w- c:\program files\WindowsServices
2010-04-25 10:22 . 2010-04-25 10:22 -------- d-----w- c:\program files\TimHillOne
2010-04-24 11:05 . 2010-04-24 11:05 -------- d-----w- c:\program files\PGWARE
2010-04-23 14:59 . 2010-04-23 14:59 49152 ----a-r- c:\windows\system32\inetwh32.dll
2010-04-23 14:59 . 2010-04-23 14:59 1044480 ----a-r- c:\windows\system32\roboex32.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 14:01 . 2009-08-23 17:48 -------- d-----w- c:\users\roadrunner1405\AppData\Roaming\Skype
2010-05-19 14:00 . 2009-08-23 17:50 -------- d-----w- c:\users\roadrunner1405\AppData\Roaming\skypePM
2010-05-19 13:59 . 2010-03-23 19:33 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2010-05-19 09:00 . 2010-01-07 12:02 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-05-19 09:00 . 2010-05-19 09:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-05-18 20:08 . 2010-03-15 12:49 -------- d-----w- c:\users\roadrunner1405\AppData\Roaming\UseNeXT
2010-05-16 18:02 . 2009-10-08 20:42 -------- d-----w- c:\program files\Mozilla Thunderbird 3.0 Beta 3
2010-05-15 21:44 . 2010-03-10 10:02 -------- d-----w- c:\program files\JDownloader
2010-05-15 16:31 . 2009-10-07 08:26 -------- d-----w- c:\users\roadrunner1405\AppData\Roaming\ICQ
2010-05-15 16:24 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-05-15 15:24 . 2009-10-07 08:26 -------- d-----w- c:\program files\ICQ6Toolbar
2010-05-15 15:23 . 2009-10-07 08:26 -------- d-----w- c:\programdata\ICQ
2010-05-10 18:09 . 2009-08-23 17:45 -------- d-----r- c:\program files\Skype
2010-05-10 16:00 . 2009-08-22 15:25 -------- d-----w- c:\program files\Smart Battery
2010-05-10 16:00 . 2009-08-22 15:41 -------- d-----w- c:\program files\Lenovo Fingerprint Software
2010-05-10 12:56 . 2009-10-19 15:04 72784 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2010-05-10 12:05 . 2010-05-05 08:44 112 ----a-w- c:\programdata\ge8aaiu.dat
2010-05-07 19:13 . 2009-09-11 19:05 -------- d-----w- c:\users\roadrunner1405\AppData\Roaming\vlc
2010-05-07 19:11 . 2010-05-07 19:11 2853 ----a-w- c:\programdata\hQrLb0N2.PIF
2010-05-07 19:11 . 2010-05-07 19:11 2853 ----a-w- c:\programdata\hQrLb0N2.PIF
2010-05-07 19:03 . 2010-05-05 08:44 68610 ----a-w- c:\programdata\hQrLb0N2.exe
2010-05-07 19:03 . 2010-05-05 08:44 68610 ----a-w- c:\programdata\hQrLb0N2.exe
2010-05-04 18:43 . 2010-05-04 18:43 0 ----a-w- c:\windows\system32\drivers\OV9655S.SET
2010-04-28 06:45 . 2009-10-18 08:40 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-27 17:59 . 2010-03-15 12:43 -------- d-----w- c:\program files\UseNeXT
2010-04-27 10:14 . 2009-08-22 21:46 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-04-27 10:08 . 2009-08-22 21:46 -------- d-----w- c:\programdata\TuneUp Software
2010-04-14 08:04 . 2009-08-27 09:04 -------- d-----w- c:\programdata\Microsoft Help
2010-04-02 08:46 . 2009-08-22 15:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-02 08:45 . 2009-10-24 14:45 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-02 08:42 . 2010-04-02 08:42 -------- d-----w- c:\program files\Xirrus
2010-04-01 14:13 . 2010-04-01 14:13 -------- d-----w- c:\program files\Common Files\Skype
2010-04-01 13:43 . 2009-07-24 10:26 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-04-01 13:11 . 2009-08-22 21:48 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-03-29 21:06 . 2010-03-29 21:06 -------- d-----w- c:\program files\EPROM50
2010-03-29 20:58 . 2010-03-29 20:58 5152 ----a-w- c:\windows\system32\drivers\io.sys
2010-03-25 18:39 . 2010-03-25 18:38 -------- d-----w- c:\program files\ICQ-Banner-Remover
2010-03-25 09:27 . 2010-04-25 21:32 1107264 ----a-w- c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30963\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30963\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30963\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30963\AcrobatUpdater.exe
2010-03-23 19:33 . 2009-10-22 16:20 739082 ----a-w- c:\windows\system32\perfh007.dat
2010-03-23 19:33 . 2009-10-22 16:20 153070 ----a-w- c:\windows\system32\perfc007.dat
2010-03-23 19:32 . 2010-03-23 19:32 -------- d-----w- c:\program files\CMAK
2010-03-23 09:54 . 2010-03-23 09:54 -------- d-----w- c:\program files\RMClock
2010-03-22 18:04 . 2010-03-22 18:04 -------- d-----w- c:\program files\CPUCooL
2010-03-18 15:58 . 2010-03-18 15:58 101248 ----a-w- c:\windows\system32\drivers\avmaura.sys
2010-03-18 12:22 . 2010-03-18 11:08 28672 ----a-w- c:\windows\system32\AF15BDAEX.dll
2010-03-18 12:22 . 2010-03-18 11:08 126 ----a-w- c:\windows\system32\AF15IRTBL.bin
2010-03-18 12:22 . 2010-03-18 11:08 483200 ----a-w- c:\windows\system32\drivers\AF15BDA.sys
2010-03-17 09:35 . 2010-04-25 21:32 309248 ----a-w- c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
2010-03-15 13:04 . 2009-08-25 12:02 34 ----a-w- c:\programdata\StarMoney 7.0\profil\sfmsm.dll
2010-03-10 10:01 . 2010-03-10 10:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 21:33 . 2010-04-14 07:57 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-02-28 19:23 . 2009-09-05 13:06 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-28 19:23 . 2009-09-05 13:06 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-28 18:30 . 2010-02-28 18:30 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-02-28 18:30 . 2010-02-06 17:47 1170240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-02-27 12:07 . 2010-04-14 07:57 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07 . 2010-04-14 07:57 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 07:32 . 2010-04-14 07:57 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-14 07:57 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-14 07:57 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 07:56 . 2010-03-30 17:57 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-22 16:58 . 2010-03-11 14:09 1733152 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-02-22 16:58 . 2010-03-11 14:09 57888 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-02-22 16:58 . 2010-03-11 14:09 371232 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-02-22 16:58 . 2010-03-11 14:09 2649120 ----a-w- c:\windows\system32\RtkAPO.dll
2010-02-22 16:23 . 2010-03-11 14:09 3022944 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-02-20 16:47 . 2010-01-07 12:02 1170240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
Code:
<pre>
c:\program files\Acronis\TrueImageHome\timountermonitor .exe
c:\program files\Acronis\TrueImageHome\TrueImageMonitor .exe
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Intel\AMT\atchk .exe
c:\program files\Lenovo Fingerprint Software\fpapp .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\PGWARE\SuperRam\superramtray .exe
c:\program files\QSoft\Autorun Kicker\_autorunkicker .exe
c:\program files\Skype\Phone\skype .exe
c:\program files\Smart Battery\smbtray .exe
c:\program files\Trojan Remover\trjscan .exe
c:\program files\Unlocker\UnlockerAssistant  .exe
c:\program files\Windows Sidebar\sidebar .exe
</pre>
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-03-18 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-03-18 14:06 1361208 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-01 1123360]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-22 8522272]
"MsmqIntCert"="mqrt.dll" [2009-07-14 152064]
"igfxTray Module"="c:\windows\System32\igfxtray.exe" [2009-09-23 141848]
"hkcmd Module"="c:\windows\System32\hkcmd.exe" [2009-09-23 173592]
"persistence Module"="c:\windows\System32\igfxpers.exe" [2009-09-23 150552]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-04-14 111928]

c:\users\roadrunner1405\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2010-4-25 910296]
Mozilla Thunderbird 3.0 Beta 3.lnk - c:\program files\Mozilla Thunderbird 3.0 Beta 3\thunderbird.exe [2009-10-8 11959472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
backup=c:\windows\pss\TMMonitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^roadrunner1405^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^klickTel OEM Frühjahr 2009 - Schnellstarter.lnk]
backup=c:\windows\pss\klickTel OEM Frühjahr 2009 - Schnellstarter.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
2007-04-16 08:13 71232 ----a-w- c:\program files\Wave Systems Corp\Embassy Security Setup\EmbassySecurityCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 17:30 173592 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-04 17:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 17:30 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 17:30 150552 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostarTimer]
2009-09-28 09:01 36864 ----a-w- c:\program files\phonostar-Player\phonostarTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 14:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-03-10 10:01 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TODO_ _File description_]
c:\program files\Smart Battery\smbtray.exe [N/A]

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-24 721904]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2009-09-11 528904]
R3 AF9035BDA;AF9035 BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [2009-07-13 199168]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 WMSVC;Webverwaltungsdienst;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 9728]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S0 KeyAgent;KeyAgent; [x]
S0 snapman378;Acronis Snapshots Manager (Build 378);c:\windows\system32\DRIVERS\snman378.sys [2009-08-22 134272]
S0 stmtpm;STM TPM Service;c:\windows\system32\DRIVERS\stm_tpm.sys [2007-07-05 21504]
S0 tdrpman124;Acronis Try&Decide and Restore Points filter (build 124);c:\windows\system32\DRIVERS\tdrpm124.sys [2009-08-22 950848]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2010-05-10 72784]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-05-10 79952]
S1 ntiomin;ntiomin; [x]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-04-28 1872320]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-11-20 29416]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-05-10 85128]
S2 ftpsvc;Microsoft-FTP-Dienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2010-03-29 5152]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-01 1050440]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-07-27 1489688]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2010-03-18 101248]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-17 153448]
S3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2007-06-26 131584]
S3 netw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-01-13 6628352]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-07-13 9216]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 wbms_vista_x86;Winbond Memory Stick Controller;c:\windows\system32\Drivers\wbms_vista_x86.SYS [2007-06-26 52224]
S3 wbsdmmc;Winbond SD/MMC Controller;c:\windows\system32\DRIVERS\wbsdmmc_vista_x86.sys [2007-04-20 44544]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
bdx REG_MULTI_SZ scan
ftpsvc REG_MULTI_SZ ftpsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
ipripsvc REG_MULTI_SZ iprip
LPDService REG_MULTI_SZ LPDSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
LSP: c:\windows\system32\biolsp.dll
FF - ProfilePath - c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll
FF - component: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
FF - component: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\fb_add_on@avm.de\components\FB_AddOn.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----




FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x8300A000]<< >>UNKNOWN [0x89BB5000]<< >>UNKNOWN [0x89BA4000]<< >>UNKNOWN [0x84522000]<< >>UNKNOWN [0x8341A000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x8587d5f0
QueryNameProcedure -> 0x8587c280
user & kernel MBR OK

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallIS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_is=\"0\" />"
"Device"="xrnJucq8yLy6z8fMzszNusjHvM8="

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\wvauth.DLL
c:\windows\system32\biolsp.dll

- - - - - - - > 'Explorer.exe'(1728)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\psxss.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2010\vsserv.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\BitDefender\BitDefender 2010\seccenter.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\mqsvc.exe
c:\xampp\mysql\bin\mysqld.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\users\roadrunner1405\AppData\Local\temp\fsonlinescanner.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-19 16:06:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-05-19 14:06

Vor Suchlauf: 9 Verzeichnis(se), 10.513.735.680 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 10.331.709.440 Bytes frei

- - End Of File - - 647375AE73689C71DAC06A2069CC07EB

cosinus 19.05.2010 15:43
Hallo und :hallo:

Combofix sollte nur auf Anweisung hin ausgeführt werden!!

bitte nen Vollscan mit malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

roadrunner14 19.05.2010 16:03
Hallo! Danke für die Hilfe.

Hier die log OTL

Code:
OTL logfile created on: 19.05.2010 16:55:08 - Run 1
OTL by OldTimer - Version 3.2.4.1    Folder = C:\Users\roadrunner1405\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 9,88 Gb Free Space | 4,24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ROADRUNNER-NB
Current User Name: roadrunner1405
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\roadrunner1405\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird 3.0 Beta 3\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Programme\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Realtek\Audio\HDA\rthdvcpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\xampp\mysql\bin\mysqld.exe (MySQL AB)
PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\TCPSVCS.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\snmp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\psxss.exe (Microsoft Corporation)
PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Intel\AMT\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Programme\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\roadrunner1405\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\leaktests.m32 (BitDefender SRL)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (scan) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (CPUCooLServer) -- C:\Programme\CPUCooL\CooLSRV.exe ()
SRV - (MySQL) -- C:\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (Apache2.2) -- C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. hxxp://www.bitdefender.com)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ftpsvc) -- C:\Windows\System32\inetsrv\ftpsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (WMSVC) -- C:\Windows\System32\inetsrv\WMSvc.exe (Microsoft Corporation)
SRV - (simptcp) -- C:\Windows\System32\TCPSVCS.EXE (Microsoft Corporation)
SRV - (SNMP) -- C:\Windows\System32\snmp.exe (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (UNS) Intel(R) -- C:\Programme\Intel\AMT\UNS.exe (Intel Corporation)
SRV - (atchksrv) Intel(R) -- C:\Programme\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (BDVEDISK) -- C:\Programme\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV - (bdfwfpf) -- C:\Programme\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV - (BdfNdisf) -- C:\Windows\System32\drivers\BdfNdisf6.sys (BitDefender LLC)
DRV - (bdfsfltr) -- C:\Windows\system32\DRIVERS\bdfsfltr.sys (BitDefender)
DRV - (io.sys) -- C:\Windows\System32\drivers\io.sys ()
DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech                  )
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (BDFM) -- C:\Windows\System32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (ntiopnp) -- C:\Windows\System32\drivers\ntiopnp.sys ()
DRV - (ntiomin) -- C:\Windows\System32\drivers\ntiomin.sys ()
DRV - (zebrbus) -- C:\Windows\System32\drivers\zebrbus.sys (MCCI)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (Profos) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)
DRV - (tdrpman124) Acronis Try&Decide and Restore Points filter (build 124) -- C:\Windows\system32\DRIVERS\tdrpm124.sys (Acronis)
DRV - (snapman378) Acronis Snapshots Manager (Build 378) -- C:\Windows\system32\DRIVERS\snman378.sys (Acronis)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (MQAC) -- C:\Windows\System32\drivers\mqac.sys (Microsoft Corporation)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (PsxDrv) -- C:\Windows\System32\drivers\psxdrv.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (AF9035BDA) -- C:\Windows\System32\drivers\AF9035BDA.sys (AfaTech                  )
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (Trufos) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Winbond Electronics Corp.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (KeyAgent) -- C:\Windows\System32\drivers\KeyAgent.sys (Intel Corporation)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys (Intel Corporation)
DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (stmtpm) -- C:\Windows\system32\DRIVERS\stm_tpm.sys (STMicroelectronics, INC)
DRV - (wbms_vista_x86) -- C:\Windows\System32\drivers\wbms_vista_x86.sys (Winbond Electronics Corp.)
DRV - (DCamUSBGene) -- C:\Windows\System32\drivers\USBGENE.sys (Genesys Logic, Inc.)
DRV - (tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (wbsdmmc) -- C:\Windows\System32\drivers\wbsdmmc_vista_x86.sys (Winbond Electronics Corp.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (giveio) -- C:\Windows\System32\drivers\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 E9 F4 2F 3F E8 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extension.gacela.network.proxy.autoconfig_url: "hxxp://nurago29.pop-hannover.net/gacela2/gacela2_pilot0903/autoproxyconfig.php?id=10901&type=FF&version=2.1.16"
FF - prefs.js..extension.gacela.network.proxy.type: 0
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: gmailthis@lazyrussian.com:2.2.9
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {06C43693-2C7F-4beb-BB52-EF92C6CA0C44}:0.6.3
FF - prefs.js..extensions.enabledItems: {32D83016-0657-4cd3-B7D2-0B4D12CEC60E}:1.3.7
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}:5.2.4.8
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.7
FF - prefs.js..extensions.enabledItems: {ba243cb0-b824-4a26-9418-73ee795d9b9d}:1.0.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.3pre.100412a
FF - prefs.js..extensions.enabledItems: {f65bf62a-5ffc-4317-9612-38907a779583}:1.3.0
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.4.14.1
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}:4.0.2
FF - prefs.js..extensions.enabledItems: {1AF3FC34-0725-4485-A939-6B40EB7CA96A}:1.8.1
FF - prefs.js..extensions.enabledItems: {2A10B180-05EF-11D9-8C50-444553540001}:2.6.6
FF - prefs.js..extensions.enabledItems: {3143B27B-F7DE-49d8-BF08-C2E4DEA71DBB}:1.0.2
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..extensions.enabledItems: {8803789a-23eb-44b4-bd48-6762fd320242}:1.0.20060118
FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.22
FF - prefs.js..extensions.enabledItems: {a81bafeb-b6ed-4501-aa17-15a2b3857e56}:3.5
FF - prefs.js..extensions.enabledItems: {bde351f9-0fcb-2fcf-3b9b-626f1f37d6e5}:0.8.2
FF - prefs.js..extensions.enabledItems: {bef86380-a99d-11da-a746-0800200c9a66}:1.0.1
FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:3.20100306
FF - prefs.js..extensions.enabledItems: {d3d70bca-2d54-425e-b02c-b7e2f4b07688}:3.5
FF - prefs.js..extensions.enabledItems: {e8cba685-830c-1283-6314-a6ae605cc7be}:2.0.1
FF - prefs.js..extensions.enabledItems: {F23DF9FE-E13C-4203-A3BF-61E8F8DC296C}:1.5.0.4
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://nurago29.pop-hannover.net/gacela2/gacela2_pilot0903/autoproxyconfig.php?id=10901&type=FF&version=2.1.16"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010.04.02 21:58:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.04 11:54:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.04 11:54:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird 3.0 Beta 3\components [2010.05.16 20:02:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2010.02.20 20:40:33 | 000,000,000 | ---D | M]
 
[2010.04.26 21:36:18 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Extensions
[2010.04.26 21:36:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.18 22:21:29 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] (Azerty III) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (Send Page By Email) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{06C43693-2C7F-4beb-BB52-EF92C6CA0C44}
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}(21)
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (Metal Lion - Vista) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010.04.25 23:32:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{2A10B180-05EF-11D9-8C50-444553540001}
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{3143B27B-F7DE-49d8-BF08-C2E4DEA71DBB}
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (Open Link Host) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{32D83016-0657-4cd3-B7D2-0B4D12CEC60E}
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (Qute) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.04.25 23:32:37 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010.04.25 23:32:37 | 000,000,000 | ---D | M] (ImageShack® Toolbar) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}
[2010.04.25 23:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.25 23:32:39 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2010.04.25 23:32:39 | 000,000,000 | ---D | M] (Netscape - Winscape) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{8803789a-23eb-44b4-bd48-6762fd320242}
[2010.04.25 23:32:39 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.04.25 23:32:39 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2010.04.25 23:32:39 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010.04.25 23:32:40 | 000,000,000 | ---D | M] (PimpZilla) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
[2010.04.25 23:32:40 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010.04.25 23:32:40 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.04.25 23:32:40 | 000,000,000 | ---D | M] (iFox) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2010.04.25 23:32:40 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010.04.25 23:32:40 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010.04.25 23:32:40 | 000,000,000 | ---D | M] (WataCrackaz AutoSMS) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{b422f337-27e5-4d5c-bb07-c189e7e7d7f2}
[2010.04.25 23:32:40 | 000,000,000 | ---D | M] (Bookmark Duplicate Detector) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}
[2010.04.25 23:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{bde351f9-0fcb-2fcf-3b9b-626f1f37d6e5}
[2010.04.25 23:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{bef86380-a99d-11da-a746-0800200c9a66}
[2010.04.25 23:32:41 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.04.25 23:32:41 | 000,000,000 | ---D | M] (Plain Text to Link [de]) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{C90B0826-5A17-4970-A5BF-A43D22452E21}
[2010.04.25 23:32:45 | 000,000,000 | ---D | M] (iPox) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2010.04.25 23:32:45 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010.04.25 23:32:45 | 000,000,000 | ---D | M] (iFox Smooth) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}
[2010.04.25 23:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.04.25 23:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{e8cba685-830c-1283-6314-a6ae605cc7be}
[2010.05.17 14:28:38 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.04.25 23:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{F23DF9FE-E13C-4203-A3BF-61E8F8DC296C}
[2010.04.25 23:32:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{f65bf62a-5ffc-4317-9612-38907a779583}
[2010.04.25 23:32:34 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\DTToolbar@toolbarnet.com
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\fb_add_on@avm.de
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\gmailthis@lazyrussian.com
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\qprefbtn@max.max
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\qtl.co.il@gmail.com
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\savesession@noasobi.net
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\speedtest@gotomyhelp.com
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\tabscope@xuldev.org
[2010.04.25 23:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions
[2010.04.25 23:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS
[2009.10.24 16:45:56 | 000,002,399 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\daemon-search.xml
[2010.05.13 20:12:43 | 000,000,950 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-1.xml
[2010.01.01 17:58:50 | 000,000,961 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-2.xml
[2010.01.10 20:38:48 | 000,000,961 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-3.xml
[2010.02.28 19:44:00 | 000,000,961 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-4.xml
[2010.03.12 20:07:44 | 000,000,950 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-5.xml
[2010.03.24 09:25:26 | 000,000,950 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-6.xml
[2010.03.25 20:37:24 | 000,000,950 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-7.xml
[2010.04.25 22:55:18 | 000,000,950 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-8.xml
[2010.05.15 17:24:43 | 000,000,950 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-9.xml
[2010.02.03 15:37:50 | 000,000,947 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin.xml
[2009.11.11 22:04:22 | 000,002,108 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\qtl.xml
[2010.05.17 14:28:33 | 000,003,915 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\sweetim.xml
[2010.05.15 17:34:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.27 13:03:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.19 16:00:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [MsmqIntCert] C:\Windows\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - Startup: C:\Users\roadrunner1405\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - Startup: C:\Users\roadrunner1405\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird 3.0 Beta 3.lnk = C:\Programme\Mozilla Thunderbird 3.0 Beta 3\thunderbird.exe (Mozilla Messaging)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\biolsp.dll (Wave Systems Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\roadrunner1405\Pictures\Ines.jpg
O24 - Desktop BackupWallPaper: C:\Users\roadrunner1405\Pictures\Ines.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.19 16:51:34 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\roadrunner1405\Desktop\OTL.exe
[2010.05.19 16:00:14 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010.05.19 15:57:19 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\AppData\Local\temp
[2010.05.19 15:31:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.05.19 15:31:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.05.19 15:31:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.05.19 15:31:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.05.19 15:30:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.05.19 15:29:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.05.19 15:22:37 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.05.19 14:57:13 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Users\roadrunner1405\Desktop\ccsetup231.exe
[2010.05.19 14:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.05.18 19:15:49 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\NDS Kernel Utility
[2010.05.18 17:58:59 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\NDS
[2010.05.18 17:27:53 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\NAVIGONSD
[2010.05.17 23:05:22 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Avatar
[2010.05.17 17:23:27 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Alarmanlage
[2010.05.17 14:28:23 | 000,000,000 | ---D | C] -- C:\Programme\SweetIM
[2010.05.17 14:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2010.05.16 19:58:30 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Robin Hood
[2010.05.16 13:48:48 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Navteq Deutschland 2009 -2010
[2010.05.16 03:13:25 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Iron.Man.2.TELESYNC.German.XviD-2Brothers
[2010.05.15 23:57:01 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Kampf.der.Titanen.2010.TS.LD.German.PROPER2.XViD.Chefflo
[2010.05.15 17:03:06 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.1
[2010.05.12 12:10:54 | 003,648,320 | ---- | C] (AVM Gmbh) -- C:\Users\roadrunner1405\Desktop\AVM_TAPI_Services_for_FRITZ!Box.exe
[2010.05.10 20:42:23 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.05.10 20:42:23 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.05.08 14:25:37 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Documents\Turbo Lister Backup
[2010.05.07 21:15:40 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Documents\KMPlayer
[2010.05.07 21:15:29 | 000,000,000 | ---D | C] -- C:\Programme\The KMPlayer
[2010.05.07 21:02:24 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\AppData\Local\ratDVD
[2010.05.07 21:02:03 | 000,000,000 | ---D | C] -- C:\Programme\ratDVD
[2010.05.07 15:32:46 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\AppData\Local\Diagnostics
[2010.05.05 13:07:51 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Documents\Turbo Lister
[2010.05.05 12:56:56 | 000,000,000 | ---D | C] -- C:\Programme\eBay
[2010.05.05 12:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay
[2010.05.04 12:12:46 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\AppData\Local\FixItCenter
[2010.05.04 11:58:15 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010.05.04 11:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010.05.04 11:50:49 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2010.05.04 11:50:48 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Fix it Center
[2010.05.04 00:44:30 | 000,000,000 | ---D | C] -- C:\Programme\Registry Easy
[2010.05.03 19:18:38 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.04.28 08:28:01 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Documents\a-squared Free
[2010.04.28 08:28:01 | 000,000,000 | ---D | C] -- C:\Programme\a-squared Free
[2010.04.27 15:59:33 | 000,000,000 | R--D | C] -- C:\Users\Public\Documents\C64 Files
[2010.04.27 15:59:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Cloanto
[2010.04.27 15:59:33 | 000,000,000 | ---D | C] -- C:\Programme\Cloanto
[2010.04.27 15:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Cloanto
[2010.04.27 14:10:41 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\C64
[2010.04.27 12:25:32 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.04.27 12:10:19 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.04.27 12:09:34 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.04.27 12:07:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.04.27 11:45:41 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker
[2010.04.26 22:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.04.26 22:35:02 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer
[2010.04.26 22:13:13 | 000,000,000 | ---D | C] -- C:\Programme\QSoft
[2010.04.26 22:12:13 | 000,000,000 | ---D | C] -- C:\Programme\NoVirusThanks
[2010.04.26 22:07:00 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Documents\Simply Super Software
[2010.04.26 22:06:45 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010.04.26 22:06:42 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2010.04.26 22:06:42 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\AppData\Roaming\Simply Super Software
[2010.04.26 22:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010.04.26 17:56:28 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Stargate Universe S01e13 german sub HDTV XVID - FQ
[2010.04.26 17:52:53 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Stargate Universe - 1x14 - Human
[2010.04.26 11:00:24 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabctl32.ocx
[2010.04.26 11:00:24 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msinet.ocx
[2010.04.26 11:00:24 | 000,000,000 | ---D | C] -- C:\ZL_DB_CCcam_SoftCam_Control
[2010.04.25 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla
[2010.04.25 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\AppData\Local\Mozilla
[2010.04.25 23:15:39 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.04.25 18:54:07 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Navi
[2010.04.25 12:22:26 | 000,000,000 | ---D | C] -- C:\Programme\WindowsServices
[2010.04.25 12:22:22 | 000,364,032 | ---- | C] (CoreCodec) -- C:\Windows\System32\CoreAVCDecoder.ax
[2010.04.25 12:22:20 | 000,000,000 | ---D | C] -- C:\Programme\TimHillOne
[2010.04.25 10:34:12 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Lena Meyer Landrut Unser Star für Oslo - Satellite
[2010.04.24 15:18:19 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\FULL - Assassins Creed II DVD5 - GENTi
[2010.04.24 13:05:58 | 000,000,000 | ---D | C] -- C:\Programme\PGWARE
[2010.04.23 16:59:54 | 001,044,480 | R--- | C] (eHelp Corporation.) -- C:\Windows\System32\roboex32.dll
[2010.04.23 16:59:54 | 000,049,152 | R--- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\inetwh32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.19 16:56:39 | 002,883,584 | -HS- | M] () -- C:\Users\roadrunner1405\NTUSER.DAT
[2010.05.19 16:51:34 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\roadrunner1405\Desktop\OTL.exe
[2010.05.19 16:24:28 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.19 16:24:28 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.19 16:00:18 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.05.19 16:00:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.05.19 15:59:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.19 15:58:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.19 15:58:49 | 1577,275,392 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.19 15:44:52 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv
[2010.05.19 15:26:40 | 000,021,368 | ---- | M] () -- C:\Users\roadrunner1405\Desktop\cc_20100519_152631.reg
[2010.05.19 14:57:23 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Users\roadrunner1405\Desktop\ccsetup231.exe
[2010.05.19 14:55:32 | 003,691,277 | R--- | M] () -- C:\Users\roadrunner1405\Desktop\ComboFix.exe
[2010.05.18 00:07:03 | 000,003,584 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.17 18:06:35 | 000,016,946 | ---- | M] () -- C:\Users\roadrunner1405\Desktop\996389782_2.jpg
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\phar_unmip.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\phar_histprot.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_webproxy.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_video.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_tabloids.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_searchengines.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_pornography.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlineshop.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlinepay.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlinedating.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_news.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_im.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_illegal.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_hate.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_games.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_gambling.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_drugs.dat
[2010.05.12 12:11:01 | 003,648,320 | ---- | M] (AVM Gmbh) -- C:\Users\roadrunner1405\Desktop\AVM_TAPI_Services_for_FRITZ!Box.exe
[2010.05.12 11:38:29 | 000,001,606 | ---- | M] () -- C:\Users\roadrunner1405\Desktop\Überweisungen.rtf
[2010.05.10 20:33:58 | 000,171,136 | RHS- | M] () -- C:\loadmgr
[2010.05.10 20:21:27 | 002,779,605 | -H-- | M] () -- C:\Users\roadrunner1405\AppData\Local\IconCache.db
[2010.05.10 14:56:07 | 000,072,784 | ---- | M] (BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys
[2010.05.10 14:05:30 | 000,000,112 | ---- | M] () -- C:\ProgramData\ge8aaiu.dat
[2010.05.07 21:28:18 | 000,000,194 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\default.rss
[2010.05.07 21:11:01 | 000,002,853 | ---- | M] () -- C:\ProgramData\hQrLb0N2.PIF
[2010.05.07 21:03:39 | 000,068,610 | ---- | M] () -- C:\ProgramData\hQrLb0N2.exe
[2010.05.04 20:43:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\OV9655S.SET
[2010.05.04 12:39:56 | 000,000,036 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Local\housecall.guid.cache
[2010.05.04 12:05:39 | 000,000,042 | ---- | M] () -- C:\Windows\System32\RegistryEasy.lie
[2010.04.27 19:59:24 | 000,001,844 | ---- | M] () -- C:\Users\roadrunner1405\Desktop\UseNeXT.lnk
[2010.04.27 16:27:19 | 000,002,644 | ---- | M] () -- C:\Users\roadrunner1405\Documents\C64 Files.lnk
[2010.04.27 15:59:43 | 000,002,179 | ---- | M] () -- C:\Users\Public\Documents\C64 Files.lnk
[2010.04.27 13:25:05 | 000,079,676 | ---- | M] () -- C:\Users\Public\Documents\Fingerprint Backup.fpbak
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010.04.26 09:25:22 | 009,179,345 | ---- | M] () -- C:\Users\roadrunner1405\Desktop\Elton John & Kiki Dee - Don't Go Breaking My Heart (Long Ultrasound Version).mp3
[2010.04.25 23:15:42 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.25 23:03:56 | 037,102,791 | ---- | M] () -- C:\Firefox 3.6.3 (de) - 2010-04-25.pcv
[2010.04.25 10:38:15 | 009,627,278 | ---- | M] () -- C:\Users\roadrunner1405\Desktop\02.David Bisbal & K'naan - Waving Flag (Sud Africa 2010).mp3
[2010.04.24 00:01:15 | 002,950,726 | ---- | M] () -- C:\Users\roadrunner1405\Desktop\zinn.pdf
[2010.04.23 16:59:54 | 001,044,480 | R--- | M] (eHelp Corporation.) -- C:\Windows\System32\roboex32.dll
[2010.04.23 16:59:54 | 000,049,152 | R--- | M] (Blue Sky Software Corporation.) -- C:\Windows\System32\inetwh32.dll
 
========== Files Created - No Company Name ==========
 
[2010.05.19 15:31:28 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.05.19 15:31:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.05.19 15:31:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.05.19 15:31:28 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.05.19 15:31:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.05.19 15:26:37 | 000,021,368 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\cc_20100519_152631.reg
[2010.05.19 14:55:13 | 003,691,277 | R--- | C] () -- C:\Users\roadrunner1405\Desktop\ComboFix.exe
[2010.05.17 18:06:32 | 000,016,946 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\996389782_2.jpg
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_unmip.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_histprot.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010.05.12 11:38:29 | 000,001,606 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\Überweisungen.rtf
[2010.05.11 13:22:04 | 735,221,760 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\xcopy-cfever2.avi
[2010.05.11 13:21:29 | 731,799,552 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\0ptimus-nimido-xvid.avi
[2010.05.10 20:33:58 | 000,171,136 | RHS- | C] () -- C:\loadmgr
[2010.05.07 21:11:01 | 000,002,853 | ---- | C] () -- C:\ProgramData\hQrLb0N2.PIF
[2010.05.07 20:56:00 | 000,003,584 | ---- | C] () -- C:\Users\roadrunner1405\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.05 10:44:16 | 000,000,112 | ---- | C] () -- C:\ProgramData\ge8aaiu.dat
[2010.05.05 10:44:12 | 000,068,610 | ---- | C] () -- C:\ProgramData\hQrLb0N2.exe
[2010.05.04 20:43:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\OV9655S.SET
[2010.05.04 12:39:56 | 000,000,036 | ---- | C] () -- C:\Users\roadrunner1405\AppData\Local\housecall.guid.cache
[2010.05.04 12:05:39 | 000,000,042 | ---- | C] () -- C:\Windows\System32\RegistryEasy.lie
[2010.04.27 19:59:24 | 000,001,844 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\UseNeXT.lnk
[2010.04.27 16:00:06 | 000,002,644 | ---- | C] () -- C:\Users\roadrunner1405\Documents\C64 Files.lnk
[2010.04.27 16:00:06 | 000,002,179 | ---- | C] () -- C:\Users\Public\Documents\C64 Files.lnk
[2010.04.27 13:25:04 | 000,079,676 | ---- | C] () -- C:\Users\Public\Documents\Fingerprint Backup.fpbak
[2010.04.26 22:06:45 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.04.26 22:06:45 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010.04.26 22:06:45 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010.04.26 22:06:45 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010.04.26 09:31:00 | 009,179,345 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\Elton John & Kiki Dee - Don't Go Breaking My Heart (Long Ultrasound Version).mp3
[2010.04.25 23:15:42 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.25 23:03:32 | 037,102,791 | ---- | C] () -- C:\Firefox 3.6.3 (de) - 2010-04-25.pcv
[2010.04.25 12:22:22 | 000,167,936 | ---- | C] () -- C:\Windows\System32\CoreAACDecoder.ax
[2010.04.25 10:39:39 | 009,627,278 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\02.David Bisbal & K'naan - Waving Flag (Sud Africa 2010).mp3
[2010.04.24 00:00:56 | 002,950,726 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\zinn.pdf
[2010.03.29 22:58:31 | 000,005,152 | ---- | C] () -- C:\Windows\System32\drivers\io.sys
[2010.03.29 22:58:16 | 000,046,592 | ---- | C] () -- C:\Windows\System32\io.dll
[2010.03.29 22:58:16 | 000,046,592 | ---- | C] () -- C:\Windows\io.dll
[2010.03.22 20:21:33 | 000,005,248 | ---- | C] () -- C:\Windows\System32\drivers\giveio.sys
[2010.03.16 22:00:00 | 000,110,080 | ---- | C] () -- C:\Windows\System32\nLame.dll
[2010.03.16 22:00:00 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2010.01.07 16:59:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.01.03 20:28:18 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys
[2010.01.03 20:28:18 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys
[2009.12.24 01:57:48 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.25 22:03:24 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2009.11.15 21:59:42 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.10.25 19:53:40 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.10.18 11:27:51 | 000,000,141 | ---- | C] () -- C:\Windows\Altair.INI
[2009.09.11 12:40:56 | 000,000,097 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009.09.09 12:47:20 | 000,000,184 | ---- | C] () -- C:\Windows\KTEL.INI
[2009.09.05 15:06:38 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.09.05 15:06:38 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.08.25 15:58:27 | 001,736,704 | ---- | C] () -- C:\Windows\System32\Tsp1.dll
[2009.08.25 15:56:55 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2009.08.25 15:56:54 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2009.08.25 15:24:35 | 000,000,227 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2009.08.25 14:04:37 | 000,000,069 | ---- | C] () -- C:\Windows\wininit.ini
[2009.08.23 23:43:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.23 00:06:50 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009.08.22 18:35:04 | 000,515,328 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE1.sys
[2009.08.22 18:35:04 | 000,232,704 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE0.sys
[2009.08.22 17:25:05 | 000,266,240 | ---- | C] () -- C:\Windows\System32\EMSC.dll
[2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.01.15 13:45:34 | 000,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
[2008.09.12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007.01.31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2007.01.31 13:09:46 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2007.01.31 13:09:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2007.01.31 13:09:06 | 000,077,824 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2007.01.31 13:08:46 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2007.01.31 13:08:26 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2007.01.31 13:08:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2007.01.31 13:07:46 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2007.01.31 13:07:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2007.01.31 13:07:04 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2007.01.31 13:06:46 | 000,073,728 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2007.01.30 17:43:20 | 000,237,568 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll
[2007.01.30 17:37:10 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll
[2007.01.30 17:37:08 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll
[2007.01.30 17:37:08 | 000,217,088 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll
[2007.01.30 17:37:06 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll
[2007.01.30 17:37:06 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll
[2007.01.30 17:37:04 | 000,266,240 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll
[2007.01.30 17:37:04 | 000,233,472 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll
[2007.01.30 17:37:02 | 000,241,664 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll
[2007.01.30 17:37:02 | 000,212,992 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll
[2007.01.30 17:37:00 | 000,237,568 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll
[2007.01.02 09:14:20 | 000,835,584 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2006.12.05 13:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2004.09.10 12:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2004.09.10 12:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >

roadrunner14 19.05.2010 16:03
hier die log Extras

Code:
OTL Extras logfile created on: 19.05.2010 16:55:08 - Run 1
OTL by OldTimer - Version 3.2.4.1    Folder = C:\Users\roadrunner1405\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 9,88 Gb Free Space | 4,24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ROADRUNNER-NB
Current User Name: roadrunner1405
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.1 Build #2096 Banner Remover 1.0
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{121A64FD-6D62-40A1-BDE3-F9A590A2B96B}" = Intel(R) Mobile Utility (T)
"{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"{196B7B22-A476-4906-B4D5-C587103A2A5A}" = SweetIM for Messenger 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2e6dc16e-eeda-4278-aafa-021e7f925a16}" = Nero 9 Trial
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{30BBEF79-9C46-4063-93C0-2FD4FF862C24}" = W83L5X8
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{329304C3-75E2-4648-BCF3-86CDAF08567F}" = Xirrus Wi-Fi Inspector
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys PC Camera Device
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{449A16C4-83B3-426C-AA4A-00A34E80C093}" = Smart Battery
"{4664D722-33D1-4B4A-A317-1E64178B7A97}" = BitDefender Internet Security 2010
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5FAFB6EB-B749-4D96-88CD-CBF7AD39A78C}" = C64 Forever
"{616A9B24-448B-4DF3-926A-C4141FCD692C}_is1" = Hijack Hunter 1.7
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63988D27-DA4D-4C1E-99C6-50F1CF5D4A2A}" = Fingerprint Sensor Minimum Install
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6415406D-3026-4A32-91B9-422B87EEC446}_is1" = Versione 2.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F7C27E1-63B5-4149-93B2-CDAEE27974A8}" = Wave Infrastructure Installer
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{725F7446-EAC3-4279-97EF-5A5F6A9F6BF8}" = STMicroelectronics TPM Software Package
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{74B58083-B5B9-46a5-847C-248F97FF2A56}" = Topfield Tools
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77C1B8D7-1283-48A4-BD79-79FA37064A13}" = Lenovo Fingerprint Software
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7A27764B-5434-4DAA-BD43-3ACF4FFCD7FE}" = SweetIM Toolbar for Internet Explorer 3.8
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94DF3F23-B26F-42EF-8BC5-55EFE3F02D8F}" = Winbond TPM Device Driver
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}" = NTRU TCG Software Stack
"{A7EDFF3B-C518-4A66-A0DE-8D625481BE56}" = StarMoney 7.0
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Embassy Security Center
"{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}" = Intel(R) PROSet/Wireless WiFi-Software
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DDD0A758-F44C-47D3-8E88-692FFF775127}" = Intel(R) PRO Network Connections 12.3.31.0
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alive DVD Ripper_is1" = Alive DVD Ripper (version 3.2.6.2)
"a-squared Free_is1" = a-squared Free 4.5
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CPUCooL" = CPUCooL (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Easy WiFi Radar" = Easy WiFi Radar 1.0.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"H264WebCam 3.68_is1" = H264WebCam ver3.68
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"InstallShield_{329304C3-75E2-4648-BCF3-86CDAF08567F}" = Xirrus Wi-Fi Inspector
"InstallShield_{449A16C4-83B3-426C-AA4A-00A34E80C093}" = Smart Battery
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"JDownloader" = JDownloader
"MESOL" = Intel(R) Active Management Technology Device Software
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.1
"ProInst" = Intel PROSet Wireless
"PROR" = Microsoft Office Professional 2007-Testversion
"PROSetDX" = Intel(R) PRO Network Connections 12.3.31.0
"ratDVD" = ratDVD 0.78.1444
"Registry Easy_is1" = Registry Easy v5.6
"TeamViewer 5" = TeamViewer 5
"The KMPlayer" = The KMPlayer (remove only)
"TopfHDRW" = TopfHDRead/Write V0.20
"Trojan Remover_is1" = Trojan Remover 6.8.1
"TuneUp Utilities" = TuneUp Utilities
"TVWiz" = Intel(R) TV Wizard
"UltraISO_is1" = UltraISO Premium V8.65
"Unlocker" = Unlocker 1.8.9
"Update Service" = Update Service
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.0.0
"vLite_is1" = vLite
"Willem Eprom PCB50 Version 0.98D10_is1" = EPROM PCB50a(0.98D10)
"WinAce Archiver" = WinAce Archiver
"WinRAR archiver" = WinRAR
"X3TerranConflict_is1" = X3 Terran Conflict v1.0.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{F4BAE02E-749C-4A69-9794-FD7019FD8820}" = klickTel OEM Frühjahr 2009
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

cosinus 19.05.2010 18:32
Malwarebytes vergessen?

roadrunner14 19.05.2010 18:56
Zitat:
Zitat von cosinus (Beitrag 527078)
Malwarebytes vergessen?
Jau. Ist mir entfallen. Habs mal laufen lassen und es wurden 4 Rootkits gefunden und entfernt.

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4117

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.05.2010 19:53:46
mbam-log-2010-05-19 (19-53-46).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 147179
Laufzeit: 11 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 19.05.2010 18:59
Ich wollte aber einen Vollscan sehen...

roadrunner14 19.05.2010 19:05
Oh mann, ich werd alt. Kommt gleich.

roadrunner14 19.05.2010 21:24
So hier das log

Zitat:
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4117

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.05.2010 22:12:42
mbam-log-2010-05-19 (22-12-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 343769
Laufzeit: 2 Stunde(n), 4 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 20.05.2010 08:36
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://nurago29.pop-hannover.net/gacela2/gacela2_pilot0903/autoproxyconfig.php?id=10901&type=FF&version=2.1.16"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q="
[2010.05.10 14:05:30 | 000,000,112 | ---- | M] () -- C:\ProgramData\ge8aaiu.dat
[2010.05.07 21:11:01 | 000,002,853 | ---- | M] () -- C:\ProgramData\hQrLb0N2.PIF
[2010.05.07 21:03:39 | 000,068,610 | ---- | M] () -- C:\ProgramData\hQrLb0N2.exe
[2010.05.04 20:43:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\OV9655S.SET
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

roadrunner14 20.05.2010 09:29
Habs grad laufen lassen.

Die eine Datei ließ sich nicht löschen. Hab es eben nochmal von Hand versucht. Ging nicht. Der sagt ich hätte nicht genügend Rechte. Er will Administrator-Rechte. Mein Benutzerkonto ist Administrator und die Kontensteuerung ist abgeschaltet.

Zitat:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll moved successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" removed from browser.search.defaulturl
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
Prefs.js: "hxxp://nurago29.pop-hannover.net/gacela2/gacela2_pilot0903/autoproxyconfig.php?id=10901&type=FF&version=2.1.16" removed from network.proxy.autoconfig_url
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\ProgramData\ge8aaiu.dat moved successfully.
C:\ProgramData\hQrLb0N2.PIF moved successfully.
File move failed. C:\ProgramData\hQrLb0N2.exe scheduled to be moved on reboot.
C:\Windows\System32\drivers\OV9655S.SET moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: roadrunner1405
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 90411 bytes
->Java cache emptied: 12118620 bytes
->FireFox cache emptied: 92249854 bytes
->Flash cache emptied: 1551 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 100,00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05202010_102004

Files\Folders moved on Reboot...
File move failed. C:\ProgramData\hQrLb0N2.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\atchksrv.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

roadrunner14 20.05.2010 09:34
Hab die Datei hQrLb0N2.exe mal mit Unlocker gelöscht. Starte nochmal neu obs dann weg ist. Die war schonmal da und wurde automatisch gestartet. Es wurde zwar nicht als Virus erkannt damals, aber sie tauchte immer wieder auf nach dem löschen. Momentan läd er sie zumindest nicht mehr im Autostart.

cosinus 20.05.2010 10:22
Na, dann mach mal nen Durchgang mit CF bitte (neue cofi.exe runterladen!!):

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

roadrunner14 20.05.2010 12:44
hier das log:

Code:
ComboFix 10-05-17.05 - roadrunner1405 20.05.2010  11:50:07.2.2 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.2006.713 [GMT 2:00]
ausgeführt von:: c:\users\roadrunner1405\Desktop\cofi.exe
.
Die folgenden Dateien wurden während des Laufs deaktiviert:
c:\program files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\leaktests.m32


((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\htmlres115_de.dll
c:\windows\system32\htmlres115_en.dll
c:\windows\system32\htmlres115_es.dll
c:\windows\system32\htmlres115_fr.dll
c:\windows\system32\htmlres115_it.dll
c:\windows\system32\htmlres115_jp.dll
c:\windows\system32\htmlres115_nl.dll
c:\windows\system32\htmlres115_pl.dll
c:\windows\system32\htmlres115_pt.dll
c:\windows\system32\htmlres115_ru.dll
c:\windows\system32\htmlres115_sv.dll
c:\windows\system32\libOCAHelper-3-1.dll
c:\windows\system32\libOCAHelperw-3-1.dll
c:\windows\system32\libOCASecurityw-2-0.dll
c:\windows\system32\nsclient115.dll
c:\windows\system32\nsclient115w.dll
c:\windows\system32\stringres115_de.dll
c:\windows\system32\stringres115_en.dll
c:\windows\system32\stringres115_es.dll
c:\windows\system32\stringres115_fr.dll
c:\windows\system32\stringres115_it.dll
c:\windows\system32\stringres115_jp.dll
c:\windows\system32\stringres115_nl.dll
c:\windows\system32\stringres115_pl.dll
c:\windows\system32\stringres115_pt.dll
c:\windows\system32\stringres115_ru.dll
c:\windows\system32\stringres115_sv.dll
c:\program files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\leaktests.m32 . . . . Nicht in der Lage zu löschen

.
(((((((((((((((((((((((  Dateien erstellt von 2010-04-20 bis 2010-05-20  ))))))))))))))))))))))))))))))
.

2010-05-20 10:00 . 2010-05-20 11:18        --------        d-----w-        c:\users\roadrunner1405\AppData\Local\temp
2010-05-20 10:00 . 2010-05-20 10:00        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-05-20 10:00 . 2010-05-20 10:00        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2010-05-20 10:00 . 2010-05-20 10:00        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-05-20 10:00 . 2010-05-20 10:00        --------        d-----w-        c:\users\Classic .NET AppPool\AppData\Local\temp
2010-05-20 08:20 . 2010-05-20 08:20        --------        d-----w-        C:\_OTL
2010-05-19 17:38 . 2010-05-19 17:38        --------        d-----w-        c:\users\roadrunner1405\AppData\Roaming\Malwarebytes
2010-05-19 17:38 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 17:38 . 2010-05-19 17:38        --------        d-----w-        c:\programdata\Malwarebytes
2010-05-19 17:38 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-05-19 17:37 . 2010-05-19 17:38        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-05-19 14:17 . 2010-03-04 07:33        740864        ----a-w-        c:\windows\system32\inetcomm.dll
2010-05-19 13:22 . 2010-05-19 13:22        --------        d-----w-        c:\program files\CCleaner
2010-05-19 12:24 . 2010-05-19 12:24        --------        d-----w-        c:\programdata\F-Secure
2010-05-17 12:28 . 2010-05-17 12:28        --------        d-----w-        c:\program files\SweetIM
2010-05-17 12:28 . 2010-05-17 12:28        --------        d-----w-        c:\programdata\SweetIM
2010-05-15 15:03 . 2010-05-15 15:33        --------        d-----w-        c:\program files\ICQ7.1
2010-05-10 19:17 . 2009-10-10 02:57        12800        ----a-w-        c:\windows\system32\drivers\sffp_sd.sys
2010-05-10 19:17 . 2009-10-10 02:31        84992        ----a-w-        c:\windows\system32\drivers\sdbus.sys
2010-05-10 18:42 . 2009-12-11 07:44        133720        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2010-05-10 18:42 . 2009-12-11 07:38        1037312        ----a-w-        c:\windows\system32\lsasrv.dll
2010-05-10 18:42 . 2009-09-26 05:58        194488        ----a-w-        c:\windows\system32\drivers\fvevol.sys
2010-05-07 19:15 . 2010-05-07 19:15        --------        d-----w-        c:\program files\The KMPlayer
2010-05-07 19:02 . 2010-05-07 19:02        --------        d-----w-        c:\users\roadrunner1405\AppData\Local\ratDVD
2010-05-07 19:02 . 2010-05-07 19:02        --------        d-----w-        c:\program files\ratDVD
2010-05-07 13:32 . 2010-05-07 13:32        --------        d-----w-        c:\users\roadrunner1405\AppData\Local\Diagnostics
2010-05-05 10:56 . 2010-05-05 10:56        --------        d-----w-        c:\programdata\eBay
2010-05-05 10:56 . 2010-05-05 10:56        --------        d-----w-        c:\program files\eBay
2010-05-04 10:12 . 2010-05-04 10:12        --------        d-----w-        c:\users\roadrunner1405\AppData\Local\FixItCenter
2010-05-04 09:58 . 2010-05-04 09:58        --------        d-----w-        c:\windows\CheckSur
2010-05-04 09:50 . 2010-05-04 09:50        --------        d-----w-        c:\windows\MATS
2010-05-04 09:50 . 2010-05-04 09:50        --------        d-----w-        c:\program files\Microsoft Fix it Center
2010-05-03 22:44 . 2010-05-04 10:06        --------        d-----w-        c:\program files\Registry Easy
2010-05-03 17:18 . 2010-05-03 17:18        --------        d-----w-        c:\program files\Trend Micro
2010-04-28 06:28 . 2010-04-28 08:34        --------        d-----w-        c:\program files\a-squared Free
2010-04-27 13:59 . 2010-04-27 13:59        --------        d-----w-        c:\programdata\Cloanto
2010-04-27 13:59 . 2010-04-27 13:59        --------        d-----w-        c:\program files\Common Files\Cloanto
2010-04-27 13:59 . 2010-04-27 13:59        --------        d-----w-        c:\program files\Cloanto
2010-04-27 10:25 . 2010-04-01 13:11        30024        ----a-w-        c:\windows\system32\uxtuneup.dll
2010-04-27 10:10 . 2010-04-01 13:17        30536        ----a-w-        c:\windows\system32\TURegOpt.exe
2010-04-27 10:09 . 2010-04-27 10:25        --------        d-----w-        c:\program files\TuneUp Utilities 2010
2010-04-27 10:07 . 2010-04-27 10:07        --------        d-sh--w-        c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-27 09:45 . 2010-05-10 16:00        --------        d-----w-        c:\program files\Unlocker
2010-04-26 20:35 . 2010-04-30 08:19        --------        d-----w-        c:\program files\GridinSoft Trojan Killer
2010-04-26 20:13 . 2010-04-26 20:13        --------        d-----w-        c:\program files\QSoft
2010-04-26 20:12 . 2010-04-26 20:12        --------        d-----w-        c:\program files\NoVirusThanks
2010-04-26 20:06 . 2006-06-19 10:01        69632        ----a-w-        c:\windows\system32\ztvcabinet.dll
2010-04-26 20:06 . 2006-05-25 12:52        162304        ----a-w-        c:\windows\system32\ztvunrar36.dll
2010-04-26 20:06 . 2005-08-25 22:50        77312        ----a-w-        c:\windows\system32\ztvunace26.dll
2010-04-26 20:06 . 2003-02-02 17:06        153088        ----a-w-        c:\windows\system32\UNRAR3.dll
2010-04-26 20:06 . 2002-03-05 22:00        75264        ----a-w-        c:\windows\system32\unacev2.dll
2010-04-26 20:06 . 2010-04-26 21:12        --------        d-----w-        c:\program files\Trojan Remover
2010-04-26 20:06 . 2010-04-26 20:06        --------        d-----w-        c:\users\roadrunner1405\AppData\Roaming\Simply Super Software
2010-04-26 20:06 . 2010-04-26 20:06        --------        d-----w-        c:\programdata\Simply Super Software
2010-04-26 09:00 . 2010-04-26 09:01        --------        d-----w-        C:\ZL_DB_CCcam_SoftCam_Control
2010-04-25 21:15 . 2010-04-25 21:15        --------        d-----w-        c:\users\roadrunner1405\AppData\Local\Mozilla
2010-04-25 10:22 . 2010-04-25 12:30        --------        d-----w-        c:\program files\WindowsServices
2010-04-25 10:22 . 2010-04-25 10:22        --------        d-----w-        c:\program files\TimHillOne
2010-04-24 11:05 . 2010-04-24 11:05        --------        d-----w-        c:\program files\PGWARE
2010-04-23 14:59 . 2010-04-23 14:59        49152        ----a-r-        c:\windows\system32\inetwh32.dll
2010-04-23 14:59 . 2010-04-23 14:59        1044480        ----a-r-        c:\windows\system32\roboex32.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-20 11:19 . 2009-08-23 17:48        --------        d-----w-        c:\users\roadrunner1405\AppData\Roaming\Skype
2010-05-20 10:07 . 2010-03-23 19:33        4194304        ----a-w-        c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2010-05-20 09:46 . 2009-10-07 08:26        --------        d-----w-        c:\users\roadrunner1405\AppData\Roaming\ICQ
2010-05-20 08:25 . 2009-08-23 17:50        --------        d-----w-        c:\users\roadrunner1405\AppData\Roaming\skypePM
2010-05-20 08:22 . 2010-05-20 08:22        0        ----a-w-        c:\windows\system32\drivers\OV9655S.SET
2010-05-20 08:20 . 2009-10-07 08:26        --------        d-----w-        c:\program files\ICQ6Toolbar
2010-05-19 14:21 . 2009-08-27 09:04        --------        d-----w-        c:\programdata\Microsoft Help
2010-05-19 14:20 . 2009-07-14 02:37        --------        d-----w-        c:\program files\Windows Mail
2010-05-19 09:00 . 2010-01-07 12:02        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-05-19 09:00 . 2010-05-19 09:00        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-05-18 20:08 . 2010-03-15 12:49        --------        d-----w-        c:\users\roadrunner1405\AppData\Roaming\UseNeXT
2010-05-16 18:02 . 2009-10-08 20:42        --------        d-----w-        c:\program files\Mozilla Thunderbird 3.0 Beta 3
2010-05-15 21:44 . 2010-03-10 10:02        --------        d-----w-        c:\program files\JDownloader
2010-05-15 16:24 . 2009-07-14 04:52        --------        d-----w-        c:\program files\Windows Sidebar
2010-05-15 15:23 . 2009-10-07 08:26        --------        d-----w-        c:\programdata\ICQ
2010-05-10 18:09 . 2009-08-23 17:45        --------        d-----r-        c:\program files\Skype
2010-05-10 16:00 . 2009-08-22 15:25        --------        d-----w-        c:\program files\Smart Battery
2010-05-10 16:00 . 2009-08-22 15:41        --------        d-----w-        c:\program files\Lenovo Fingerprint Software
2010-05-10 12:56 . 2009-10-19 15:04        72784        ----a-w-        c:\windows\system32\drivers\BdfNdisf6.sys
2010-05-07 19:13 . 2009-09-11 19:05        --------        d-----w-        c:\users\roadrunner1405\AppData\Roaming\vlc
2010-04-28 06:45 . 2009-10-18 08:40        --------        d-----w-        c:\program files\FileZilla FTP Client
2010-04-27 17:59 . 2010-03-15 12:43        --------        d-----w-        c:\program files\UseNeXT
2010-04-27 10:14 . 2009-08-22 21:46        --------        d-----w-        c:\program files\TuneUp Utilities 2009
2010-04-27 10:08 . 2009-08-22 21:46        --------        d-----w-        c:\programdata\TuneUp Software
2010-04-02 08:46 . 2009-08-22 15:12        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-04-02 08:45 . 2009-10-24 14:45        --------        d-----w-        c:\program files\DAEMON Tools Toolbar
2010-04-02 08:42 . 2010-04-02 08:42        --------        d-----w-        c:\program files\Xirrus
2010-04-01 14:13 . 2010-04-01 14:13        --------        d-----w-        c:\program files\Common Files\Skype
2010-04-01 13:43 . 2009-07-24 10:26        291352        ----a-w-        c:\windows\system32\drivers\bdfsfltr.sys
2010-04-01 13:11 . 2009-08-22 21:48        21320        ----a-w-        c:\windows\system32\authuitu.dll
2010-03-29 21:06 . 2010-03-29 21:06        --------        d-----w-        c:\program files\EPROM50
2010-03-29 20:58 . 2010-03-29 20:58        5152        ----a-w-        c:\windows\system32\drivers\io.sys
2010-03-25 18:39 . 2010-03-25 18:38        --------        d-----w-        c:\program files\ICQ-Banner-Remover
2010-03-25 09:27 . 2010-04-25 21:32        1107264        ----a-w-        c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2010-03-24 18:17 . 2010-03-24 08:04        952768        ----a-w-        c:\programdata\Adobe\Reader\9.3\ARM\30963\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04        70584        ----a-w-        c:\programdata\Adobe\Reader\9.3\ARM\30963\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04        326056        ----a-w-        c:\programdata\Adobe\Reader\9.3\ARM\30963\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04        326056        ----a-w-        c:\programdata\Adobe\Reader\9.3\ARM\30963\AcrobatUpdater.exe
2010-03-23 19:33 . 2009-10-22 16:20        739082        ----a-w-        c:\windows\system32\perfh007.dat
2010-03-23 19:33 . 2009-10-22 16:20        153070        ----a-w-        c:\windows\system32\perfc007.dat
2010-03-23 19:32 . 2010-03-23 19:32        --------        d-----w-        c:\program files\CMAK
2010-03-23 09:54 . 2010-03-23 09:54        --------        d-----w-        c:\program files\RMClock
2010-03-22 18:04 . 2010-03-22 18:04        --------        d-----w-        c:\program files\CPUCooL
2010-03-18 15:58 . 2010-03-18 15:58        101248        ----a-w-        c:\windows\system32\drivers\avmaura.sys
2010-03-18 12:22 . 2010-03-18 11:08        28672        ----a-w-        c:\windows\system32\AF15BDAEX.dll
2010-03-18 12:22 . 2010-03-18 11:08        126        ----a-w-        c:\windows\system32\AF15IRTBL.bin
2010-03-18 12:22 . 2010-03-18 11:08        483200        ----a-w-        c:\windows\system32\drivers\AF15BDA.sys
2010-03-17 09:35 . 2010-04-25 21:32        309248        ----a-w-        c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
2010-03-15 13:04 . 2009-08-25 12:02        34        ----a-w-        c:\programdata\StarMoney 7.0\profil\sfmsm.dll
2010-03-10 10:01 . 2010-03-10 10:01        411368        ----a-w-        c:\windows\system32\deploytk.dll
2010-03-08 21:33 . 2010-04-14 07:57        427520        ----a-w-        c:\windows\system32\vbscript.dll
2010-02-28 19:23 . 2009-09-05 13:06        281760        ----a-w-        c:\windows\system32\drivers\atksgt.sys
2010-02-28 19:23 . 2009-09-05 13:06        25888        ----a-w-        c:\windows\system32\drivers\lirsgt.sys
2010-02-28 18:30 . 2010-02-28 18:30        48648        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-02-28 18:30 . 2010-02-06 17:47        1170240        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-02-27 12:07 . 2010-04-14 07:57        3899280        ----a-w-        c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07 . 2010-04-14 07:57        3954568        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2010-02-27 07:32 . 2010-04-14 07:57        221696        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-14 07:57        95744        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-14 07:57        123392        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 07:56 . 2010-03-30 17:57        977920        ----a-w-        c:\windows\system32\wininet.dll
2010-02-22 16:58 . 2010-03-11 14:09        1733152        ----a-w-        c:\windows\system32\RtkPgExt.dll
2010-02-22 16:58 . 2010-03-11 14:09        57888        ----a-w-        c:\windows\system32\RtkCoInst.dll
2010-02-22 16:58 . 2010-03-11 14:09        371232        ----a-w-        c:\windows\system32\RtkApoApi.dll
2010-02-22 16:58 . 2010-03-11 14:09        2649120        ----a-w-        c:\windows\system32\RtkAPO.dll
2010-02-22 16:23 . 2010-03-11 14:09        3022944        ----a-w-        c:\windows\system32\drivers\RTKVHDA.sys
2010-02-20 16:47 . 2010-01-07 12:02        1170240        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

       
Code:

       
<pre>
c:\program files\Acronis\TrueImageHome\timountermonitor .exe
c:\program files\Acronis\TrueImageHome\TrueImageMonitor .exe
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Intel\AMT\atchk .exe
c:\program files\Lenovo Fingerprint Software\fpapp .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\PGWARE\SuperRam\superramtray .exe
c:\program files\QSoft\Autorun Kicker\_autorunkicker .exe
c:\program files\Skype\Phone\skype .exe
c:\program files\Smart Battery\smbtray .exe
c:\program files\Trojan Remover\trjscan .exe
c:\program files\Unlocker\UnlockerAssistant  .exe
c:\program files\Windows Sidebar\sidebar .exe
</pre>

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-03-18 14:06        1361208        ----a-r-        c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-01 1123360]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-22 8522272]
"MsmqIntCert"="mqrt.dll" [2009-07-14 152064]
"igfxTray Module"="c:\windows\System32\igfxtray.exe" [2009-09-23 141848]
"hkcmd Module"="c:\windows\System32\hkcmd.exe" [2009-09-23 173592]
"persistence Module"="c:\windows\System32\igfxpers.exe" [2009-09-23 150552]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-04-14 111928]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\roadrunner1405\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2010-4-25 910296]
Mozilla Thunderbird 3.0 Beta 3.lnk - c:\program files\Mozilla Thunderbird 3.0 Beta 3\thunderbird.exe [2009-10-8 11959472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages        REG_MULTI_SZ          msv1_0 wvauth
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
backup=c:\windows\pss\TMMonitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^roadrunner1405^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^klickTel OEM Frühjahr 2009 - Schnellstarter.lnk]
backup=c:\windows\pss\klickTel OEM Frühjahr 2009 - Schnellstarter.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32        203264        ----a-w-        c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
2007-04-16 08:13        71232        ----a-w-        c:\program files\Wave Systems Corp\Embassy Security Setup\EmbassySecurityCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 17:30        173592        ----a-w-        c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-04 17:03        186904        ----a-w-        c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 17:30        141848        ----a-w-        c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 17:30        150552        ----a-w-        c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostarTimer]
2009-09-28 09:01        36864        ----a-w-        c:\program files\phonostar-Player\phonostarTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 14:11        287800        ----a-r-        c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 13:41        434176        ----a-w-        c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-03-10 10:01        149280        ----a-w-        c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TODO_ _File description_]
c:\program files\Smart Battery\smbtray.exe [N/A]

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-24 721904]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2009-09-11 528904]
R3 AF9035BDA;AF9035 BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [2009-07-13 199168]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 WMSVC;Webverwaltungsdienst;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 9728]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S0 KeyAgent;KeyAgent; [x]
S0 snapman378;Acronis Snapshots Manager (Build 378);c:\windows\system32\DRIVERS\snman378.sys [2009-08-22 134272]
S0 stmtpm;STM TPM Service;c:\windows\system32\DRIVERS\stm_tpm.sys [2007-07-05 21504]
S0 tdrpman124;Acronis Try&Decide and Restore Points filter (build 124);c:\windows\system32\DRIVERS\tdrpm124.sys [2009-08-22 950848]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2010-05-10 72784]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-05-10 79952]
S1 ntiomin;ntiomin; [x]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-04-28 1872320]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-11-20 29416]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-05-10 85128]
S2 ftpsvc;Microsoft-FTP-Dienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2010-03-29 5152]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-01 1050440]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-07-27 1489688]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2010-03-18 101248]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-17 153448]
S3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2007-06-26 131584]
S3 netw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-01-13 6628352]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-07-13 9216]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 wbms_vista_x86;Winbond Memory Stick Controller;c:\windows\system32\Drivers\wbms_vista_x86.SYS [2007-06-26 52224]
S3 wbsdmmc;Winbond SD/MMC Controller;c:\windows\system32\DRIVERS\wbsdmmc_vista_x86.sys [2007-04-20 44544]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService        REG_MULTI_SZ          HsfXAudioService
bdx        REG_MULTI_SZ          scan
ftpsvc        REG_MULTI_SZ          ftpsvc
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
ipripsvc        REG_MULTI_SZ          iprip
LPDService        REG_MULTI_SZ          LPDSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
LSP: c:\windows\system32\biolsp.dll
FF - ProfilePath - c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll
FF - component: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
FF - component: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\fb_add_on@avm.de\components\FB_AddOn.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
 
 
 
 
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x8303A000]<< >>UNKNOWN [0x89BCE000]<< >>UNKNOWN [0x89BBD000]<< >>UNKNOWN [0x84525000]<< >>UNKNOWN [0x83003000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
 SecurityProcedure -> 0x8587d5f0
 QueryNameProcedure -> 0x8587c280
user & kernel MBR OK

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallIS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_is=\"0\" />"
"Device"="xrnJucq8yLy6z8fMzszNusjHvM8="

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\wvauth.DLL
c:\windows\system32\biolsp.dll

- - - - - - - > 'Explorer.exe'(7824)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\psxss.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2010\vsserv.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\mqsvc.exe
c:\xampp\mysql\bin\mysqld.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\taskhost.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\BitDefender\BitDefender 2010\seccenter.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-20  13:23:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-05-20 11:23
ComboFix2.txt  2010-05-19 14:06

Vor Suchlauf: 14 Verzeichnis(se), 12.956.110.848 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 12.717.944.832 Bytes frei

- - End Of File - - 291C6112E5BBE955D814E21BE98998C0
[/QUOTE]

cosinus 20.05.2010 15:12
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
KILLALL:

File::
c:\windows\system32\drivers\OV9655S.SET

Filelook::
c:\program files\Acronis\TrueImageHome\timountermonitor .exe
c:\program files\Acronis\TrueImageHome\TrueImageMonitor .exe
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Intel\AMT\atchk .exe
c:\program files\Lenovo Fingerprint Software\fpapp .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\PGWARE\SuperRam\superramtray .exe
c:\program files\QSoft\Autorun Kicker\_autorunkicker .exe
c:\program files\Skype\Phone\skype .exe
c:\program files\Smart Battery\smbtray .exe
c:\program files\Trojan Remover\trjscan .exe
c:\program files\Unlocker\UnlockerAssistant  .exe
c:\program files\Windows Sidebar\sidebar .exe

Driver::
KeyAgent
ntiomin
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

roadrunner14 20.05.2010 16:35
erledigt, hier das log:

Code:
ComboFix 10-05-19.03 - roadrunner1405 20.05.2010  17:02:22.3.2 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.2006.888 [GMT 2:00]
ausgeführt von:: c:\users\roadrunner1405\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\roadrunner1405\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\drivers\OV9655S.SET"
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\OV9655S.SET

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KEYAGENT
-------\Legacy_NTIOMIN
-------\Service_KeyAgent
-------\Service_ntiomin


(((((((((((((((((((((((  Dateien erstellt von 2010-04-20 bis 2010-05-20  ))))))))))))))))))))))))))))))
.

2010-05-20 15:11 . 2010-05-20 15:15        --------        d-----w-        c:\users\roadrunner1405\AppData\Local\temp
2010-05-20 15:11 . 2010-05-20 15:11        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-05-20 15:11 . 2010-05-20 15:11        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2010-05-20 15:11 . 2010-05-20 15:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-05-20 15:11 . 2010-05-20 15:11        --------        d-----w-        c:\users\Classic .NET AppPool\AppData\Local\temp
2010-05-20 08:20 . 2010-05-20 08:20        --------        d-----w-        C:\_OTL
2010-05-19 17:38 . 2010-05-19 17:38        --------        d-----w-        c:\users\roadrunner1405\AppData\Roaming\Malwarebytes
2010-05-19 17:38 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 17:38 . 2010-05-19 17:38        --------        d-----w-        c:\programdata\Malwarebytes
2010-05-19 17:38 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-05-19 17:37 . 2010-05-19 17:38        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-05-19 14:17 . 2010-03-04 07:33        740864        ----a-w-        c:\windows\system32\inetcomm.dll
2010-05-19 13:22 . 2010-05-19 13:22        --------        d-----w-        c:\program files\CCleaner
2010-05-19 12:24 . 2010-05-19 12:24        --------        d-----w-        c:\programdata\F-Secure
2010-05-17 12:28 . 2010-05-17 12:28        --------        d-----w-        c:\program files\SweetIM
2010-05-17 12:28 . 2010-05-17 12:28        --------        d-----w-        c:\programdata\SweetIM
2010-05-15 15:03 . 2010-05-15 15:33        --------        d-----w-        c:\program files\ICQ7.1
2010-05-10 19:17 . 2009-10-10 02:57        12800        ----a-w-        c:\windows\system32\drivers\sffp_sd.sys
2010-05-10 19:17 . 2009-10-10 02:31        84992        ----a-w-        c:\windows\system32\drivers\sdbus.sys
2010-05-10 18:42 . 2009-12-11 07:44        133720        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2010-05-10 18:42 . 2009-12-11 07:38        1037312        ----a-w-        c:\windows\system32\lsasrv.dll
2010-05-10 18:42 . 2009-09-26 05:58        194488        ----a-w-        c:\windows\system32\drivers\fvevol.sys
2010-05-07 19:15 . 2010-05-07 19:15        --------        d-----w-        c:\program files\The KMPlayer
2010-05-07 19:02 . 2010-05-07 19:02        --------        d-----w-        c:\users\roadrunner1405\AppData\Local\ratDVD
2010-05-07 19:02 . 2010-05-07 19:02        --------        d-----w-        c:\program files\ratDVD
2010-05-07 13:32 . 2010-05-07 13:32        --------        d-----w-        c:\users\roadrunner1405\AppData\Local\Diagnostics
2010-05-05 10:56 . 2010-05-05 10:56        --------        d-----w-        c:\programdata\eBay
2010-05-05 10:56 . 2010-05-05 10:56        --------        d-----w-        c:\program files\eBay
2010-05-04 10:12 . 2010-05-04 10:12        --------        d-----w-        c:\users\roadrunner1405\AppData\Local\FixItCenter
2010-05-04 09:58 . 2010-05-04 09:58        --------        d-----w-        c:\windows\CheckSur
2010-05-04 09:50 . 2010-05-04 09:50        --------        d-----w-        c:\windows\MATS
2010-05-04 09:50 . 2010-05-04 09:50        --------        d-----w-        c:\program files\Microsoft Fix it Center
2010-05-03 22:44 . 2010-05-04 10:06        --------        d-----w-        c:\program files\Registry Easy
2010-05-03 17:18 . 2010-05-03 17:18        --------        d-----w-        c:\program files\Trend Micro
2010-04-28 06:28 . 2010-04-28 08:34        --------        d-----w-        c:\program files\a-squared Free
2010-04-27 13:59 . 2010-04-27 13:59        --------        d-----w-        c:\programdata\Cloanto
2010-04-27 13:59 . 2010-04-27 13:59        --------        d-----w-        c:\program files\Common Files\Cloanto
2010-04-27 13:59 . 2010-04-27 13:59        --------        d-----w-        c:\program files\Cloanto
2010-04-27 10:25 . 2010-04-01 13:11        30024        ----a-w-        c:\windows\system32\uxtuneup.dll
2010-04-27 10:10 . 2010-04-01 13:17        30536        ----a-w-        c:\windows\system32\TURegOpt.exe
2010-04-27 10:09 . 2010-04-27 10:25        --------        d-----w-        c:\program files\TuneUp Utilities 2010
2010-04-27 10:07 . 2010-04-27 10:07        --------        d-sh--w-        c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-27 09:45 . 2010-05-10 16:00        --------        d-----w-        c:\program files\Unlocker
2010-04-26 20:35 . 2010-04-30 08:19        --------        d-----w-        c:\program files\GridinSoft Trojan Killer
2010-04-26 20:13 . 2010-04-26 20:13        --------        d-----w-        c:\program files\QSoft
2010-04-26 20:12 . 2010-04-26 20:12        --------        d-----w-        c:\program files\NoVirusThanks
2010-04-26 20:06 . 2006-06-19 10:01        69632        ----a-w-        c:\windows\system32\ztvcabinet.dll
2010-04-26 20:06 . 2006-05-25 12:52        162304        ----a-w-        c:\windows\system32\ztvunrar36.dll
2010-04-26 20:06 . 2005-08-25 22:50        77312        ----a-w-        c:\windows\system32\ztvunace26.dll
2010-04-26 20:06 . 2003-02-02 17:06        153088        ----a-w-        c:\windows\system32\UNRAR3.dll
2010-04-26 20:06 . 2002-03-05 22:00        75264        ----a-w-        c:\windows\system32\unacev2.dll
2010-04-26 20:06 . 2010-04-26 21:12        --------        d-----w-        c:\program files\Trojan Remover
2010-04-26 20:06 . 2010-04-26 20:06        --------        d-----w-        c:\users\roadrunner1405\AppData\Roaming\Simply Super Software
2010-04-26 20:06 . 2010-04-26 20:06        --------        d-----w-        c:\programdata\Simply Super Software
2010-04-26 09:00 . 2010-04-26 09:01        --------        d-----w-        C:\ZL_DB_CCcam_SoftCam_Control
2010-04-25 21:15 . 2010-04-25 21:15        --------        d-----w-        c:\users\roadrunner1405\AppData\Local\Mozilla
2010-04-25 10:22 . 2010-04-25 12:30        --------        d-----w-        c:\program files\WindowsServices
2010-04-25 10:22 . 2010-04-25 10:22        --------        d-----w-        c:\program files\TimHillOne
2010-04-24 11:05 . 2010-04-24 11:05        --------        d-----w-        c:\program files\PGWARE
2010-04-23 14:59 . 2010-04-23 14:59        49152        ----a-r-        c:\windows\system32\inetwh32.dll
2010-04-23 14:59 . 2010-04-23 14:59        1044480        ----a-r-        c:\windows\system32\roboex32.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-20 15:16 . 2009-08-23 17:48        --------        d-----w-        c:\users\roadrunner1405\AppData\Roaming\Skype
2010-05-20 15:15 . 2009-08-23 17:50        --------        d-----w-        c:\users\roadrunner1405\AppData\Roaming\skypePM
2010-05-20 15:13 . 2010-03-23 19:33        4194304        ----a-w-        c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2010-05-20 09:46 . 2009-10-07 08:26        --------        d-----w-        c:\users\roadrunner1405\AppData\Roaming\ICQ
2010-05-20 08:20 . 2009-10-07 08:26        --------        d-----w-        c:\program files\ICQ6Toolbar
2010-05-19 14:21 . 2009-08-27 09:04        --------        d-----w-        c:\programdata\Microsoft Help
2010-05-19 14:20 . 2009-07-14 02:37        --------        d-----w-        c:\program files\Windows Mail
2010-05-19 09:00 . 2010-01-07 12:02        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-05-19 09:00 . 2010-05-19 09:00        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-05-18 20:08 . 2010-03-15 12:49        --------        d-----w-        c:\users\roadrunner1405\AppData\Roaming\UseNeXT
2010-05-16 18:02 . 2009-10-08 20:42        --------        d-----w-        c:\program files\Mozilla Thunderbird 3.0 Beta 3
2010-05-15 21:44 . 2010-03-10 10:02        --------        d-----w-        c:\program files\JDownloader
2010-05-15 16:24 . 2009-07-14 04:52        --------        d-----w-        c:\program files\Windows Sidebar
2010-05-15 15:23 . 2009-10-07 08:26        --------        d-----w-        c:\programdata\ICQ
2010-05-10 18:09 . 2009-08-23 17:45        --------        d-----r-        c:\program files\Skype
2010-05-10 16:00 . 2009-08-22 15:25        --------        d-----w-        c:\program files\Smart Battery
2010-05-10 16:00 . 2009-08-22 15:41        --------        d-----w-        c:\program files\Lenovo Fingerprint Software
2010-05-10 12:56 . 2009-10-19 15:04        72784        ----a-w-        c:\windows\system32\drivers\BdfNdisf6.sys
2010-05-07 19:13 . 2009-09-11 19:05        --------        d-----w-        c:\users\roadrunner1405\AppData\Roaming\vlc
2010-04-28 06:45 . 2009-10-18 08:40        --------        d-----w-        c:\program files\FileZilla FTP Client
2010-04-27 17:59 . 2010-03-15 12:43        --------        d-----w-        c:\program files\UseNeXT
2010-04-27 10:14 . 2009-08-22 21:46        --------        d-----w-        c:\program files\TuneUp Utilities 2009
2010-04-27 10:08 . 2009-08-22 21:46        --------        d-----w-        c:\programdata\TuneUp Software
2010-04-02 08:46 . 2009-08-22 15:12        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-04-02 08:45 . 2009-10-24 14:45        --------        d-----w-        c:\program files\DAEMON Tools Toolbar
2010-04-02 08:42 . 2010-04-02 08:42        --------        d-----w-        c:\program files\Xirrus
2010-04-01 14:13 . 2010-04-01 14:13        --------        d-----w-        c:\program files\Common Files\Skype
2010-04-01 13:43 . 2009-07-24 10:26        291352        ----a-w-        c:\windows\system32\drivers\bdfsfltr.sys
2010-04-01 13:11 . 2009-08-22 21:48        21320        ----a-w-        c:\windows\system32\authuitu.dll
2010-03-29 21:06 . 2010-03-29 21:06        --------        d-----w-        c:\program files\EPROM50
2010-03-29 20:58 . 2010-03-29 20:58        5152        ----a-w-        c:\windows\system32\drivers\io.sys
2010-03-25 18:39 . 2010-03-25 18:38        --------        d-----w-        c:\program files\ICQ-Banner-Remover
2010-03-25 09:27 . 2010-04-25 21:32        1107264        ----a-w-        c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2010-03-24 18:17 . 2010-03-24 08:04        952768        ----a-w-        c:\programdata\Adobe\Reader\9.3\ARM\30963\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04        70584        ----a-w-        c:\programdata\Adobe\Reader\9.3\ARM\30963\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04        326056        ----a-w-        c:\programdata\Adobe\Reader\9.3\ARM\30963\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04        326056        ----a-w-        c:\programdata\Adobe\Reader\9.3\ARM\30963\AcrobatUpdater.exe
2010-03-23 19:33 . 2009-10-22 16:20        739082        ----a-w-        c:\windows\system32\perfh007.dat
2010-03-23 19:33 . 2009-10-22 16:20        153070        ----a-w-        c:\windows\system32\perfc007.dat
2010-03-23 19:32 . 2010-03-23 19:32        --------        d-----w-        c:\program files\CMAK
2010-03-23 09:54 . 2010-03-23 09:54        --------        d-----w-        c:\program files\RMClock
2010-03-22 18:04 . 2010-03-22 18:04        --------        d-----w-        c:\program files\CPUCooL
2010-03-18 15:58 . 2010-03-18 15:58        101248        ----a-w-        c:\windows\system32\drivers\avmaura.sys
2010-03-18 12:22 . 2010-03-18 11:08        28672        ----a-w-        c:\windows\system32\AF15BDAEX.dll
2010-03-18 12:22 . 2010-03-18 11:08        126        ----a-w-        c:\windows\system32\AF15IRTBL.bin
2010-03-18 12:22 . 2010-03-18 11:08        483200        ----a-w-        c:\windows\system32\drivers\AF15BDA.sys
2010-03-17 09:35 . 2010-04-25 21:32        309248        ----a-w-        c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
2010-03-15 13:04 . 2009-08-25 12:02        34        ----a-w-        c:\programdata\StarMoney 7.0\profil\sfmsm.dll
2010-03-10 10:01 . 2010-03-10 10:01        411368        ----a-w-        c:\windows\system32\deploytk.dll
2010-03-08 21:33 . 2010-04-14 07:57        427520        ----a-w-        c:\windows\system32\vbscript.dll
2010-02-28 19:23 . 2009-09-05 13:06        281760        ----a-w-        c:\windows\system32\drivers\atksgt.sys
2010-02-28 19:23 . 2009-09-05 13:06        25888        ----a-w-        c:\windows\system32\drivers\lirsgt.sys
2010-02-28 18:30 . 2010-02-28 18:30        48648        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-02-28 18:30 . 2010-02-06 17:47        1170240        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-02-27 12:07 . 2010-04-14 07:57        3899280        ----a-w-        c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07 . 2010-04-14 07:57        3954568        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2010-02-27 07:32 . 2010-04-14 07:57        221696        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-14 07:57        95744        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-14 07:57        123392        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 07:56 . 2010-03-30 17:57        977920        ----a-w-        c:\windows\system32\wininet.dll
2010-02-22 16:58 . 2010-03-11 14:09        1733152        ----a-w-        c:\windows\system32\RtkPgExt.dll
2010-02-22 16:58 . 2010-03-11 14:09        57888        ----a-w-        c:\windows\system32\RtkCoInst.dll
2010-02-22 16:58 . 2010-03-11 14:09        371232        ----a-w-        c:\windows\system32\RtkApoApi.dll
2010-02-22 16:58 . 2010-03-11 14:09        2649120        ----a-w-        c:\windows\system32\RtkAPO.dll
2010-02-22 16:23 . 2010-03-11 14:09        3022944        ----a-w-        c:\windows\system32\drivers\RTKVHDA.sys
2010-02-20 16:47 . 2010-01-07 12:02        1170240        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

       
Code:

       
<pre>
c:\program files\Acronis\TrueImageHome\timountermonitor .exe
c:\program files\Acronis\TrueImageHome\TrueImageMonitor .exe
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Intel\AMT\atchk .exe
c:\program files\Lenovo Fingerprint Software\fpapp .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\PGWARE\SuperRam\superramtray .exe
c:\program files\QSoft\Autorun Kicker\_autorunkicker .exe
c:\program files\Skype\Phone\skype .exe
c:\program files\Smart Battery\smbtray .exe
c:\program files\Trojan Remover\trjscan .exe
c:\program files\Unlocker\UnlockerAssistant  .exe
c:\program files\Windows Sidebar\sidebar .exe
</pre>

((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\program files\Acronis\TrueImageHome\timountermonitor .exe ---
Company: Acronis
File Description: Monitor for Acronis True Image Backup Archive Explorer
File Version: 4,0,0,453
Product Name: Acronis True Image
Copyright: Copyright (c) Acronis 2000-2007
Original Filename: TimounterMonitor.exe
File size: 962456
Created time: 2008-09-15 16:32
Modified time: 2008-09-15 16:32
MD5: C880EF37016EE8AF0FB22B066EF4C1B7
SHA1: 85C0B0C81FCBEAD6BFFB4D9EC09A485F73A783E6


--- c:\program files\Acronis\TrueImageHome\TrueImageMonitor .exe ---
Company: Acronis
File Description: Acronis True Image Monitor
File Version: 12,0,0,9551
Product Name: Acronis True Image
Copyright: Copyright (C) Acronis, 2000-2008.
Original Filename: TrueImageMonitor.exe
File size: 4353088
Created time: 2008-09-15 16:21
Modified time: 2008-09-15 16:21
MD5: ECAA272D17CE77DB46E5B98A60869984
SHA1: 18E8311DB6FC092E53E68A8C921F8266026CA0CB


--- c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe ---
Company: Adobe Systems Incorporated
File Description: Adobe Acrobat SpeedLauncher
File Version: 9.3.2.163
Product Name: Adobe Acrobat
Copyright: Copyright 1984-2010 Adobe Systems Incorporated and its licensors. All rights reserved.
Original Filename: AcroSpeedLaunch.exe
File size: 36272
Created time: 2010-04-04 05:42
Modified time: 2010-04-04 05:42
MD5: F91F52F4EA5D88DAB6245682A16F3A72
SHA1: CD8F3D00EAE82C6205A24359A92F4C1C44930D45


--- c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe ---
Company: Acronis
File Description: Acronis Scheduler Helper
File Version: 1,0,0,271
Product Name: Acronis Scheduler Helper
Copyright: Copyright (C) 2000-2004 Acronis
Original Filename: schedhlp.exe
File size: 165144
Created time: 2008-09-15 16:27
Modified time: 2008-09-15 16:27
MD5: 6DAB589180D9C831A14B8FC4ED50659F
SHA1: 31CEF20A1554D72FC2C4561753032F0B28BDFDD2


--- c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe ---
Company: Adobe Systems Incorporated
File Description: Adobe Reader and Acrobat Manager
File Version: 1.1.7.0
Product Name: Adobe Reader and Acrobat Manager
Copyright: Copyright © 2010 Adobe Systems Incorporated.  All rights reserved.
Original Filename: AdobeARM.exe
File size: 952768
Created time: 2009-12-11 14:57
Modified time: 2010-03-24 18:17
MD5: DB1DB28467111A24664933AB8908CBCE
SHA1: 158A5420F5ED20F1B2AFD210564A4A712C6C3C22


--- c:\program files\Intel\AMT\atchk .exe ---
Company: Intel Corporation
File Description: Displays state of Intel® Active Management Technology.
File Version: 2.0.0.5
Product Name: atchk
Copyright: Copyright(C) 2006 Intel Corporation.
Original Filename: atchk.exe
File size: 404248
Created time: 2009-08-22 16:36
Modified time: 2007-07-27 06:07
MD5: 398AC7A90320B60BEBA0E6619BD6A614
SHA1: 69A33AD11FACFF3FDDF8AC28BD103277688A6228


--- c:\program files\Lenovo Fingerprint Software\fpapp .exe ---
Company: Authentec,Inc
File Description:
File Version: 1, 1, 6, 55
Product Name: fpapp.exe
Copyright: Authentec .  All rights reserved.
Original Filename: fpapp.exe
File size: 950272
Created time: 2008-07-15 05:13
Modified time: 2008-07-15 05:13
MD5: 5C2520F481973E26B58DF115E93C2154
SHA1: 969563F570B1098DE57E52D6D7785FDE132296E1


--- c:\program files\Microsoft Office\Office12\groovemonitor .exe ---
Company: Microsoft Corporation
File Description: GrooveMonitor Utility
File Version: 12.0.6413.1000
Product Name: GrooveMonitor Utility
Copyright: © 2006 Microsoft Corporation.  All rights reserved.
Original Filename: GrooveMonitor.exe
File size: 31072
Created time: 2008-10-25 10:44
Modified time: 2008-10-25 10:44
MD5: 644795F6985C740F5E36E9336B837D0B
SHA1: D2F5F78D437D81BA678F61AE2EEB966AC0715091


--- c:\program files\PGWARE\SuperRam\superramtray .exe ---
Company: PGWARE LLC
File Description: SuperRam Tray Applet
File Version: 6.0.0.0
Product Name: SuperRam
Copyright: Copyright © 2001-2010 PGWARE LLC
Original Filename: SUPERRAMTRAY.EXE
File size: 1703624
Created time: 2010-04-24 11:06
Modified time: 2010-04-18 21:09
MD5: 9955A8998FF5D41A414AC53979202A2A
SHA1: 1C0A419B48C992ECE80E15FF493C08CB83AF771E


--- c:\program files\QSoft\Autorun Kicker\_autorunkicker .exe ---
Company: UNDP
File Description: Autorun_Kicker
File Version: 1.0.0.0
Product Name: Autorun_Kicker
Copyright: Copyright © UNDP 2008
Original Filename: Autorun_Kicker.exe
File size: 528384
Created time: 2010-04-26 20:13
Modified time: 2009-01-03 09:23
MD5: EFE7D4DE8D219FF73CF2E99E2C86012C
SHA1: 81E4AB541CFA8E4D4A0C47C06840814AD716371E


--- c:\program files\Skype\Phone\skype .exe ---
Company: Skype Technologies S.A.
File Description: Skype
File Version: 4.2.0.155
Product Name: Skype
Copyright: (c) Skype Technologies S.A.
Original Filename: Skype.exe
File size: 26100520
Created time: 2010-03-09 08:02
Modified time: 2010-03-09 08:02
MD5: 46C92F0351DF5A4F74C9D37CD43F741D
SHA1: 9EEF9CE68CA87BD69B9B338D8C4CCC591B81A295


--- c:\program files\Smart Battery\smbtray .exe ---
Company: Compal Electronics, Inc.
File Description: TODO: <File description>
File Version: 1.0.0.6
Product Name: TODO: <Product name>
Copyright: TODO: (c) <Company name>.  All rights reserved.
Original Filename: SMBTrayVC2005.exe
File size: 521776
Created time: 2009-08-22 15:25
Modified time: 2007-06-04 15:22
MD5: 32C973E68E3DF5831638337503738E62
SHA1: E51F7C5A2E675BC84866AADD928C8D644B2FC5CB


--- c:\program files\Trojan Remover\trjscan .exe ---
Company: Simply Super Software
File Description: Trojan Scanner
File Version: 6.8.2.1307
Product Name: Trojan Scanner
Copyright: © 1999-2010 Simply Super Software
Original Filename: TRJSCAN.EXE
File size: 1165192
Created time: 2010-04-26 20:06
Modified time: 2010-02-27 18:17
MD5: 87CE21846BCFA0F0A14F60807DD0A56D
SHA1: 7012AE4BFCE6A62E806A4FBC2AD65232282BFD5F


--- c:\program files\Unlocker\UnlockerAssistant  .exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 15872
Created time: 2010-03-09 02:52
Modified time: 2010-03-09 02:52
MD5: C33EE8245897AEF45B7F0C70FDE0F78F
SHA1: 0AF3A3B9895113589E56A043E16D21ECA0038057


--- c:\program files\Windows Sidebar\sidebar .exe ---
Company: Microsoft Corporation
File Description: Windows Sidebar
File Version: 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: sidebar.EXE
File size: 1233920
Created time: 2009-07-13 23:41
Modified time: 2009-04-11 06:28
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4
SHA1: 445D62FEAC7E3F9762B78B3E901A9DCA1B08BCFF


((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-03-18 14:06        1361208        ----a-r-        c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-01 1123360]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-22 8522272]
"MsmqIntCert"="mqrt.dll" [2009-07-14 152064]
"igfxTray Module"="c:\windows\System32\igfxtray.exe" [2009-09-23 141848]
"hkcmd Module"="c:\windows\System32\hkcmd.exe" [2009-09-23 173592]
"persistence Module"="c:\windows\System32\igfxpers.exe" [2009-09-23 150552]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-04-14 111928]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\roadrunner1405\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2010-4-25 910296]
Mozilla Thunderbird 3.0 Beta 3.lnk - c:\program files\Mozilla Thunderbird 3.0 Beta 3\thunderbird.exe [2009-10-8 11959472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages        REG_MULTI_SZ          msv1_0 wvauth
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
backup=c:\windows\pss\TMMonitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^roadrunner1405^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^klickTel OEM Frühjahr 2009 - Schnellstarter.lnk]
backup=c:\windows\pss\klickTel OEM Frühjahr 2009 - Schnellstarter.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32        203264        ----a-w-        c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
2007-04-16 08:13        71232        ----a-w-        c:\program files\Wave Systems Corp\Embassy Security Setup\EmbassySecurityCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 17:30        173592        ----a-w-        c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-04 17:03        186904        ----a-w-        c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 17:30        141848        ----a-w-        c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 17:30        150552        ----a-w-        c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostarTimer]
2009-09-28 09:01        36864        ----a-w-        c:\program files\phonostar-Player\phonostarTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 14:11        287800        ----a-r-        c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 13:41        434176        ----a-w-        c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-03-10 10:01        149280        ----a-w-        c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TODO_ _File description_]
c:\program files\Smart Battery\smbtray.exe [N/A]

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-24 721904]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2009-09-11 528904]
R3 AF9035BDA;AF9035 BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [2009-07-13 199168]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 WMSVC;Webverwaltungsdienst;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 9728]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S0 snapman378;Acronis Snapshots Manager (Build 378);c:\windows\system32\DRIVERS\snman378.sys [2009-08-22 134272]
S0 stmtpm;STM TPM Service;c:\windows\system32\DRIVERS\stm_tpm.sys [2007-07-05 21504]
S0 tdrpman124;Acronis Try&Decide and Restore Points filter (build 124);c:\windows\system32\DRIVERS\tdrpm124.sys [2009-08-22 950848]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2010-05-10 72784]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-05-10 79952]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-04-28 1872320]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-11-20 29416]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-05-10 85128]
S2 ftpsvc;Microsoft-FTP-Dienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2010-03-29 5152]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-01 1050440]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-07-27 1489688]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2010-03-18 101248]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-17 153448]
S3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2007-06-26 131584]
S3 netw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-01-13 6628352]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-07-13 9216]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 wbms_vista_x86;Winbond Memory Stick Controller;c:\windows\system32\Drivers\wbms_vista_x86.SYS [2007-06-26 52224]
S3 wbsdmmc;Winbond SD/MMC Controller;c:\windows\system32\DRIVERS\wbsdmmc_vista_x86.sys [2007-04-20 44544]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService        REG_MULTI_SZ          HsfXAudioService
bdx        REG_MULTI_SZ          scan
ftpsvc        REG_MULTI_SZ          ftpsvc
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
ipripsvc        REG_MULTI_SZ          iprip
LPDService        REG_MULTI_SZ          LPDSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
LSP: c:\windows\system32\biolsp.dll
FF - ProfilePath - c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll
FF - component: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
FF - component: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\fb_add_on@avm.de\components\FB_AddOn.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
 
 
 
 
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x8304B000]<< >>UNKNOWN [0x89BA1000]<< >>UNKNOWN [0x89B90000]<< >>UNKNOWN [0x8467D000]<< >>UNKNOWN [0x83014000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
 SecurityProcedure -> 0x8587b848
 QueryNameProcedure -> 0x8587b9d8
user & kernel MBR OK

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallIS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_is=\"0\" />"
"Device"="xrnJucq8yLy6z8fMzszNusjHvM8="

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\wvauth.DLL
c:\windows\system32\biolsp.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\psxss.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2010\vsserv.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\mqsvc.exe
c:\xampp\mysql\bin\mysqld.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\system32\taskhost.exe
c:\program files\BitDefender\BitDefender 2010\seccenter.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\UI0Detect.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\upgrepl.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-20  17:21:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-05-20 15:21
ComboFix2.txt  2010-05-20 11:23
ComboFix3.txt  2010-05-19 14:06

Vor Suchlauf: 14 Verzeichnis(se), 12.555.452.416 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 12.390.027.264 Bytes frei

- - End Of File - - 6F979153E0841DF326F9E7898F317CAD
[/QUOTE]

cosinus 20.05.2010 19:02
Sieht schon nicht schlecht aus. Werden noch falsche Links geöffnet?
Mach nochmal bitte Logs mit GMER und OSAM.

roadrunner14 20.05.2010 20:11
Nein, jetzt ist alles top. Ist auch etwas schneller geworden. Kommt mir zumindest so vor. :taenzer:

:dankeschoen::dankeschoen::dankeschoen::dankeschoen::dankeschoen:

Die logs kommen gleich nach.

roadrunner14 20.05.2010 20:34
Das log von GMER:

Zitat:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-20 21:25:06
Windows 6.1.7600
Running: bbrv1ksc.exe; Driver: C:\Users\ROADRU~1\AppData\Local\Temp\ffdyauow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302EAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83016634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83016898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302E6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302EF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8308E599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B2F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9895B300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x989B3300, 0x1BEE, 0xE8000020]
.text peauth.sys AFC29C9D 28 Bytes [DE, 00, B2, 6D, D1, B7, CB, ...]
.text peauth.sys AFC29CC1 28 Bytes [DE, 00, B2, 6D, D1, B7, CB, ...]
? C:\Users\ROADRU~1\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3836] ntdll.dll!LdrLoadDll 7785F585 5 Bytes JMP 002413F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\a-squared Free\a2service.exe[1888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [00454D58] C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
IAT C:\Program Files\a-squared Free\a2service.exe[1888] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [00454F5C] C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
IAT C:\Program Files\a-squared Free\a2service.exe[1888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00454D58] C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
IAT C:\Program Files\a-squared Free\a2service.exe[1888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [00454F5C] C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [66E99832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [66E9A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [66E994D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [66E994E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [66E994B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [66E994A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [66E9AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [66E99832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75665E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [66E9A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [66E99832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75665E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\advapi32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\advapi32.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\advapi32.dll [ntdll.dll!RtlReAllocateHeap] [66E99832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] [75665E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75665E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75665E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] [75665E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\shell32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\Iphlpapi.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[5376] @ C:\Windows\system32\Iphlpapi.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [66E99832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [66E9A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [66E994D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [66E994E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [66E994B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [66E994A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [66E9AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlSizeHeap] [66E9A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlReAllocateHeap] [66E99832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetProcAddress] [75665E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75665E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\advapi32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\advapi32.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\advapi32.dll [ntdll.dll!RtlReAllocateHeap] [66E99832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] [75665E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [66E99832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75665E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75665E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] [75665E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\secur32.dll [ntdll.dll!RtlAllocateHeap] [66E992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\secur32.dll [ntdll.dll!RtlFreeHeap] [66E99E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6768] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [75665E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7640] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [74242494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7640] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [74225624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7640] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [742256E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7640] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [7424250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7640] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74238573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7640] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [74234D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7640] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [742350CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7640] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [742351A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7640] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [742366D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7640] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [742382CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7640] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74238819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7640] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7423907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7640] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7423E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7640] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [74234C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 snman378.sys (Acronis Snapshot API/Acronis)

Device \Driver\ACPI_HAL \Device\00000062 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\BTHPORT
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\BTHPORT (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)

---- EOF - GMER 1.0.15 ----

roadrunner14 20.05.2010 20:38
und der OSAM log:

Zitat:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 21:37:19 on 20.05.2010

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl
"SMB.cpl" - "Compal Electronics, Inc." - C:\Windows\system32\SMB.cpl
"trueprint.cpl" - "AuthenTec, Inc." - C:\Windows\system32\trueprint.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl
"PavCPL" - ? - C:\Windows\system32\pavcpl.cpl (File not found)
"PROSet Tools" - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\iproset.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"BDFM" (BDFM) - "BitDefender S.R.L. Bucharest, ROMANIA" - C:\Windows\System32\DRIVERS\bdfm.sys
"bdfsfltr" (bdfsfltr) - "BitDefender" - C:\Windows\System32\DRIVERS\bdfsfltr.sys
"bdfwfpf" (bdfwfpf) - "BitDefender LLC" - C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys
"BDVEDISK" (BDVEDISK) - "BitDefender" - C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys
"BitDefender Firewall NDIS 6 Filter Driver" (BdfNdisf) - "BitDefender LLC" - C:\Windows\System32\DRIVERS\BdfNdisf6.sys
"catchme" (catchme) - ? - C:\Users\ROADRU~1\AppData\Local\Temp\catchme.sys (File not found)
"ffdyauow" (ffdyauow) - ? - C:\Users\ROADRU~1\AppData\Local\Temp\ffdyauow.sys (Hidden registry entry, rootkit activity | File not found)
"giveio" (giveio) - ? - C:\Windows\system32\DRIVERS\giveio.sys (File found, but it contains no detailed information)
"Intel Keyboard Filter" (kbfiltr) - "Intel Corporation" - C:\Windows\System32\DRIVERS\kbfiltr.sys
"IO.DLL Driver" (io.sys) - ? - C:\Windows\system32\drivers\io.sys (File found, but it contains no detailed information)
"ISO DVD/CD-ROM Device Driver" (ISODrive) - "EZB Systems, Inc." - C:\Program Files\UltraISO\drivers\ISODrive.sys
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"mbr" (mbr) - ? - C:\Users\ROADRU~1\AppData\Local\Temp\mbr.sys (File not found)
"ntiopnp" (ntiopnp) - ? - C:\Windows\system32\drivers\ntiopnp.sys
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys
"Profos" (Profos) - "BitDefender S.R.L." - C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys
"Sony Ericsson seehcri Device Driver" (seehcri) - "Sony Ericsson Mobile Communications" - C:\Windows\System32\DRIVERS\seehcri.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys
"Trufos" (Trufos) - "BitDefender S.R.L." - C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
BDFVCtxMenuExt "BDFVCtxMenuExt" - ? - (File not found | COM-object registry key not found)
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{A155339D-CCCD-4714-85EB-3754B804C9DF} "a-squared Free Shell Extension" - "Emsi Software GmbH" - C:\Program Files\a-squared Free\a2freecontmenu.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor" - ? - (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - "Simply Super Software" - C:\PROGRA~1\TROJAN~1\Trshlex.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{AD392E40-428C-459F-961E-9B147782D099} "UIContextMenu Class" - "EZB Systems, Inc." - C:\Program Files\UltraISO\isoshell.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information)
{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Context Menu Shell Extension" - ? - (File not found | COM-object registry key not found)
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Context Menu Shell Extension" - ? - (File not found | COM-object registry key not found)
{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 DragDrop Shell Extension" - ? - (File not found | COM-object registry key not found)
{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Property Sheet Shell Extension" - ? - (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} "BitDefender Toolbar" - "BitDefender S.R.L." - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - ? - (File not found | COM-object registry key not found)
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetIM Toolbar Helper" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Wave Systems Corp." - C:\Windows\system32\wvauth.dll
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\roadrunner1405\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Mozilla Firefox.lnk" - "Mozilla Corporation" - C:\Program Files\Mozilla Firefox\firefox.exe (Shortcut exists | File exists)
"Mozilla Thunderbird 3.0 Beta 3.lnk" - "Mozilla Messaging" - C:\Program Files\Mozilla Thunderbird 3.0 Beta 3\thunderbird.exe (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"BDAgent" - "BitDefender S.R.L." - "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
"BitDefender Antiphishing Helper" - "BitDefender S.R.L." - "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"SweetIM" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Messenger\SweetIM.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJ Language Monitor MP540 series" - "CANON INC." - C:\Windows\system32\CNMLM9E.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Microsoft Fix it Center\MatsRes.dll,-9000" (MatSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Fix it Center\Matsvc.exe
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
"a-squared Free Service" (a2free) - "Emsi Software GmbH" - C:\Program Files\a-squared Free\a2service.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
"Apache2.2" (Apache2.2) - "Apache Software Foundation" - C:\xampp\apache\bin\httpd.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"BitDefender Arrakis Server" (Arrakis3) - "BitDefender S.R.L. hxxp://www.bitdefender.com" - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
"BitDefender Desktop Update Service" (LIVESRV) - "BitDefender S.R.L." - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
"BitDefender Threat Scanner" (scan) - "S.C. BitDefender S.R.L" - C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll
"BitDefender Virus Shield" (VSSERV) - "BitDefender S.R.L." - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
"CPUCooLServer Service" (CPUCooLServer) - ? - C:\Program Files\CPUCooL\CooLSrv.exe (File found, but it contains no detailed information)
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) Active Management Technology Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\AMT\LMS.exe
"Intel(R) Active Management Technology System Status Service" (atchksrv) - "Intel Corporation" - C:\Program Files\Intel\AMT\atchksrv.exe
"Intel(R) Active Management Technology User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\AMT\UNS.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"MySQL" (MySQL) - "MySQL AB" - C:\xampp\mysql\bin\mysqld.exe
"NTRU TSS v1.2.1.12 TCS" (tcsd_win32.exe) - ? - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SecureStorageService" (SecureStorageService) - "Wave Systems Corp." - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (File found, but it contains no detailed information)
"StarMoney 7.0 OnlineUpdate" (StarMoney 7.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"Wave Systems Kerberos LSP" - "Wave Systems Corp." - C:\Windows\system32\biolsp.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit Online Solutions :: Index

cosinus 20.05.2010 20:42
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

roadrunner14 20.05.2010 22:37
hier ein log:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4117

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.05.2010 23:16:19
mbam-log-2010-05-20 (23-16-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 323691
Laufzeit: 1 Stunde(n), 27 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

roadrunner14 21.05.2010 10:20
hier noch der log vom superantispyware:

Zitat:
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 05/21/2010 at 02:15 AM

Application Version : 4.37.1000

Core Rules Database Version : 4964
Trace Rules Database Version: 2776

Scan type : Complete Scan
Total Scan Time : 01:10:58

Memory items scanned : 562
Memory threats detected : 0
Registry items scanned : 9042
Registry threats detected : 0
File items scanned : 50971
File threats detected : 8

Adware.Tracking Cookie
C:\Users\roadrunner1405\AppData\Roaming\Microsoft\Windows\Cookies\roadrunner1405@atwola[1].txt
C:\Users\roadrunner1405\AppData\Roaming\Microsoft\Windows\Cookies\roadrunner1405@doubleclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz1.91462.blueseek[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz10.91423.blueseek[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz3.91456.blueseek[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt

cosinus 21.05.2010 11:47
Da wurden nur Cookies gefunden. Noch Probleme?

roadrunner14 21.05.2010 11:50
Nö, sonst alles ok. Denke das wars dann.

Danke!!!!!!!!!!!!!!!!!!

cosinus 21.05.2010 11:56
Gut, bevor Du in den Sack haust ( :D ) bitte noch die Updates prüfen ;)

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

roadrunner14 21.05.2010 12:54
Hab alles abgearbeitet. Windows Update ist komplett aktuell. Da nehm ich normal alle Updates mit die kommen. Mein Bitdefender meldet die auch wenn welche kommen und installiert die. Die anderen Tools sind jetzt auch aktuell.
Besten Dank!


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:03 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129