Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   winlogon (https://www.trojaner-board.de/92596-winlogon.html)

fcangmar 06.11.2010 23:58
winlogon
 
Hallo,

versuche schon 2 Tagen meine Winlogon.exe zu "reparieren". Verwende AVG und dieser zeigt mir diese Datei als infiziert an.

Habe sie schon mit Jotti auch gescannt, 7 von 19 haben sie als infiziert erkannt.

Habe es weiters mit sfc und mit killbox versucht, beides fehlgeschlagen.

Bitte um Hilfe, will ein Neu-Aufsetzten vermeiden.

Danke

cosinus 07.11.2010 00:45
Hallo und :hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

fcangmar 07.11.2010 02:17
Hi,

anbei Malware:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5064

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

07.11.2010 02:01:21
mbam-log-2010-11-07 (02-01-21).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)
Objects scanned: 476982
Time elapsed: 59 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

fcangmar 07.11.2010 02:17
Und OTL:OTL Logfile:
Code:
OTL logfile created on: 07.11.2010 02:03:36 - Run 1
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Documents and Settings\Martin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 15,39 Gb Free Space | 31,52% Space Free | Partition Type: NTFS
Drive D: | 501,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 97,65 Gb Total Space | 63,00 Gb Free Space | 64,52% Space Free | Partition Type: NTFS
Drive F: | 97,65 Gb Total Space | 59,54 Gb Free Space | 60,97% Space Free | Partition Type: NTFS
Drive G: | 221,62 Gb Total Space | 97,51 Gb Free Space | 44,00% Space Free | Partition Type: NTFS
 
Computer Name: +++ | User Name: ++++ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Martin\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\Program\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - E:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - E:\Program\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - E:\Program\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
PRC - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
PRC - G:\Program\Siemens\Step7\S7BIN\s7asysvx.exe (SIEMENS AG)
PRC - E:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe (SIEMENS AG)
PRC - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe (SIEMENS AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - E:\Program\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Martin\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (toogmft) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (scinetu) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (oruqjr) -- C:\Program Files\Movie Maker\hqhakc.dll File not found
SRV - (oqimg) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (mlkynlqkb) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (eqkfl) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (bmljcgc) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (NMSAccess) -- E:\Program\CDBurnerXP\NMSAccessU.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (AVerScheduleService) -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AVerRemote) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
SRV - (Microsoft Office Groove Audit Service) -- E:\Program\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (s7asysvx) -- G:\Program\Siemens\Step7\S7BIN\s7asysvx.exe (SIEMENS AG)
SRV - (s7oiehsx) -- E:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe (SIEMENS AG)
SRV - (S7TraceServiceX) -- C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe (SIEMENS AG)
SRV - (almservice) -- E:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe (SIEMENS AG)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (msvsmon90) -- E:\Program\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (IGDCTRL) -- E:\Program\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (xltsaaqhvemjujj) -- C:\WINDOWS\system32\drivers\vdrkdlxgsthjem.sys ()
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (AVerAF35) -- C:\WINDOWS\system32\drivers\AVerAF35.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (VMUVC) -- C:\WINDOWS\system32\drivers\VMUVC.sys (Vimicro Corporation)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (hwinterface) -- C:\WINDOWS\system32\drivers\hwinterface.sys (Buzz)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (S7opcsrtx) PROFINET IO RT-Protocol (LLDP) -- C:\WINDOWS\system32\drivers\s7opcsrtx.sys (SIEMENS AG)
DRV - (vvftUVC) -- C:\WINDOWS\system32\drivers\vvftUVC.sys (Vimicro Corporation)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (SNTIE) SIMATIC Industrial Ethernet (ISO) -- C:\WINDOWS\system32\drivers\SNTIE.SYS (SIEMENS AG)
DRV - (s7snsrtx) -- C:\WINDOWS\system32\drivers\s7snsrtx.sys (SIEMENS AG)
DRV - (Dpmtrcdd) -- C:\WINDOWS\system32\drivers\dpmtrcdd.sys (SIEMENS AG)
DRV - (AF05BDA) -- C:\WINDOWS\system32\drivers\AF05BDA.sys (AfaTech                  )
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (s7oefs_x) -- C:\WINDOWS\System32\drivers\s7oefs_x.sys (SIEMENS AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.at"
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010.11.05 15:44:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: E:\Program\Mozilla Firefox\components [2010.10.29 05:38:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: E:\Program\Mozilla Firefox\plugins [2010.10.29 05:38:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.09 09:45:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.04.01 19:20:53 | 000,000,000 | ---D | M]
 
[2010.08.29 15:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Mozilla\Extensions
[2010.08.29 15:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.11.06 23:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\extensions
[2010.01.30 15:18:22 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.01.03 01:25:56 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\searchplugins\daemon-search.xml
[2010.08.10 22:02:08 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\searchplugins\web-search.xml
[2009.10.11 20:38:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.09.04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
 
O1 HOSTS File: ([2010.01.25 22:26:16 | 000,001,210 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - F:\Software\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - F:\Software\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - E:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - E:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ZoneAlarm Client] E:\Program\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8 - Extra context menu item: &Download by Orbit - E:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - E:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - E:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - E:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Program\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.01.02 21:50:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001.08.18 11:00:00 | 000,000,112 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\Shell - "" = AutoRun
O33 - MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0bdb1811-dcad-11dd-b36a-002354091e0f}\Shell\AutoRun\command - "" = VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe
O33 - MountPoints2\{0bdb1811-dcad-11dd-b36a-002354091e0f}\Shell\open\command - "" = VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe
O33 - MountPoints2\{9c3ca953-2d55-11df-9a46-002354091e0f}\Shell\AutoRun\command - "" = K:\SamsungSoftware\APPInst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.07 01:03:00 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Martin\Desktop\OTL.exe
[2010.11.06 23:44:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Martin\Recent
[2010.11.06 23:43:37 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010.11.06 23:43:27 | 000,092,672 | ---- | C] (Option^Explicit Software                        vbtechcd@gmail.com) -- C:\Documents and Settings\Martin\Desktop\KillBox.exe
[2010.11.06 23:39:21 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010.11.06 23:39:20 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2010.11.06 23:39:20 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2010.11.06 23:39:20 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010.11.06 23:39:19 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010.11.06 23:39:19 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2010.11.06 23:39:19 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010.11.06 23:39:18 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010.11.06 23:39:18 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010.11.06 23:39:18 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010.11.06 23:39:17 | 000,053,248 | ---- | C] (hxxp://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010.11.06 23:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Desktop\SmitfraudFix
[2010.11.06 10:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KONAMI
[2010.11.05 23:04:29 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2010.11.05 23:04:27 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2010.11.05 23:04:22 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2010.11.05 23:04:15 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2010.11.05 23:04:13 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2010.11.05 23:04:12 | 000,019,455 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
[2010.11.05 23:04:11 | 000,012,063 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
[2010.11.05 23:04:10 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2010.11.05 23:04:06 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2010.11.05 23:04:06 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2010.11.05 23:04:04 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2010.11.05 23:03:59 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2010.11.05 23:03:56 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2010.11.05 23:03:54 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2010.11.05 23:03:51 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2010.11.05 23:03:51 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2010.11.05 23:03:51 | 000,023,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2010.11.05 23:03:49 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2010.11.05 23:03:48 | 000,033,599 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
[2010.11.05 23:03:48 | 000,019,551 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
[2010.11.05 23:03:47 | 000,029,311 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
[2010.11.05 23:03:46 | 000,012,127 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
[2010.11.05 23:03:46 | 000,011,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
[2010.11.05 23:03:45 | 000,012,415 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
[2010.11.05 23:03:43 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2010.11.05 23:03:41 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2010.11.05 23:03:39 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2010.11.05 23:03:35 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2010.11.05 23:03:33 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2010.11.05 23:03:30 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2010.11.05 23:03:28 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2010.11.05 23:03:26 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2010.11.05 23:03:25 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2010.11.05 23:03:22 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2010.11.05 23:03:20 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2010.11.05 23:03:18 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2010.11.05 23:03:16 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2010.11.05 23:03:14 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2010.11.05 23:03:12 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2010.11.05 23:03:10 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2010.11.05 23:03:07 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2010.11.05 23:03:07 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2010.11.05 23:03:06 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2010.11.05 23:03:06 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2010.11.05 23:03:03 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2010.11.05 23:03:01 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2010.11.05 23:02:59 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2010.11.05 23:02:57 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2010.11.05 23:02:55 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010.11.05 23:02:53 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2010.11.05 23:02:50 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2010.11.05 23:02:48 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2010.11.05 23:02:46 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2010.11.05 23:02:44 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2010.11.05 23:02:42 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2010.11.05 23:02:40 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2010.11.05 23:02:37 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2010.11.05 23:02:35 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2010.11.05 23:02:33 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2010.11.05 23:02:30 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2010.11.05 23:02:28 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2010.11.05 23:02:26 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2010.11.05 23:02:24 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2010.11.05 23:02:22 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2010.11.05 23:02:22 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
[2010.11.05 23:02:19 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
[2010.11.05 23:02:17 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2010.11.05 23:02:15 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
[2010.11.05 23:02:13 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
[2010.11.05 23:02:11 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2010.11.05 23:02:08 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2010.11.05 23:02:05 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2010.11.05 23:02:03 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2010.11.05 23:02:02 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2010.11.05 23:02:00 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2010.11.05 23:01:58 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2010.11.05 23:01:55 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
[2010.11.05 23:01:52 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2010.11.05 23:01:51 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2010.11.05 23:01:49 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2010.11.05 23:01:46 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys
[2010.11.05 23:01:44 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys
[2010.11.05 23:01:42 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
[2010.11.05 23:01:40 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys
[2010.11.05 23:01:38 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2010.11.05 23:01:36 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2010.11.05 23:01:34 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2010.11.05 23:01:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2010.11.05 23:01:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2010.11.05 23:01:28 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2010.11.05 23:01:26 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2010.11.05 23:01:24 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2010.11.05 23:01:22 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2010.11.05 23:01:20 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2010.11.05 23:01:17 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2010.11.05 23:01:14 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2010.11.05 23:01:12 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2010.11.05 23:01:08 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2010.11.05 23:01:05 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2010.11.05 23:01:03 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2010.11.05 23:01:01 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2010.11.05 23:00:59 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2010.11.05 23:00:57 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
[2010.11.05 23:00:55 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
[2010.11.05 23:00:53 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys
[2010.11.05 23:00:51 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2010.11.05 23:00:51 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2010.11.05 23:00:49 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2010.11.05 23:00:42 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2010.11.05 23:00:40 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2010.11.05 23:00:37 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2010.11.05 23:00:35 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2010.11.05 23:00:34 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2010.11.05 23:00:32 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2010.11.05 23:00:31 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2010.11.05 23:00:31 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2010.11.05 23:00:29 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2010.11.05 23:00:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2010.11.05 23:00:25 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2010.11.05 23:00:22 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2010.11.05 23:00:19 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2010.11.05 23:00:17 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2010.11.05 23:00:15 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2010.11.05 23:00:13 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2010.11.05 23:00:11 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2010.11.05 23:00:11 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2010.11.05 23:00:09 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2010.11.05 23:00:07 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2010.11.05 23:00:05 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2010.11.05 23:00:03 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2010.11.05 23:00:01 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2010.11.05 22:59:59 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2010.11.05 22:59:55 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2010.11.05 22:59:53 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2010.11.05 22:59:51 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2010.11.05 22:59:49 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2010.11.05 22:59:47 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2010.11.05 22:59:45 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2010.11.05 22:59:43 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2010.11.05 22:59:40 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2010.11.05 22:59:40 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2010.11.05 22:59:38 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2010.11.05 22:59:36 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2010.11.05 22:59:34 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2010.11.05 22:59:32 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2010.11.05 22:59:30 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2010.11.05 22:59:29 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2010.11.05 22:59:27 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2010.11.05 22:59:23 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2010.11.05 22:59:21 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2010.11.05 22:59:20 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2010.11.05 22:59:18 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2010.11.05 22:59:16 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2010.11.05 22:59:14 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2010.11.05 22:59:12 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2010.11.05 22:59:11 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2010.11.05 22:59:09 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2010.11.05 22:59:07 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2010.11.05 22:59:05 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2010.11.05 22:59:03 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2010.11.05 22:59:01 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2010.11.05 22:58:59 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2010.11.05 22:58:58 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2010.11.05 22:58:58 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2010.11.05 22:58:56 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2010.11.05 22:58:55 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2010.11.05 22:58:53 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2010.11.05 22:58:51 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2010.11.05 22:58:49 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2010.11.05 22:58:48 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2010.11.05 22:58:46 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2010.11.05 22:58:44 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2010.11.05 22:58:40 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2010.11.05 22:58:38 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2010.11.05 22:58:36 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2010.11.05 22:58:34 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2010.11.05 22:58:32 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2010.11.05 22:58:29 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2010.11.05 22:58:27 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2010.11.05 22:58:26 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2010.11.05 22:58:24 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2010.11.05 22:58:22 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2010.11.05 22:58:21 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2010.11.05 22:58:19 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2010.11.05 22:58:18 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2010.11.05 22:58:16 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2010.11.05 22:58:15 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2010.11.05 22:58:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2010.11.05 22:58:11 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2010.11.05 22:58:10 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2010.11.05 22:58:08 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2010.11.05 22:58:07 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2010.11.05 22:58:06 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2010.11.05 22:58:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2010.11.05 22:58:01 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2010.11.05 22:57:59 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2010.11.05 22:57:57 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2010.11.05 22:57:55 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2010.11.05 22:57:53 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2010.11.05 22:57:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2010.11.05 22:57:50 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2010.11.05 22:57:49 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2010.11.05 22:57:49 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2010.11.05 22:57:49 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2010.11.05 22:57:48 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2010.11.05 22:57:46 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2010.11.05 22:57:45 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2010.11.05 22:57:44 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2010.11.05 22:57:42 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2010.11.05 22:57:41 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2010.11.05 22:57:39 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2010.11.05 22:57:37 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2010.11.05 22:57:35 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2010.11.05 22:57:35 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2010.11.05 22:57:33 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2010.11.05 22:57:30 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2010.11.05 22:57:28 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2010.11.05 22:57:26 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2010.11.05 22:57:24 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2010.11.05 22:57:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2010.11.05 22:57:21 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2010.11.05 22:57:19 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2010.11.05 22:57:17 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2010.11.05 22:57:16 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2010.11.05 22:57:14 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2010.11.05 22:57:12 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2010.11.05 22:57:10 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2010.11.05 22:57:09 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2010.11.05 22:57:07 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2010.11.05 22:57:05 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2010.11.05 22:57:02 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2010.11.05 22:57:00 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2010.11.05 22:56:57 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2010.11.05 22:56:55 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2010.11.05 22:56:53 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2010.11.05 22:56:53 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2010.11.05 22:56:50 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2010.11.05 22:56:49 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2010.11.05 22:56:47 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2010.11.05 22:56:45 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2010.11.05 22:56:43 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2010.11.05 22:56:41 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2010.11.05 22:56:40 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2010.11.05 22:56:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2010.11.05 22:56:36 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2010.11.05 22:56:34 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2010.11.05 22:56:32 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2010.11.05 22:56:31 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2010.11.05 22:56:29 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2010.11.05 22:56:27 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2010.11.05 22:56:26 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2010.11.05 22:56:24 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2010.11.05 22:56:22 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2010.11.05 22:56:21 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2010.11.05 22:56:19 | 000,019,968 | ---- | C] (Macronix International Co., Ltd.                                              ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2010.11.05 22:56:17 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2010.11.05 22:56:16 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2010.11.05 22:56:14 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2010.11.05 22:56:11 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2010.11.05 22:56:08 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2010.11.05 22:56:06 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2010.11.05 22:56:05 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2010.11.05 22:56:00 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2010.11.05 22:55:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2010.11.05 22:55:58 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2010.11.05 22:55:55 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2010.11.05 22:55:52 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2010.11.05 22:55:49 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2010.11.05 22:55:46 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2010.11.05 22:55:45 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2010.11.05 22:55:44 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2010.11.05 22:55:42 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2010.11.05 22:55:41 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2010.11.05 22:55:38 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2010.11.05 22:55:36 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2010.11.05 22:55:34 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2010.11.05 22:55:32 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2010.11.05 22:55:31 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2010.11.05 22:55:29 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2010.11.05 22:55:29 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2010.11.05 22:55:27 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2010.11.05 22:55:26 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2010.11.05 22:55:25 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2010.11.05 22:55:25 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2010.11.05 22:55:23 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2010.11.05 22:55:23 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2010.11.05 22:55:22 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2010.11.05 22:55:20 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2010.11.05 22:55:17 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2010.11.05 22:55:16 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010.11.05 22:55:14 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2010.11.05 22:55:13 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2010.11.05 22:55:12 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010.11.05 22:55:11 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2010.11.05 22:55:09 | 000,019,016 | ---- | C] (Kingston Technology Company                                                            ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2010.11.05 22:55:06 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2010.11.05 22:55:03 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2010.11.05 22:55:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2010.11.05 22:54:56 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2010.11.05 22:54:54 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2010.11.05 22:54:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2010.11.05 22:54:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2010.11.05 22:54:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2010.11.05 22:54:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2010.11.05 22:54:37 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2010.11.05 22:54:35 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2010.11.05 22:54:35 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2010.11.05 22:54:33 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2010.11.05 22:54:33 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2010.11.05 22:54:33 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2010.11.05 22:54:30 | 000,045,632 | ---- | C] (Interphase (R) Corporation a Windows (R) 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2010.11.05 22:54:28 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2010.11.05 22:54:27 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2010.11.05 22:54:26 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2010.11.05 22:54:24 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2010.11.05 22:54:23 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2010.11.05 22:54:06 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2010.11.05 22:54:04 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2010.11.05 22:54:02 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2010.11.05 22:54:01 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2010.11.05 22:54:00 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2010.11.05 22:53:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2010.11.05 22:53:57 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2010.11.05 22:53:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2010.11.05 22:53:54 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2010.11.05 22:53:52 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2010.11.05 22:53:51 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2010.11.05 22:53:49 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2010.11.05 22:53:48 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2010.11.05 22:53:47 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2010.11.05 22:53:45 | 000,702,845 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2010.11.05 22:53:45 | 000,161,020 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2010.11.05 22:53:44 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2010.11.05 22:53:42 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2010.11.05 22:53:42 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2010.11.05 22:53:41 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010.11.05 22:53:08 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2010.11.05 22:53:07 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2010.11.05 22:53:06 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2010.11.05 22:53:04 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2010.11.05 22:53:03 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2010.11.05 22:53:01 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2010.11.05 22:53:00 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2010.11.05 22:52:59 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2010.11.05 22:52:57 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2010.11.05 22:52:56 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2010.11.05 22:52:54 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2010.11.05 22:52:53 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2010.11.05 22:52:52 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2010.11.05 22:52:50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2010.11.05 22:52:49 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2010.11.05 22:52:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2010.11.05 22:52:46 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2010.11.05 22:52:45 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2010.11.05 22:52:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2010.11.05 22:52:42 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010.11.05 22:52:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2010.11.05 22:52:37 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010.11.05 22:52:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2010.11.05 22:52:31 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2010.11.05 22:52:29 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2010.11.05 22:52:27 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2010.11.05 22:52:26 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2010.11.05 22:52:25 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2010.11.05 22:52:24 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2010.11.05 22:52:23 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010.11.05 22:52:22 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010.11.05 22:52:20 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2010.11.05 22:52:20 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010.11.05 22:52:19 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2010.11.05 22:52:18 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2010.11.05 22:52:17 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2010.11.05 22:52:16 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2010.11.05 22:52:14 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2010.11.05 22:52:13 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010.11.05 22:52:09 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2010.11.05 22:52:08 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010.11.05 22:52:06 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010.11.05 22:52:04 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010.11.05 22:52:03 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010.11.05 22:52:02 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010.11.05 22:52:01 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010.11.05 22:52:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2010.11.05 22:51:58 | 000,027,165 | ---- | C] (VIA Technologies, Inc.              ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2010.11.05 22:51:55 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2010.11.05 22:51:52 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010.11.05 22:51:51 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2010.11.05 22:51:50 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010.11.05 22:51:49 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010.11.05 22:51:47 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2010.11.05 22:51:46 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2010.11.05 22:48:51 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2010.11.05 22:48:50 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2010.11.05 22:48:49 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2010.11.05 22:48:48 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2010.11.05 22:48:47 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2010.11.05 22:48:46 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2010.11.05 22:48:45 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2010.11.05 22:48:44 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2010.11.05 22:48:43 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2010.11.05 22:48:42 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2010.11.05 22:48:41 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2010.11.05 22:48:40 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2010.11.05 22:48:39 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2010.11.05 22:48:38 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2010.11.05 22:48:37 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2010.11.05 22:48:35 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2010.11.05 22:48:34 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2010.11.05 22:48:33 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2010.11.05 22:48:32 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2010.11.05 22:48:32 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2010.11.05 22:48:31 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2010.11.05 22:48:28 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2010.11.05 22:48:28 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2010.11.05 22:48:27 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2010.11.05 22:48:26 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2010.11.05 22:48:25 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2010.11.05 22:48:25 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2010.11.05 22:48:24 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2010.11.05 22:48:23 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2010.11.05 22:48:22 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2010.11.05 22:48:22 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2010.11.05 22:48:21 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2010.11.05 22:48:20 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2010.11.05 22:48:20 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2010.11.05 22:48:19 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2010.11.05 22:48:18 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2010.11.05 22:48:17 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2010.11.05 22:48:17 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2010.11.05 22:48:15 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2010.11.05 22:48:14 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2010.11.05 22:48:13 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2010.11.05 22:48:12 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010.11.05 22:48:11 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2010.11.05 22:48:10 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010.11.05 22:48:09 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2010.11.05 22:48:08 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2010.11.05 22:48:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2010.11.05 22:48:07 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2010.11.05 22:48:06 | 000,029,696 | ---- | C] (CNet Technology, Inc.                                                    ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010.11.05 22:48:05 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010.11.05 22:48:05 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2010.11.05 22:48:04 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010.11.05 22:48:01 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010.11.05 22:48:01 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010.11.05 22:48:00 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010.11.05 22:47:59 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010.11.05 22:47:58 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2010.11.05 22:47:58 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010.11.05 22:47:57 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2010.11.05 22:47:56 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2010.11.05 22:47:56 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2010.11.05 22:47:55 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2010.11.05 22:47:55 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2010.11.05 22:47:54 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2010.11.05 22:47:53 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2010.11.05 22:47:53 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2010.11.05 22:47:52 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2010.11.05 22:47:51 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2010.11.05 22:47:51 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2010.11.05 22:47:50 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2010.11.05 22:47:49 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2010.11.05 22:47:49 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2010.11.05 22:47:48 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010.11.05 22:47:47 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010.11.05 22:47:47 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2010.11.05 22:47:46 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2010.11.05 22:47:45 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010.11.05 22:47:44 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2010.11.05 22:47:44 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2010.11.05 22:47:43 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2010.11.05 22:47:42 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2010.11.05 22:47:42 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2010.11.05 22:47:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2010.11.05 22:47:40 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2010.11.05 22:47:39 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2010.11.05 22:47:38 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2010.11.05 22:47:38 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2010.11.05 22:47:37 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2010.11.05 22:47:37 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2010.11.05 22:47:36 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2010.11.05 22:47:35 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2010.11.05 22:47:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2010.11.05 22:47:34 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2010.11.05 22:47:34 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2010.11.05 22:47:33 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010.11.05 22:47:33 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010.11.05 22:47:32 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010.11.05 22:47:32 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010.11.05 22:47:31 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010.11.05 22:47:30 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010.11.05 22:47:30 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010.11.05 22:47:29 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010.11.05 22:47:29 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2010.11.05 22:47:28 | 000,096,256 | ---- | C] (Copyright (C) Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2010.11.05 22:47:28 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2010.11.05 22:47:27 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2010.11.05 22:47:26 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2010.11.05 22:47:26 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2010.11.05 22:47:25 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010.11.05 22:47:24 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2010.11.05 22:47:24 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2010.11.05 22:47:23 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2010.11.05 22:47:20 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2010.11.05 22:47:20 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2010.11.05 22:47:19 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2010.11.05 22:47:18 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010.11.05 22:47:18 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2010.11.05 22:47:18 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2010.11.05 22:47:17 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2010.11.05 22:47:17 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2010.11.05 22:47:16 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2010.11.05 22:47:16 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2010.11.05 22:47:16 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2010.11.05 22:47:15 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2010.11.05 22:47:14 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010.11.05 22:47:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.11.05 22:47:10 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010.11.05 22:47:08 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010.11.05 22:47:08 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010.11.05 22:47:07 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010.11.05 22:47:07 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010.11.05 22:47:06 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010.11.05 22:47:06 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010.11.05 22:47:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2010.11.05 22:47:05 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010.11.05 22:47:05 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010.11.05 22:47:04 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010.11.05 22:47:03 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010.11.05 22:47:03 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2010.11.05 22:47:02 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2010.11.05 22:47:02 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2010.11.05 22:47:02 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2010.11.05 22:47:01 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2010.11.05 22:47:01 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2010.11.05 22:47:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2010.11.05 22:47:00 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2010.11.05 22:47:00 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2010.11.05 22:46:47 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010.11.05 22:46:47 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2010.11.05 22:46:47 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010.11.05 22:46:46 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010.11.05 22:46:46 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010.11.05 22:46:46 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010.11.05 22:46:45 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010.11.05 22:46:45 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010.11.05 22:46:45 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010.11.05 22:46:44 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010.11.05 22:46:44 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010.11.05 22:46:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2010.11.05 22:46:43 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010.11.05 22:46:43 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010.11.05 22:46:42 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010.11.05 22:46:42 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010.11.05 22:46:42 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010.11.05 22:46:41 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010.11.05 22:46:41 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010.11.05 22:46:41 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010.11.05 22:46:40 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2010.11.05 22:46:39 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010.11.05 22:46:39 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2010.11.05 22:46:39 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2010.11.05 22:46:39 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2010.11.05 22:46:38 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010.11.05 22:46:38 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2010.11.05 22:46:37 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010.11.05 22:46:37 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2010.11.05 22:46:37 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010.11.05 22:46:37 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010.11.05 22:46:36 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010.11.05 22:46:36 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010.11.05 22:46:36 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010.11.05 22:46:35 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2010.11.05 22:46:35 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2010.11.05 22:46:34 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2010.11.05 22:46:31 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2010.11.05 22:46:31 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2010.11.05 22:46:30 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2010.11.05 22:46:30 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2010.11.05 22:46:30 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2010.11.05 22:46:29 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2010.11.05 22:46:29 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2010.11.05 22:46:29 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2010.11.05 22:46:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2010.11.05 22:46:27 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2010.11.05 22:46:27 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010.11.05 22:46:26 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010.11.05 22:46:25 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2010.11.05 22:46:25 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2010.11.05 22:46:25 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2010.11.05 22:46:24 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2010.11.05 22:46:24 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2010.11.05 22:46:23 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2010.11.05 22:46:23 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010.11.05 22:46:23 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2010.11.05 22:46:23 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2010.11.05 22:46:22 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2010.11.05 22:46:22 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2010.11.05 22:46:22 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2010.11.05 22:46:22 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2010.11.05 22:46:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2010.11.05 22:46:18 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2010.11.05 22:46:18 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010.11.05 22:46:17 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010.11.05 22:46:17 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010.11.05 22:46:17 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010.11.05 22:46:17 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010.11.05 22:46:16 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010.11.05 22:46:16 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010.11.05 22:46:16 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2010.11.05 22:46:15 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010.11.05 22:46:15 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2010.11.05 22:46:15 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2010.11.05 22:46:14 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010.11.05 22:46:14 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2010.11.05 22:46:14 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010.11.05 22:46:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2010.11.05 22:46:13 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010.11.05 22:46:13 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010.11.05 22:46:13 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2010.11.05 22:46:13 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2010.11.05 22:46:12 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010.11.05 22:46:12 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010.11.05 22:46:12 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2010.11.05 22:46:03 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2010.11.05 22:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Desktop\New Folder (2)
[2010.11.05 21:45:27 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winlogon.exe
[2010.11.05 15:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\AVG10
[2010.11.05 15:44:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010.11.05 15:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010.11.05 15:44:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010.11.05 15:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010.11.05 15:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010.11.05 15:12:58 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010.11.05 15:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010.11.05 15:12:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\9EFA732347A048E28F7735DB5EED500A.TMP
[2010.11.03 05:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010.11.02 19:39:51 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc0407.dll
[2010.11.02 19:39:50 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010.11.02 19:39:49 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010.11.02 19:39:49 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010.11.02 19:39:46 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010.11.02 19:39:46 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010.11.02 19:39:46 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010.11.02 19:39:46 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010.11.02 19:39:46 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010.11.02 19:39:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010.11.02 19:39:45 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010.11.02 19:39:14 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010.11.02 19:39:14 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010.11.02 19:39:14 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010.11.02 19:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010.11.02 19:31:59 | 006,565,383 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Martin\Desktop\stinger10101096.exe
[2010.11.02 19:07:25 | 001,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2010.11.02 19:07:25 | 001,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2010.11.02 18:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2010.11.02 17:57:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010.11.02 17:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010.11.02 17:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2010.11.01 17:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\TrojanHunter
[2010.11.01 15:54:44 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Martin\Desktop\procexp1204.exe
[2010.10.27 23:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Local Settings\Application Data\Temp
[2010.10.26 18:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2010.10.26 11:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\Malwarebytes
[2010.10.26 11:41:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.10.26 11:41:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.10.26 11:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.10.26 11:31:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010.10.26 10:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010.10.26 10:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010.10.26 10:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\FCAAC60ADBD2A67431F87ADADD3EE6E0
[2010.10.26 10:32:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010.10.25 18:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\Youtube Downloader HD
[2009.03.28 23:36:11 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[41 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.07 01:41:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010.11.07 01:19:01 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.07 01:03:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Martin\Desktop\OTL.exe
[2010.11.07 00:59:40 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.07 00:59:40 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010.11.07 00:52:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.11.06 23:45:55 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010.11.06 23:45:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.06 23:43:27 | 000,092,672 | ---- | M] (Option^Explicit Software                        vbtechcd@gmail.com) -- C:\Documents and Settings\Martin\Desktop\KillBox.exe
[2010.11.06 23:39:05 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\SmitfraudFix.exe
[2010.11.06 23:16:34 | 098,629,708 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010.11.06 23:16:15 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010.11.06 15:34:27 | 000,000,514 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\pes2011.lnk
[2010.11.06 10:21:58 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010.11.06 09:06:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010.11.06 09:06:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010.11.06 09:06:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010.11.06 09:06:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010.11.06 09:06:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010.11.06 09:06:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010.11.06 09:06:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010.11.05 21:26:33 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010.11.05 21:26:33 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010.11.05 21:26:33 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010.11.05 21:26:33 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010.11.05 21:26:33 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010.11.05 15:44:17 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010.11.05 15:37:18 | 000,000,033 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\stinger10101096.opt
[2010.11.04 17:36:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.02 22:58:40 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010.11.02 21:55:48 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010.11.02 21:00:53 | 003,583,453 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Elme_Test.pdf
[2010.11.02 20:54:19 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Assembler_Programmieruebungen_V1.1.doc
[2010.11.02 20:54:16 | 000,908,288 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Befehlsliste_80C537.doc
[2010.11.02 20:54:11 | 000,091,648 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Kapitel4_EA-Baugruppen1_OHFolie.doc
[2010.11.02 20:54:07 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Kapitel3_Addier-Subtrahierwerk_OHFolie.doc
[2010.11.02 20:54:04 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Kapitel3_Zentraleinheit_OHFolie_Register.doc
[2010.11.02 20:54:01 | 000,418,816 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Kapitel2_Zahlensysteme_OHFolie.doc
[2010.11.02 20:53:59 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\UEbungen_Zahlenumwandlungen_Loesungen.doc
[2010.11.02 20:53:56 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\UEbungen_Zahlenumwandlungen.doc
[2010.11.02 20:53:53 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Prinzipieller_Programmablauf_OHFolie.doc
[2010.11.02 20:53:48 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Blockschaltbild_Mikrocomputer_Folie.doc
[2010.11.02 19:40:08 | 000,426,779 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010.11.02 19:39:54 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010.11.02 19:39:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\ZoneAlarm Security.lnk
[2010.11.02 19:32:20 | 006,565,383 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Martin\Desktop\stinger10101096.exe
[2010.11.02 19:23:33 | 000,476,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.02 19:23:33 | 000,083,950 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.02 17:34:20 | 000,000,549 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010.11.01 16:20:08 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2010.11.01 16:00:10 | 000,000,547 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.01 15:54:47 | 003,887,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Martin\Desktop\procexp1204.exe
[2010.10.29 14:05:40 | 000,044,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\vdrkdlxgsthjem.sys
[2010.10.29 13:55:41 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010.10.28 18:38:18 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.28 18:37:24 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.27 23:13:52 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.10.26 21:20:54 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010.10.26 21:20:51 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010.10.26 11:10:00 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.10.26 10:57:04 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\start
[2010.10.26 10:56:35 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\completescan
[2010.10.26 10:49:12 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\install
[2010.10.26 10:41:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010.10.20 21:51:37 | 000,016,236 | ---- | M] () -- C:\bar.emf
[2010.10.20 21:51:34 | 000,047,168 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Verlorene Unterlagen.docx
[2010.10.20 21:51:24 | 000,036,656 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Verlorene Unterlagen.pdf
[41 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.06 23:39:19 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010.11.06 23:39:18 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010.11.06 23:39:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010.11.06 23:39:01 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\SmitfraudFix.exe
[2010.11.06 23:16:34 | 098,629,708 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010.11.06 15:34:27 | 000,000,514 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\pes2011.lnk
[2010.11.05 23:04:27 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010.11.05 23:04:24 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010.11.05 22:52:41 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010.11.05 22:52:38 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010.11.05 22:52:35 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010.11.05 22:52:33 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010.11.05 22:52:30 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010.11.05 22:48:03 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010.11.05 22:48:03 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010.11.05 22:48:02 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010.11.05 22:46:33 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010.11.05 22:46:33 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010.11.05 22:46:33 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010.11.05 22:46:32 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010.11.05 22:46:32 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010.11.05 22:46:32 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010.11.05 22:46:31 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010.11.05 22:46:31 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010.11.05 22:46:30 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010.11.05 22:46:28 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010.11.05 15:44:17 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010.11.02 21:00:52 | 003,583,453 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Elme_Test.pdf
[2010.11.02 20:54:18 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Assembler_Programmieruebungen_V1.1.doc
[2010.11.02 20:54:15 | 000,908,288 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Befehlsliste_80C537.doc
[2010.11.02 20:54:10 | 000,091,648 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Kapitel4_EA-Baugruppen1_OHFolie.doc
[2010.11.02 20:54:07 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Kapitel3_Addier-Subtrahierwerk_OHFolie.doc
[2010.11.02 20:54:04 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Kapitel3_Zentraleinheit_OHFolie_Register.doc
[2010.11.02 20:54:01 | 000,418,816 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Kapitel2_Zahlensysteme_OHFolie.doc
[2010.11.02 20:53:59 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\UEbungen_Zahlenumwandlungen_Loesungen.doc
[2010.11.02 20:53:56 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\UEbungen_Zahlenumwandlungen.doc
[2010.11.02 20:53:52 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Prinzipieller_Programmablauf_OHFolie.doc
[2010.11.02 20:53:47 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Blockschaltbild_Mikrocomputer_Folie.doc
[2010.11.02 20:34:12 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\stinger10101096.opt
[2010.11.02 19:39:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\ZoneAlarm Security.lnk
[2010.11.02 19:39:45 | 000,426,779 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010.11.02 17:34:20 | 000,000,549 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010.11.01 16:20:02 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2010.11.01 16:00:10 | 000,000,547 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.29 13:58:47 | 000,044,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\vdrkdlxgsthjem.sys
[2010.10.27 23:13:52 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.10.26 10:57:04 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\start
[2010.10.26 10:56:35 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\completescan
[2010.10.26 10:49:12 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\install
[2010.10.26 10:44:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010.10.20 21:51:24 | 000,036,656 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Verlorene Unterlagen.pdf
[2010.10.20 21:50:42 | 000,047,168 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Verlorene Unterlagen.docx
[2010.10.11 18:16:55 | 003,796,094 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\s25082010_1362.jpg
[2010.09.02 14:19:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010.09.02 14:19:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010.09.02 14:19:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010.09.02 14:19:38 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010.09.02 14:19:38 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010.09.02 14:19:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2010.08.08 16:00:06 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\WebpageIcons.db
[2010.06.18 19:57:08 | 000,000,137 | ---- | C] () -- C:\WINDOWS\AVerText.ini
[2010.06.18 19:27:28 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2010.06.18 19:27:28 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2010.06.18 19:27:02 | 000,598,016 | R--- | C] () -- C:\WINDOWS\System32\sptlib21.dll
[2010.06.18 19:27:02 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2010.06.18 19:27:02 | 000,294,912 | R--- | C] () -- C:\WINDOWS\System32\sptlib11.dll
[2010.06.18 19:27:02 | 000,290,816 | R--- | C] () -- C:\WINDOWS\System32\sptlib22.dll
[2010.06.18 19:27:02 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib03.dll
[2010.06.18 19:27:02 | 000,225,280 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2010.06.18 19:27:02 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\sptlib12.dll
[2010.05.30 15:46:15 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.03.15 21:44:03 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\Scpw32a.dll
[2010.02.11 13:19:58 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.02.11 13:19:58 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.02.11 13:19:43 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\$_hpcst$.hpc
[2010.01.22 22:41:21 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010.01.16 00:54:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\downloads.m3u
[2010.01.16 00:47:49 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\default.rss
[2009.12.06 11:56:26 | 000,000,450 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.11.15 19:56:24 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.10.19 16:15:47 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009.04.25 16:56:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.03.28 23:40:23 | 000,000,089 | ---- | C] () -- C:\WINDOWS\System32\MSBII.dll
[2009.03.28 23:36:14 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009.03.28 23:36:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2009.03.28 23:36:14 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\WKAuxil.dll
[2009.03.28 23:36:10 | 003,782,416 | ---- | C] () -- C:\WINDOWS\System32\mso97.dll
[2009.03.28 23:25:04 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\asdrawim.ini
[2009.03.06 19:04:26 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009.03.06 16:06:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.03.06 16:05:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE RX585DEFGIPS.ini
[2009.01.18 14:46:03 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009.01.17 23:47:35 | 000,000,045 | ---- | C] () -- C:\WINDOWS\mix-fx.ini
[2009.01.11 13:13:35 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009.01.10 20:44:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.01.07 12:28:01 | 000,037,275 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009.01.06 17:22:57 | 000,145,632 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009.01.05 16:24:14 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.05 11:41:25 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.01.05 11:41:24 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.01.03 01:18:29 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.01.02 23:25:39 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009.01.02 22:40:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.01.02 22:15:53 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009.01.02 22:15:42 | 000,037,237 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.01.02 22:15:41 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007.10.25 17:26:10 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2005.08.23 10:59:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\aspolyzt.dll
[2005.07.06 11:59:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\asdrawli.dll
[2005.07.04 14:17:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ASDRAWMA.DLL
[2005.06.10 08:46:52 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\FDT100.dll
[2004.08.17 16:34:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\AS_SORT.DLL
[2003.05.22 11:31:44 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\ASDRAW32.DLL
[2002.07.12 15:29:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AS_MDB32.DLL
[1999.11.08 15:55:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\S7oformx.dll
[1999.07.16 14:37:56 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\TDCTRL.dll
[1996.12.19 15:37:38 | 000,103,360 | ---- | C] () -- C:\WINDOWS\System32\S7OSC16X.DLL
[1996.12.19 15:36:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\S7OSC32X.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\WINDOWS:41484591AEF3A391
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5

< End of report >
--- --- ---

fcangmar 07.11.2010 02:21
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 07.11.2010 02:03:36 - Run 1
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Documents and Settings\Martin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 15,39 Gb Free Space | 31,52% Space Free | Partition Type: NTFS
Drive D: | 501,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 97,65 Gb Total Space | 63,00 Gb Free Space | 64,52% Space Free | Partition Type: NTFS
Drive F: | 97,65 Gb Total Space | 59,54 Gb Free Space | 60,97% Space Free | Partition Type: NTFS
Drive G: | 221,62 Gb Total Space | 97,51 Gb Free Space | 44,00% Space Free | Partition Type: NTFS
 
Computer Name: +++ | User Name: +++ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\Program\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Program\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "E:\Program\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "E:\Program\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"4410:TCP" = 4410:TCP:LocalSubNet:Enabled:Automation License Management
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"4547:TCP" = 4547:TCP:*:Enabled:krtyhd
"4410:TCP" = 4410:TCP:LocalSubNet:Enabled:Automation License Management
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Games\Crytek\Crysis\Bin32\Crysis.exe" = E:\Games\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- File not found
"E:\Games\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = E:\Games\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"E:\Program\BitTorrent\bittorrent.exe" = E:\Program\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"E:\Games\PRO\pes2009.exe" = E:\Games\PRO\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- File not found
"E:\Program\AVG\AVG8\avgemc.exe" = E:\Program\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"E:\Program\AVG\AVG8\avgupd.exe" = E:\Program\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"E:\TerraTec\CinergyDvrHelper.exe" = E:\TerraTec\CinergyDvrHelper.exe:*:Enabled:TerraTec Home Cinema (Setup) -- File not found
"E:\TerraTec\tvtvSetup\tvtv_Wizard.exe" = E:\TerraTec\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec tvtv Setup -- File not found
"E:\TerraTec\CinergyDvr.exe" = E:\TerraTec\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema -- File not found
"E:\TerraTec\CinergyDvrUpdate\CinergyDVRUp_Date.exe" = E:\TerraTec\CinergyDvrUpdate\CinergyDVRUp_Date.exe:*:Enabled:TerraTec Auto Update -- File not found
"E:\Program Files\Orbitdownloader\orbitdm.exe" = E:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"E:\Program Files\Orbitdownloader\orbitnet.exe" = E:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Documents and Settings\Martin\Desktop\PIC675799074533-JPG-www.facebook.com.exe" = C:\WINDOWS\jusched.exe:*:Enabled:Java developer Script Browse -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{03030CB1-AEA1-90F8-6442-AC063AA1AE20}" = ccc-core-static
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{129DDEC1-A6A3-3D60-AABE-76E6E5334922}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1A5F9CD3-7BD3-F68F-1267-7C1157AFE531}" = Catalyst Control Center Graphics Full New
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{29082A9B-0144-5189-78B3-1E8D47DD644D}" = ccc-core-preinstall
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2b95ad22-c41a-4517-b9dc-d4ff98faeb8a}" = Nero 9
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{519F53E5-2A88-41CC-B728-64F8202DDA4D}" = OpenOffice.org 3.1 Language Pack (German)
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{62D917DF-16DE-4383-9239-8C8BA06EB829}" = OpenOffice.org 3.1
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6A90C837-054E-44AE-B9BD-1B1F87986BBC}" = Folding@home-gpu
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{6FE8B722-4D7E-3CD7-BB3A-3AD1684B1295}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY
"{71A51A91-E7D3-11DB-A386-005056C00008}" = Vimicro USB2.0 UVC PC Camera
"{71CFE572-6C01-96C4-F90E-36C147C98123}" = Catalyst Control Center InstallProxy
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{74DCC43B-33C9-3389-BD0D-33EB37973657}" = Microsoft .NET Framework 3.5 Language Pack - csy
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F2120EB-3337-45DC-B5C3-D4DED4F0A0BA}" = SIMATIC  STEP 7 V5.4 + SP4 Professional 2006 SR5 
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8709DD83-A73F-46F8-BCA1-234A7E04D82C}" = Siemens Automation License Manager V4.0 
"{870FB7F0-59C3-099B-4ABF-A9F977393EE9}" = ccc-utility
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{885DDF98-4E4C-4D80-59C9-B785F2D314E4}" = Catalyst Control Center Graphics Previews Common
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F139DE-C33E-4FCC-A72B-684BF899F679}" = SIMATIC S7-SCL V5.3 + SP5 Professional 2006 SR5 
"{9773450C-E2F3-46C3-9464-1D7EDE5EFB63}" = Pro Evolution Soccer 2011
"{99484975-321E-495B-8171-2797B82392DD}" = inode FTP
"{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9B5B156B-9A4B-48FB-AA59-47B221495A7B}" = Logitech GamePanel Software 3.01
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9EFA7323-47A0-48E2-8F77-35DB5EED500A}" = SpyHunter
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6EB4CB7-DA32-2FAA-7078-7C0C2882D9DF}" = CCC Help English
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A816AE22-1878-CACA-7541-47C56F9A96F7}" = ATI Catalyst Install Manager
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_930" = Adobe Acrobat 9.3.0 - CPSID_52073
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3C2952E-B9E6-4C3E-A1B3-8087654A15F4}" = SIMATIC S7-PLCSIM V5.4 + SP2 Professional 2006 SR5 
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B918272C-7E6E-194F-53E9-D3B566480686}" = Catalyst Control Center Graphics Light
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C8A92B59-E083-7715-F78F-FDD77B121C3C}" = Catalyst Control Center HydraVision Full
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E2A91BF5-FE48-46CF-A1BE-F639D21D06C2}" = SIMATIC S7-GRAPH V5.3 + SP6 Professional 2006 SR5 
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1BCD1EA-73CE-B1BF-70DC-A1A6EF3132EE}" = Catalyst Control Center Graphics Full Existing
"{F2E92959-8856-6656-BE20-4E2F6685F170}" = Catalyst Control Center Core Implementation
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"3DWunschhausPlusVA.Exe" = 3D Wunschhaus Architekt 5.0 Plus
"7-Zip" = 7-Zip 4.63
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"AVerMedia A835 USB TV Tuner" = AVerMedia A835 USB TV Tuner 8.0.0.43
"AVG" = AVG 2011
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"Cisco Networking Academy curriculum_is1" = Cisco Networking Academy curriculum 4.0.0.2
"Cisco Packet Tracer_is1" = Cisco Packet Tracer 5.2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Direktfotosystem2_is1" = Direkt Foto System 3.x
"DivX Setup.divx.com" = DivX-Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EAGLE 5.4.0" = EAGLE 5.4.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Photo RX585_RX610 Benutzerhandbuch" = EPSON Stylus Photo RX585_RX610 Handbuch
"Flash Saving Plugin" = Flash Saving Plugin
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"inode FTP" = inode FTP
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - csy" = Microsoft .NET Framework 3.5 Language Pack - CSY
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.3)" = Mozilla Thunderbird (3.1.3)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"Orbit_is1" = Orbit Downloader
"Picasa 3" = Picasa 3
"PRJPRO" = Microsoft Office Project Professional 2007
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Streamripper" = Streamripper (Remove only)
"TrySim" = TrySim
"Unlocker" = Unlocker 1.9.0
"VISPRO" = Microsoft Office Visio Professional 2007
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.3
"Winamp" = Winamp
"WinAVR-20100110" = WinAVR 20100110 (remove only)
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wubi" = Ubuntu
"xp-AntiSpy" = xp-AntiSpy 3.96-4
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.11.2010 11:02:43 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 05.11.2010 11:05:44 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 05.11.2010 16:26:41 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 05.11.2010 16:29:51 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 05.11.2010 16:49:26 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 05.11.2010 17:43:43 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 06.11.2010 04:06:34 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 06.11.2010 10:32:55 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 06.11.2010 18:32:29 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 06.11.2010 18:46:03 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
[ OSession Events ]
Error - 11.01.2010 18:30:15 | Computer Name = KYLE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12439
 seconds with 8580 seconds of active time.  This session ended with a crash.
 
Error - 11.01.2010 18:30:36 | Computer Name = KYLE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.01.2010 18:31:14 | Computer Name = KYLE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.01.2010 18:31:30 | Computer Name = KYLE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.05.2010 10:59:49 | Computer Name = KYLE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 06.11.2010 18:46:06 | Computer Name = KYLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
 ""  in order to run the server:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The Microsoft Config service terminated with the following error:
  %%126
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The Server Image service terminated with the following error:  %%126
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The Boot Security service terminated with the following error:  %%126
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The Microsoft Helper service terminated with the following error:
  %%126
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The Windows Boot service terminated with the following error:  %%126
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The dujxlx service terminated with the following error:  %%126
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
  %%2
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The Server Task service terminated with the following error:  %%126
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7024
Description = The Automation License Manager Service service terminated with service-specific
 error 1460 (0x5B4).
 
 
< End of report >
--- --- ---

cosinus 07.11.2010 02:30
Wie oft hast Du schon mit Malwarebytes gescannt? Wars es das erste mal?

fcangmar 07.11.2010 02:35
Nein, hatte vor ca. Wochen Thinkpoint, seit dem habe ich auc Malwarebytes.

cosinus 07.11.2010 02:46
Es gibt also nur dieses Log von malwarebytes? Sry dass ich so nachfrage, aber es ist schon oft vorgekommen, dass nur das Log ohne Funde gepostet wurde und das macht ja nun wenig Sinn :D

fcangmar 07.11.2010 02:48
das war das erste Logfile:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4950

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

26.10.2010 12:02:48
mbam-log-2010-10-26 (12-02-48).txt

Scan type: Quick scan
Objects scanned: 177991
Time elapsed: 6 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

cosinus 07.11.2010 22:47
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
SRV - (toogmft) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (scinetu) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (oruqjr) -- C:\Program Files\Movie Maker\hqhakc.dll File not found
SRV - (oqimg) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (mlkynlqkb) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (eqkfl) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (bmljcgc) -- C:\WINDOWS\System32\hqhakc.dll File not found
DRV - (xltsaaqhvemjujj) -- C:\WINDOWS\system32\drivers\vdrkdlxgsthjem.sys ()
O33 - MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\Shell - "" = AutoRun
O33 - MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0bdb1811-dcad-11dd-b36a-002354091e0f}\Shell\AutoRun\command - "" = VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe
O33 - MountPoints2\{0bdb1811-dcad-11dd-b36a-002354091e0f}\Shell\open\command - "" = VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe
O33 - MountPoints2\{9c3ca953-2d55-11df-9a46-002354091e0f}\Shell\AutoRun\command - "" = K:\SamsungSoftware\APPInst.exe -- File not found
[2010.10.29 14:05:40 | 000,044,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\vdrkdlxgsthjem.sys
[2010.10.20 21:51:37 | 000,016,236 | ---- | M] () -- C:\bar.emf
[2010.09.02 14:19:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010.09.02 14:19:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010.09.02 14:19:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010.09.02 14:19:38 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010.09.02 14:19:38 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010.09.02 14:19:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
@Alternate Data Stream - 72 bytes -> C:\WINDOWS:41484591AEF3A391
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5
:Files
C:\WINDOWS\tasks\At*.job
C:\Program Files\Movie Maker\hqhakc.dll
C:\WINDOWS\System32\hqhakc.dll
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

fcangmar 08.11.2010 23:02
Hi,

anbei der neue report. Darf ich nur fragen was hier gemacht worden ist?

Danke


All processes killed
========== OTL ==========
Service toogmft stopped successfully!
Service toogmft deleted successfully!
File C:\WINDOWS\System32\hqhakc.dll File not found not found.
Service scinetu stopped successfully!
Service scinetu deleted successfully!
File C:\WINDOWS\System32\hqhakc.dll File not found not found.
Service oruqjr stopped successfully!
Service oruqjr deleted successfully!
File C:\Program Files\Movie Maker\hqhakc.dll File not found not found.
Service oqimg stopped successfully!
Service oqimg deleted successfully!
File C:\WINDOWS\System32\hqhakc.dll File not found not found.
Service mlkynlqkb stopped successfully!
Service mlkynlqkb deleted successfully!
File C:\WINDOWS\System32\hqhakc.dll File not found not found.
Service eqkfl stopped successfully!
Service eqkfl deleted successfully!
File C:\WINDOWS\System32\hqhakc.dll File not found not found.
Service bmljcgc stopped successfully!
Service bmljcgc deleted successfully!
File C:\WINDOWS\System32\hqhakc.dll File not found not found.
Service xltsaaqhvemjujj stopped successfully!
Service xltsaaqhvemjujj deleted successfully!
C:\WINDOWS\system32\drivers\vdrkdlxgsthjem.sys moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ not found.
File J:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bdb1811-dcad-11dd-b36a-002354091e0f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bdb1811-dcad-11dd-b36a-002354091e0f}\ not found.
File VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bdb1811-dcad-11dd-b36a-002354091e0f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bdb1811-dcad-11dd-b36a-002354091e0f}\ not found.
File VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c3ca953-2d55-11df-9a46-002354091e0f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c3ca953-2d55-11df-9a46-002354091e0f}\ not found.
File K:\SamsungSoftware\APPInst.exe not found.
File C:\WINDOWS\System32\drivers\vdrkdlxgsthjem.sys not found.
C:\bar.emf moved successfully.
C:\WINDOWS\system32\sysprs7.dll moved successfully.
C:\WINDOWS\system32\clauth2.dll moved successfully.
C:\WINDOWS\system32\clauth1.dll moved successfully.
C:\WINDOWS\system32\lsprst7.dll moved successfully.
C:\WINDOWS\system32\ssprs.dll moved successfully.
C:\WINDOWS\SurCode.INI moved successfully.
ADS C:\WINDOWS:41484591AEF3A391 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5 deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
File\Folder C:\Program Files\Movie Maker\hqhakc.dll not found.
File\Folder C:\WINDOWS\System32\hqhakc.dll not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3334016 bytes
->Temporary Internet Files folder emptied: 22336245 bytes
->FireFox cache emptied: 5473537 bytes
->Flash cache emptied: 1172 bytes

User: All Users

User: Babsi
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3176393 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41661 bytes

User: LocalService
->Temp folder emptied: 992536 bytes
->Temporary Internet Files folder emptied: 112094 bytes

User: Martin
->Temp folder emptied: 68901750 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45624972 bytes
->Flash cache emptied: 989 bytes

User: NetworkService
->Temp folder emptied: 2376632 bytes
->Temporary Internet Files folder emptied: 73387677 bytes
->Flash cache emptied: 2058 bytes

User: test
->Temp folder emptied: 4229843 bytes
->Temporary Internet Files folder emptied: 130845 bytes
->FireFox cache emptied: 12648103 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 20825954 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 4319680 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5658057 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 261,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11082010_225831

Files\Folders moved on Reboot...
C:\Documents and Settings\Martin\Local Settings\Temp\~DFEDFA.tmp moved successfully.
C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\XUL.mfl moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_39c.dat not found!
File\Folder C:\WINDOWS\temp\ZLT06ce9.TMP not found!

Registry entries deleted on Reboot...

cosinus 09.11.2010 01:42
Wir haben schädliche Einträge gelöscht.
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

fcangmar 09.11.2010 07:30
Hallo,

CCleaner verwende ich beinahe jeden Tag. Der Combo Report:

Combofix Logfile:
Code:
ComboFix 10-11-07.A2 - Martin 09.11.2010  7:12.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.43.1033.18.2047.1435 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Martin\Desktop\cofi.exe
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Martin\Application Data\completescan
c:\documents and settings\Martin\Application Data\install
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\hwinterface.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

c:\windows\system32\winlogon.exe . . . ist infiziert!!

Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\ServicePackFiles\i386\explorer.exe wurde wiederhergestellt

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_hwinterface
-------\Service_hwinterface


(((((((((((((((((((((((  Dateien erstellt von 2010-10-09 bis 2010-11-09  ))))))))))))))))))))))))))))))
.

2010-11-08 21:58 . 2010-11-08 21:58        --------        d-----w-        C:\_OTL
2010-11-06 22:43 . 2010-11-06 22:44        --------        d-----w-        C:\!KillBox
2010-11-06 09:31 . 2010-11-06 09:31        --------        d-----w-        c:\documents and settings\All Users\Application Data\KONAMI
2010-11-05 22:03 . 2001-08-17 12:28        771581        -c--a-w-        c:\windows\system32\dllcache\winacisa.sys
2010-11-05 22:02 . 2001-08-17 21:36        26624        -c--a-w-        c:\windows\system32\dllcache\umaxu22.dll
2010-11-05 22:01 . 2001-08-17 11:13        37961        -c--a-w-        c:\windows\system32\dllcache\tdk100b.sys
2010-11-05 22:00 . 2001-08-17 12:56        7552        -c--a-w-        c:\windows\system32\dllcache\sonypvu1.sys
2010-11-05 21:59 . 2001-08-17 11:50        101760        -c--a-w-        c:\windows\system32\dllcache\sis300ip.sys
2010-11-05 21:58 . 2001-08-17 21:36        79872        -c--a-w-        c:\windows\system32\dllcache\rwia430.dll
2010-11-05 21:57 . 2001-08-17 13:07        19840        -c--a-w-        c:\windows\system32\dllcache\philtune.sys
2010-11-05 21:56 . 2001-08-17 11:49        51552        -c--a-w-        c:\windows\system32\dllcache\ntgrip.sys
2010-11-05 21:55 . 2008-04-13 23:16        51200        -c--a-w-        c:\windows\system32\dllcache\msdv.sys
2010-11-05 21:54 . 2001-08-17 21:36        8192        -c--a-w-        c:\windows\system32\dllcache\kbdkor.dll
2010-11-05 21:53 . 2001-08-17 21:36        61952        -c--a-w-        c:\windows\system32\dllcache\icam4ext.dll
2010-11-05 21:52 . 2001-08-17 21:36        9759        -c--a-w-        c:\windows\system32\dllcache\hsf_inst.dll
2010-11-05 21:51 . 2001-08-17 11:13        27165        -c--a-w-        c:\windows\system32\dllcache\fetnd5.sys
2010-11-05 21:51 . 2001-08-17 11:10        22090        -c--a-w-        c:\windows\system32\dllcache\fem556n5.sys
2010-11-05 21:51 . 2001-08-17 11:12        24618        -c--a-w-        c:\windows\system32\dllcache\fa410nd5.sys
2010-11-05 21:51 . 2001-08-17 11:12        16074        -c--a-w-        c:\windows\system32\dllcache\fa312nd5.sys
2010-11-05 21:51 . 2001-08-17 11:11        11850        -c--a-w-        c:\windows\system32\dllcache\f3ab18xj.sys
2010-11-05 21:51 . 2001-08-17 11:11        12362        -c--a-w-        c:\windows\system32\dllcache\f3ab18xi.sys
2010-11-05 21:51 . 2001-08-17 12:52        7040        -c--a-w-        c:\windows\system32\dllcache\exabyte2.sys
2010-11-05 21:51 . 2001-08-17 11:12        16998        -c--a-w-        c:\windows\system32\dllcache\ex10.sys
2010-11-05 21:47 . 2001-08-17 21:36        6729        -c--a-w-        c:\windows\system32\dllcache\disrvci.dll
2010-11-05 21:46 . 2001-08-17 12:51        13824        -c--a-w-        c:\windows\system32\dllcache\bulltlp3.sys
2010-11-05 20:45 . 2008-04-14 04:42        507904        ------w-        c:\windows\system32\winlogon.exe
2010-11-05 14:44 . 2010-11-05 14:44        --------        d-----w-        c:\documents and settings\Martin\Application Data\AVG10
2010-11-05 14:44 . 2010-11-05 14:44        --------        d--h--w-        c:\documents and settings\All Users\Application Data\Common Files
2010-11-05 14:44 . 2010-11-08 21:39        --------        d-----w-        c:\windows\system32\drivers\AVG
2010-11-05 14:44 . 2010-11-05 14:44        --------        d-----w-        c:\documents and settings\All Users\Application Data\AVG10
2010-11-05 14:44 . 2010-11-05 14:44        --------        d-----w-        c:\program files\AVG
2010-11-05 14:37 . 2010-11-05 14:40        --------        d-----w-        c:\documents and settings\All Users\Application Data\MFAData
2010-11-05 14:12 . 2010-11-05 14:12        --------        d-----w-        c:\program files\Enigma Software Group
2010-11-03 04:52 . 2010-11-03 04:55        --------        d-----w-        c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-11-02 18:37 . 2010-11-02 18:37        --------        d-----w-        c:\program files\Zone Labs
2010-11-02 18:07 . 2008-04-14 04:42        1033728        ----a-w-        c:\windows\explorer.exe
2010-11-02 17:58 . 2010-11-05 14:40        --------        d-----w-        c:\documents and settings\All Users\Application Data\avg8
2010-11-02 16:57 . 2010-11-09 06:18        --------        d-----w-        c:\windows\Internet Logs
2010-11-02 16:41 . 2010-11-02 16:44        --------        d-----w-        c:\documents and settings\All Users\Application Data\fssg
2010-11-02 16:38 . 2010-11-02 16:40        --------        d-----w-        c:\documents and settings\All Users\Application Data\f-secure
2010-11-01 16:34 . 2010-11-01 16:34        --------        d-----w-        c:\documents and settings\Martin\Application Data\TrojanHunter
2010-10-27 22:04 . 2010-10-27 22:05        --------        d-----w-        c:\documents and settings\Martin\Local Settings\Application Data\Temp
2010-10-26 17:20 . 2010-10-26 17:21        --------        d-----w-        c:\program files\Graboid
2010-10-26 10:52 . 2010-10-26 10:52        --------        d-----w-        c:\documents and settings\Martin\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-10-26 10:41        --------        d-----w-        c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-04-29 14:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 10:41 . 2010-10-26 10:41        --------        d-----w-        c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-04-29 14:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-10-26 10:36 . 2010-10-26 10:36        --------        d-----w-        c:\documents and settings\Administrator\Application Data\ProgSense
2010-10-26 10:36 . 2010-10-26 10:39        --------        d-----w-        c:\documents and settings\Administrator\Application Data\Orbit
2010-10-26 10:33 . 2010-10-26 10:33        --------        d-----w-        c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-10-26 09:34 . 2010-10-26 09:35        --------        d-----w-        c:\documents and settings\Martin\Application Data\FCAAC60ADBD2A67431F87ADADD3EE6E0
2010-10-25 17:55 . 2010-10-25 17:56        --------        d-----w-        c:\documents and settings\Martin\Application Data\Youtube Downloader HD

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 15:27 . 2010-09-13 15:27        25680        ----a-w-        c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-07 02:49 . 2010-09-07 02:49        298448        ----a-w-        c:\windows\system32\drivers\avgtdix.sys
2010-09-07 02:48 . 2010-09-07 02:48        34384        ----a-w-        c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 02:48 . 2010-09-07 02:48        249424        ----a-w-        c:\windows\system32\drivers\avgldx86.sys
2010-09-07 02:48 . 2010-09-07 02:48        26064        ----a-w-        c:\windows\system32\drivers\avgrkx86.sys
2010-08-19 20:42 . 2010-08-19 20:42        30288        ----a-w-        c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-19 20:42 . 2010-08-19 20:42        123472        ----a-w-        c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-19 20:42 . 2010-08-19 20:42        26192        ----a-w-        c:\windows\system32\drivers\AVGIDSShim.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 35D83FE8244BD4A242E58CDFC48FFF80 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 378B7DD8284DF7E748461C69E13D3913 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="e:\program\ZoneAlarm\zlclient.exe" [2010-06-28 1043968]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^Folding@home-gpu.lnk]
path=c:\documents and settings\Martin\Start Menu\Programs\Startup\Folding@home-gpu.lnk
backup=c:\windows\pss\Folding@home-gpu.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Martin\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-21 17:35        640440        ----a-w-        f:\software\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-12-22 00:26        38840        ----a-w-        f:\software\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37        932288        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58        611712        ----a-w-        c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2010-02-05 19:50        2521464        ----a-w-        c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-03-02 09:14        57344        ----a-w-        c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2007-10-04 16:38        307200        ----a-w-        c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42        15360        ----a-w-        c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40        687560        ----a-w-        e:\program\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32        1135912        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44        31072        ----a-w-        e:\program\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
2008-11-06 11:21        1548296        ----a-w-        c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2008-11-06 11:39        2816520        ----a-w-        c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDevAgt]
2008-11-06 11:41        358920        ----a-w-        c:\program files\Logitech\GamePanel Software\LGDevAgt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-10-06 14:34        18750976        ----a-w-        c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S7UB Start]
2008-07-14 23:02        102453        ----a-w-        e:\program files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-12-11 14:38        98304        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21        246504        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]
2008-06-16 01:02        135168        ----a-w-        c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate1c9dc50e11d5e64"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"e:\\Program\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"e:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4547:TCP"= 4547:TCP:krtyhd

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 26064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/3/2009 1:18 AM 717296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 298448]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [6/18/2010 7:26 PM 344064]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [6/18/2010 7:26 PM 389120]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [9/10/2010 1:45 AM 265400]
R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [6/25/2007 3:47 PM 28363]
R2 IGDCTRL;AVM IGD CTRL Service;e:\program\FRITZ!DSL\IGDCTRL.EXE [9/4/2007 10:14 AM 87344]
R2 s7asysvx;S7 Global Services;g:\program\Siemens\Step7\S7BIN\s7asysvx.exe [7/14/2008 7:02 PM 69685]
R2 s7oiehsx;SIMATIC IEPG Help Service;e:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [7/3/2008 1:30 PM 1571912]
R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [7/3/2008 1:04 PM 31232]
R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [7/30/2007 12:06 PM 71168]
R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [7/3/2008 1:30 PM 240712]
S2 almservice;Automation License Manager Service;e:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [5/20/2008 3:10 PM 1146880]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 AF05BDA;Cinergy T USB XE service;c:\windows\system32\drivers\AF05BDA.sys [4/25/2009 4:48 PM 117376]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/19/2009 4:27 PM 1684736]
S3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [6/18/2010 7:28 PM 474880]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [10/11/2010 12:58 PM 6104656]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 26192]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2/11/2010 1:19 PM 36608]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [10/18/2002 2:34 AM 30512]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [9/2/2010 8:00 AM 252032]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [9/2/2010 8:00 AM 398720]
S4 gupdate1c9dc50e11d5e64;Google Update Service (gupdate1c9dc50e11d5e64);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2009 10:20 AM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
toogmft
oruqjr
mlkynlqkb
oqimg
bmljcgc
scinetu
eqkfl
.
Inhalt des "geplante Tasks" Ordners

2010-11-07 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.13\DriverRobot.exe [2009-10-18 20:35]

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 09:20]

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 09:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
IE: &Download by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/202
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - e:\program\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save Flash - e:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
IE: Save YouTube Video - e:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - www.google.at
FF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: e:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: e:\program\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program\VideoLAN\VLC\npvlc.dll

---- FIREFOX Richtlinien ----
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
e:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-12CFG214-K641-12SF-N85P - c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
MSConfigStartUp-Java developer Script Browse - c:\windows\jusched.exe
MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-Microsoft Driver Setup - c:\windows\cfdrive32.exe
MSConfigStartUp-oxnrmsawec - c:\docume~1\Martin\LOCALS~1\Temp\oxnrmsawec.tmp
MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
MSConfigStartUp-xacrnowesm - c:\docume~1\Martin\LOCALS~1\Temp\xacrnowesm.tmp



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-09 07:19
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1563985344-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:20,77,a7,13,4d,57,e7,e8,f0,71,d5,4e,f0,fe,81,02,ba,e8,04,20,06,f0,12,
  ff,a0,3a,e8,55,45,eb,4e,ba,69,97,3d,64,ae,00,f3,4c,ba,e1,09,ca,88,7d,80,8c,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-1004336348-1563985344-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7d,b4,35,b9,89,0b,d1,22,ec,e3,6a,6c,19,e1,c7,73,d3,d5,30,67,23,
  55,da,9f,42,e1,82,db,07,d2,9f,27,e8,e9,44,bb,dc,19,cb,aa,98,73,df,bb,29,2e,\
"rkeysecu"=hex:9b,04,a8,92,08,fb,4f,36,8b,5e,a1,13,bb,bb,01,d1

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:97,5d,d3,2c,23,ce,9f,1f,b5,4c,46,8b,97,b4,c3,aa,1e,d2,5a,0e,57,
  91,8f,44,d6,46,e1,d8,d2,fd,d3,50,fd,80,f8,fe,aa,26,03,84,3c,e9,20,1b,17,ec,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:97,5d,d3,2c,23,ce,9f,1f,b5,4c,46,8b,97,b4,c3,aa,1e,d2,5a,0e,57,
  91,8f,44,d6,46,e1,d8,d2,fd,d3,50,fd,80,f8,fe,aa,26,03,84,3c,e9,20,1b,17,ec,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(988)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
e:\program\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-09  07:21:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-11-09 06:21

Vor Suchlauf: 16.654.684.160 bytes free
Nach Suchlauf: 16.451.829.760 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D8119EA07EF3C199754A10FD62883E5B
--- --- ---

cosinus 10.11.2010 07:31
Zitat:
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
Dieses Teil bitte deinstallieren. ZoneAlarm ist wirkungslos bis kontraproduktiv...
Nach der Deinstallation bitte so weitermachen:

Diese saubere winlogon.exe direkt nach c:\ herunterladen => File-Upload.net - winlogon.exe
Anschließend kommen weitere Schritte mit CF:


Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
FCopy::
c:\winlogon.exe | c:\windows\system32\winlogon.exe

Filelook::
c:\windows\explorer.exe
c:\windows\ServicePackFiles\i386\explorer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4547:TCP"=-

Netsvc::
toogmft
oruqjr
mlkynlqkb
oqimg
bmljcgc
scinetu
eqkfl
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

fcangmar 11.11.2010 22:27
Hi,

wow, wie kann man sich so gut auskennen?

Combofix Logfile:
Code:
ComboFix 10-11-07.A2 - Martin 11.11.2010  22:18:19.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.43.1033.18.2047.1549 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Martin\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\documents and settings\Martin\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\winlogon.exe

c:\windows\system32\winlogon.exe . . . ist infiziert!!

Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\ServicePackFiles\i386\explorer.exe wurde wiederhergestellt

.
--------------- FCopy ---------------

c:\winlogon.exe --> c:\windows\system32\winlogon.exe
.
(((((((((((((((((((((((  Dateien erstellt von 2010-10-11 bis 2010-11-11  ))))))))))))))))))))))))))))))
.

2010-11-08 21:58 . 2010-11-08 21:58        --------        d-----w-        C:\_OTL
2010-11-06 22:43 . 2010-11-06 22:44        --------        d-----w-        C:\!KillBox
2010-11-06 09:31 . 2010-11-06 09:31        --------        d-----w-        c:\documents and settings\All Users\Application Data\KONAMI
2010-11-05 22:03 . 2001-08-17 12:28        771581        -c--a-w-        c:\windows\system32\dllcache\winacisa.sys
2010-11-05 22:02 . 2001-08-17 21:36        26624        -c--a-w-        c:\windows\system32\dllcache\umaxu22.dll
2010-11-05 22:01 . 2001-08-17 11:13        37961        -c--a-w-        c:\windows\system32\dllcache\tdk100b.sys
2010-11-05 22:00 . 2001-08-17 12:56        7552        -c--a-w-        c:\windows\system32\dllcache\sonypvu1.sys
2010-11-05 21:59 . 2001-08-17 11:50        101760        -c--a-w-        c:\windows\system32\dllcache\sis300ip.sys
2010-11-05 21:58 . 2001-08-17 21:36        79872        -c--a-w-        c:\windows\system32\dllcache\rwia430.dll
2010-11-05 21:57 . 2001-08-17 13:07        19840        -c--a-w-        c:\windows\system32\dllcache\philtune.sys
2010-11-05 21:56 . 2001-08-17 11:49        51552        -c--a-w-        c:\windows\system32\dllcache\ntgrip.sys
2010-11-05 21:55 . 2008-04-13 23:16        51200        -c--a-w-        c:\windows\system32\dllcache\msdv.sys
2010-11-05 21:54 . 2001-08-17 21:36        8192        -c--a-w-        c:\windows\system32\dllcache\kbdkor.dll
2010-11-05 21:53 . 2001-08-17 21:36        61952        -c--a-w-        c:\windows\system32\dllcache\icam4ext.dll
2010-11-05 21:52 . 2001-08-17 21:36        9759        -c--a-w-        c:\windows\system32\dllcache\hsf_inst.dll
2010-11-05 21:51 . 2001-08-17 11:13        27165        -c--a-w-        c:\windows\system32\dllcache\fetnd5.sys
2010-11-05 21:51 . 2001-08-17 11:10        22090        -c--a-w-        c:\windows\system32\dllcache\fem556n5.sys
2010-11-05 21:51 . 2001-08-17 11:12        24618        -c--a-w-        c:\windows\system32\dllcache\fa410nd5.sys
2010-11-05 21:51 . 2001-08-17 11:12        16074        -c--a-w-        c:\windows\system32\dllcache\fa312nd5.sys
2010-11-05 21:51 . 2001-08-17 11:11        11850        -c--a-w-        c:\windows\system32\dllcache\f3ab18xj.sys
2010-11-05 21:51 . 2001-08-17 11:11        12362        -c--a-w-        c:\windows\system32\dllcache\f3ab18xi.sys
2010-11-05 21:51 . 2001-08-17 12:52        7040        -c--a-w-        c:\windows\system32\dllcache\exabyte2.sys
2010-11-05 21:51 . 2001-08-17 11:12        16998        -c--a-w-        c:\windows\system32\dllcache\ex10.sys
2010-11-05 21:47 . 2001-08-17 21:36        6729        -c--a-w-        c:\windows\system32\dllcache\disrvci.dll
2010-11-05 21:46 . 2001-08-17 12:51        13824        -c--a-w-        c:\windows\system32\dllcache\bulltlp3.sys
2010-11-05 20:45 . 2010-11-11 21:10        513024        ----a-w-        c:\windows\system32\winlogon.exe
2010-11-05 14:44 . 2010-11-05 14:44        --------        d-----w-        c:\documents and settings\Martin\Application Data\AVG10
2010-11-05 14:44 . 2010-11-05 14:44        --------        d--h--w-        c:\documents and settings\All Users\Application Data\Common Files
2010-11-05 14:44 . 2010-11-11 21:16        --------        d-----w-        c:\documents and settings\All Users\Application Data\AVG10
2010-11-05 14:44 . 2010-11-05 14:44        --------        d-----w-        c:\program files\AVG
2010-11-05 14:37 . 2010-11-05 14:40        --------        d-----w-        c:\documents and settings\All Users\Application Data\MFAData
2010-11-05 14:12 . 2010-11-05 14:12        --------        d-----w-        c:\program files\Enigma Software Group
2010-11-03 04:52 . 2010-11-03 04:55        --------        d-----w-        c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-11-02 18:39 . 2010-06-28 12:00        46592        ----a-w-        c:\windows\system32\vsutil_loc0407.dll
2010-11-02 18:07 . 2008-04-14 04:42        1033728        ----a-w-        c:\windows\explorer.exe
2010-11-02 17:58 . 2010-11-05 14:40        --------        d-----w-        c:\documents and settings\All Users\Application Data\avg8
2010-11-02 16:57 . 2010-11-11 20:54        --------        d-----w-        c:\windows\Internet Logs
2010-11-02 16:41 . 2010-11-02 16:44        --------        d-----w-        c:\documents and settings\All Users\Application Data\fssg
2010-11-02 16:38 . 2010-11-02 16:40        --------        d-----w-        c:\documents and settings\All Users\Application Data\f-secure
2010-11-01 16:34 . 2010-11-01 16:34        --------        d-----w-        c:\documents and settings\Martin\Application Data\TrojanHunter
2010-10-27 22:04 . 2010-10-27 22:05        --------        d-----w-        c:\documents and settings\Martin\Local Settings\Application Data\Temp
2010-10-26 17:20 . 2010-10-26 17:21        --------        d-----w-        c:\program files\Graboid
2010-10-26 10:52 . 2010-10-26 10:52        --------        d-----w-        c:\documents and settings\Martin\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-10-26 10:41        --------        d-----w-        c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-04-29 14:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 10:41 . 2010-10-26 10:41        --------        d-----w-        c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-04-29 14:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-10-26 10:36 . 2010-10-26 10:36        --------        d-----w-        c:\documents and settings\Administrator\Application Data\ProgSense
2010-10-26 10:36 . 2010-10-26 10:39        --------        d-----w-        c:\documents and settings\Administrator\Application Data\Orbit
2010-10-26 10:33 . 2010-10-26 10:33        --------        d-----w-        c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-10-26 09:34 . 2010-10-26 09:35        --------        d-----w-        c:\documents and settings\Martin\Application Data\FCAAC60ADBD2A67431F87ADADD3EE6E0
2010-10-25 17:55 . 2010-10-25 17:56        --------        d-----w-        c:\documents and settings\Martin\Application Data\Youtube Downloader HD

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\explorer.exe ---
Company: Microsoft Corporation
File Description: Windows Explorer
File Version: 6.00.2900.5512 (xpsp.080413-2105)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: EXPLORER.EXE
File size: 1033728
Created time: 2010-11-02 18:07
Modified time: 2008-04-14 04:42
MD5: 378B7DD8284DF7E748461C69E13D3913
SHA1: 7F6BE072DDC7D9C8AD4038974BC23C26A01A9016


--- c:\windows\ServicePackFiles\i386\explorer.exe ---
Company: Microsoft Corporation
File Description: Windows Explorer
File Version: 6.00.2900.5512 (xpsp.080413-2105)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: EXPLORER.EXE
File size: 1033728
Created time: 2009-01-02 21:56
Modified time: 2008-04-14 04:42
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
SHA1: 9D2BF84874ABC5B6E9A2744B7865C193C08D362F


------- Sigcheck -------

[-] 2010-11-11 . 2F1F63845DB7EB2C6BD4EAB69F2B728C . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 358F7515ABCDCBB13201A42BEADD170E . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
(((((((((((((((((((((((((((((  SnapShot@2010-11-09_06.19.13  )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-11 20:52 . 2010-11-11 20:52        16384              c:\windows\Temp\Perflib_Perfdata_7c4.dat
+ 2010-11-11 21:23 . 2010-11-11 21:23        16384              c:\windows\Temp\Perflib_Perfdata_614.dat
+ 2004-08-04 12:00 . 2010-11-09 06:22        83950              c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-11-02 18:23        83950              c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-11-09 06:22        476318              c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-11-02 18:23        476318              c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^Folding@home-gpu.lnk]
path=c:\documents and settings\Martin\Start Menu\Programs\Startup\Folding@home-gpu.lnk
backup=c:\windows\pss\Folding@home-gpu.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Martin\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-21 17:35        640440        ----a-w-        f:\software\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-12-22 00:26        38840        ----a-w-        f:\software\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37        932288        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58        611712        ----a-w-        c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2010-02-05 19:50        2521464        ----a-w-        c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-03-02 09:14        57344        ----a-w-        c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2007-10-04 16:38        307200        ----a-w-        c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42        15360        ----a-w-        c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40        687560        ----a-w-        e:\program\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32        1135912        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44        31072        ----a-w-        e:\program\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
2008-11-06 11:21        1548296        ----a-w-        c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2008-11-06 11:39        2816520        ----a-w-        c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDevAgt]
2008-11-06 11:41        358920        ----a-w-        c:\program files\Logitech\GamePanel Software\LGDevAgt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-10-06 14:34        18750976        ----a-w-        c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S7UB Start]
2008-07-14 23:02        102453        ----a-w-        e:\program files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-12-11 14:38        98304        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21        246504        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]
2008-06-16 01:02        135168        ----a-w-        c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate1c9dc50e11d5e64"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"e:\\Program\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"e:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4547:TCP"= 4547:TCP:krtyhd

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/3/2009 1:18 AM 717296]
R2 almservice;Automation License Manager Service;e:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [5/20/2008 3:10 PM 1146880]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [6/18/2010 7:26 PM 344064]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [6/18/2010 7:26 PM 389120]
R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [6/25/2007 3:47 PM 28363]
R2 IGDCTRL;AVM IGD CTRL Service;e:\program\FRITZ!DSL\IGDCTRL.EXE [9/4/2007 10:14 AM 87344]
R2 s7asysvx;S7 Global Services;g:\program\Siemens\Step7\S7BIN\s7asysvx.exe [7/14/2008 7:02 PM 69685]
R2 s7oiehsx;SIMATIC IEPG Help Service;e:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [7/3/2008 1:30 PM 1571912]
R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [7/3/2008 1:04 PM 31232]
R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [7/30/2007 12:06 PM 71168]
R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [7/3/2008 1:30 PM 240712]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 AF05BDA;Cinergy T USB XE service;c:\windows\system32\drivers\AF05BDA.sys [4/25/2009 4:48 PM 117376]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/19/2009 4:27 PM 1684736]
S3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [6/18/2010 7:28 PM 474880]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2/11/2010 1:19 PM 36608]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [10/18/2002 2:34 AM 30512]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [9/2/2010 8:00 AM 252032]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [9/2/2010 8:00 AM 398720]
S4 gupdate1c9dc50e11d5e64;Google Update Service (gupdate1c9dc50e11d5e64);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2009 10:20 AM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2010-11-07 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.13\DriverRobot.exe [2009-10-18 20:35]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 09:20]

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 09:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
IE: &Download by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/202
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - e:\program\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save Flash - e:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
IE: Save YouTube Video - e:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - www.google.at
FF - component: e:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: e:\program\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program\VideoLAN\VLC\npvlc.dll

---- FIREFOX Richtlinien ----
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
e:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-11 22:23
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1563985344-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:20,77,a7,13,4d,57,e7,e8,f0,71,d5,4e,f0,fe,81,02,ba,e8,04,20,06,f0,12,
  ff,a0,3a,e8,55,45,eb,4e,ba,69,97,3d,64,ae,00,f3,4c,ba,e1,09,ca,88,7d,80,8c,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-1004336348-1563985344-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7d,b4,35,b9,89,0b,d1,22,ec,e3,6a,6c,19,e1,c7,73,d3,d5,30,67,23,
  55,da,9f,42,e1,82,db,07,d2,9f,27,e8,e9,44,bb,dc,19,cb,aa,98,73,df,bb,29,2e,\
"rkeysecu"=hex:9b,04,a8,92,08,fb,4f,36,8b,5e,a1,13,bb,bb,01,d1

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:97,5d,d3,2c,23,ce,9f,1f,b5,4c,46,8b,97,b4,c3,aa,1e,d2,5a,0e,57,
  91,8f,44,d6,46,e1,d8,d2,fd,d3,50,fd,80,f8,fe,aa,26,03,84,3c,e9,20,1b,17,ec,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:97,5d,d3,2c,23,ce,9f,1f,b5,4c,46,8b,97,b4,c3,aa,1e,d2,5a,0e,57,
  91,8f,44,d6,46,e1,d8,d2,fd,d3,50,fd,80,f8,fe,aa,26,03,84,3c,e9,20,1b,17,ec,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3784)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
e:\program\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-11  22:25:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-11-11 21:25
ComboFix2.txt  2010-11-09 06:21

Vor Suchlauf: 16.346.312.704 bytes free
Nach Suchlauf: 16.420.786.176 bytes free

- - End Of File - - 68109C4EC60BEF749E4A679B0163F9F4
--- --- ---

cosinus 11.11.2010 23:14
Hast Du ZoneAlarm noch nicht deinstalliert?

Wir müssen nochmal mit CF ran: => File-Upload.net - cosinus.zip
Die cosinus.zip runterladen und nach c:\cosinus entpacken, dann so wieder vorgehen:

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
FCopy::
c:\cosinus\explorer.exe | c:\windows\explorer.exe
c:\cosinus\winlogon.exe | c:\windows\system32\winlogon.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4547:TCP"=-

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

fcangmar 12.11.2010 01:26
zonealarm wurde deinstalliert, schon beim erstenmal

Combofix Logfile:
Code:
ComboFix 10-11-07.A2 - Martin 12.11.2010  1:16.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.43.1033.18.2047.1526 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Martin\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\documents and settings\Martin\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\explorer.exe
C:\winlogon.exe

c:\windows\system32\winlogon.exe . . . ist infiziert!!

Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\ServicePackFiles\i386\explorer.exe wurde wiederhergestellt

.
(((((((((((((((((((((((  Dateien erstellt von 2010-10-12 bis 2010-11-12  ))))))))))))))))))))))))))))))
.

2010-11-08 21:58 . 2010-11-08 21:58        --------        d-----w-        C:\_OTL
2010-11-06 22:43 . 2010-11-06 22:44        --------        d-----w-        C:\!KillBox
2010-11-06 09:31 . 2010-11-06 09:31        --------        d-----w-        c:\documents and settings\All Users\Application Data\KONAMI
2010-11-05 22:03 . 2001-08-17 12:28        771581        -c--a-w-        c:\windows\system32\dllcache\winacisa.sys
2010-11-05 22:02 . 2001-08-17 21:36        26624        -c--a-w-        c:\windows\system32\dllcache\umaxu22.dll
2010-11-05 22:01 . 2001-08-17 11:13        37961        -c--a-w-        c:\windows\system32\dllcache\tdk100b.sys
2010-11-05 22:00 . 2001-08-17 12:56        7552        -c--a-w-        c:\windows\system32\dllcache\sonypvu1.sys
2010-11-05 21:59 . 2001-08-17 11:50        101760        -c--a-w-        c:\windows\system32\dllcache\sis300ip.sys
2010-11-05 21:58 . 2001-08-17 21:36        79872        -c--a-w-        c:\windows\system32\dllcache\rwia430.dll
2010-11-05 21:57 . 2001-08-17 13:07        19840        -c--a-w-        c:\windows\system32\dllcache\philtune.sys
2010-11-05 21:56 . 2001-08-17 11:49        51552        -c--a-w-        c:\windows\system32\dllcache\ntgrip.sys
2010-11-05 21:55 . 2008-04-13 23:16        51200        -c--a-w-        c:\windows\system32\dllcache\msdv.sys
2010-11-05 21:54 . 2001-08-17 21:36        8192        -c--a-w-        c:\windows\system32\dllcache\kbdkor.dll
2010-11-05 21:53 . 2001-08-17 21:36        61952        -c--a-w-        c:\windows\system32\dllcache\icam4ext.dll
2010-11-05 21:52 . 2001-08-17 21:36        9759        -c--a-w-        c:\windows\system32\dllcache\hsf_inst.dll
2010-11-05 21:51 . 2001-08-17 11:13        27165        -c--a-w-        c:\windows\system32\dllcache\fetnd5.sys
2010-11-05 21:51 . 2001-08-17 11:10        22090        -c--a-w-        c:\windows\system32\dllcache\fem556n5.sys
2010-11-05 21:51 . 2001-08-17 11:12        24618        -c--a-w-        c:\windows\system32\dllcache\fa410nd5.sys
2010-11-05 21:51 . 2001-08-17 11:12        16074        -c--a-w-        c:\windows\system32\dllcache\fa312nd5.sys
2010-11-05 21:51 . 2001-08-17 11:11        11850        -c--a-w-        c:\windows\system32\dllcache\f3ab18xj.sys
2010-11-05 21:51 . 2001-08-17 11:11        12362        -c--a-w-        c:\windows\system32\dllcache\f3ab18xi.sys
2010-11-05 21:51 . 2001-08-17 12:52        7040        -c--a-w-        c:\windows\system32\dllcache\exabyte2.sys
2010-11-05 21:51 . 2001-08-17 11:12        16998        -c--a-w-        c:\windows\system32\dllcache\ex10.sys
2010-11-05 21:47 . 2001-08-17 21:36        6729        -c--a-w-        c:\windows\system32\dllcache\disrvci.dll
2010-11-05 21:46 . 2001-08-17 12:51        13824        -c--a-w-        c:\windows\system32\dllcache\bulltlp3.sys
2010-11-05 20:45 . 2010-11-11 21:10        513024        ----a-w-        c:\windows\system32\winlogon.exe
2010-11-05 14:44 . 2010-11-05 14:44        --------        d-----w-        c:\documents and settings\Martin\Application Data\AVG10
2010-11-05 14:44 . 2010-11-05 14:44        --------        d--h--w-        c:\documents and settings\All Users\Application Data\Common Files
2010-11-05 14:44 . 2010-11-12 00:12        --------        d-----w-        c:\documents and settings\All Users\Application Data\AVG10
2010-11-05 14:44 . 2010-11-05 14:44        --------        d-----w-        c:\program files\AVG
2010-11-05 14:37 . 2010-11-05 14:40        --------        d-----w-        c:\documents and settings\All Users\Application Data\MFAData
2010-11-05 14:12 . 2010-11-05 14:12        --------        d-----w-        c:\program files\Enigma Software Group
2010-11-03 04:52 . 2010-11-03 04:55        --------        d-----w-        c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-11-02 18:39 . 2010-06-28 12:00        46592        ----a-w-        c:\windows\system32\vsutil_loc0407.dll
2010-11-02 18:07 . 2008-04-14 04:42        1033728        ----a-w-        c:\windows\explorer.exe
2010-11-02 17:58 . 2010-11-05 14:40        --------        d-----w-        c:\documents and settings\All Users\Application Data\avg8
2010-11-02 16:57 . 2010-11-11 20:54        --------        d-----w-        c:\windows\Internet Logs
2010-11-02 16:41 . 2010-11-02 16:44        --------        d-----w-        c:\documents and settings\All Users\Application Data\fssg
2010-11-02 16:38 . 2010-11-02 16:40        --------        d-----w-        c:\documents and settings\All Users\Application Data\f-secure
2010-11-01 16:34 . 2010-11-01 16:34        --------        d-----w-        c:\documents and settings\Martin\Application Data\TrojanHunter
2010-10-27 22:04 . 2010-10-27 22:05        --------        d-----w-        c:\documents and settings\Martin\Local Settings\Application Data\Temp
2010-10-26 17:20 . 2010-10-26 17:21        --------        d-----w-        c:\program files\Graboid
2010-10-26 10:52 . 2010-10-26 10:52        --------        d-----w-        c:\documents and settings\Martin\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-10-26 10:41        --------        d-----w-        c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-04-29 14:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 10:41 . 2010-10-26 10:41        --------        d-----w-        c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-04-29 14:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-10-26 10:36 . 2010-10-26 10:36        --------        d-----w-        c:\documents and settings\Administrator\Application Data\ProgSense
2010-10-26 10:36 . 2010-10-26 10:39        --------        d-----w-        c:\documents and settings\Administrator\Application Data\Orbit
2010-10-26 10:33 . 2010-10-26 10:33        --------        d-----w-        c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-10-26 09:34 . 2010-10-26 09:35        --------        d-----w-        c:\documents and settings\Martin\Application Data\FCAAC60ADBD2A67431F87ADADD3EE6E0
2010-10-25 17:55 . 2010-10-25 17:56        --------        d-----w-        c:\documents and settings\Martin\Application Data\Youtube Downloader HD

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 00:13 . 2010-11-12 00:13        687173        ----a-w-        C:\cosinus.zip
.

------- Sigcheck -------

[-] 2010-11-11 . 2F1F63845DB7EB2C6BD4EAB69F2B728C . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 358F7515ABCDCBB13201A42BEADD170E . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
(((((((((((((((((((((((((((((  SnapShot@2010-11-09_06.19.13  )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-12 00:21 . 2010-11-12 00:21        16384              c:\windows\Temp\Perflib_Perfdata_7e8.dat
+ 2010-11-11 21:23 . 2010-11-11 21:23        16384              c:\windows\Temp\Perflib_Perfdata_614.dat
+ 2004-08-04 12:00 . 2010-11-09 06:22        83950              c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-11-02 18:23        83950              c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-11-09 06:22        476318              c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-11-02 18:23        476318              c:\windows\system32\perfh009.dat
+ 2010-11-11 21:49 . 2010-11-11 21:49        3019264              c:\windows\Installer\1796a9.msi
+ 2010-11-11 21:48 . 2010-11-11 21:48        1543680              c:\windows\Installer\1796a5.msi
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^Folding@home-gpu.lnk]
path=c:\documents and settings\Martin\Start Menu\Programs\Startup\Folding@home-gpu.lnk
backup=c:\windows\pss\Folding@home-gpu.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Martin\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-21 17:35        640440        ----a-w-        f:\software\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-12-22 00:26        38840        ----a-w-        f:\software\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37        932288        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58        611712        ----a-w-        c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2010-02-05 19:50        2521464        ----a-w-        c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-03-02 09:14        57344        ----a-w-        c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2007-10-04 16:38        307200        ----a-w-        c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42        15360        ----a-w-        c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40        687560        ----a-w-        e:\program\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32        1135912        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44        31072        ----a-w-        e:\program\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
2008-11-06 11:21        1548296        ----a-w-        c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2008-11-06 11:39        2816520        ----a-w-        c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDevAgt]
2008-11-06 11:41        358920        ----a-w-        c:\program files\Logitech\GamePanel Software\LGDevAgt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-10-06 14:34        18750976        ----a-w-        c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S7UB Start]
2008-07-14 23:02        102453        ----a-w-        e:\program files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-12-11 14:38        98304        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21        246504        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]
2008-06-16 01:02        135168        ----a-w-        c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate1c9dc50e11d5e64"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"e:\\Program\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"e:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/3/2009 1:18 AM 717296]
R2 almservice;Automation License Manager Service;e:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [5/20/2008 3:10 PM 1146880]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [6/18/2010 7:26 PM 344064]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [6/18/2010 7:26 PM 389120]
R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [6/25/2007 3:47 PM 28363]
R2 IGDCTRL;AVM IGD CTRL Service;e:\program\FRITZ!DSL\IGDCTRL.EXE [9/4/2007 10:14 AM 87344]
R2 s7asysvx;S7 Global Services;g:\program\Siemens\Step7\S7BIN\s7asysvx.exe [7/14/2008 7:02 PM 69685]
R2 s7oiehsx;SIMATIC IEPG Help Service;e:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [7/3/2008 1:30 PM 1571912]
R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [7/3/2008 1:04 PM 31232]
R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [7/30/2007 12:06 PM 71168]
R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [7/3/2008 1:30 PM 240712]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 AF05BDA;Cinergy T USB XE service;c:\windows\system32\drivers\AF05BDA.sys [4/25/2009 4:48 PM 117376]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/19/2009 4:27 PM 1684736]
S3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [6/18/2010 7:28 PM 474880]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2/11/2010 1:19 PM 36608]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [10/18/2002 2:34 AM 30512]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [9/2/2010 8:00 AM 252032]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [9/2/2010 8:00 AM 398720]
S4 gupdate1c9dc50e11d5e64;Google Update Service (gupdate1c9dc50e11d5e64);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2009 10:20 AM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2010-11-07 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.13\DriverRobot.exe [2009-10-18 20:35]

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 09:20]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 09:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
IE: &Download by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/202
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - e:\program\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save Flash - e:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
IE: Save YouTube Video - e:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - www.google.at
FF - component: e:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: e:\program\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program\VideoLAN\VLC\npvlc.dll

---- FIREFOX Richtlinien ----
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
e:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-12 01:21
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1563985344-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:20,77,a7,13,4d,57,e7,e8,f0,71,d5,4e,f0,fe,81,02,ba,e8,04,20,06,f0,12,
  ff,a0,3a,e8,55,45,eb,4e,ba,69,97,3d,64,ae,00,f3,4c,ba,e1,09,ca,88,7d,80,8c,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-1004336348-1563985344-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7d,b4,35,b9,89,0b,d1,22,ec,e3,6a,6c,19,e1,c7,73,d3,d5,30,67,23,
  55,da,9f,42,e1,82,db,07,d2,9f,27,e8,e9,44,bb,dc,19,cb,aa,98,73,df,bb,29,2e,\
"rkeysecu"=hex:9b,04,a8,92,08,fb,4f,36,8b,5e,a1,13,bb,bb,01,d1

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:97,5d,d3,2c,23,ce,9f,1f,b5,4c,46,8b,97,b4,c3,aa,1e,d2,5a,0e,57,
  91,8f,44,d6,46,e1,d8,d2,fd,d3,50,fd,80,f8,fe,aa,26,03,84,3c,e9,20,1b,17,ec,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:97,5d,d3,2c,23,ce,9f,1f,b5,4c,46,8b,97,b4,c3,aa,1e,d2,5a,0e,57,
  91,8f,44,d6,46,e1,d8,d2,fd,d3,50,fd,80,f8,fe,aa,26,03,84,3c,e9,20,1b,17,ec,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3828)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
e:\program\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-12  01:23:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-11-12 00:23
ComboFix2.txt  2010-11-11 21:25
ComboFix3.txt  2010-11-09 06:21

Vor Suchlauf: 15.900.323.840 bytes free
Nach Suchlauf: 15.885.885.440 bytes free

- - End Of File - - 83E136E3E9300873900DE65411C35A21
--- --- ---

cosinus 12.11.2010 06:14
Lässt sich mit CF nicht fixen :balla:

PartedMagic

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 70 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn oder Nero per Imagebrennfunktion unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist

http://www.raiden.net/images/article...tedmagic40.jpg

4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken
5. Mounte die Partition wo Windows installiert ist, meistens ist es /dev/sda1
6. Benenne auf der Windows-Partition die Dateien um:

/windows/system32/winlogon.exe in winlogon.vir
/windows/explorer.exe in explorer.vir

7. Kopiere die beiden sauberen Dateien aus der cosinus.zip (ggf vorher per Rechtsklick entpacken) in die jew. Ordner - winlogon.exe nach windows/system32, die explorer.exe in den windows ordner

8. Starte den Rechner neu und boote Windows
9. Die in Linux umbenannte Dateien bei Virustotal.com auswerten lassen und Ergebnislinks posten

fcangmar 14.11.2010 11:40
Hi,

die neuen .exe Dateien, wären somit ok? Wie gehe ich mit den .vir um, löschen? Wie kann ich in Zukunft solch einen Fall vermeiden, habe immer AVG free verwendet und bis dato keine Schwierigkeiten gehabt.

anbei die Links:
explorer:

hxxp://www.virustotal.com/file-scan/reanalysis.html?id=34205b1a8f2b67ad40c7268956ce0b986f5efd096022591c8a11206744f4fb70-1289730818
hxxp://www.virustotal.com/file-scan/report.html?id=34205b1a8f2b67ad40c7268956ce0b986f5efd096022591c8a11206744f4fb70-1289730818


winlogon:

hxxp://www.virustotal.com/file-scan/report.html?id=15bfd2571480a86f939b3280dc6ef87ae6c17536ec4091fa9acb655e7fd6c041-1289730918

Mfg
Martin

cosinus 14.11.2010 18:43
Zitat:
habe immer AVG free verwendet und bis dato keine Schwierigkeiten gehabt.
Welchen Virenscanner du verwendest ist im Grunde völlig egal, denn 100% SIcherheit bietet keiner. Mal hat der eine Scanner bessere Erkennungsraten, mal ein anderer. Das ist fast schon eine Glaubensfrage. AVG Free ist schon ok.


Mach mal bitte einen neuen Durchgang mit CF mit neuer cofi.exe - ich will sehen ob das Ersetzen der Dateien diesmal von dauerhaftem Erfolg ist oder ob die kürzlich zurückkopierten Dateien wieder infiziert wurden:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

fcangmar 14.11.2010 20:35
Hi,

Combofix Logfile:
Code:
ComboFix 10-11-13.01 - Martin 14.11.2010  20:30:17.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.43.1033.18.2047.1526 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Martin\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((  Dateien erstellt von 2010-10-14 bis 2010-11-14  ))))))))))))))))))))))))))))))
.

2010-11-14 10:14 . 2010-11-11 22:10        1036800        ----a-w-        c:\windows\explorer.exe
2010-11-14 10:14 . 2010-11-11 22:09        513024        ----a-w-        c:\windows\system32\winlogon.exe
2010-11-08 21:58 . 2010-11-08 21:58        --------        d-----w-        C:\_OTL
2010-11-06 22:43 . 2010-11-06 22:44        --------        d-----w-        C:\!KillBox
2010-11-06 09:31 . 2010-11-06 09:31        --------        d-----w-        c:\documents and settings\All Users\Application Data\KONAMI
2010-11-05 22:03 . 2001-08-17 12:28        771581        -c--a-w-        c:\windows\system32\dllcache\winacisa.sys
2010-11-05 22:02 . 2001-08-17 21:36        26624        -c--a-w-        c:\windows\system32\dllcache\umaxu22.dll
2010-11-05 22:01 . 2001-08-17 11:13        37961        -c--a-w-        c:\windows\system32\dllcache\tdk100b.sys
2010-11-05 22:00 . 2001-08-17 12:56        7552        -c--a-w-        c:\windows\system32\dllcache\sonypvu1.sys
2010-11-05 21:59 . 2001-08-17 11:50        101760        -c--a-w-        c:\windows\system32\dllcache\sis300ip.sys
2010-11-05 21:58 . 2001-08-17 21:36        79872        -c--a-w-        c:\windows\system32\dllcache\rwia430.dll
2010-11-05 21:57 . 2001-08-17 13:07        19840        -c--a-w-        c:\windows\system32\dllcache\philtune.sys
2010-11-05 21:56 . 2001-08-17 11:49        51552        -c--a-w-        c:\windows\system32\dllcache\ntgrip.sys
2010-11-05 21:55 . 2008-04-13 23:16        51200        -c--a-w-        c:\windows\system32\dllcache\msdv.sys
2010-11-05 21:54 . 2001-08-17 21:36        8192        -c--a-w-        c:\windows\system32\dllcache\kbdkor.dll
2010-11-05 21:53 . 2001-08-17 21:36        61952        -c--a-w-        c:\windows\system32\dllcache\icam4ext.dll
2010-11-05 21:52 . 2001-08-17 21:36        9759        -c--a-w-        c:\windows\system32\dllcache\hsf_inst.dll
2010-11-05 21:51 . 2001-08-17 11:13        27165        -c--a-w-        c:\windows\system32\dllcache\fetnd5.sys
2010-11-05 21:51 . 2001-08-17 11:10        22090        -c--a-w-        c:\windows\system32\dllcache\fem556n5.sys
2010-11-05 21:51 . 2001-08-17 11:12        24618        -c--a-w-        c:\windows\system32\dllcache\fa410nd5.sys
2010-11-05 21:51 . 2001-08-17 11:12        16074        -c--a-w-        c:\windows\system32\dllcache\fa312nd5.sys
2010-11-05 21:51 . 2001-08-17 11:11        11850        -c--a-w-        c:\windows\system32\dllcache\f3ab18xj.sys
2010-11-05 21:51 . 2001-08-17 11:11        12362        -c--a-w-        c:\windows\system32\dllcache\f3ab18xi.sys
2010-11-05 21:51 . 2001-08-17 12:52        7040        -c--a-w-        c:\windows\system32\dllcache\exabyte2.sys
2010-11-05 21:51 . 2001-08-17 11:12        16998        -c--a-w-        c:\windows\system32\dllcache\ex10.sys
2010-11-05 21:47 . 2001-08-17 21:36        6729        -c--a-w-        c:\windows\system32\dllcache\disrvci.dll
2010-11-05 21:46 . 2001-08-17 12:51        13824        -c--a-w-        c:\windows\system32\dllcache\bulltlp3.sys
2010-11-05 20:45 . 2010-11-11 21:10        513024        ----a-w-        c:\windows\system32\winlogon.vir
2010-11-05 14:44 . 2010-11-05 14:44        --------        d-----w-        c:\documents and settings\Martin\Application Data\AVG10
2010-11-05 14:44 . 2010-11-05 14:44        --------        d--h--w-        c:\documents and settings\All Users\Application Data\Common Files
2010-11-05 14:44 . 2010-11-12 00:12        --------        d-----w-        c:\documents and settings\All Users\Application Data\AVG10
2010-11-05 14:44 . 2010-11-05 14:44        --------        d-----w-        c:\program files\AVG
2010-11-05 14:37 . 2010-11-05 14:40        --------        d-----w-        c:\documents and settings\All Users\Application Data\MFAData
2010-11-05 14:12 . 2010-11-05 14:12        --------        d-----w-        c:\program files\Enigma Software Group
2010-11-03 04:52 . 2010-11-03 04:55        --------        d-----w-        c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-11-02 18:39 . 2010-06-28 12:00        46592        ----a-w-        c:\windows\system32\vsutil_loc0407.dll
2010-11-02 18:07 . 2008-04-14 04:42        1033728        ----a-w-        c:\windows\explorer.vir
2010-11-02 17:58 . 2010-11-05 14:40        --------        d-----w-        c:\documents and settings\All Users\Application Data\avg8
2010-11-02 16:57 . 2010-11-11 20:54        --------        d-----w-        c:\windows\Internet Logs
2010-11-02 16:41 . 2010-11-02 16:44        --------        d-----w-        c:\documents and settings\All Users\Application Data\fssg
2010-11-02 16:38 . 2010-11-02 16:40        --------        d-----w-        c:\documents and settings\All Users\Application Data\f-secure
2010-11-01 16:34 . 2010-11-01 16:34        --------        d-----w-        c:\documents and settings\Martin\Application Data\TrojanHunter
2010-10-27 22:04 . 2010-10-27 22:05        --------        d-----w-        c:\documents and settings\Martin\Local Settings\Application Data\Temp
2010-10-26 17:20 . 2010-10-26 17:21        --------        d-----w-        c:\program files\Graboid
2010-10-26 10:52 . 2010-10-26 10:52        --------        d-----w-        c:\documents and settings\Martin\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-10-26 10:41        --------        d-----w-        c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-04-29 14:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 10:41 . 2010-10-26 10:41        --------        d-----w-        c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-04-29 14:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-10-26 10:36 . 2010-10-26 10:36        --------        d-----w-        c:\documents and settings\Administrator\Application Data\ProgSense
2010-10-26 10:36 . 2010-10-26 10:39        --------        d-----w-        c:\documents and settings\Administrator\Application Data\Orbit
2010-10-26 10:33 . 2010-10-26 10:33        --------        d-----w-        c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-10-26 09:34 . 2010-10-26 09:35        --------        d-----w-        c:\documents and settings\Martin\Application Data\FCAAC60ADBD2A67431F87ADADD3EE6E0
2010-10-25 17:55 . 2010-10-25 17:56        --------        d-----w-        c:\documents and settings\Martin\Application Data\Youtube Downloader HD

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 00:13 . 2010-11-12 00:13        687173        ----a-w-        C:\cosinus.zip
.

------- Sigcheck -------

[-] 2010-11-11 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2010-11-11 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
(((((((((((((((((((((((((((((  SnapShot@2010-11-09_06.19.13  )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-14 10:28 . 2010-11-14 10:28        16384              c:\windows\Temp\Perflib_Perfdata_678.dat
+ 2004-08-04 12:00 . 2010-11-09 06:22        83950              c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-11-02 18:23        83950              c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-11-09 06:22        476318              c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-11-02 18:23        476318              c:\windows\system32\perfh009.dat
+ 2010-11-11 21:49 . 2010-11-11 21:49        3019264              c:\windows\Installer\1796a9.msi
+ 2010-11-11 21:48 . 2010-11-11 21:48        1543680              c:\windows\Installer\1796a5.msi
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^Folding@home-gpu.lnk]
path=c:\documents and settings\Martin\Start Menu\Programs\Startup\Folding@home-gpu.lnk
backup=c:\windows\pss\Folding@home-gpu.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Martin\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-21 17:35        640440        ----a-w-        f:\software\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-12-22 00:26        38840        ----a-w-        f:\software\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37        932288        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58        611712        ----a-w-        c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2010-02-05 19:50        2521464        ----a-w-        c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-03-02 09:14        57344        ----a-w-        c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2007-10-04 16:38        307200        ----a-w-        c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42        15360        ----a-w-        c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40        687560        ----a-w-        e:\program\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32        1135912        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44        31072        ----a-w-        e:\program\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
2008-11-06 11:21        1548296        ----a-w-        c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2008-11-06 11:39        2816520        ----a-w-        c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDevAgt]
2008-11-06 11:41        358920        ----a-w-        c:\program files\Logitech\GamePanel Software\LGDevAgt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-10-06 14:34        18750976        ----a-w-        c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S7UB Start]
2008-07-14 23:02        102453        ----a-w-        e:\program files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-12-11 14:38        98304        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21        246504        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]
2008-06-16 01:02        135168        ----a-w-        c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate1c9dc50e11d5e64"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"e:\\Program\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"e:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"g:\\Games\\PES11\\pes2011.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/3/2009 1:18 AM 717296]
R2 almservice;Automation License Manager Service;e:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [5/20/2008 3:10 PM 1146880]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [6/18/2010 7:26 PM 344064]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [6/18/2010 7:26 PM 389120]
R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [6/25/2007 3:47 PM 28363]
R2 IGDCTRL;AVM IGD CTRL Service;e:\program\FRITZ!DSL\IGDCTRL.EXE [9/4/2007 10:14 AM 87344]
R2 s7asysvx;S7 Global Services;g:\program\Siemens\Step7\S7BIN\s7asysvx.exe [7/14/2008 7:02 PM 69685]
R2 s7oiehsx;SIMATIC IEPG Help Service;e:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [7/3/2008 1:30 PM 1571912]
R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [7/3/2008 1:04 PM 31232]
R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [7/30/2007 12:06 PM 71168]
R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [7/3/2008 1:30 PM 240712]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 AF05BDA;Cinergy T USB XE service;c:\windows\system32\drivers\AF05BDA.sys [4/25/2009 4:48 PM 117376]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/19/2009 4:27 PM 1684736]
S3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [6/18/2010 7:28 PM 474880]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2/11/2010 1:19 PM 36608]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [10/18/2002 2:34 AM 30512]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [9/2/2010 8:00 AM 252032]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [9/2/2010 8:00 AM 398720]
S4 gupdate1c9dc50e11d5e64;Google Update Service (gupdate1c9dc50e11d5e64);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2009 10:20 AM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2010-11-07 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.13\DriverRobot.exe [2009-10-18 20:35]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 09:20]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 09:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
IE: &Download by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/202
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - e:\program\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save Flash - e:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
IE: Save YouTube Video - e:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - www.google.at
FF - component: e:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: e:\program\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program\VideoLAN\VLC\npvlc.dll

---- FIREFOX Richtlinien ----
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
e:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-14 20:32
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1563985344-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:20,77,a7,13,4d,57,e7,e8,f0,71,d5,4e,f0,fe,81,02,ba,e8,04,20,06,f0,12,
  ff,a0,3a,e8,55,45,eb,4e,ba,69,97,3d,64,ae,00,f3,4c,ba,e1,09,ca,88,7d,80,8c,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-1004336348-1563985344-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7d,b4,35,b9,89,0b,d1,22,ec,e3,6a,6c,19,e1,c7,73,d3,d5,30,67,23,
  55,da,9f,42,e1,82,db,07,d2,9f,27,e8,e9,44,bb,dc,19,cb,aa,98,73,df,bb,29,2e,\
"rkeysecu"=hex:9b,04,a8,92,08,fb,4f,36,8b,5e,a1,13,bb,bb,01,d1

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:97,5d,d3,2c,23,ce,9f,1f,b5,4c,46,8b,97,b4,c3,aa,1e,d2,5a,0e,57,
  91,8f,44,d6,46,e1,d8,d2,fd,d3,50,fd,80,f8,fe,aa,26,03,84,3c,e9,20,1b,17,ec,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:97,5d,d3,2c,23,ce,9f,1f,b5,4c,46,8b,97,b4,c3,aa,1e,d2,5a,0e,57,
  91,8f,44,d6,46,e1,d8,d2,fd,d3,50,fd,80,f8,fe,aa,26,03,84,3c,e9,20,1b,17,ec,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3540)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
Zeit der Fertigstellung: 2010-11-14  20:34:01
ComboFix-quarantined-files.txt  2010-11-14 19:33
ComboFix2.txt  2010-11-12 00:23
ComboFix3.txt  2010-11-11 21:25
ComboFix4.txt  2010-11-09 06:21

Vor Suchlauf: 15.761.002.496 bytes free
Nach Suchlauf: 15.743.012.864 bytes free

- - End Of File - - 35756ADC67B286C0CE19A15B48BC4E0A
--- --- ---


Lg

cosinus 14.11.2010 21:07
Code:
[-] 2010-11-11 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2010-11-11 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
So richtig gefällt CF das noch nicht, aber ich denke die Prüfsummen sind einfach nur unbekannt. Die bei dir stimmen jetzt mit den auf meinem WinXP überein, sollte also jetzt sauber sein.

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

fcangmar 14.11.2010 22:01
Hi,

Osam:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:57:45 on 14.11.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16915

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Driver Robot.job" - ? - C:\Program Files\Driver Robot\1.1.0.13\DriverRobot.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"S7epaepx.cpl" - "SIEMENS AG" - C:\WINDOWS\system32\S7epaepx.cpl
"S7EPATDX.CPL" - "SIEMENS AG" - C:\WINDOWS\system32\S7EPATDX.CPL
"S7UBCPLX.CPL" - "SIEMENS AG" - C:\WINDOWS\system32\S7UBCPLX.CPL
"wuaucpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Version Cue CS4" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.cpl
"lgLcdCpl" - "Logitech Inc." - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - E:\Program\MICROS~1\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - E:\Program\Nero 9\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a9ks41g6" (a9ks41g6) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a9ks41g6.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"adfs" (adfs) - "Adobe Systems, Inc." - C:\WINDOWS\system32\drivers\adfs.sys
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"AVG Anti-Rootkit Driver" (Avgrkx86) - ? - C:\WINDOWS\System32\DRIVERS\avgrkx86.sys  (File not found)
"AVG TDI Driver" (Avgtdix) - ? - C:\WINDOWS\System32\DRIVERS\avgtdix.sys  (File not found)
"AVGIDSDriver" (AVGIDSDriver) - ? - C:\WINDOWS\System32\DRIVERS\AVGIDSDriver.Sys  (File not found)
"AVGIDSEH" (AVGIDSEH) - ? - C:\WINDOWS\System32\DRIVERS\AVGIDSEH.Sys  (File not found)
"AVGIDSFilter" (AVGIDSFilter) - ? - C:\WINDOWS\System32\DRIVERS\AVGIDSFilter.Sys  (File not found)
"AVGIDSShim" (AVGIDSShim) - ? - C:\WINDOWS\System32\DRIVERS\AVGIDSShim.Sys  (File not found)
"catchme" (catchme) - ? - C:\DOCUME~1\Martin\LOCALS~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Cinergy T USB XE service" (AF05BDA) - "AfaTech                  " - C:\WINDOWS\System32\DRIVERS\AF05BDA.sys
"Dpmtrcdd" (Dpmtrcdd) - "SIEMENS AG" - C:\WINDOWS\System32\DRIVERS\dpmtrcdd.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys
"esgiguard" (esgiguard) - ? - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"mbr" (mbr) - ? - C:\DOCUME~1\Martin\LOCALS~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PROFINET IO RT-Protocol" (s7snsrtx) - "SIEMENS AG" - C:\WINDOWS\System32\DRIVERS\s7snsrtx.sys
"PROFINET IO RT-Protocol (LLDP)" (S7opcsrtx) - "SIEMENS AG" - C:\WINDOWS\System32\DRIVERS\s7opcsrtx.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"pxtdqpow" (pxtdqpow) - ? - C:\DOCUME~1\Martin\LOCALS~1\Temp\pxtdqpow.sys  (Hidden registry entry, rootkit activity | File not found)
"SIMATIC Industrial Ethernet (ISO)" (SNTIE) - "SIEMENS AG" - C:\WINDOWS\System32\DRIVERS\sntie.sys
"SIMATIC MPI/EFS Driver" (s7oefs_x) - "SIEMENS AG" - C:\WINDOWS\System32\drivers\s7oefs_x.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"Vimicro Camera Filter Service VMUVC" (vvftUVC) - "Vimicro Corporation" - C:\WINDOWS\System32\drivers\vvftUVC.sys
"Vimicro Camera Service VMUVC" (VMUVC) - "Vimicro Corporation" - C:\WINDOWS\System32\Drivers\VMUVC.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - E:\Program\Open Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - F:\Software\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\VISSHE.DLL
{42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension" - ? - deskpan.dll  (File not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" - ? -  (File not found | COM-object registry key not found)
{E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise-Projekte" - "Microsoft Corporation" - E:\Program\MICROS~1\Office12\NAMEEXT.DLL
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\VISSHE.DLL
{B2260382-5E6E-4EEB-9E6F-1122AC37C1E4} "JtWinShellExt" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - E:\Program\MICROS~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - E:\Program\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - E:\Program\Nero 9\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - E:\Program\Open Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - E:\Program\Open Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - E:\Program\Open Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - E:\Program\Open Office\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - E:\Program\MICROS~1\Office12\OLKFSTUB.DLL
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression" - ? -  (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - E:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
{45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL
{44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{F81D52BF-F2F1-4F49-BF5F-05664E803039} "Flash" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
<binary data> "Grab Pro" - ? - E:\Program Files\Orbitdownloader\GrabPro.dll
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{32099AAC-C132-4136-9E9A-4E364A424E17}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - E:\Program\MICROS~1\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - E:\Program\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} "Contribute Toolbar" - "Adobe Systems Incorporated." - F:\Software\Adobe\Adobe Contribute CS4\contributeieplugin.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
<binary data> "Grab Pro" - ? - E:\Program Files\Orbitdownloader\GrabPro.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{074C1DC5-9320-4A9A-947D-C042949C6216} "ContributeBHO Class" - "Adobe Systems Incorporated." - F:\Software\Adobe\Adobe Contribute CS4\contributeieplugin.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - E:\Program Files\Orbitdownloader\orbitcth.dll
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-----( %UserProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Documents and Settings\Martin\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EPSON Stylus Photo RX585 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\E_FLBCLE.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Version Cue CS4" (Adobe Version Cue CS4) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Automation License Manager Service" (almservice) - "SIEMENS AG" - E:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
"AVerRemote" (AVerRemote) - "AVerMedia" - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
"AVerScheduleService" (AVerScheduleService) - ? - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
"AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - E:\Program\FRITZ!DSL\IGDCTRL.EXE
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jqs.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - E:\Program\Microsoft Office\Office12\GrooveAuditService.exe
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
"NMSAccess" (NMSAccess) - ? - E:\Program\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"S7 Global Services" (s7asysvx) - "SIEMENS AG" - G:\Program\Siemens\Step7\S7BIN\s7asysvx.exe
"S7TraceServiceX" (S7TraceServiceX) - "SIEMENS AG" - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
"SIMATIC IEPG Help Service" (s7oiehsx) - "SIEMENS AG" - E:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---



Gmer hat nicht einwandfrei funktioniert, habe daher es ohne File-Scan probiert, das hat geklapt:

GMER Logfile:
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-14 21:54:30
Windows 5.1.2600 Service Pack 3
Running: l1cqvlvk.exe; Driver: C:\DOCUME~1\Martin\LOCALS~1\Temp\pxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT            spnz.sys                                                                                                            ZwCreateKey [0xB9EA80E0]
SSDT            spnz.sys                                                                                                            ZwEnumerateKey [0xB9EC6CA2]
SSDT            spnz.sys                                                                                                            ZwEnumerateValueKey [0xB9EC7030]
SSDT            spnz.sys                                                                                                            ZwOpenKey [0xB9EA80C0]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys                                                                          ZwOpenProcess [0xA7DB06C0]
SSDT            spnz.sys                                                                                                            ZwQueryKey [0xB9EC7108]
SSDT            spnz.sys                                                                                                            ZwQueryValueKey [0xB9EC6F88]
SSDT            spnz.sys                                                                                                            ZwSetValueKey [0xB9EC719A]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys                                                                          ZwTerminateProcess [0xA7DB0770]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys                                                                          ZwTerminateThread [0xA7DB0810]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys                                                                          ZwWriteVirtualMemory [0xA7DB08B0]

INT 0x63        ?                                                                                                                    8A624BF8
INT 0x63        ?                                                                                                                    8A624BF8
INT 0x63        ?                                                                                                                    8A624BF8
INT 0x63        ?                                                                                                                    8A624BF8
INT 0x63        ?                                                                                                                    8A3BFF00
INT 0x63        ?                                                                                                                    8A624BF8
INT 0x83        ?                                                                                                                    8A624BF8
INT 0x83        ?                                                                                                                    8A624BF8
INT 0x83        ?                                                                                                                    8A3BFF00
INT 0x83        ?                                                                                                                    8A624BF8
INT 0x84        ?                                                                                                                    8A3BFF00
INT 0xA4        ?                                                                                                                    8A3BFF00
INT 0xA4        ?                                                                                                                    8A3BFF00
INT 0xA4        ?                                                                                                                    8A3BFF00
INT 0xA4        ?                                                                                                                    8A3BFF00
INT 0xB4        ?                                                                                                                    8A3BFF00

Code            \??\C:\DOCUME~1\Martin\LOCALS~1\Temp\catchme.sys                                                                    pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

?              spnz.sys                                                                                                            The system cannot find the file specified. !
.text          C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                            section is writeable [0xB926E000, 0x223937, 0xE8000020]
.text          USBPORT.SYS!DllUnload                                                                                                B92258AC 5 Bytes  JMP 8A3BF4E0
.text          a9ks41g6.SYS                                                                                                        B919C386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text          a9ks41g6.SYS                                                                                                        B919C3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text          a9ks41g6.SYS                                                                                                        B919C3C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text          a9ks41g6.SYS                                                                                                        B919C3C9 1 Byte  [2E]
.text          a9ks41g6.SYS                                                                                                        B919C3C9 11 Bytes  [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text          ...                                                                                                                 
.text          C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xA9777300, 0x3B6D8, 0xE8000020]
.text          C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xBA3A8300, 0x1BEE, 0xE8000020]
?              C:\DOCUME~1\Martin\LOCALS~1\Temp\mbr.sys                                                                            The system cannot find the file specified. !
?              C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                          The system cannot find the file specified. !
?              C:\DOCUME~1\Martin\LOCALS~1\Temp\catchme.sys                                                                        The system cannot find the file specified. !
?              system32\DRIVERS\avgrkx86.sys                                                                                        The system cannot find the path specified. !
?              system32\DRIVERS\avgtdix.sys                                                                                        The system cannot find the path specified. !
?              system32\DRIVERS\AVGIDSShim.Sys                                                                                      The system cannot find the path specified. !
?              system32\DRIVERS\AVGIDSEH.Sys                                                                                        The system cannot find the path specified. !
?              system32\DRIVERS\AVGIDSFilter.Sys                                                                                    The system cannot find the path specified. !
?              system32\DRIVERS\AVGIDSDriver.Sys                                                                                    The system cannot find the path specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [B9EA9040] spnz.sys
IAT            atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [B9EA913C] spnz.sys
IAT            atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [B9EA90BE] spnz.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [B9EA97FC] spnz.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [B9EA96D2] spnz.sys
IAT            \SystemRoot\System32\Drivers\a9ks41g6.SYS[HAL.dll!KfAcquireSpinLock]                                                4B8BDF8B
IAT            \SystemRoot\System32\Drivers\a9ks41g6.SYS[HAL.dll!READ_PORT_UCHAR]                                                  8D3F0304
IAT            \SystemRoot\System32\Drivers\a9ks41g6.SYS[HAL.dll!KeGetCurrentIrql]                                                  CB033043
IAT            \SystemRoot\System32\Drivers\a9ks41g6.SYS[HAL.dll!KfRaiseIrql]                                                      0673C13B
IAT            \SystemRoot\System32\Drivers\a9ks41g6.SYS[HAL.dll!KfLowerIrql]                                                      C13B0003
IAT            \SystemRoot\System32\Drivers\a9ks41g6.SYS[HAL.dll!HalGetInterruptVector]                                            8366FA72
IAT            \SystemRoot\System32\Drivers\a9ks41g6.SYS[HAL.dll!HalTranslateBusAddress]                                            75000E7B
IAT            \SystemRoot\System32\Drivers\a9ks41g6.SYS[HAL.dll!KeStallExecutionProcessor]                                        0B7D80E3
IAT            \SystemRoot\System32\Drivers\a9ks41g6.SYS[HAL.dll!KfReleaseSpinLock]                                                307B8D00
IAT            \SystemRoot\System32\Drivers\a9ks41g6.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          00AA840F
IAT            \SystemRoot\System32\Drivers\a9ks41g6.SYS[HAL.dll!READ_PORT_USHORT]                                                  83660000
IAT            \SystemRoot\System32\Drivers\a9ks41g6.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                          6A000E7A
IAT            \SystemRoot\System32\Drivers\a9ks41g6.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                  C6647400
IAT            \SystemRoot\System32\Drivers\a9ks41g6.SYS[WMILIB.SYS!WmiSystemControl]                                              4F8B0200
IAT            \SystemRoot\System32\Drivers\a9ks41g6.SYS[WMILIB.SYS!WmiCompleteRequest]                                            968D5140

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              8A6231F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              AVGIDSFilter.Sys

Device          \FileSystem\Fastfat \FatCdrom                                                                                        88D47500

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                            avgtdix.sys

Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    8A3CE1F8
Device          \Driver\PCI_PNP0910 \Device\00000045                                                                                spnz.sys
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                            8A6941F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                              8A6941F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                8A6941F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                8A6941F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    8A3CE1F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    8A3CE1F8
Device          \Driver\usbehci \Device\USBPDO-3                                                                                    8A29D368
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                    8A3CE1F8
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                    8A3CE1F8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                            avgtdix.sys

Device          \Driver\usbuhci \Device\USBPDO-6                                                                                    8A3CE1F8
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8A6251F8
Device          \Driver\usbehci \Device\USBPDO-7                                                                                    8A29D368
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8A6251F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                        8A25D368
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-12                                                                        [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7                                                                          [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort4                                                                                  [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort5                                                                                  [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                              8A6251F8
Device          \Driver\Cdrom \Device\CdRom1                                                                                        8A25D368
Device          \Driver\Ftdisk \Device\HarddiskVolume4                                                                              8A6251F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                              8A43C500
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                    8A43C500

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                            avgtdix.sys
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                          avgtdix.sys

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    8A3CE1F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    8A3CE1F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    8A3A5500
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    8A3CE1F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          8A3A5500
Device          \Driver\usbehci \Device\USBFDO-3                                                                                    8A29D368
Device          \Driver\Ftdisk \Device\FtControl                                                                                    8A6251F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                    8A3CE1F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                    8A3CE1F8
Device          \Driver\sptd \Device\2890654660                                                                                      spnz.sys
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                    8A3CE1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{E146FA9B-20A8-46C7-8A0A-3390C6E56897}                                            8A43C500
Device          \Driver\usbehci \Device\USBFDO-7                                                                                    8A29D368
Device          \Driver\a9ks41g6 \Device\Scsi\a9ks41g61                                                                              8A2C1500
Device          \Driver\a9ks41g6 \Device\Scsi\a9ks41g61Port6Path0Target0Lun0                                                        8A2C1500
Device          \FileSystem\Fastfat \Fat                                                                                            88D47500

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                            AVGIDSFilter.Sys

Device          \FileSystem\Cdfs \Cdfs                                                                                              89B93370

---- Threads - GMER 1.0.15 ----

Thread          System [4:2572]                                                                                                      A7D317FF
---- Processes - GMER 1.0.15 ----

Library        E:\Program\AVG\AVG10\avgse.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [3540]                                    0x6C330000                                                                                                                   

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  E:\Program\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0xEB 0x6D 0x75 0xC8 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                           
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xC0 0xC1 0xFA 0x1E ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x41 0x32 0x0D 0x8E ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0x0D 0x14 0x47 0x79 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                0x2A 0x1B 0x66 0x20 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                0x5D 0x2A 0x87 0x81 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      E:\Program\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0xEB 0x6D 0x75 0xC8 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xC0 0xC1 0xFA 0x1E ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x41 0x32 0x0D 0x8E ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x0D 0x14 0x47 0x79 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                    0x2A 0x1B 0x66 0x20 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                    0x5D 0x2A 0x87 0x81 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version                                         
Reg            HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version                                  0x97 0x5D 0xD3 0x2C ...

---- EOF - GMER 1.0.15 ----
--- --- ---


MBR:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fd

Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EA7000 spnz.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E8F000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E61000 ACPI.sys
0xB9E50000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9E31000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9E0B000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9DF3000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DD3000 fltmgr.sys
0xB9DC1000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9DAA000 KSecDD.sys
0xB9D1D000 Ntfs.sys
0xB9CF0000 NDIS.sys
0xBA108000 ohci1394.sys
0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9CD6000 Mup.sys
0xBA208000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA288000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB926D000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB9259000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9231000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB920D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA298000 \SystemRoot\system32\DRIVERS\l1e51x86.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA5D0000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA574000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB91F5000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB91D2000 \SystemRoot\system32\DRIVERS\ks.sys
0xB919C000 \SystemRoot\System32\Drivers\a9ks41g6.SYS
0xBA6CD000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA58C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9185000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA308000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA440000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA448000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA450000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB90B5000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA318000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA458000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA460000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5D6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9057000 \SystemRoot\system32\DRIVERS\update.sys
0xBA5A4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA168000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA198000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5DA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xACA38000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xACA14000 \SystemRoot\system32\drivers\portcls.sys
0xBA1A8000 \SystemRoot\system32\drivers\drmk.sys
0xBA470000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA5DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA70A000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5E0000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA488000 \SystemRoot\System32\drivers\vga.sys
0xBA5E2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA490000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA498000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA56C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAC951000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xAC8F8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAC8D0000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAC8AA000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAC7E8000 \SystemRoot\System32\drivers\afd.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAC7BD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAC74D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA218000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA4A0000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xB9037000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA238000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA340000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA248000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAC707000 \SystemRoot\System32\Drivers\usbvideo.sys
0xBA258000 \SystemRoot\system32\drivers\usbaudio.sys
0xBA268000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xACA10000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xACA08000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xAC6EF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5EC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAC9FC000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3A0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7E3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF060000 \SystemRoot\System32\ati2cqag.dll
0xBF0FC000 \SystemRoot\System32\atikvmag.dll
0xBF196000 \SystemRoot\System32\atiok3x2.dll
0xBF1FB000 \SystemRoot\System32\ati3duag.dll
0xBF557000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9A62000 \SystemRoot\system32\DRIVERS\sntie.sys
0xA9BA6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA478000 \SystemRoot\system32\DRIVERS\s7opcsrtx.sys
0xA9A28000 \SystemRoot\system32\DRIVERS\s7snsrtx.sys
0xA97F3000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA97BA000 \SystemRoot\System32\Drivers\adfs.SYS
0xA9777000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xA984C000 \SystemRoot\System32\DRIVERS\dpmtrcdd.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA956D000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8BFE000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9495000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA4A8000 \??\C:\DOCUME~1\Martin\LOCALS~1\Temp\mbr.sys
0xBA668000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xBA430000 \??\C:\DOCUME~1\Martin\LOCALS~1\Temp\catchme.sys
0xA7EC9000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA400000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0xA7C12000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xA7DAE000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA7D6E000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0xA9990000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA7BEA000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xA76B6000 \??\C:\DOCUME~1\Martin\LOCALS~1\Temp\pxtdqpow.sys
0xA768B000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program\DAEMON Tools Lite\daemon.dll

Processes (total 34):
0 System Idle Process
4 System
436 C:\WINDOWS\system32\smss.exe
524 csrss.exe
560 C:\WINDOWS\system32\winlogon.exe
608 C:\WINDOWS\system32\services.exe
620 C:\WINDOWS\system32\lsass.exe
784 C:\WINDOWS\system32\ati2evxx.exe
804 C:\WINDOWS\system32\svchost.exe
852 svchost.exe
928 C:\WINDOWS\system32\svchost.exe
1032 svchost.exe
1104 svchost.exe
1204 C:\WINDOWS\system32\spoolsv.exe
1284 C:\WINDOWS\system32\ati2evxx.exe
1480 svchost.exe
1516 E:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvx.exe
1528 C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
1544 C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
1628 E:\Program\FRITZ!DSL\IGDCTRL.EXE
1656 C:\Program Files\Java\jre6\bin\jqs.exe
1680 sqlservr.exe
1808 E:\Program\CDBurnerXP\NMSAccessU.exe
1880 G:\Program\Siemens\Step7\S7BIN\s7asysvx.exe
1956 E:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
2004 C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
168 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
184 C:\WINDOWS\system32\svchost.exe
2068 alg.exe
2656 C:\Program Files\Google\Update\GoogleUpdate.exe
3540 C:\WINDOWS\explorer.exe
1860 C:\WINDOWS\system32\ctfmon.exe
3500 E:\Program\Mozilla Firefox\firefox.exe
3016 C:\Documents and Settings\Martin\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f34a00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000024`9ed8e200 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x0000003d`08be7a00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD502IJ, Rev: 1AA01113

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

cosinus 15.11.2010 05:11
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

fcangmar 16.11.2010 00:05
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5121

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

15.11.2010 23:33:32
mbam-log-2010-11-15 (23-33-32).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)
Objects scanned: 476975
Time elapsed: 39 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\explorer.vir (Heuristics.Reserved.Word.Exploit) -> No action taken.
C:\WINDOWS\system32\winlogon.vir (Heuristics.Reserved.Word.Exploit) -> No action taken.

fcangmar 16.11.2010 01:05
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/16/2010 at 01:04 AM

Application Version : 4.45.1000

Core Rules Database Version : 5863
Trace Rules Database Version: 3675

Scan type : Complete Scan
Total Scan Time : 00:54:36

Memory items scanned : 477
Memory threats detected : 0
Registry items scanned : 10332
Registry threats detected : 0
File items scanned : 157310
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Martin\Cookies\martin@avgtechnologies.112.2o7[1].txt

cosinus 16.11.2010 08:52
Sieht ok aus, da wurden nur Cookies gefunden. Und die Dateien, die du mit Linux umbenannt hast, die können gelöscht werden.
Noch Probleme oder weitere Funde in der Zwischenzeit?


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132