Trojaner-Board - Security Tool nicht gelöscht

Hallo allerseits,

ich habe mir gestern den Virus Security Tool eingefangen und habe dann im abgesicherten Modus versucht Security Tool zu entfernen wie hier beschrieben http://www.trojaner-board.de/81432-s...entfernen.html

Leider nicht erfolgreich, nachdem es beim dritten Versuch u.a. mit Vollscan nicht geklappt hat, frage ich nun hier nach Hilfe. Ich füge mal die 3. Logs ein ich hoffe das reicht. Wie muss ich nun weiter vorgehen? So wie hier: http://www.trojaner-board.de/92697-s...rpruefung.html

Danke vielmals schon mal im Voraus.

1. Log

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5121

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.17037

15.11.2010 22:48:16
mbam-log-2010-11-15 (22-48-16).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 149386
Laufzeit: 7 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chkntfs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Roger\AppData\Roaming\chkntfs.dat (Malware.Trace) -> Quarantined and deleted successfully.

2. Log

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5121

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.17037

16.11.2010 00:57:59
mbam-log-2010-11-16 (00-57-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 316982
Laufzeit: 1 Stunde(n), 7 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Roger\AppData\Local\syssvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

3. Log

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5121

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.17037

16.11.2010 20:27:05
mbam-log-2010-11-16 (20-27-05).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142577
Laufzeit: 6 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

So hab nun mal den OTL laufen lassen

Code:

OTL logfile created on: 16.11.2010 22:49:35 - Run 1

OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\***\Downloads

Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.17037)

Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

 

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 141.60 Gb Total Space | 40.44 Gb Free Space | 28.56% Space Free | Partition Type: NTFS

Drive D: | 7.45 Gb Total Space | 2.52 Gb Free Space | 33.78% Space Free | Partition Type: NTFS

 

Computer Name: ***-*** | User Name: *** | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)

SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()

SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()

SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found

DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (AVIRA GmbH)

DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (NETw4v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)

DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)

DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (btwavdt) -- C:\WINDOWS\System32\drivers\btwavdt.sys (Broadcom Corporation.)

DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (ialm) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (smserial) -- C:\WINDOWS\System32\drivers\smserial.sys (Motorola Inc.)

DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/webhp?hl=de&tab=iw/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 9

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.04 07:52:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.04 07:52:23 | 000,000,000 | ---D | M]

 

[2008.11.17 22:32:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2010.11.15 22:39:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\obcgsj7d.default\extensions

[2010.09.17 23:24:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\obcgsj7d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.09.17 23:24:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\obcgsj7d.default\extensions\firefox@tvunetworks.com

[2010.11.15 22:39:51 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.07.14 13:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}

[2010.07.29 16:54:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.07.29 16:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.07.29 16:50:59 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll

[2010.07.26 16:08:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.07.26 16:08:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.07.26 16:08:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.07.26 16:08:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.07.26 16:08:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.10.18 19:46:53 | 000,000,698 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)

O4 - HKCU..\RunOnce: [372618] C:\Users\***\AppData\Local\372618.exe ()

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)

O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\HPRadiance.jpg

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\HPRadiance.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.11.16 21:04:52 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2010.11.16 20:40:50 | 000,000,000 | ---D | C] -- C:\sh4ldr

[2010.11.16 20:40:50 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group

[2010.11.16 20:39:50 | 000,000,000 | ---D | C] -- C:\Windows\3636C9237AD64DE3978A09609AEE8ECF.TMP

[2010.11.16 08:03:03 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2010.11.15 21:04:12 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\My Dropbox

[2010.11.15 21:01:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Dropbox

[2010.11.15 20:57:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\1110 Berlin

[2010.11.11 00:10:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\1110 München

[2010.10.23 22:37:50 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\australia

[2010.10.18 19:46:30 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\HostsXpert

[2010.10.18 18:39:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2010.10.18 18:38:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.10.18 18:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.10.18 18:38:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.10.18 18:38:36 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[3 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.11.16 21:17:47 | 000,640,358 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.11.16 21:17:47 | 000,609,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.11.16 21:17:47 | 000,116,122 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.11.16 21:17:47 | 000,103,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.11.16 21:13:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.11.16 21:06:35 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.11.16 21:06:35 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.11.16 21:06:33 | 000,077,291 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010.11.16 21:06:33 | 000,077,291 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010.11.16 20:40:52 | 000,002,077 | ---- | M] () -- C:\Users\***\Desktop\SpyHunter.lnk

[2010.11.16 08:09:51 | 000,067,086 | ---- | M] () -- C:\Users\***\Documents\cc_20101116_080932.reg

[2010.11.16 08:03:03 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2010.11.15 22:58:08 | 000,364,032 | ---- | M] () -- C:\Users\***\Desktop\iExplore.exe

[2010.11.15 22:22:55 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010.11.15 22:19:33 | 000,992,256 | ---- | M] () -- C:\Users\***\AppData\Local\372618.exe

[2010.11.15 21:04:12 | 000,000,983 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk

[2010.11.08 19:18:55 | 000,137,216 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.10.24 23:03:35 | 000,031,744 | ---- | M] () -- C:\Users\***\Desktop\filmliste(2).xls

[2010.10.23 15:32:24 | 000,013,192 | ---- | M] () -- C:\Users\***\Desktop\München Todo.docx

[2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010.10.18 18:38:40 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\herbert.lnk

[3 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.11.16 20:40:52 | 000,002,077 | ---- | C] () -- C:\Users\***\Desktop\SpyHunter.lnk

[2010.11.16 08:09:38 | 000,067,086 | ---- | C] () -- C:\Users\***\Documents\cc_20101116_080932.reg

[2010.11.16 08:03:03 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2010.11.16 07:56:52 | 000,001,401 | ---- | C] () -- C:\Users\***\mbam-log-2010-11-15 (22-48-16).txt

[2010.11.16 07:56:42 | 000,001,278 | ---- | C] () -- C:\Users\***\mbam-log-2010-11-16 (00-57-59).txt

[2010.11.15 22:59:46 | 000,364,032 | ---- | C] () -- C:\Users\***\Desktop\iExplore.exe

[2010.11.15 22:19:33 | 000,992,256 | ---- | C] () -- C:\Users\***\AppData\Local\372618.exe

[2010.11.15 21:04:12 | 000,000,983 | ---- | C] () -- C:\Users\***\Desktop\Dropbox.lnk

[2010.10.18 18:38:40 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\herbert.lnk

[2010.09.09 19:11:43 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll

[2010.09.09 19:11:43 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll

[2010.09.09 19:11:42 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2010.08.06 14:31:08 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat

[2010.07.05 19:26:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009.12.04 14:08:55 | 000,077,291 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009.12.04 14:08:54 | 000,077,291 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009.07.25 11:32:03 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\FnF4.txt

[2009.04.07 22:44:12 | 000,217,088 | ---- | C] () -- C:\Windows\System32\libmySQL.dll

[2009.03.17 21:41:58 | 000,000,126 | ---- | C] () -- C:\Windows\wininit.ini

[2009.03.17 19:49:24 | 000,000,525 | ---- | C] () -- C:\Windows\QIII.INI

[2009.03.16 20:58:48 | 000,000,342 | ---- | C] () -- C:\Windows\SIERRA.INI

[2008.12.03 10:55:42 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini

[2008.11.22 18:16:01 | 000,000,117 | ---- | C] () -- C:\Windows\civ.ini

[2008.11.17 22:09:37 | 000,137,216 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.11.17 22:03:21 | 000,027,335 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001

[2008.11.17 21:47:28 | 000,027,335 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat

[2008.11.17 21:30:08 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\QSwitch.txt

[2008.11.17 21:30:08 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\DSwitch.txt

[2008.11.17 21:30:08 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\AtStart.txt

[2007.06.27 08:00:00 | 001,777,664 | ---- | C] () -- C:\Windows\System32\ZHP1600R.DLL

[2007.06.27 08:00:00 | 000,749,568 | ---- | C] () -- C:\Windows\System32\AGI1600.DLL

[2007.06.04 21:23:47 | 000,001,789 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2007.02.27 21:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006.12.14 07:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006.12.14 07:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.03.10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2005.05.07 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2005.04.03 21:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll

[1998.05.07 02:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

 

< End of report >

Ich habe gesehen, dass ich den RSIT noch laufen lassen muss. Hier noch die Logs von RSIT (Alles im abgesicherten Modus).

C:\rsit\info.txt

[CODE]info.txtRSIT Logfile:

Code:

logfile of random's system information tool 1.08 2010-11-16 22:59:34

 

======Uninstall list======

 

-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER

µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

AC3Filter 1.62b-->"C:\Program Files\AC3Filter\unins000.exe"

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin

Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Reader 8 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A80000000002}

Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Audacity 1.3.9 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"

AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD}

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"

Citavi 2.5-->C:\Program Files\Citavi\Deinstallieren.exe

DivX Converter-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER

DivX Plus DirectShow Filters-->C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS

DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com

EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r

EPSON-Drucker-Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

ESU for Microsoft Vista-->MsiExec.exe /X{7968EB30-5580-4955-8925-4A17CD625118}

Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0007 -removeonly

Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

Hewlett-Packard Asset Agent-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}

HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409

HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9  -removeonly

HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}

HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9  -removeonly

HP Help and Support-->MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}

HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}

HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot

HP Quick Launch Buttons 6.20 B1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0007 uninst

HP QuickPlay 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe"  -uninstall

HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}

HP User Guides 0057-->MsiExec.exe /I{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}

HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}

HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}

Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall

iPhone-Konfigurationsprogramm-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}

IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe

iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}

Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020F0}

Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}

Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe

Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}

Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}

Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}

Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}

Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}

Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}

Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}

Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}

MonkeyJam 3_050529-->"C:\Program Files\MonkeyJam\unins000.exe"

Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller

Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSCU for Microsoft Vista-->MsiExec.exe /X{194C14D5-3CB0-4977-8886-A79DFC00E820}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI

PDF24 Creator-->"C:\Program Files\pdf24\unins000.exe"

PDFCreator Toolbar-->"C:\Windows\PDFCreator_Toolbar_Uninstaller_9730.exe"  _?=C:\Program Files\PDFCreator Toolbar

PDFCreator-->"C:\Windows\PDFCreator_Toolbar_Uninstaller_9730.exe"  -hu  _?=C:\Program Files\PDFCreator Toolbar

PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}

QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly 

Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}

Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}

Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}

Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}

Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}

Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}

Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}

Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}

Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}

Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}

Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}

Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}

Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}

Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall

Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}

SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe

SpyHunter-->MsiExec.exe /X{3636C923-7AD6-4DE3-978A-09609AEE8ECF}

Streamripper (Remove only)-->C:\Program Files\Streamripper\Uninstall.exe

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}

Update for Outlook 2007 Junk Email Filter (KB2443839)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8CFA21A-2D44-446D-8324-ADFA3C9FCAD2}

Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}

Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30}

Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}

Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}

VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}

VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe

VSO Image Resizer 4.0.0.46-->"C:\Program Files\VSO\Image Resizer 4\unins000.exe"

Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinRAR Archivierer-->C:\Program Files\WinRAR\uninstall.exe

YouTube Downloader 2.5.6-->"C:\Program Files\YouTube Downloader\uninstall.exe"

 

======Hosts File======

 

127.0.0.1 localhost

 

======Security center information======

 

AV: Avira AntiVir PersonalEdition

AS: Windows-Defender (disabled)

 

======System event log======

 

Computer Name: ***-***

Event Code: 7026

Message: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 

avgio

avipbb

spldr

ssmdrv

Wanarpv6

Record Number: 216070

Source Name: Service Control Manager

Time Written: 20101116201422.000000-000

Event Type: Fehler

User: 

 

Computer Name: ***-***

Event Code: 7036

Message: Dienst "Netzwerkverbindungen" befindet sich jetzt im Status "Ausgeführt".

Record Number: 216071

Source Name: Service Control Manager

Time Written: 20101116201422.000000-000

Event Type: Informationen

User: 

 

Computer Name: ***-***

Event Code: 4201

Message: Netzwerkadapter "Drahtlosnetzwerkverbindung" wurde mit dem Netzwerk verbunden, und das System im normalen Zustand gestartet.

Record Number: 216072

Source Name: Tcpip

Time Written: 20101116202641.661174-000

Event Type: Informationen

User: 

 

Computer Name: ***-***

Event Code: 4201

Message: Netzwerkadapter "Drahtlosnetzwerkverbindung" wurde mit dem Netzwerk verbunden, und das System im normalen Zustand gestartet.

Record Number: 216073

Source Name: Tcpip

Time Written: 20101116202641.661174-000

Event Type: Informationen

User: 

 

Computer Name: ***-***

Event Code: 1103

Message: Dem Computer wurde erfolgreich eine Netzwerkadresse zugeteilt. Eine Verbindung mit anderen Computern kann nun hergestellt werden.

Record Number: 216074

Source Name: Microsoft-Windows-Dhcp-Client

Time Written: 20101116202645.000000-000

Event Type: Informationen

User: 

 

=====Application event log=====

 

Computer Name: ***-***

Event Code: 8211

Message: Volumeschattenkopie-Dienstfehler: Verfasser namens "WMI Writer" und Kennung "{a6ad56c2-b509-4e6c-bb19-49d8f43532f0}" hat versucht, ein Abonnement im abgesicherten Modus zu erstellen. 

 

Vorgang:

   Generator wird initialisiert

 

Kontext:

   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

   Generatorname: WMI Writer

Record Number: 41444

Source Name: VSS

Time Written: 20101116201338.000000-000

Event Type: Informationen

User: 

 

Computer Name: ***-***

Event Code: 5617

Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.

Record Number: 41445

Source Name: Microsoft-Windows-WMI

Time Written: 20101116201343.000000-000

Event Type: Informationen

User: 

 

Computer Name: ***-***

Event Code: 4609

Message: Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während der internen Verarbeitung erkannt. HRESULT war 8007043c von Zeile 45 von d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Wenden Sie sich an den Microsoft-Produktsupport.

Record Number: 41446

Source Name: Microsoft-Windows-EventSystem

Time Written: 20101116201344.000000-000

Event Type: Fehler

User: 

 

Computer Name: ***-***

Event Code: 1001

Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".

Record Number: 41447

Source Name: Microsoft-Windows-LoadPerf

Time Written: 20101116201747.000000-000

Event Type: Informationen

User: 

 

Computer Name: ***-***

Event Code: 1000

Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind.

Record Number: 41448

Source Name: Microsoft-Windows-LoadPerf

Time Written: 20101116201747.000000-000

Event Type: Informationen

User: 

 

=====Security event log=====

 

Computer Name: ***-***

Event Code: 5033

Message: Der Windows-Firewalltreiber wurde erfolgreich gestartet.

Record Number: 68000

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20101116201318.582359-000

Event Type: Überwachung erfolgreich

User: 

 

Computer Name: ***-***

Event Code: 5024

Message: Der Windows-Firewalldienst wurde erfolgreich gestartet.

Record Number: 68001

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20101116201321.138174-000

Event Type: Überwachung erfolgreich

User: 

 

Computer Name: ***-***

Event Code: 5032

Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.

 

Fehlercode:    2

Record Number: 68002

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20101116202641.723574-000

Event Type: Überwachung gescheitert

User: 

 

Computer Name: ***-***

Event Code: 5032

Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.

 

Fehlercode:    2

Record Number: 68003

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20101116202641.723574-000

Event Type: Überwachung gescheitert

User: 

 

Computer Name: ***-***

Event Code: 5032

Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.

 

Fehlercode:    2

Record Number: 68004

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20101116202641.723574-000

Event Type: Überwachung gescheitert

User: 

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel

"PROCESSOR_REVISION"=0f0a

"NUMBER_OF_PROCESSORS"=2

"PLATFORM"=MCD

"PCBRAND"=Pavilion

"OnlineServices"=Online-Dienste

"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

"SAFEBOOT_OPTION"=NETWORK

 

-----------------EOF-----------------

--- --- ---

C:\rsit\log.txt
RSIT Logfile:

Code:

Logfile of random's system information tool 1.08 (written by random/random)

Run by *** at 2010-11-16 22:59:28

Microsoft® Windows Vista™ Home Premium  

System drive C: has 41 GB (29%) free of 145 GB

Total RAM: 2046 MB (64% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:59:32, on 16.11.2010

Platform: Windows Vista  (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.17037)

Boot mode: Safe mode with network support

 

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\***\Downloads\OTL.exe

C:\Windows\notepad.exe

C:\Users\***\Downloads\RSIT.exe

C:\Program Files\trend micro\***.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:29775

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\RunOnce: [372618] "C:\Users\***\AppData\Local\372618.exe" 0 29 

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -update plugin

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O8 - Extra context menu item: &Citavi Picker... - file://C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 6498 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{609D670F-B735-4da7-AC6D-F3BD358E325E}]

Asz.Citavi.IEPicker.IEPickerButton - C:\Windows\system32\mscoree.dll [2008-07-27 282112]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]

PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-12-09 806912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-29 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-12-09 806912]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-08 44128]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"372618"=C:\Users\***\AppData\Local\372618.exe [2010-11-15 992256]

"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe [2010-06-27 231888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]

C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-01-25 179200]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series (Kopie 1)]

C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-01-25 179200]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-02-12 174872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

C:\Windows\system32\NvCpl.dll [2009-10-03 13826664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]

C:\Program Files\pdf24\pdf24.exe [2009-12-15 207504]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

C:\Windows\RtHDVCpl.exe [2007-03-09 4390912]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

C:\Program Files\Windows Sidebar\sidebar.exe [2008-11-17 1232896]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-11 317128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

C:\Program Files\Windows Defender\MSASCui.exe [2008-11-17 1006264]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]

C:\PROGRA~1\PDFCRE~1\PDFCRE~1.EXE [2008-12-09 2641920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-02-26 21979992]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]

C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======List of files/folders created in the last 1 months======

 

2010-11-16 22:59:29 ----D---- C:\Program Files\trend micro

2010-11-16 22:59:28 ----D---- C:\rsit

2010-11-16 21:04:52 ----D---- C:\Windows\pss

2010-11-16 20:40:50 ----D---- C:\sh4ldr

2010-11-16 20:40:50 ----D---- C:\Program Files\Enigma Software Group

2010-11-16 20:39:50 ----D---- C:\Windows\3636C9237AD64DE3978A09609AEE8ECF.TMP

2010-11-16 08:09:11 ----A---- C:\Windows\ntbtlog.txt

2010-11-16 08:03:03 ----D---- C:\Program Files\CCleaner

2010-11-15 21:01:07 ----D---- C:\Users\***\AppData\Roaming\Dropbox

2010-10-18 18:39:20 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes

2010-10-18 18:38:38 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys

2010-10-18 18:38:37 ----D---- C:\ProgramData\Malwarebytes

2010-10-18 18:38:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-10-18 18:38:36 ----A---- C:\Windows\system32\drivers\mbam.sys

2010-10-17 22:03:39 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

 

======List of files/folders modified in the last 1 months======

 

2010-11-16 22:59:29 ----RD---- C:\Program Files

2010-11-16 21:17:47 ----D---- C:\Windows\System32

2010-11-16 21:17:47 ----D---- C:\Windows\inf

2010-11-16 21:17:47 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-11-16 21:11:46 ----D---- C:\Windows\Temp

2010-11-16 21:09:25 ----D---- C:\WINDOWS

2010-11-16 21:07:04 ----D---- C:\Windows\SMINST

2010-11-16 20:40:56 ----SHD---- C:\Windows\Installer

2010-11-16 20:40:53 ----SD---- C:\Users\***\AppData\Roaming\Microsoft

2010-11-16 08:08:18 ----D---- C:\Users\***\AppData\Roaming\Winamp

2010-11-16 08:05:41 ----D---- C:\Windows\Minidump

2010-11-16 08:05:41 ----D---- C:\Windows\Debug

2010-11-15 22:49:18 ----D---- C:\Windows\system32\drivers

2010-11-15 22:49:18 ----D---- C:\Windows\Help

2010-11-15 22:19:37 ----D---- C:\Windows\Prefetch

2010-11-14 21:00:51 ----SHD---- C:\System Volume Information

2010-11-10 19:52:58 ----D---- C:\ProgramData\Microsoft Help

2010-11-10 19:45:56 ----A---- C:\Windows\system32\mrt.exe

2010-11-09 21:39:04 ----D---- C:\Users\***\AppData\Roaming\dvdcss

2010-11-06 10:27:51 ----D---- C:\Windows\system32\catroot2

2010-11-04 07:52:24 ----D---- C:\Program Files\Mozilla Firefox

2010-10-25 22:28:34 ----D---- C:\Users\***\AppData\Roaming\Skype

2010-10-25 19:59:13 ----D---- C:\Users\***\AppData\Roaming\skypePM

2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe

2010-10-18 19:47:56 ----D---- C:\Windows\Branding

2010-10-18 18:38:37 ----HD---- C:\ProgramData

2010-10-17 22:03:39 ----D---- C:\Program Files\Common Files

2010-10-17 20:49:36 ----D---- C:\Program Files\TrackMania United

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-02-12 277784]

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]

R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-03-01 2216448]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-13 181432]

S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2009-05-28 11608]

S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-28 75096]

S1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]

S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]

S3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-28 140424]

S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2009-05-28 52056]

S3 BCM43XV;Broadcom Extensible 802.11-Netzwerkadaptertreiber; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]

S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-11-17 19456]

S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]

S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-11-17 220160]

S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-11-17 29184]

S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2007-01-02 80688]

S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]

S3 E100B;Intel(R) PRO-Adaptertreiber; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]

S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]

S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-12 1747936]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]

S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]

S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]

S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-10-03 9905096]

S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]

S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-11-17 82432]

S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-10-09 981504]

S3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2006-11-02 9216]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]

S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]

S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]

S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-18 68865]

S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-18 151297]

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]

S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]

S2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-24 262243]

S2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-24 106593]

S2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]

S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2006-11-02 22016]

S2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]

S2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2006-11-02 22016]

S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]

S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-15 61440]

S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]

S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-10-03 219752]

S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]

S2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-11-05 327000]

S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]

 

-----------------EOF-----------------

--- --- ---

Nachdem ich Malwarebytes im abgesicherten Modus durchgeführt habe, kam Security Tool nicht mehr. Ich hab nun nochmals einen Quickscan mit Malwarebytes durchgeführt:

Mwblog:

Code:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Datenbank Version: 5138
 

Windows 6.0.6000

Internet Explorer 7.0.6000.17037
 

17.11.2010 23:07:20

mbam-log-2010-11-17 (23-07-20).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 144083

Laufzeit: 15 Minute(n), 40 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

2. RSIT
RSIT hat jedoch nur einen Log erstellt. Den RSIT habe ich gestern auch schon laufen lassen (siehe oben)

Code:

Logfile of random's system information tool 1.08 (written by random/random)

Run by *** at 2010-11-17 23:19:14

Microsoft® Windows Vista™ Home Premium  

System drive C: has 39 GB (27%) free of 145 GB

Total RAM: 2046 MB (48% free)
 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:19:17, on 17.11.2010

Platform: Windows Vista  (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.17037)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Windows\explorer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\***\Downloads\RSIT.exe

C:\Program Files\trend micro\***.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:29775

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O8 - Extra context menu item: &Citavi Picker... - file://C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
 

--

End of file - 6477 bytes
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{609D670F-B735-4da7-AC6D-F3BD358E325E}]

Asz.Citavi.IEPicker.IEPickerButton - C:\Windows\system32\mscoree.dll [2008-07-27 282112]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]

PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-12-09 806912]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-29 41760]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-12-09 806912]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-08 44128]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]

C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-01-25 179200]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series (Kopie 1)]

C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-01-25 179200]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-02-12 174872]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

C:\Windows\system32\NvCpl.dll [2009-10-03 13826664]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]

C:\Program Files\pdf24\pdf24.exe [2009-12-15 207504]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

C:\Windows\RtHDVCpl.exe [2007-03-09 4390912]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

C:\Program Files\Windows Sidebar\sidebar.exe [2008-11-17 1232896]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-11 317128]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

C:\Program Files\Windows Defender\MSASCui.exe [2008-11-17 1006264]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]

C:\PROGRA~1\PDFCRE~1\PDFCRE~1.EXE [2008-12-09 2641920]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-02-26 21979992]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]

C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 

======List of files/folders created in the last 1 months======
 

2010-11-17 22:47:51 ----ASH---- C:\hiberfil.sys

2010-11-16 22:59:29 ----D---- C:\Program Files\trend micro

2010-11-16 22:59:28 ----D---- C:\rsit

2010-11-16 21:04:52 ----D---- C:\Windows\pss

2010-11-16 20:40:50 ----D---- C:\sh4ldr

2010-11-16 20:40:50 ----D---- C:\Program Files\Enigma Software Group

2010-11-16 20:39:50 ----D---- C:\Windows\3636C9237AD64DE3978A09609AEE8ECF.TMP

2010-11-16 08:09:11 ----A---- C:\Windows\ntbtlog.txt

2010-11-16 08:03:03 ----D---- C:\Program Files\CCleaner

2010-11-15 21:01:07 ----D---- C:\Users\***\AppData\Roaming\Dropbox

2010-10-18 18:39:20 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes

2010-10-18 18:38:38 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys

2010-10-18 18:38:37 ----D---- C:\ProgramData\Malwarebytes

2010-10-18 18:38:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-10-18 18:38:36 ----A---- C:\Windows\system32\drivers\mbam.sys
 

======List of files/folders modified in the last 1 months======
 

2010-11-17 23:19:12 ----D---- C:\Windows\Temp

2010-11-17 22:57:08 ----SHD---- C:\System Volume Information

2010-11-17 22:55:49 ----D---- C:\Windows\System32

2010-11-17 22:55:49 ----D---- C:\Windows\inf

2010-11-17 22:55:49 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-11-17 22:49:07 ----D---- C:\Windows\SMINST

2010-11-17 22:43:09 ----D---- C:\Windows\system32\drivers

2010-11-16 22:59:29 ----RD---- C:\Program Files

2010-11-16 21:09:25 ----D---- C:\WINDOWS

2010-11-16 20:40:56 ----SHD---- C:\Windows\Installer

2010-11-16 20:40:53 ----SD---- C:\Users\***\AppData\Roaming\Microsoft

2010-11-16 20:39:46 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2010-11-16 08:08:18 ----D---- C:\Users\***\AppData\Roaming\Winamp

2010-11-16 08:05:41 ----D---- C:\Windows\Minidump

2010-11-16 08:05:41 ----D---- C:\Windows\Debug

2010-11-15 22:49:18 ----D---- C:\Windows\Help

2010-11-15 22:19:37 ----D---- C:\Windows\Prefetch

2010-11-10 19:52:58 ----D---- C:\ProgramData\Microsoft Help

2010-11-10 19:45:56 ----A---- C:\Windows\system32\mrt.exe

2010-11-09 21:39:04 ----D---- C:\Users\***\AppData\Roaming\dvdcss

2010-11-06 10:27:51 ----D---- C:\Windows\system32\catroot2

2010-11-04 07:52:24 ----D---- C:\Program Files\Mozilla Firefox

2010-10-25 22:28:34 ----D---- C:\Users\***\AppData\Roaming\Skype

2010-10-25 19:59:13 ----D---- C:\Users\***\AppData\Roaming\skypePM

2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe

2010-10-18 19:47:56 ----D---- C:\Windows\Branding

2010-10-18 18:38:37 ----HD---- C:\ProgramData
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-02-12 277784]

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2009-05-28 11608]

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-28 75096]

R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]

R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]

R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-28 140424]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2009-05-28 52056]

R3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-11-17 19456]

R3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]

R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-11-17 29184]

R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2007-01-02 80688]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-12 1747936]

R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-03-01 2216448]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-10-03 9905096]

R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-11-17 82432]

R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-10-09 981504]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-13 181432]

R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]

S0 dwghna;dwghna; C:\Windows\System32\drivers\ensgn.sys []

S3 BCM43XV;Broadcom Extensible 802.11-Netzwerkadaptertreiber; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]

S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-11-17 220160]

S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]

S3 E100B;Intel(R) PRO-Adaptertreiber; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]

S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]

S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]

S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]

S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]

S3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2006-11-02 9216]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]

S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]

S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-18 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-18 151297]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]

R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-24 262243]

R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-24 106593]

R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2006-11-02 22016]

R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]

R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2006-11-02 22016]

R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-15 61440]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-10-03 219752]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]

R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-11-05 327000]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
 

-----------------EOF-----------------

3. Systemdateien sichtbar gemacht

4. HJTscanlist

Code:

 

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

                        º                                    º 

                                    hjtscanlist v2.0              

                        º                                    º 

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
 

Microsoft Windows [Version 6.0.6000]

 

 

C:
 

  17.11.2010 23:26     C:\System Volume Information --------- 24576   

  17.11.2010 22:51     C:\rkill.log --------- 377   

       C:\hiberfil.sys ---------    

       C:\pagefile.sys ---------    

  16.11.2010 22:59     C:\rsit --------- 0   

  16.11.2010 22:59     C:\Program Files --------- 20480   

  16.11.2010 21:09     C:\WINDOWS --------- 32768   

  16.11.2010 20:40     C:\sh4ldr --------- 0   

  18.10.2010 18:38     C:\ProgramData --------- 8192   

  07.04.2009 23:02     C:\SAVE --------- 0   

  07.04.2009 22:38     C:\SIERRA --------- 0   

  31.03.2009 21:29     C:\Games --------- 0   

  16.03.2009 20:58     C:\IO.SYS --------- 0   

  16.03.2009 20:58     C:\MSDOS.SYS --------- 0   

  15.03.2009 23:15     C:\AILog.txt --------- 0   

  22.11.2008 18:17     C:\~MSSTFQF.T --------- 0   

  22.11.2008 18:15     C:\MPS --------- 0   

  17.11.2008 21:35     C:\MSOCache --------- 0   

  17.11.2008 21:29     C:\$RECYCLE.BIN --------- 0   

  17.11.2008 21:29     C:\System.sav --------- 0   

  17.11.2008 21:29     C:\SwSetup --------- 8192   

  17.11.2008 21:22     C:\Users --------- 4096   

  17.11.2008 21:19     C:\Programme --------- 0   

  17.11.2008 21:19     C:\Dokumente und Einstellungen --------- 0   

  07.11.2007 07:12     C:\VC_RED.MSI --------- 232960   

  07.11.2007 07:09     C:\VC_RED.cab --------- 1442522   

  07.11.2007 07:03     C:\install.res.1041.dll --------- 81424   

  07.11.2007 07:03     C:\install.res.1040.dll --------- 95248   

  07.11.2007 07:03     C:\install.res.2052.dll --------- 75792   

  07.11.2007 07:03     C:\install.res.3082.dll --------- 96272   

  07.11.2007 07:03     C:\install.res.1036.dll --------- 97296   

  07.11.2007 07:03     C:\install.res.1033.dll --------- 91152   

  07.11.2007 07:03     C:\install.res.1031.dll --------- 96272   

  07.11.2007 07:03     C:\install.res.1028.dll --------- 76304   

  07.11.2007 07:03     C:\install.exe --------- 562688   

  07.11.2007 07:03     C:\install.res.1042.dll --------- 79888   

  07.11.2007 07:00     C:\eula.2052.txt --------- 17734   

  07.11.2007 07:00     C:\eula.1041.txt --------- 118   

  07.11.2007 07:00     C:\eula.1040.txt --------- 17734   

  07.11.2007 07:00     C:\eula.3082.txt --------- 17734   

  07.11.2007 07:00     C:\eula.1036.txt --------- 17734   

  07.11.2007 07:00     C:\eula.1033.txt --------- 10134   

  07.11.2007 07:00     C:\eula.1031.txt --------- 17734   

  07.11.2007 07:00     C:\eula.1028.txt --------- 17734   

  07.11.2007 07:00     C:\globdata.ini --------- 1110   

  07.11.2007 07:00     C:\eula.1042.txt --------- 17734   

  07.11.2007 07:00     C:\install.ini --------- 843   

  07.11.2007 07:00     C:\vcredist.bmp --------- 5686   

  05.06.2007 09:14     C:\boot --------- 4096   

  04.06.2007 21:49     C:\HP --------- 0   

  04.06.2007 20:36     C:\Intel --------- 0   

  30.03.2007 15:35     C:\MCPP --------- 0   

  01.02.2007 09:24     C:\hpzids01.dll --------- 258048   

  02.11.2006 10:53     C:\bootmgr --------- 438840   

----------------------------------------
 

 

C:\Windows
 

  17.11.2010 22:58     C:\Windows\WindowsUpdate.log --------- 45653   

  17.11.2010 22:47     C:\Windows\bootstat.dat --------- 67584   

  17.11.2010 19:48     C:\Windows\ntbtlog.txt --------- 318068   

  15.11.2010 22:22     C:\Windows\bthservsdp.dat --------- 836   

  29.01.2010 18:44     C:\Windows\hpoins18.dat --------- 146191   

  29.01.2010 18:43     C:\Windows\win.ini --------- 302   

  15.08.2009 15:52     C:\Windows\ocsetup_install_NetFx3.etl --------- 43974656   

  15.08.2009 15:52     C:\Windows\ocsetup_cbs_install_NetFx3.perf --------- 196608   

  15.08.2009 15:52     C:\Windows\ocsetup_cbs_install_NetFx3.dpx --------- 65536   

  04.05.2009 18:51     C:\Windows\QIII.INI --------- 525   

  07.04.2009 22:38     C:\Windows\SIERRA.INI --------- 342   

  07.04.2009 22:28     C:\Windows\wininit.ini --------- 126   

  15.12.2008 11:11     C:\Windows\WindowsShell.Manifest --------- 749   

  09.12.2008 21:33     C:\Windows\PDFCreator_Toolbar_Uninstaller_9730.exe --------- 253116   

  03.12.2008 10:55     C:\Windows\CDE DX4400DEFGIPS.ini --------- 25   

  25.11.2008 20:35     C:\Windows\UninstVeetleTVPlayer.exe --------- 48396   

  22.11.2008 18:16     C:\Windows\civ.ini --------- 117   

  29.10.2008 07:20     C:\Windows\explorer.exe --------- 2923520   

  04.06.2007 21:30     C:\Windows\DIFxAPI.dll --------- 319456   

  04.06.2007 21:30     C:\Windows\HideWin.exe --------- 315392   

  04.06.2007 21:24     C:\Windows\hpqins13.dat --------- 111045   

  04.06.2007 21:10     C:\Windows\CSUP.txt --------- 12   

  09.03.2007 18:50     C:\Windows\RtHDVCpl.exe --------- 4390912   

  01.03.2007 01:05     C:\Windows\hpomdl18.dat --------- 6600   

  08.02.2007 02:57     C:\Windows\WMPrfDeu.prx --------- 33820   

  16.01.2007 11:39     C:\Windows\RtlUpd.exe --------- 1191936   

  12.01.2007 17:54     C:\Windows\RtlExUpd.dll --------- 520192   

  02.01.2007 17:27     C:\Windows\Twunk_16.dll --------- 12288   

  02.01.2007 17:27     C:\Windows\Twunk_32.dll --------- 12288   

  02.11.2006 13:35     C:\Windows\WMSysPr9.prx --------- 316640   

  02.11.2006 13:34     C:\Windows\twunk_16.exe --------- 49680   

  02.11.2006 13:34     C:\Windows\twunk_32.exe --------- 31232   

  02.11.2006 13:34     C:\Windows\twain_32.dll --------- 50688   

  02.11.2006 13:34     C:\Windows\twain.dll --------- 94784   

  02.11.2006 13:34     C:\Windows\notepad.exe --------- 151040   

  02.11.2006 10:45     C:\Windows\winhlp32.exe --------- 9216   

  02.11.2006 10:45     C:\Windows\regedit.exe --------- 134656   

  02.11.2006 10:45     C:\Windows\HelpPane.exe --------- 497152   

  02.11.2006 10:45     C:\Windows\hh.exe --------- 14848   

  02.11.2006 10:45     C:\Windows\fveupdate.exe --------- 13312   

  02.11.2006 10:44     C:\Windows\bfsvc.exe --------- 50176   

  02.11.2006 08:46     C:\Windows\mib.bin --------- 43131   

  19.09.2006 12:41     C:\Windows\HomePremium.xml --------- 8328   

  18.09.2006 22:46     C:\Windows\system.ini --------- 219   

  18.09.2006 22:43     C:\Windows\_default.pif --------- 707   

  18.09.2006 22:43     C:\Windows\winhelp.exe --------- 256192   

  18.09.2006 22:30     C:\Windows\msdfmap.ini --------- 1405   

  29.10.1998 15:45     C:\Windows\IsUninst.exe --------- 306688   

  21.10.1998 17:43     C:\Windows\IsUn0407.exe --------- 328704   

----------------------------------------
 

 

C:\Windows\System
 

 17.11.2008 21:26      C:\Windows\System\hpsysdrv.dat --------- 44 

 02.11.2006 13:34      C:\Windows\System\mciwave.drv --------- 28160 

 02.11.2006 13:34      C:\Windows\System\mciseq.drv --------- 25264 

 02.11.2006 13:34      C:\Windows\System\avifile.dll --------- 109456 

 02.11.2006 13:34      C:\Windows\System\avicap.dll --------- 69584 

 02.11.2006 13:34      C:\Windows\System\mciavi.drv --------- 73376 

 02.11.2006 13:34      C:\Windows\System\msvideo.dll --------- 126912 

 02.11.2006 08:10      C:\Windows\System\OLESVR.DLL --------- 24064 

 02.11.2006 08:10      C:\Windows\System\WFWNET.DRV --------- 12704 

 02.11.2006 08:10      C:\Windows\System\COMMDLG.DLL --------- 32816 

 02.11.2006 08:10      C:\Windows\System\TIMER.DRV --------- 4048 

 02.11.2006 08:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 

 02.11.2006 08:10      C:\Windows\System\mmtask.tsk --------- 1152 

 02.11.2006 08:10      C:\Windows\System\mouse.drv --------- 2032 

 02.11.2006 08:10      C:\Windows\System\vga.drv --------- 2176 

 02.11.2006 08:10      C:\Windows\System\sound.drv --------- 1744 

 02.11.2006 08:10      C:\Windows\System\keyboard.drv --------- 2000 

 02.11.2006 08:10      C:\Windows\System\SHELL.DLL --------- 5120 

 02.11.2006 08:10      C:\Windows\System\system.drv --------- 3360 

 18.09.2006 22:43      C:\Windows\System\ver.dll --------- 9008 

 18.09.2006 22:43      C:\Windows\System\olecli.dll --------- 82944 

 18.09.2006 22:43      C:\Windows\System\lzexpand.dll --------- 9936 

 18.09.2006 22:35      C:\Windows\System\stdole.tlb --------- 5532 

 09.11.1995 00:00      C:\Windows\System\IR41.DLL --------- 774960 

 20.10.1995 00:00      C:\Windows\System\IR32.DLL --------- 151744 

 22.03.1995 00:00      C:\Windows\System\IYVU9.DLL --------- 50096 

 21.09.1994 00:00      C:\Windows\System\WINGPAL.WND --------- 5024 

 21.09.1994 00:00      C:\Windows\System\WING.DLL --------- 92208 

 21.09.1994 00:00      C:\Windows\System\WINGDIB.DRV --------- 6736 

 02.09.1994 00:00      C:\Windows\System\IMAADPCM.ACM --------- 17936 

 02.09.1994 00:00      C:\Windows\System\ICCVID.DRV --------- 65408 

 02.09.1994 00:00      C:\Windows\System\DVA.386 --------- 5195 

 24.08.1994 00:00      C:\Windows\System\WINGDE.DLL --------- 188960 

 19.11.1993 00:00      C:\Windows\System\MSADPCM.ACM --------- 15104 

 19.11.1993 00:00      C:\Windows\System\MSACM.DLL --------- 49616 

 19.11.1993 00:00      C:\Windows\System\MSRLE.DRV --------- 11776 

 19.11.1993 00:00      C:\Windows\System\ACMCMPRS.DLL --------- 12800 

 19.11.1993 00:00      C:\Windows\System\MSVIDC.DRV --------- 43520 

 19.11.1993 00:00      C:\Windows\System\CTL3D.DLL --------- 14208 

 19.11.1993 00:00      C:\Windows\System\MSACM.DRV --------- 22816 

 19.11.1993 00:00      C:\Windows\System\MAP_WIN.HLP --------- 16548 

 19.11.1993 00:00      C:\Windows\System\DISPDIB.DLL --------- 7168 

----------------------------------------
 

 

C:\Windows\System32
 

 17.11.2010 22:55     C:\Windows\system32\perfh009.dat --------- 610142  

 17.11.2010 22:55     C:\Windows\system32\perfh007.dat --------- 641344  

 17.11.2010 22:55     C:\Windows\system32\perfc009.dat --------- 103924  

 17.11.2010 22:55     C:\Windows\system32\perfc007.dat --------- 116706  

 17.11.2010 22:55     C:\Windows\system32\PerfStringBackup.INI --------- 1461736  

 17.11.2010 22:48     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3072  

 17.11.2010 22:48     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3072  

 17.11.2010 22:43     C:\Windows\system32\drivers --------- 65536  

 10.11.2010 19:45     C:\Windows\system32\mrt.exe --------- 35758536  

 06.11.2010 10:27     C:\Windows\system32\catroot2 --------- 8192  

 19.10.2010 10:41     C:\Windows\system32\MpSigStub.exe --------- 222080  

 12.08.2010 05:07     C:\Windows\system32\pxinsa64.exe --------- 68592  

 12.08.2010 05:07     C:\Windows\system32\pxhpinst.exe --------- 72176  

 12.08.2010 05:07     C:\Windows\system32\PxSFS.DLL --------- 2120176  

 12.08.2010 05:07     C:\Windows\system32\PxWave.dll --------- 440816  

 12.08.2010 05:07     C:\Windows\system32\pxcpya64.exe --------- 68080  

 12.08.2010 05:07     C:\Windows\system32\PxAFS.DLL --------- 133616  

 12.08.2010 05:07     C:\Windows\system32\VXBLOCK.dll --------- 100848  

 12.08.2010 05:07     C:\Windows\system32\Px.dll --------- 698864  

 12.08.2010 05:07     C:\Windows\system32\PxMas.dll --------- 219632  

 12.08.2010 05:07     C:\Windows\system32\pxdrv.dll --------- 567792  

 29.07.2010 16:50     C:\Windows\system32\javaws.exe --------- 153376  

 29.07.2010 16:50     C:\Windows\system32\javaw.exe --------- 145184  

 29.07.2010 16:50     C:\Windows\system32\java.exe --------- 145184  

 29.07.2010 16:50     C:\Windows\system32\deployJava1.dll --------- 423656  

 18.07.2010 21:50     C:\Windows\system32\catroot --------- 4096  

 05.07.2010 19:25     C:\Windows\system32\Tasks --------- 4096  

 26.06.2010 11:23     C:\Windows\system32\config --------- 12288  

 26.06.2010 11:23     C:\Windows\system32\spool --------- 4096  

 26.06.2010 11:23     C:\Windows\system32\wbem --------- 73728  

 26.06.2010 11:18     C:\Windows\system32\LogFiles --------- 0  

 26.04.2010 23:04     C:\Windows\system32\DivXControlPanelApplet.cpl --------- 353592  

 15.04.2010 08:51     C:\Windows\system32\migration --------- 0  

 13.03.2010 18:34     C:\Windows\system32\WDI --------- 4096  

 09.03.2010 17:54     C:\Windows\system32\wininet.dll --------- 832512  

 09.03.2010 17:54     C:\Windows\system32\urlmon.dll --------- 1168384  

 09.03.2010 17:54     C:\Windows\system32\pngfilt.dll --------- 44544  

 09.03.2010 17:53     C:\Windows\system32\occache.dll --------- 102912  

 09.03.2010 17:52     C:\Windows\system32\mstime.dll --------- 671232  

 09.03.2010 17:52     C:\Windows\system32\mshtmled.dll --------- 477696  

 09.03.2010 17:52     C:\Windows\system32\mshtml.dll --------- 3599872  

 09.03.2010 17:52     C:\Windows\system32\msfeeds.dll --------- 459264  

 09.03.2010 17:51     C:\Windows\system32\jsproxy.dll --------- 27648  

 09.03.2010 17:50     C:\Windows\system32\inetcpl.cpl --------- 1830912  

 09.03.2010 17:50     C:\Windows\system32\ieui.dll --------- 180736  

 09.03.2010 17:50     C:\Windows\system32\iesetup.dll --------- 56320  

 09.03.2010 17:50     C:\Windows\system32\iertutil.dll --------- 268288  

 09.03.2010 17:50     C:\Windows\system32\iernonce.dll --------- 44544  

 09.03.2010 17:50     C:\Windows\system32\iepeers.dll --------- 192512  

 09.03.2010 17:50     C:\Windows\system32\ieframe.dll --------- 6067200  

 09.03.2010 17:50     C:\Windows\system32\ieencode.dll --------- 78336  

 09.03.2010 17:50     C:\Windows\system32\iedkcs32.dll --------- 385024  

 09.03.2010 17:50     C:\Windows\system32\ieapfltr.dll --------- 380928  

 09.03.2010 17:50     C:\Windows\system32\ieakui.dll --------- 161792  

 09.03.2010 17:50     C:\Windows\system32\ieaksie.dll --------- 230400  

 09.03.2010 17:50     C:\Windows\system32\icardie.dll --------- 63488  

 09.03.2010 17:49     C:\Windows\system32\dxtrans.dll --------- 214528  

 09.03.2010 17:49     C:\Windows\system32\dxtmsft.dll --------- 347136  

 09.03.2010 17:48     C:\Windows\system32\advpack.dll --------- 124928  

 09.03.2010 17:48     C:\Windows\system32\admparse.dll --------- 72704  

 09.03.2010 15:50     C:\Windows\system32\html.iec --------- 389120  

 09.03.2010 15:17     C:\Windows\system32\ieUnatt.exe --------- 26624  

 09.03.2010 15:17     C:\Windows\system32\ie4uinit.exe --------- 70656  

 09.03.2010 13:43     C:\Windows\system32\mshtmler.dll --------- 48128  

 09.03.2010 13:37     C:\Windows\system32\mshtml.tlb --------- 1383424  

 04.03.2010 20:24     C:\Windows\system32\vbscript.dll --------- 434176  

 25.02.2010 11:14     C:\Windows\system32\FNTCACHE.DAT --------- 430784  

 25.02.2010 11:13     C:\Windows\system32\de-DE --------- 524288  

 21.02.2010 00:54     C:\Windows\system32\nshhttp.dll --------- 24064  

 21.02.2010 00:51     C:\Windows\system32\httpapi.dll --------- 31232  

 19.02.2010 20:27     C:\Windows\system32\DivX.dll --------- 720384  

 19.02.2010 20:27     C:\Windows\system32\divx_xx16.dll --------- 843776  

 19.02.2010 20:27     C:\Windows\system32\divx_xx11.dll --------- 839680  

 19.02.2010 20:27     C:\Windows\system32\divx_xx0c.dll --------- 856064  

 19.02.2010 20:27     C:\Windows\system32\divx_xx0a.dll --------- 847872  

 19.02.2010 20:27     C:\Windows\system32\divx_xx07.dll --------- 856064  

 18.02.2010 15:54     C:\Windows\system32\ntkrnlpa.exe --------- 3502480  

 18.02.2010 15:54     C:\Windows\system32\ntoskrnl.exe --------- 3468168  

 18.02.2010 15:22     C:\Windows\system32\tcpipcfg.dll --------- 167424  

 18.02.2010 15:19     C:\Windows\system32\iphlpsvc.dll --------- 179712  

 18.02.2010 13:04     C:\Windows\system32\netiougc.exe --------- 22016  

 12.02.2010 11:49     C:\Windows\system32\browserchoice.exe --------- 293376  

 05.02.2010 20:16     C:\Windows\system32\dpl100.dll --------- 94208  

 25.01.2010 13:58     C:\Windows\system32\secproc_ssp_isv.dll --------- 154624  

 25.01.2010 13:58     C:\Windows\system32\secproc_ssp.dll --------- 154112  

 25.01.2010 13:58     C:\Windows\system32\secproc_isv.dll --------- 473088  

 25.01.2010 13:58     C:\Windows\system32\secproc.dll --------- 472576  

 25.01.2010 13:56     C:\Windows\system32\msdrm.dll --------- 312320  

 25.01.2010 09:36     C:\Windows\system32\RMActivate_ssp.exe --------- 435712  

 25.01.2010 09:36     C:\Windows\system32\RMActivate.exe --------- 515584  

 25.01.2010 09:36     C:\Windows\system32\RMActivate_ssp_isv.exe --------- 431104  

 25.01.2010 09:35     C:\Windows\system32\RMActivate_isv.exe --------- 523776  

 23.01.2010 09:05     C:\Windows\system32\tzres.dll --------- 2048  

 21.01.2010 17:02     C:\Windows\system32\l3codecp.acm --------- 220672  

 21.01.2010 17:02     C:\Windows\system32\l3codeca.acm --------- 62464  

 13.01.2010 19:23     C:\Windows\system32\cabview.dll --------- 97792  

 28.12.2009 13:36     C:\Windows\system32\tsbyuv.dll --------- 11776  

 28.12.2009 13:35     C:\Windows\system32\quartz.dll --------- 1327616  

 28.12.2009 13:34     C:\Windows\system32\msyuv.dll --------- 22528  

 28.12.2009 13:34     C:\Windows\system32\msvidc32.dll --------- 31232  

----------------------------------------
 

 

C:\Windows\Prefetch
 

----------------------------------------
 

 

C:\Windows\Tasks
 

 17.11.2010 22:48     C:\Windows\Tasks\SA.DAT --------- 6  

 15.11.2010 22:23     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32614  

----------------------------------------
 

 

C:\Windows\Temp
 

 17.11.2010 23:06     C:\Windows\Temp\lpksetup-20101117-230604-0.log --------- 632  

 17.11.2010 23:06     C:\Windows\Temp\lpksetup-20101117-230306-0.log --------- 30362  

 17.11.2010 22:58     C:\Windows\Temp\MpSigStub.log --------- 3206  

 17.11.2010 22:49     C:\Windows\Temp\hpqddsvc.log --------- 8135  

 17.11.2010 22:49     C:\Windows\Temp\HPSLPS004.log --------- 1601  

 17.11.2010 19:35     C:\Windows\Temp\HPSLPS003.log --------- 3315  

 16.11.2010 21:07     C:\Windows\Temp\HPSLPS002.log --------- 2134  

 16.11.2010 20:29     C:\Windows\Temp\TMP0000000C4D728C8E553D3809 --------- 524288  

 16.11.2010 20:29     C:\Windows\Temp\HPSLPS001.log --------- 1601  

 16.11.2010 20:17     C:\Windows\Temp\TMP0000000A9031A48B10B4AAE5 --------- 524288  

 16.11.2010 20:17     C:\Windows\Temp\iExDEE9.tmp --------- 364032  

 16.11.2010 20:16     C:\Windows\Temp\TMP00000006676CA5496F4AADF1 --------- 524288  

 16.11.2010 20:15     C:\Windows\Temp\HPSLPS000.log --------- 2134  

 15.11.2010 23:08     C:\Windows\Temp\TMP000000458158D7815F53C437 --------- 524288  

 15.11.2010 23:04     C:\Windows\Temp\HPSLPS475.log --------- 1601  

 15.11.2010 22:51     C:\Windows\Temp\TMP00000003B46023B5DDE884D0 --------- 524288  

 15.11.2010 22:51     C:\Windows\Temp\TMP000000016FEE3FCA37E08B30 --------- 524288  

 15.11.2010 22:50     C:\Windows\Temp\HPSLPS474.log --------- 1601  

 15.11.2010 22:25     C:\Windows\Temp\HPSLPS473.log --------- 890  

 15.11.2010 19:25     C:\Windows\Temp\lpksetup-20101115-192510-0.log --------- 632  

 15.11.2010 19:25     C:\Windows\Temp\lpksetup-20101115-192444-0.log --------- 30362  

 15.11.2010 19:10     C:\Windows\Temp\HPSLPS472.log --------- 2134  

----------------------------------------
 

 

C:\Users\***\AppData\Local\Temp
 

 17.11.2010 23:09     C:\Users\***\AppData\Local\Temp\~DFCEDD.tmp --------- 512  

 17.11.2010 23:09     C:\Users\***\AppData\Local\Temp\1291376.od --------- 134  

 17.11.2010 23:09     C:\Users\***\AppData\Local\Temp\CVRB431.tmp.cvr --------- 0  

 17.11.2010 22:51     C:\Users\***\AppData\Local\Temp\WPDNSE --------- 0  

 17.11.2010 22:51     C:\Users\***\AppData\Local\Temp\3D4D.tmp --------- 4096  

 17.11.2010 22:50     C:\Users\***\AppData\Local\Temp\C6D7.tmp --------- 4096  

 17.11.2010 22:50     C:\Users\***\AppData\Local\Temp\3957.tmp --------- 4096  

 17.11.2010 22:49     C:\Users\***\AppData\Local\Temp\AEE4.tmp --------- 4096  

 17.11.2010 21:45     C:\Users\***\AppData\Local\Temp\msohtmlclip1 --------- 0  

 17.11.2010 21:43     C:\Users\***\AppData\Local\Temp\WordCitaviTrace.txt --------- 179  

 17.11.2010 19:46     C:\Users\***\AppData\Local\Temp\30C.tmp --------- 4096  

 17.11.2010 19:45     C:\Users\***\AppData\Local\Temp\A939.tmp --------- 4096  

 17.11.2010 19:45     C:\Users\***\AppData\Local\Temp\16F9.tmp --------- 4096  

 17.11.2010 19:44     C:\Users\***\AppData\Local\Temp\CDF8.tmp --------- 4096  

 17.11.2010 19:44     C:\Users\***\AppData\Local\Temp\B6D0.tmp --------- 0  

 17.11.2010 19:44     C:\Users\***\AppData\Local\Temp\925F.tmp --------- 4096  

 17.11.2010 19:44     C:\Users\***\AppData\Local\Temp\844B.tmp --------- 4096  

 17.11.2010 19:44     C:\Users\***\AppData\Local\Temp\7619.tmp --------- 4096  

 17.11.2010 19:44     C:\Users\***\AppData\Local\Temp\5BD5.tmp --------- 4096  

 17.11.2010 19:44     C:\Users\***\AppData\Local\Temp\1B4D.tmp --------- 4096  

 17.11.2010 19:44     C:\Users\***\AppData\Local\Temp\8F5.tmp --------- 4096  

 17.11.2010 19:43     C:\Users\***\AppData\Local\Temp\CB2A.tmp --------- 4096  

 17.11.2010 19:43     C:\Users\***\AppData\Local\Temp\B9BD.tmp --------- 4096  

 17.11.2010 19:43     C:\Users\***\AppData\Local\Temp\5BB6.tmp --------- 4096  

 17.11.2010 19:43     C:\Users\***\AppData\Local\Temp\2D27.tmp --------- 4096  

 17.11.2010 19:42     C:\Users\***\AppData\Local\Temp\~DF7034.tmp --------- 16384  

 17.11.2010 19:42     C:\Users\***\AppData\Local\Temp\A6BA.tmp --------- 4096  

 17.11.2010 19:42     C:\Users\***\AppData\Local\Temp\83EE.tmp --------- 4096  

 17.11.2010 19:42     C:\Users\***\AppData\Local\Temp\7251.tmp --------- 4096  

 17.11.2010 19:42     C:\Users\***\AppData\Local\Temp\669E.tmp --------- 4096  

 17.11.2010 19:42     C:\Users\***\AppData\Local\Temp\4E9C.tmp --------- 4096  

 17.11.2010 19:41     C:\Users\***\AppData\Local\Temp\FC8.tmp --------- 4096  

 17.11.2010 19:40     C:\Users\***\AppData\Local\Temp\C2A2.tmp --------- 4096  

 16.11.2010 23:51     C:\Users\***\AppData\Local\Temp\msohtmlclip --------- 0  

 16.11.2010 22:56     C:\Users\***\AppData\Local\Temp\VBE --------- 0  

 16.11.2010 21:26     C:\Users\***\AppData\Local\Temp\~DF5FF0.tmp --------- 65536  

 16.11.2010 20:40     C:\Users\***\AppData\Local\Temp\***.bmp --------- 31832  

 16.11.2010 20:39     C:\Users\***\AppData\Local\Temp\SHSetup.exe --------- 18942808  

 16.11.2010 20:34     C:\Users\***\AppData\Local\Temp\365B.tmp --------- 4096  

 16.11.2010 20:30     C:\Users\***\AppData\Local\Temp\~DF65BA.tmp --------- 65536  

 16.11.2010 20:30     C:\Users\***\AppData\Local\Temp\div9E31.tmp --------- 0  

 16.11.2010 20:30     C:\Users\***\AppData\Local\Temp\hpqddusr.log --------- 311  

 16.11.2010 20:30     C:\Users\***\AppData\Local\Temp\MAR2607.tmp --------- 1285  

 16.11.2010 20:29     C:\Users\***\AppData\Local\Temp\MARF160.tmp --------- 1342  

 16.11.2010 20:19     C:\Users\***\AppData\Local\Temp\DA18.tmp --------- 4096  

 16.11.2010 20:17     C:\Users\***\AppData\Local\Temp\~DF35AC.tmp --------- 65536  

 16.11.2010 20:17     C:\Users\***\AppData\Local\Temp\MARF584.tmp --------- 1342  

 16.11.2010 20:17     C:\Users\***\AppData\Local\Temp\div9896.tmp --------- 0  

 16.11.2010 08:05     C:\Users\***\AppData\Local\Temp\Low --------- 0  

 15.11.2010 23:10     C:\Users\***\AppData\Local\Temp\B3D3.tmp --------- 4096  

 15.11.2010 23:06     C:\Users\***\AppData\Local\Temp\~DFE3C8.tmp --------- 65536  

 15.11.2010 23:06     C:\Users\***\AppData\Local\Temp\MAR10B3.tmp --------- 1285  

 15.11.2010 23:06     C:\Users\***\AppData\Local\Temp\MARF5B.tmp --------- 1342  

 15.11.2010 23:06     C:\Users\***\AppData\Local\Temp\div4614.tmp --------- 0  

 15.11.2010 22:59     C:\Users\***\AppData\Local\Temp\5FEA.tmp --------- 4096  

 15.11.2010 22:55     C:\Users\***\AppData\Local\Temp\C8F9.tmp --------- 4096  

 15.11.2010 22:52     C:\Users\***\AppData\Local\Temp\div9EDD.tmp --------- 0  

 15.11.2010 22:52     C:\Users\***\AppData\Local\Temp\MARAD9D.tmp --------- 1285  

 15.11.2010 22:52     C:\Users\***\AppData\Local\Temp\MARAB6B.tmp --------- 1342  

 15.11.2010 22:51     C:\Users\***\AppData\Local\Temp\~DFE586.tmp --------- 65536  

 15.11.2010 22:32     C:\Users\***\AppData\Local\Temp\B460.tmp --------- 4096  

 15.11.2010 22:17     C:\Users\***\AppData\Local\Temp\AcrBF10.tmp --------- 358  

 15.11.2010 21:01     C:\Users\***\AppData\Local\Temp\comtypes_cache --------- 0  

 15.11.2010 19:11     C:\Users\***\AppData\Local\Temp\MARB9CD.tmp --------- 1285  

 15.11.2010 19:11     C:\Users\***\AppData\Local\Temp\MARB8C4.tmp --------- 1342  

 15.11.2010 19:11     C:\Users\***\AppData\Local\Temp\div8120.tmp --------- 0  

 15.11.2010 19:10     C:\Users\***\AppData\Local\Temp\~DFD238.tmp --------- 65536  

----------------------------------------
 

 

C:\Program Files
 

 17.11.2010 23:19     C:\Program Files\trend micro --------- 4096  

 16.11.2010 20:40     C:\Program Files\Enigma Software Group --------- 0  

 16.11.2010 08:03     C:\Program Files\CCleaner --------- 0  

 04.11.2010 07:52     C:\Program Files\Mozilla Firefox --------- 32768  

 18.10.2010 18:38     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  

 17.10.2010 22:03     C:\Program Files\Common Files --------- 4096  

 17.10.2010 20:49     C:\Program Files\TrackMania United --------- 0  

 20.09.2010 19:45     C:\Program Files\AC3Filter --------- 4096  

 20.09.2010 17:59     C:\Program Files\DivX --------- 8192  

 09.09.2010 19:24     C:\Program Files\concept design --------- 0  

 03.08.2010 10:06     C:\Program Files\VSO --------- 0  

 03.08.2010 10:01     C:\Program Files\MonkeyJam --------- 4096  

 29.07.2010 16:54     C:\Program Files\Java --------- 0  

 28.07.2010 20:54     C:\Program Files\YouTube Downloader --------- 4096  

 14.07.2010 14:56     C:\Program Files\Citavi --------- 4096  

 05.07.2010 19:25     C:\Program Files\Skype --------- 0  

 29.04.2010 16:52     C:\Program Files\Winamp --------- 4096  

 29.04.2010 16:52     C:\Program Files\Winamp Detect --------- 0  

 15.04.2010 08:51     C:\Program Files\Windows Mail --------- 4096  

 01.04.2010 12:07     C:\Program Files\Internet Explorer --------- 4096  

 30.03.2010 16:19     C:\Program Files\Streamripper --------- 4096  

 12.03.2010 13:10     C:\Program Files\Movie Maker --------- 8192  

 10.02.2010 20:05     C:\Program Files\uTorrent --------- 0  

 29.01.2010 18:42     C:\Program Files\HP --------- 4096  

 27.01.2010 14:59     C:\Program Files\PDF Blender --------- 0  

 08.01.2010 14:04     C:\Program Files\pdf24 --------- 4096  

 01.12.2009 22:15     C:\Program Files\Hewlett-Packard --------- 4096  

 21.11.2009 13:52     C:\Program Files\Lame for Audacity --------- 0  

 21.11.2009 13:51     C:\Program Files\Audacity 1.3 Beta (Unicode) --------- 4096  

 29.10.2009 09:38     C:\Program Files\Windows Media Player --------- 4096  

 28.10.2009 17:28     C:\Program Files\Microsoft Works --------- 28672  

 13.10.2009 14:58     C:\Program Files\InstallJammer Registry --------- 0  

 18.09.2009 16:29     C:\Program Files\iPhone-Konfigurationsprogramm --------- 0  

 18.09.2009 16:27     C:\Program Files\iTunes --------- 4096  

 18.09.2009 16:26     C:\Program Files\iPod --------- 0  

 18.09.2009 16:24     C:\Program Files\QuickTime --------- 4096  

 03.08.2009 14:15     C:\Program Files\Full Tilt Poker --------- 8192  

 04.05.2009 19:17     C:\Program Files\InstallShield Installation Information --------- 4096  

 07.04.2009 22:33     C:\Program Files\Sierra On-Line --------- 4096  

 10.03.2009 19:41     C:\Program Files\Microsoft Games --------- 4096  

 15.12.2008 11:11     C:\Program Files\desktop.ini --------- 174  

 09.12.2008 21:33     C:\Program Files\PDFCreator --------- 4096  

 09.12.2008 21:33     C:\Program Files\PDFCreator Toolbar --------- 0  

 08.12.2008 23:02     C:\Program Files\Apple Software Update --------- 4096  

 03.12.2008 10:57     C:\Program Files\epson --------- 0  

 30.11.2008 18:34     C:\Program Files\SopCast --------- 4096  

 27.11.2008 10:27     C:\Program Files\IrfanView --------- 4096  

 25.11.2008 18:35     C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0  

 18.11.2008 22:17     C:\Program Files\Avira --------- 0  

 18.11.2008 00:58     C:\Program Files\Google --------- 0  

 17.11.2008 23:37     C:\Program Files\Windows Calendar --------- 0  

 17.11.2008 23:37     C:\Program Files\Windows Defender --------- 4096  

 17.11.2008 23:37     C:\Program Files\Windows Sidebar --------- 4096  

 17.11.2008 22:51     C:\Program Files\MSXML 4.0 --------- 0  

 17.11.2008 21:58     C:\Program Files\VideoLAN --------- 0  

 17.11.2008 21:57     C:\Program Files\CDex_150 --------- 4096  

 17.11.2008 21:42     C:\Program Files\WinRAR --------- 4096  

 17.11.2008 21:39     C:\Program Files\MSBuild --------- 0  

 17.11.2008 21:39     C:\Program Files\Microsoft Office --------- 4096  

 17.11.2008 21:39     C:\Program Files\Microsoft Visual Studio --------- 0  

 17.11.2008 21:38     C:\Program Files\Microsoft.NET --------- 0  

 17.11.2008 21:37     C:\Program Files\Microsoft Visual Studio 8 --------- 0  

 17.11.2008 21:27     C:\Program Files\Fingerprint Sensor --------- 0  

 17.11.2008 21:19     C:\Program Files\Windows NT --------- 4096  

 17.11.2008 21:19     C:\Program Files\Gemeinsame Dateien --------- 0  

 04.06.2007 21:32     C:\Program Files\HPQ --------- 0  

 04.06.2007 21:30     C:\Program Files\Realtek --------- 0  

 04.06.2007 21:26     C:\Program Files\Online-Dienste --------- 4096  

 04.06.2007 21:24     C:\Program Files\Adobe --------- 0  

 04.06.2007 20:57     C:\Program Files\Roxio --------- 0  

 04.06.2007 20:36     C:\Program Files\Intel --------- 0  

 04.06.2007 20:20     C:\Program Files\Synaptics --------- 0  

 04.06.2007 20:13     C:\Program Files\Motorola --------- 0  

 02.11.2006 14:01     C:\Program Files\Uninstall Information --------- 0  

 02.11.2006 13:42     C:\Program Files\Windows Collaboration --------- 4096  

 02.11.2006 13:42     C:\Program Files\Windows Photo Gallery --------- 4096  

 02.11.2006 13:42     C:\Program Files\Windows Journal --------- 4096  

 02.11.2006 13:37     C:\Program Files\MSN --------- 0  

 02.11.2006 13:37     C:\Program Files\Reference Assemblies --------- 0  

----------------------------------------
 

 

C:\ProgramData\.. 
 

***    

desktop.ini    

All Users    

Default User    

Default    

Public    

----------------------------------------
 

 

C:\Windows\system32\drivers\etc\hosts
 

127.0.0.1 localhost
 

----------------------------------------
 

 
 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung

========================= ======== ================ =========== ===============

System Idle Process              0 Services                   0            28 K

System                           4 Services                   0        25'420 K

smss.exe                       452 Services                   0           564 K

csrss.exe                      592 Services                   0         4'840 K

wininit.exe                    640 Services                   0         2'984 K

csrss.exe                      652 Console                    1        12'328 K

services.exe                   684 Services                   0         4'692 K

lsass.exe                      696 Services                   0         2'212 K

lsm.exe                        704 Services                   0         3'224 K

winlogon.exe                   804 Console                    1         4'464 K

svchost.exe                    900 Services                   0         5'564 K

SH4SER~1.EXE                   940 Services                   0         2'488 K

nvvsvc.exe                     952 Services                   0         2'964 K

svchost.exe                    980 Services                   0         5'824 K

svchost.exe                   1012 Services                   0        41'068 K

svchost.exe                   1096 Services                   0        10'596 K

svchost.exe                   1132 Services                   0        67'336 K

svchost.exe                   1192 Services                   0        63'408 K

audiodg.exe                   1276 Services                   0        17'396 K

svchost.exe                   1292 Services                   0         3'844 K

SLsvc.exe                     1308 Services                   0         9'152 K

nvvsvc.exe                    1368 Console                    1         4'912 K

svchost.exe                   1384 Services                   0        10'880 K

svchost.exe                   1496 Services                   0        17'516 K

spoolsv.exe                   1756 Services                   0         8'280 K

sched.exe                     1788 Services                   0         1'244 K

svchost.exe                   1800 Services                   0         9'876 K

dwm.exe                       2004 Console                    1        78'944 K

taskeng.exe                    676 Console                    1         9'288 K

avguard.exe                    760 Services                   0        18'900 K

AppleMobileDeviceService.      844 Services                   0         2'936 K

svchost.exe                   1964 Services                   0         3'192 K

CLCapSvc.exe                  1808 Services                   0         7'204 K

svchost.exe                   1720 Services                   0         5'996 K

IAANTmon.exe                  1856 Services                   0         4'496 K

LSSrvc.exe                    2060 Services                   0         2'936 K

svchost.exe                   2080 Services                   0         2'384 K

svchost.exe                   2124 Services                   0         2'368 K

svchost.exe                   2136 Services                   0         3'688 K

svchost.exe                   2192 Services                   0         4'896 K

svchost.exe                   2224 Services                   0         2'004 K

SearchIndexer.exe             2256 Services                   0        34'352 K

hpqwmiex.exe                  2344 Services                   0         3'728 K

CLSched.exe                   2712 Services                   0         4'524 K

svchost.exe                   2940 Services                   0         4'560 K

taskeng.exe                   2968 Services                   0         4'500 K

conime.exe                    3724 Console                    1         3'056 K

HPHC_Service.exe              4032 Services                   0        10'664 K

explorer.exe                  3012 Console                    1        71'148 K

wuauclt.exe                   3540 Console                    1         5'216 K

WINWORD.EXE                   3712 Console                    1        89'812 K

firefox.exe                   3324 Console                    1        84'728 K

SearchProtocolHost.exe        2736 Services                   0         8'508 K

SearchFilterHost.exe          2244 Services                   0         4'488 K

cmd.exe                       3340 Console                    1         2'896 K

dllhost.exe                   3028 Console                    1         4'068 K

tasklist.exe                  2472 Console                    1         4'516 K

WmiPrvSE.exe                  3956 Services                   0         5'628 K
 

 

***** Ende des Scans 17.11.2010 um 23:27:11.43 ***

5. CCleaner

Code:

AC3Filter 1.62b        Alexander Vigovsky        19.09.2010        1.67MB        1.62b

Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        24.02.2009                10.0.22.87

Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        26.06.2010                10.1.53.64

Adobe Flash Player 9 ActiveX        Adobe Systems Incorporated        17.11.2008                9

Adobe Reader 8 - Deutsch        Adobe Systems Incorporated        03.06.2007        90.9MB        8.0.0

Apple Application Support        Apple Inc.        17.09.2009        32.2MB        1.0

Apple Mobile Device Support        Apple Inc.        17.09.2009        40.3MB        2.6.0.32

Apple Software Update        Apple Inc.        07.12.2008        2.16MB        2.1.1.116

Audacity 1.3.9 (Unicode)        Audacity Team        20.11.2009        30.8MB        

Avira AntiVir Personal - Free Antivirus        Avira GmbH        17.11.2008        53.1MB        

CCleaner        Piriform        15.11.2010        3.13MB        3.00

CDex extraction audio                16.11.2008        3.02MB        

Citavi 2.5        Academic Software Zurich        13.07.2010        59.3MB        2.5.2.0

DivX Converter        DivX, Inc.        18.09.2010        45.3MB        7.1.0

DivX Plus DirectShow Filters        DivX, Inc.        18.09.2010        1.58MB        

DivX-Setup        DivX, Inc.         18.09.2010        2.27MB        2.0.4.2

Dropbox                14.11.2010        24.0MB        0.7.110

EPSON Scan                02.12.2008        12.1MB        

EPSON-Drucker-Software        SEIKO EPSON Corporation        02.12.2008                

ESU for Microsoft Vista        Hewlett-Packard        03.06.2007        3.39MB        2.0.3.1

Full Tilt Poker        Full Tilt Poker        02.04.2009        22.1MB        4.17.11.WIN.FullTilt.Real

HP Customer Experience Enhancements        Hewlett-Packard        03.06.2007        0.98MB        5.1.0.2278

HP Customer Participation Program 8.0        HP        28.01.2010        352MB        8.0

HP Easy Setup - Frontend        Hewlett-Packard        03.06.2007        1.94MB        5.1.0.2279

HP Help and Support        Hewlett-Packard        03.06.2007        50.5MB        1.1.0

HP Imaging Device Functions 8.0        HP        28.01.2010        1.54MB        8.0

HP OCR Software 8.0        HP        28.01.2010        1.53MB        8.0

HP Photosmart Essential        HP        28.01.2010        10.2MB        1.12.0.46

HP Photosmart Essential 2.0        HP        17.11.2008        1.37MB        2.0

HP Photosmart.All-In-One Driver Software 8.0 .A        HP        28.01.2010        30.7MB        8.0

HP Quick Launch Buttons 6.20 B1        Hewlett-Packard        03.06.2007        16.8MB        6.20 B1

HP QuickPlay 3.2                17.11.2008        7.68MB        

HP Solution Center 8.0        HP        28.01.2010        1.53MB        8.0

HP Update        Hewlett-Packard        03.06.2007        3.57MB        4.000.005.007

HP Wireless Assistant        Hewlett-Packard        03.06.2007        3.94MB        3.00 F1

HPSSupply        Ihr Firmenname        28.01.2010        0.96MB        2.1.3.0000

Intel Matrix Storage Manager                17.11.2008        37.1MB        

iPhone-Konfigurationsprogramm        Apple Inc.        17.09.2009        22.4MB        2.1.0.163

IrfanView (remove only)                26.11.2008        1.38MB        

iTunes        Apple Inc.        17.09.2009        132.6MB        9.0.0.70

Java(TM) 6 Update 20        Sun Microsystems, Inc.        28.07.2010        94.5MB        6.0.200

Java(TM) 6 Update 21        Oracle        28.07.2010        94.9MB        6.0.210

Java(TM) SE Runtime Environment 6        Sun Microsystems, Inc.        03.06.2007        115.2MB        1.6.0.0

LAME v3.98.2 for Audacity                20.11.2009        1.18MB        

Malwarebytes' Anti-Malware        Malwarebytes Corporation        17.10.2010        3.90MB        

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        16.08.2009        37.0MB        

Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        14.08.2009        37.0MB        

Microsoft Age of Empires II                09.03.2009        173.3MB        

Microsoft Office Enterprise 2007        Microsoft Corporation        27.10.2009        619MB        12.0.6425.1000

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        14.07.2010        0.19MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        13.07.2010        2.06MB        9.0.21022

Microsoft Works        Microsoft Corporation        09.12.2009        288MB        08.05.0822

MonkeyJam 3_050529        GiantScreamingRobotMonkeys        02.08.2010        3.21MB        

Motorola SM56 Data Fax Modem                03.06.2007        1.82MB        

Mozilla Firefox (3.6.12)        Mozilla        03.11.2010        29.9MB        3.6.12 (de)

MSCU for Microsoft Vista        Hewlett-Packard        03.06.2007        24.3MB        1.0.1.1

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        16.11.2008        1.28MB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        24.11.2009        1.34MB        4.20.9876.0

NVIDIA Drivers        NVIDIA Corporation        17.07.2010                1.10

PDF24 Creator        PDF24.org        07.01.2010        38.0MB        

PDFCreator        Frank Heindörfer, Philip Chinery        08.12.2008        30.2MB        0.9.5

PDFCreator Toolbar                08.12.2008        1.03MB        3.3.0.1

QuickTime        Apple Inc.        17.09.2009        76.5MB        7.64.17.73

Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        03.06.2007        11.2MB        6.0.1.5384

Roxio Creator Audio        Roxio        03.06.2007        3.79MB        3.4.0

Roxio Creator Basic v9        Roxio        03.06.2007        25.9MB        3.4.0

Roxio Creator Copy        Roxio        03.06.2007        0.65MB        3.4.0

Roxio Creator Data        Roxio        03.06.2007        0.88MB        3.4.0

Roxio Creator EasyArchive        Roxio        03.06.2007        1.50MB        3.4.0

Roxio Creator Tools        Roxio        03.06.2007        0.35MB        3.4.0

Roxio Express Labeler 3        Roxio        03.06.2007        18.1MB        3.2.1

Roxio MyDVD Basic v9        Roxio        03.06.2007        302MB        9.0.551

Sierra Utilities                06.04.2009                

Skype™ 4.2        Skype Technologies S.A.        04.07.2010        31.8MB        4.2.169

SopCast 3.0.3        SopCast.com        29.11.2008        8.32MB        3.0.3

SpyHunter        Enigma Software Group USA, LLC        15.11.2010        19.8MB        4.3.32.3239

Streamripper (Remove only)                29.03.2010        6.30MB        

Synaptics Pointing Device Driver        Synaptics        03.06.2007        12.8MB        9.1.11.0

VLC media player 0.9.8a        VideoLAN Team        20.12.2008        17.5MB        0.9.8a

VSO Image Resizer 4.0.0.46        VSO-Software        02.08.2010        28.1MB        4.0.0.46

Winamp        Nullsoft, Inc        28.04.2010        27.9MB        5.572 

Winamp Detector Plug-in        Nullsoft, Inc        28.04.2010        0.13MB        1.0.0.1

Windows Media Player Firefox Plugin        Microsoft Corp        16.10.2009        0.29MB        1.0.0.8

WinRAR Archivierer                16.11.2008        2.84MB        

YouTube Downloader 2.5.6        BienneSoft        27.07.2010        6.93MB        

µTorrent                09.02.2010        0.30MB        2.0.0

6. Lass über Nacht nochmals Malwarbytes mit Vollscan laufen.