Browser werden blockiert ! Bitte um kontrolle des HiJackThis Logs.

Moe1991 · 15.08.2009, 02:41

Hallo Profis!

Ich hoffe mein Problem passt in diese Kategorie, wenn nicht bitte ich um entschuldigung.

Wie man sicherlich aus der Überschrift erkennen kann , liegt ein Problem mit meinen Browsern vor.

Ich habe eine Reihe von Foren nach diesem Problem durchsucht. Und bin auf das Programm LSPfix gestoßen. Bevor ich irgendeinen Unsinn mache , wollte ich meinen HiJackThis-Log von euch Auswerten lassen. Vielleicht könnt ihr mir mehr helfen mein Problem zu lösen.

Ich kann mit keinem der installierten Browser (Opera, firebird, IE) mehr auf das Internet zugreifen obwohl eine Verbindung steht. z.B. ping auf gmx.de funktioniert einwandfrei.

Leider sind es nicht nur die Browser die blockiert sind!
Auch die Antivrenprogramme können keine Verbindung zum internet aufbauen.
Dienste von Avira-Antivir lassen sich nicht starten.
Und Spybot Update will auch nicht rauswählen.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:09:25, on 15.08.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~4.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729; MSN OptimizedIE8;DEDE)" -"http://www.habbo.de/client"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - h*tp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - (no file)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - (no file)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - h*tp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\Skype4COM.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8793 bytes

Ich muss sagen , dass ich folgende Zeile sehr auffällig finde:

Zitat:

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

Vielleicht kann mir einer von euch mehr dazu sagen !?

Die Windows Firewall habe ich deaktiviert und nach dem ich das System nach Viren überprüft habe , habe ich auch Avira Antivirus deinstalliert.
Leider haben die Browser trotzdem nicht funktioniert.

Ich hoffe , dass ihr mir helfen und meinen Log auswerten könnt.
Ich bin für jede Art von Hilfe dankbar !

Mit freundlichen Grüßen
Moe1991

kira · 15.08.2009, 22:14

Hallo und Herzlich Willkommen!

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:

1.
Lade eines dieser Programme runter: WinsockFix
Lass das ausgewählte Programm auf deinem Rechner laufen, wenn es Probleme mit der Internet-Verbindung gibt.
Danach einfach den Rechner neu starten. Solltest du dich für LSP entscheiden, bitte das Programm laufen lassen, dann ein Häkchen in "I know what I'm doing" setzen, sonst nichts machen, aber auf den Finished Button klicken.

2.
bitte Versteckte - und Systemdateien sichtbar machen::
→ Klicke unter Start auf Arbeitsplatz.
→ Klicke im Menü Extras auf Ordneroptionen.
→ Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden → Haken entfernen
→ Geschützte und Systemdateien ausblenden → Haken entfernen
→ Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen → Haken setzen.
→ Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein.
für Vista User

3.
- Lade dir RSIT - Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird GMER beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

6.
lade F-Secure Blacklight in einen neuen Ordner C:\programme\blacklight.

schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)

nichts am Pc machen während der Scan läuft!

starte in diesem Ordner fsbl.exe
klicke auf "I accept the agreement" → "next" → "Scan"
wenn der Scan beendet ist, wähle Close.
der Bericht ist fsbl-XXX.log und befindet sich im Blacklight Verzeichnis. (anstelle der XXX stehen Zahlen, die Datum und Uhrzeit enthalten). Den Inhalt dieser Datei bitte posten.

Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein log schreibst du:[code]
hier kommt dein logfile rein
→ dahinter:[/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow

Moe1991 · 16.08.2009, 23:06

Hallo Coverflow ,

vielen Dank für deine ausführliche Antwort.

Ich bin allen Schritten gefolgt. Es folgen die von dir erwarteten Logs:

http://rapidshare.com/files/268170875/Logs.rar.html

Moe1991 · 16.08.2009, 23:08

In der Rapidshare datei befinden sich alle Logs die ich dir besorgen sollte

Moe1991 · 16.08.2009, 23:19

Ich hoffe man darf Links einfach so posten !? :S

kira · 16.08.2009, 23:52

kopiere bitte alles da rein! wenn auf einmal auch nicht geht, dann aufgeteilt...

Moe1991 · 16.08.2009, 23:56

zuerst wollte ich es auch machen ... aber die Logs runterladen ist doch viel einfacher,übersichtlicher und es spart Zeit

Wieso dann Posten !?

Aber ich kanns gerne machen , wenn es dir lieber ist

Moe1991 · 17.08.2009, 00:58

1.1.1 RSIT : 1. Teil der Log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by moe at 2009-08-16 02:29:09
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 7 GB (7%) free of 95 GB
Total RAM: 2045 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:29:11, on 16.08.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\moe\Desktop\RSIT.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\moe.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~4.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729; MSN OptimizedIE8;DEDE)" -"http://www.habbo.de/client"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (file missing)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - (no file)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - (no file)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - Amazon.de: Günstige Preise bei Elektronik & Foto, DVD, Musik, Bücher, Games, Spielzeug & mehr (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\Skype4COM.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9259 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Klick-Wartung.job
C:\Windows\tasks\User_Feed_Synchronization-{63DB1AA5-FDE1-4834-B7EF-54CDFCD13B7D}.job
C:\Windows\tasks\User_Feed_Synchronization-{EFF19B53-7D0C-4F72-A3B6-5DA91026BF10}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-12 96936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-26 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-26 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-01-12 607888]
{AD6E6555-FB2C-47D4-8339-3E2965509877} - &TerraTec Home Cinema - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL [2007-11-07 527360]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-29 411192]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-22 438272]
"NDSTray.exe"=NDSTray.exe []
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-03 4702208]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-08 894512]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=TOSCDSPD.EXE []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~4.EXE [2009-01-16 460216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
C:\Program Files\Athan\Athan.exe [2008-08-18 1089536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadCamRun]
C:\Program Files\NCH Software\BroadCam\broadCam.exe -logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EyelineRun]
C:\Program Files\NCH Software\Eyeline\eyeline.exe -logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-03-28 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe /VeohHide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlueSoleil.lnk]
C:\PROGRA~1\IVTCOR~1\BLUESO~1\gprs.exe [2007-12-27 43608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^moe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19fb6e7f-f754-11dc-8e27-001eec01daa0}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23a43b02-eba6-11dc-a63c-001eec01daa0}]
shell\AutoRun\command - D:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{295fd680-6169-11de-8cd5-001167bc5c2d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43224409-e0b5-11dd-a7a0-001167bc5c2d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4544f429-208f-11de-a92a-001167bc5c2d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b51ef8e-f9c5-11dc-8887-001eec01daa0}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baf534a1-d930-11dd-950d-001167bc5c2d}]
shell\AutoRun\command - G:\Install\Setup.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

Moe1991 · 17.08.2009, 01:02

1.1.2 RSIT : 2. Teil der Log.txt

======List of files/folders created in the last 3 months======

2009-08-16 02:29:09 ----D---- C:\rsit
2009-08-14 23:44:35 ----D---- C:\Program Files\QS
2009-08-14 23:44:14 ----D---- C:\Users\moe\AppData\Roaming\TeamViewer
2009-08-14 23:33:33 ----D---- C:\Program Files\Trend Micro
2009-08-14 03:48:29 ----D---- C:\CBTDATA
2009-08-14 00:46:20 ----A---- C:\Windows\system32\kerberos.dll
2009-08-14 00:46:19 ----A---- C:\Windows\system32\wdigest.dll
2009-08-14 00:46:19 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-14 00:46:18 ----A---- C:\Windows\system32\schannel.dll
2009-08-14 00:46:17 ----A---- C:\Windows\system32\secur32.dll
2009-08-14 00:46:17 ----A---- C:\Windows\system32\lsass.exe
2009-08-14 00:46:17 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-13 00:52:35 ----A---- C:\Windows\system32\atl.dll
2009-08-13 00:52:31 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-13 00:52:26 ----A---- C:\Windows\system32\mstscax.dll
2009-08-13 00:52:22 ----A---- C:\Windows\system32\avifil32.dll
2009-08-13 00:52:14 ----A---- C:\Windows\system32\wmp.dll
2009-08-13 00:52:12 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-13 00:52:11 ----A---- C:\Windows\system32\spwmp.dll
2009-08-13 00:52:11 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-13 00:52:09 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-13 00:23:14 ----A---- C:\Windows\ntbtlog.txt
2009-08-11 01:13:16 ----A---- C:\Windows\system32\tmp.txt
2009-08-11 01:12:48 ----A---- C:\rapport.txt
2009-08-11 01:10:40 ----A---- C:\Windows\system32\o4Patch.exe
2009-08-11 01:10:40 ----A---- C:\Windows\system32\IEDFix.C.exe
2009-08-11 01:10:40 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe
2009-08-11 01:10:40 ----A---- C:\Windows\system32\404Fix.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\WS2Fix.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\VCCLSID.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\VACFix.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\swxcacls.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\swsc.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\swreg.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\SrchSTS.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\Process.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\IEDFix.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\dumphive.exe
2009-08-10 15:20:42 ----D---- C:\Windows\planTEK
2009-08-10 15:20:40 ----A---- C:\Windows\system32\MSVCRTD.DLL
2009-08-10 15:20:39 ----A---- C:\Windows\system32\MFC42D.DLL
2009-08-10 15:20:36 ----A---- C:\Windows\system32\AcShlExt.dll
2009-08-10 15:14:11 ----D---- C:\Program Files\BHV
2009-08-09 00:15:34 ----D---- C:\Users\moe\AppData\Roaming\Steinberg
2009-08-08 23:50:14 ----A---- C:\Windows\system32\Synsopos.exe
2009-08-08 23:50:11 ----A---- C:\Windows\system32\SynsoLChk.dll
2009-08-08 23:50:11 ----A---- C:\Windows\system32\SYNSOACC.dll
2009-08-08 23:50:10 ----D---- C:\Program Files\Syncrosoft
2009-08-08 22:30:34 ----A---- C:\Windows\system32\msvcsv60.dll
2009-08-07 13:00:06 ----D---- C:\Program Files\Warcraft III
2009-08-07 00:58:23 ----D---- C:\Users\moe\AppData\Roaming\Malwarebytes
2009-08-07 00:58:17 ----D---- C:\ProgramData\Malwarebytes
2009-08-07 00:58:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-06 20:59:41 ----D---- C:\Warcraft III
2009-08-05 23:36:48 ----D---- C:\Users\moe\AppData\Roaming\Opera
2009-08-05 23:36:35 ----D---- C:\Program Files\Opera
2009-08-01 10:56:43 ----A---- C:\Windows\system32\uxtuneup.dll
2009-07-29 14:20:56 ----A---- C:\Windows\system32\mshtml.dll
2009-07-29 14:20:52 ----A---- C:\Windows\system32\ieframe.dll
2009-07-29 14:20:49 ----A---- C:\Windows\system32\wininet.dll
2009-07-29 14:20:49 ----A---- C:\Windows\system32\urlmon.dll
2009-07-29 14:20:49 ----A---- C:\Windows\system32\occache.dll
2009-07-29 14:20:49 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-29 14:20:49 ----A---- C:\Windows\system32\iertutil.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\msfeedssync.exe
2009-07-29 14:20:48 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-29 14:20:48 ----A---- C:\Windows\system32\ieui.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\iesysprep.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\iesetup.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\iernonce.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\iepeers.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-24 14:52:28 ----D---- C:\Users\moe\AppData\Roaming\Mozilla
2009-07-23 22:10:40 ----D---- C:\Program Files\7-Zip
2009-07-20 15:50:23 ----D---- C:\Program Files\Common Files\digidesign
2009-07-20 15:48:42 ----D---- C:\Program Files\Native Instruments
2009-07-20 15:26:19 ----D---- C:\Program Files\IK Multimedia
2009-07-14 23:03:12 ----A---- C:\Windows\system32\t2embed.dll
2009-07-14 23:03:12 ----A---- C:\Windows\system32\lpk.dll
2009-07-14 23:03:12 ----A---- C:\Windows\system32\fontsub.dll
2009-07-14 23:03:12 ----A---- C:\Windows\system32\dciman32.dll
2009-07-14 23:03:12 ----A---- C:\Windows\system32\atmfd.dll
2009-07-11 06:19:53 ----A---- C:\Windows\system32\GEARAspi.dll
2009-07-11 06:19:01 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-11 03:19:47 ----D---- C:\ProgramData\KONAMI
2009-07-11 03:05:27 ----D---- C:\Program Files\KONAMI
2009-07-05 16:36:40 ----D---- C:\Windows\system32\eu-ES
2009-07-05 16:36:40 ----D---- C:\Windows\system32\ca-ES
2009-07-05 16:36:34 ----D---- C:\Windows\system32\vi-VN
2009-07-05 16:09:32 ----D---- C:\Windows\system32\EventProviders
2009-07-05 16:07:46 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-07-05 16:07:37 ----A---- C:\Windows\system32\SLCExt.dll
2009-07-05 16:07:36 ----A---- C:\Windows\system32\SLsvc.exe
2009-07-05 16:07:34 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-07-05 16:07:34 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-07-05 16:07:33 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-07-05 16:07:30 ----A---- C:\Windows\system32\mssrch.dll
2009-07-05 16:07:28 ----A---- C:\Windows\system32\tquery.dll
2009-07-05 16:07:26 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-07-05 16:07:25 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-07-05 16:07:24 ----A---- C:\Windows\system32\scavenge.dll
2009-07-05 16:07:24 ----A---- C:\Windows\system32\RMActivate.exe
2009-07-05 16:07:21 ----A---- C:\Windows\system32\msi.dll
2009-07-05 16:07:20 ----A---- C:\Windows\system32\imapi2fs.dll
2009-07-05 16:07:18 ----A---- C:\Windows\system32\WscEapPr.dll
2009-07-05 16:07:18 ----A---- C:\Windows\system32\secproc_isv.dll
2009-07-05 16:07:17 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-07-05 16:07:17 ----A---- C:\Windows\system32\sysmain.dll
2009-07-05 16:07:15 ----A---- C:\Windows\system32\mf.dll
2009-07-05 16:07:15 ----A---- C:\Windows\system32\icardagt.exe
2009-07-05 16:07:14 ----A---- C:\Windows\system32\EhStorShell.dll
2009-07-05 16:07:14 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-07-05 16:07:13 ----A---- C:\Windows\system32\spreview.exe
2009-07-05 16:07:13 ----A---- C:\Windows\system32\spinstall.exe
2009-07-05 16:07:12 ----A---- C:\Windows\system32\drmv2clt.dll
2009-07-05 16:07:10 ----A---- C:\Windows\system32\spwizui.dll
2009-07-05 16:07:10 ----A---- C:\Windows\system32\shell32.dll
2009-07-05 16:07:10 ----A---- C:\Windows\system32\secproc.dll
2009-07-05 16:07:10 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-07-05 16:07:07 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-07-05 16:07:07 ----A---- C:\Windows\system32\p2psvc.dll
2009-07-05 16:07:06 ----A---- C:\Windows\system32\mssvp.dll
2009-07-05 16:07:06 ----A---- C:\Windows\system32\mssphtb.dll
2009-07-05 16:07:06 ----A---- C:\Windows\system32\mssph.dll
2009-07-05 16:07:06 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-07-05 16:07:06 ----A---- C:\Windows\system32\mscoree.dll
2009-07-05 16:07:05 ----A---- C:\Windows\system32\sdohlp.dll
2009-07-05 16:07:05 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-07-05 16:07:05 ----A---- C:\Windows\system32\imapi2.dll
2009-07-05 16:07:05 ----A---- C:\Windows\system32\esent.dll
2009-07-05 16:07:04 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-07-05 16:07:04 ----A---- C:\Windows\system32\DevicePairing.dll
2009-07-05 16:07:03 ----A---- C:\Windows\system32\wevtsvc.dll
2009-07-05 16:07:03 ----A---- C:\Windows\system32\sperror.dll
2009-07-05 16:07:03 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-07-05 16:07:03 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-07-05 16:07:03 ----A---- C:\Windows\system32\korwbrkr.dll
2009-07-05 16:07:02 ----A---- C:\Windows\system32\SLC.dll
2009-07-05 16:07:02 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-07-05 16:07:02 ----A---- C:\Windows\system32\IasMigReader.exe
2009-07-05 16:07:01 ----A---- C:\Windows\system32\msshsq.dll
2009-07-05 16:06:59 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-07-05 16:06:58 ----A---- C:\Windows\system32\msjet40.dll
2009-07-05 16:06:58 ----A---- C:\Windows\system32\MPSSVC.dll
2009-07-05 16:06:57 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-07-05 16:06:57 ----A---- C:\Windows\system32\msxml6.dll
2009-07-05 16:06:56 ----A---- C:\Windows\system32\Query.dll
2009-07-05 16:06:55 ----A---- C:\Windows\system32\qmgr.dll
2009-07-05 16:06:54 ----A---- C:\Windows\system32\msexch40.dll
2009-07-05 16:06:53 ----A---- C:\Windows\system32\P2PGraph.dll
2009-07-05 16:06:53 ----A---- C:\Windows\system32\diagperf.dll
2009-07-05 16:06:52 ----A---- C:\Windows\system32\ole32.dll
2009-07-05 16:06:52 ----A---- C:\Windows\system32\ntdll.dll
2009-07-05 16:06:51 ----A---- C:\Windows\system32\winload.exe
2009-07-05 16:06:51 ----A---- C:\Windows\system32\srchadmin.dll
2009-07-05 16:06:51 ----A---- C:\Windows\system32\msxml3.dll
2009-07-05 16:06:51 ----A---- C:\Windows\system32\mblctr.exe
2009-07-05 16:06:51 ----A---- C:\Windows\system32\EncDec.dll
2009-07-05 16:06:50 ----A---- C:\Windows\system32\uDWM.dll
2009-07-05 16:06:50 ----A---- C:\Windows\system32\riched20.dll
2009-07-05 16:06:50 ----A---- C:\Windows\system32\mmc.exe
2009-07-05 16:06:50 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-07-05 16:06:50 ----A---- C:\Windows\system32\dfsr.exe
2009-07-05 16:06:49 ----A---- C:\Windows\system32\RacEngn.dll
2009-07-05 16:06:49 ----A---- C:\Windows\system32\fdBth.dll
2009-07-05 16:06:47 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-07-05 16:06:47 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-07-05 16:06:47 ----A---- C:\Windows\system32\milcore.dll
2009-07-05 16:06:47 ----A---- C:\Windows\system32\kernel32.dll
2009-07-05 16:06:46 ----A---- C:\Windows\system32\spoolss.dll
2009-07-05 16:06:46 ----A---- C:\Windows\system32\schedsvc.dll
2009-07-05 16:06:46 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-07-05 16:06:46 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-07-05 16:06:46 ----A---- C:\Windows\system32\CertEnroll.dll
2009-07-05 16:06:45 ----A---- C:\Windows\system32\msvcp60.dll
2009-07-05 16:06:45 ----A---- C:\Windows\system32\msjtes40.dll
2009-07-05 16:06:45 ----A---- C:\Windows\system32\gpedit.dll
2009-07-05 16:06:45 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-07-05 16:06:44 ----A---- C:\Windows\system32\infocardapi.dll
2009-07-05 16:06:42 ----A---- C:\Windows\system32\WinSAT.exe
2009-07-05 16:06:41 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-07-05 16:06:41 ----A---- C:\Windows\system32\es.dll
2009-07-05 16:06:40 ----A---- C:\Windows\system32\mstext40.dll
2009-07-05 16:06:40 ----A---- C:\Windows\system32\Magnify.exe
2009-07-05 16:06:40 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-07-05 16:06:40 ----A---- C:\Windows\system32\advapi32.dll
2009-07-05 16:06:39 ----A---- C:\Windows\system32\WMPhoto.dll
2009-07-05 16:06:39 ----A---- C:\Windows\system32\WebClnt.dll
2009-07-05 16:06:39 ----A---- C:\Windows\system32\slwmi.dll
2009-07-05 16:06:39 ----A---- C:\Windows\system32\msexcl40.dll
2009-07-05 16:06:39 ----A---- C:\Windows\system32\comsvcs.dll
2009-07-05 16:06:38 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-07-05 16:06:38 ----A---- C:\Windows\system32\vssapi.dll
2009-07-05 16:06:38 ----A---- C:\Windows\system32\msxbde40.dll
2009-07-05 16:06:37 ----A---- C:\Windows\system32\authui.dll
2009-07-05 16:06:35 ----A---- C:\Windows\system32\PresentationHost.exe
2009-07-05 16:06:35 ----A---- C:\Windows\system32\NetProjW.dll
2009-07-05 16:06:35 ----A---- C:\Windows\system32\msrepl40.dll
2009-07-05 16:06:34 ----A---- C:\Windows\system32\propsys.dll
2009-07-05 16:06:34 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-05 16:06:34 ----A---- C:\Windows\system32\newdev.dll
2009-07-05 16:06:34 ----A---- C:\Windows\system32\iasrecst.dll
2009-07-05 16:06:34 ----A---- C:\Windows\system32\gpsvc.dll
2009-07-05 16:06:34 ----A---- C:\Windows\system32\eudcedit.exe
2009-07-05 16:06:34 ----A---- C:\Windows\system32\crypt32.dll
2009-07-05 16:06:33 ----A---- C:\Windows\system32\setupapi.dll
2009-07-05 16:06:33 ----A---- C:\Windows\system32\rpcss.dll
2009-07-05 16:06:33 ----A---- C:\Windows\system32\mspbde40.dll
2009-07-05 16:06:33 ----A---- C:\Windows\explorer.exe
2009-07-05 16:06:32 ----A---- C:\Windows\system32\shlwapi.dll
2009-07-05 16:06:32 ----A---- C:\Windows\system32\msltus40.dll
2009-07-05 16:06:32 ----A---- C:\Windows\system32\mfc42.dll
2009-07-05 16:06:32 ----A---- C:\Windows\system32\davclnt.dll
2009-07-05 16:06:32 ----A---- C:\Windows\system32\d3d9.dll
2009-07-05 16:06:31 ----A---- C:\Windows\system32\msrd3x40.dll
2009-07-05 16:06:31 ----A---- C:\Windows\system32\msdtctm.dll
2009-07-05 16:06:31 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-07-05 16:06:31 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-07-05 16:06:30 ----A---- C:\Windows\system32\wevtapi.dll
2009-07-05 16:06:30 ----A---- C:\Windows\system32\photowiz.dll
2009-07-05 16:06:30 ----A---- C:\Windows\system32\nlhtml.dll
2009-07-05 16:06:30 ----A---- C:\Windows\system32\browseui.dll
2009-07-05 16:06:28 ----A---- C:\Windows\system32\user32.dll
2009-07-05 16:06:28 ----A---- C:\Windows\system32\samsrv.dll
2009-07-05 16:06:28 ----A---- C:\Windows\system32\ci.dll
2009-07-05 16:06:27 ----A---- C:\Windows\system32\win32spl.dll
2009-07-05 16:06:27 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-07-05 16:06:27 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-07-05 16:06:27 ----A---- C:\Windows\system32\quartz.dll
2009-07-05 16:06:26 ----A---- C:\Windows\system32\winhttp.dll
2009-07-05 16:06:26 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-07-05 16:06:26 ----A---- C:\Windows\system32\oleaut32.dll
2009-07-05 16:06:26 ----A---- C:\Windows\system32\netshell.dll
2009-07-05 16:06:26 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-07-05 16:06:26 ----A---- C:\Windows\system32\compcln.exe
2009-07-05 16:06:26 ----A---- C:\Windows\system32\apds.dll
2009-07-05 16:06:25 ----A---- C:\Windows\system32\xmlfilter.dll
2009-07-05 16:06:25 ----A---- C:\Windows\system32\mswstr10.dll
2009-07-05 16:06:25 ----A---- C:\Windows\system32\msctf.dll
2009-07-05 16:06:25 ----A---- C:\Windows\system32\emdmgmt.dll
2009-07-05 16:06:25 ----A---- C:\Windows\system32\audiosrv.dll
2009-07-05 16:06:24 ----A---- C:\Windows\system32\VSSVC.exe
2009-07-05 16:06:24 ----A---- C:\Windows\system32\SLUI.exe
2009-07-05 16:06:24 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-07-05 16:06:24 ----A---- C:\Windows\system32\msvcrt.dll
2009-07-05 16:06:24 ----A---- C:\Windows\system32\mfc42u.dll
2009-07-05 16:06:24 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-07-05 16:06:24 ----A---- C:\Windows\system32\gdi32.dll
2009-07-05 16:06:24 ----A---- C:\Windows\system32\eapphost.dll
2009-07-05 16:06:23 ----A---- C:\Windows\system32\winresume.exe
2009-07-05 16:06:23 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-07-05 16:06:23 ----A---- C:\Windows\system32\propdefs.dll
2009-07-05 16:06:23 ----A---- C:\Windows\system32\odbc32.dll
2009-07-05 16:06:23 ----A---- C:\Windows\system32\msrd2x40.dll
2009-07-05 16:06:22 ----A---- C:\Windows\system32\shdocvw.dll
2009-07-05 16:06:20 ----A---- C:\Windows\system32\dbgeng.dll
2009-07-05 16:06:19 ----A---- C:\Windows\system32\wevtutil.exe
2009-07-05 16:06:18 ----A---- C:\Windows\system32\mssitlb.dll

Moe1991 · 17.08.2009, 01:05

1.1.3 RSIT: 3. Teil der Log.txt

2009-07-05 16:06:16 ----A---- C:\Windows\system32\WsmSvc.dll
2009-07-05 16:06:16 ----A---- C:\Windows\system32\usp10.dll
2009-07-05 16:06:16 ----A---- C:\Windows\system32\swprv.dll
2009-07-05 16:06:16 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-07-05 16:06:15 ----A---- C:\Windows\system32\vds.exe
2009-07-05 16:06:15 ----A---- C:\Windows\system32\netlogon.dll
2009-07-05 16:06:15 ----A---- C:\Windows\system32\msscb.dll
2009-07-05 16:06:15 ----A---- C:\Windows\system32\msctfp.dll
2009-07-05 16:06:15 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-07-05 16:06:15 ----A---- C:\Windows\system32\drvinst.exe
2009-07-05 16:06:15 ----A---- C:\Windows\system32\devmgr.dll
2009-07-05 16:06:15 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-07-05 16:06:15 ----A---- C:\Windows\system32\BFE.DLL
2009-07-05 16:06:15 ----A---- C:\Windows\system32\adsldpc.dll
2009-07-05 16:06:14 ----A---- C:\Windows\system32\WSDApi.dll
2009-07-05 16:06:14 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-07-05 16:06:14 ----A---- C:\Windows\system32\Wldap32.dll
2009-07-05 16:06:14 ----A---- C:\Windows\system32\wcnwiz.dll
2009-07-05 16:06:14 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-07-05 16:06:14 ----A---- C:\Windows\system32\evr.dll
2009-07-05 16:06:13 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-07-05 16:06:13 ----A---- C:\Windows\system32\wercon.exe
2009-07-05 16:06:13 ----A---- C:\Windows\system32\services.exe
2009-07-05 16:06:12 ----A---- C:\Windows\system32\wcncsvc.dll
2009-07-05 16:06:12 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-07-05 16:06:12 ----A---- C:\Windows\system32\msdrm.dll
2009-07-05 16:06:12 ----A---- C:\Windows\system32\mimefilt.dll
2009-07-05 16:06:12 ----A---- C:\Windows\system32\comdlg32.dll
2009-07-05 16:06:12 ----A---- C:\Windows\system32\certcli.dll
2009-07-05 16:06:12 ----A---- C:\Windows\system32\adtschema.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\taskeng.exe
2009-07-05 16:06:11 ----A---- C:\Windows\system32\rtffilt.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\reg.exe
2009-07-05 16:06:11 ----A---- C:\Windows\system32\mswdat10.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\msjter40.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\msdtcprx.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\dnsapi.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\certutil.exe
2009-07-05 16:06:10 ----A---- C:\Windows\system32\w32time.dll
2009-07-05 16:06:10 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-07-05 16:06:10 ----A---- C:\Windows\system32\bcrypt.dll
2009-07-05 16:06:09 ----A---- C:\Windows\system32\rsaenh.dll
2009-07-05 16:06:09 ----A---- C:\Windows\system32\msshooks.dll
2009-07-05 16:06:09 ----A---- C:\Windows\system32\msscntrs.dll
2009-07-05 16:06:09 ----A---- C:\Windows\system32\msihnd.dll
2009-07-05 16:06:09 ----A---- C:\Windows\system32\bthserv.dll
2009-07-05 16:06:08 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-07-05 16:06:08 ----A---- C:\Windows\system32\msstrc.dll
2009-07-05 16:06:08 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\netapi32.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\mtxclu.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\mscories.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\inetpp.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\inetcomm.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\hidserv.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\fundisc.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\dfshim.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\cryptsvc.dll
2009-07-05 16:06:06 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-07-05 16:06:06 ----A---- C:\Windows\system32\termsrv.dll
2009-07-05 16:06:06 ----A---- C:\Windows\system32\shsvcs.dll
2009-07-05 16:06:06 ----A---- C:\Windows\system32\profsvc.dll
2009-07-05 16:06:06 ----A---- C:\Windows\system32\msiexec.exe
2009-07-05 16:06:06 ----A---- C:\Windows\system32\imapi.dll
2009-07-05 16:06:06 ----A---- C:\Windows\system32\gameux.dll
2009-07-05 16:06:05 ----A---- C:\Windows\system32\wdc.dll
2009-07-05 16:06:05 ----A---- C:\Windows\system32\rasmans.dll
2009-07-05 16:06:05 ----A---- C:\Windows\system32\iassdo.dll
2009-07-05 16:06:05 ----A---- C:\Windows\system32\chsbrkr.dll
2009-07-05 16:06:04 ----A---- C:\Windows\system32\spoolsv.exe
2009-07-05 16:06:04 ----A---- C:\Windows\system32\pnidui.dll
2009-07-05 16:06:04 ----A---- C:\Windows\system32\icardres.dll
2009-07-05 16:06:04 ----A---- C:\Windows\system32\autofmt.exe
2009-07-05 16:06:03 ----A---- C:\Windows\system32\wersvc.dll
2009-07-05 16:06:03 ----A---- C:\Windows\system32\slmgr.vbs
2009-07-05 16:06:03 ----A---- C:\Windows\system32\scrrun.dll
2009-07-05 16:06:03 ----A---- C:\Windows\system32\PSHED.DLL
2009-07-05 16:06:03 ----A---- C:\Windows\system32\pdh.dll
2009-07-05 16:06:03 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-07-05 16:06:02 ----A---- C:\Windows\system32\wmpmde.dll
2009-07-05 16:06:02 ----A---- C:\Windows\system32\pidgenx.dll
2009-07-05 16:06:02 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-07-05 16:06:02 ----A---- C:\Windows\system32\azroles.dll
2009-07-05 16:06:01 ----A---- C:\Windows\system32\winlogon.exe
2009-07-05 16:06:01 ----A---- C:\Windows\system32\SyncCenter.dll
2009-07-05 16:06:01 ----A---- C:\Windows\system32\SLUINotify.dll
2009-07-05 16:06:01 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-07-05 16:06:01 ----A---- C:\Windows\system32\comuid.dll
2009-07-05 16:06:01 ----A---- C:\Windows\system32\certmgr.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\wisptis.exe
2009-07-05 16:06:00 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\untfs.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\spp.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\sethc.exe
2009-07-05 16:06:00 ----A---- C:\Windows\system32\scrobj.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\rtutils.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\ncrypt.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\kd1394.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\iassam.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\dwm.exe
2009-07-05 16:05:59 ----A---- C:\Windows\system32\taskcomp.dll
2009-07-05 16:05:59 ----A---- C:\Windows\system32\autochk.exe
2009-07-05 16:05:58 ----A---- C:\Windows\system32\printui.dll
2009-07-05 16:05:58 ----A---- C:\Windows\system32\iasnap.dll
2009-07-05 16:05:57 ----A---- C:\Windows\system32\winsrv.dll
2009-07-05 16:05:57 ----A---- C:\Windows\system32\onex.dll
2009-07-05 16:05:57 ----A---- C:\Windows\system32\kdcom.dll
2009-07-05 16:05:57 ----A---- C:\Windows\system32\cscript.exe
2009-07-05 16:05:57 ----A---- C:\Windows\system32\basecsp.dll
2009-07-05 16:05:57 ----A---- C:\Windows\system32\autoconv.exe
2009-07-05 16:05:56 ----A---- C:\Windows\system32\wow32.dll
2009-07-05 16:05:56 ----A---- C:\Windows\system32\userenv.dll
2009-07-05 16:05:56 ----A---- C:\Windows\system32\spcmsg.dll
2009-07-05 16:05:56 ----A---- C:\Windows\system32\RelMon.dll
2009-07-05 16:05:56 ----A---- C:\Windows\system32\osk.exe
2009-07-05 16:05:56 ----A---- C:\Windows\system32\mswsock.dll
2009-07-05 16:05:56 ----A---- C:\Windows\system32\kdusb.dll
2009-07-05 16:05:56 ----A---- C:\Windows\system32\audiodg.exe
2009-07-05 16:05:55 ----A---- C:\Windows\system32\WinSCard.dll
2009-07-05 16:05:55 ----A---- C:\Windows\system32\winmm.dll
2009-07-05 16:05:55 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-07-05 16:05:55 ----A---- C:\Windows\system32\rdpencom.dll
2009-07-05 16:05:55 ----A---- C:\Windows\system32\offfilt.dll
2009-07-05 16:05:55 ----A---- C:\Windows\system32\msftedit.dll
2009-07-05 16:05:55 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\wsepno.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\wscript.exe
2009-07-05 16:05:54 ----A---- C:\Windows\system32\wiaservc.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\WerFault.exe
2009-07-05 16:05:54 ----A---- C:\Windows\system32\Utilman.exe
2009-07-05 16:05:54 ----A---- C:\Windows\system32\sysclass.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\stobject.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\SndVol.exe
2009-07-05 16:05:54 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\prnntfy.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\odbccp32.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\msnetobj.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\mscms.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\mfplat.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\mcmde.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\iasdatastore.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\diskraid.exe
2009-07-05 16:05:54 ----A---- C:\Windows\system32\apphelp.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\adsmsext.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\wscntfy.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\wlansvc.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\ulib.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\rastapi.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\pnpsetup.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-07-05 16:05:53 ----A---- C:\Windows\system32\fdProxy.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\dsound.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\cryptui.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\brcpl.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\wscsvc.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-07-05 16:05:52 ----A---- C:\Windows\system32\wlangpui.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\vdsdyn.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\regsvc.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\rastls.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\rasapi32.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\ntprint.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\netiohlp.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\logman.exe
2009-07-05 16:05:52 ----A---- C:\Windows\system32\iashlpr.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\gpapi.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\diskpart.exe
2009-07-05 16:05:51 ----A---- C:\Windows\system32\zipfldr.dll
2009-07-05 16:05:51 ----A---- C:\Windows\system32\wusa.exe
2009-07-05 16:05:51 ----A---- C:\Windows\system32\wshext.dll
2009-07-05 16:05:51 ----A---- C:\Windows\system32\wpccpl.dll
2009-07-05 16:05:51 ----A---- C:\Windows\system32\mscorier.dll
2009-07-05 16:05:51 ----A---- C:\Windows\system32\iasrad.dll
2009-07-05 16:05:51 ----A---- C:\Windows\system32\findstr.exe
2009-07-05 16:05:50 ----A---- C:\Windows\system32\wsnmp32.dll
2009-07-05 16:05:50 ----A---- C:\Windows\system32\wer.dll
2009-07-05 16:05:50 ----A---- C:\Windows\system32\themecpl.dll
2009-07-05 16:05:50 ----A---- C:\Windows\system32\rasdlg.dll
2009-07-05 16:05:50 ----A---- C:\Windows\system32\netcenter.dll
2009-07-05 16:05:50 ----A---- C:\Windows\system32\iassvcs.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\uxsms.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\tsbyuv.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\srvsvc.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\slcc.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\scansetting.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\powrprof.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\powercpl.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\ntmarta.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\networkmap.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\msutb.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\mstsc.exe
2009-07-05 16:05:49 ----A---- C:\Windows\system32\mstlsapi.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\mssprxy.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\iasads.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\iasacct.dll
2009-07-05 16:05:48 ----A---- C:\Windows\system32\wlanhlp.dll
2009-07-05 16:05:48 ----A---- C:\Windows\system32\themeui.dll
2009-07-05 16:05:48 ----A---- C:\Windows\system32\systemcpl.dll
2009-07-05 16:05:48 ----A---- C:\Windows\system32\sud.dll
2009-07-05 16:05:48 ----A---- C:\Windows\system32\pcaui.dll
2009-07-05 16:05:48 ----A---- C:\Windows\system32\newdev.exe
2009-07-05 16:05:48 ----A---- C:\Windows\system32\dot3svc.dll
2009-07-05 16:05:48 ----A---- C:\Windows\system32\connect.dll
2009-07-05 16:05:48 ----A---- C:\Windows\system32\authz.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\wlanpref.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\usercpl.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\samlib.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\rpchttp.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\regapi.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\qdvd.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\mmci.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\autoplay.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\wscisvif.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\wpcao.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\vdsutil.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\tapisrv.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\sdclt.exe
2009-07-05 16:05:46 ----A---- C:\Windows\system32\scksp.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\scesrv.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\rekeywiz.exe
2009-07-05 16:05:46 ----A---- C:\Windows\system32\qedit.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\psisdecd.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\pnpui.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\perfdisk.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\oleprn.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\ncryptui.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\msinfo32.exe
2009-07-05 16:05:46 ----A---- C:\Windows\system32\mpr.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\imm32.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\iaspolcy.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\feclient.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\Faultrep.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\dpapimig.exe
2009-07-05 16:05:46 ----A---- C:\Windows\system32\dot3msm.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\DeviceEject.exe
2009-07-05 16:05:46 ----A---- C:\Windows\system32\certreq.exe
2009-07-05 16:05:46 ----A---- C:\Windows\system32\AudioSes.dll
2009-07-05 16:05:45 ----A---- C:\Windows\system32\scecli.dll
2009-07-05 16:05:45 ----A---- C:\Windows\system32\rasgcw.dll
2009-07-05 16:05:45 ----A---- C:\Windows\system32\hdwwiz.exe
2009-07-05 16:05:45 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-07-05 16:05:44 ----A---- C:\Windows\system32\whealogr.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\TSTheme.exe
2009-07-05 16:05:44 ----A---- C:\Windows\system32\tcpmon.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\srcore.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\spwinsat.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\SnippingTool.exe
2009-07-05 16:05:44 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\SCardSvr.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\rasplap.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\raschap.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-07-05 16:05:44 ----A---- C:\Windows\system32\fontext.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\fdWSD.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\conime.exe
2009-07-05 16:05:44 ----A---- C:\Windows\system32\cmmon32.exe
2009-07-05 16:05:44 ----A---- C:\Windows\system32\cmdial32.dll
2009-07-05 16:05:43 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-07-05 16:05:43 ----A---- C:\Windows\system32\wlanui.dll
2009-07-05 16:05:43 ----A---- C:\Windows\system32\wiaaut.dll
2009-07-05 16:05:43 ----A---- C:\Windows\system32\rasppp.dll
2009-07-05 16:05:43 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\wlanmsm.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\shwebsvc.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\shsetup.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\rasmontr.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\PnPutil.exe
2009-07-05 16:05:42 ----A---- C:\Windows\system32\oobefldr.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\mscandui.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\modemui.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\dsprop.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\dimsroam.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\dataclen.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\chtbrkr.dll
2009-07-05 16:05:41 ----A---- C:\Windows\system32\WSDMon.dll
2009-07-05 16:05:41 ----A---- C:\Windows\system32\wmpeffects.dll
2009-07-05 16:05:41 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-07-05 16:05:41 ----A---- C:\Windows\system32\smss.exe
2009-07-05 16:05:41 ----A---- C:\Windows\system32\rdpwsx.dll
2009-07-05 16:05:41 ----A---- C:\Windows\system32\netplwiz.dll
2009-07-05 16:05:41 ----A---- C:\Windows\system32\credui.dll
2009-07-05 16:05:41 ----A---- C:\Windows\system32\certprop.dll
2009-07-05 16:05:41 ----A---- C:\Windows\system32\blackbox.dll
2009-07-05 16:05:40 ----A---- C:\Windows\system32\wpcsvc.dll
2009-07-05 16:05:40 ----A---- C:\Windows\system32\networkexplorer.dll
2009-07-05 16:05:40 ----A---- C:\Windows\system32\msscp.dll
2009-07-05 16:05:40 ----A---- C:\Windows\system32\logagent.exe
2009-07-05 16:05:40 ----A---- C:\Windows\system32\InkEd.dll
2009-07-05 16:05:40 ----A---- C:\Windows\system32\ifmon.dll
2009-07-05 16:05:40 ----A---- C:\Windows\system32\gpresult.exe
2009-07-05 16:05:40 ----A---- C:\Windows\system32\cipher.exe
2009-07-05 16:05:39 ----A---- C:\Windows\system32\wscapi.dll
2009-07-05 16:05:39 ----A---- C:\Windows\system32\thawbrkr.dll
2009-07-05 16:05:39 ----A---- C:\Windows\system32\softkbd.dll
2009-07-05 16:05:39 ----A---- C:\Windows\system32\sendmail.dll
2009-07-05 16:05:39 ----A---- C:\Windows\system32\msimtf.dll
2009-07-05 16:05:39 ----A---- C:\Windows\system32\msctfui.dll
2009-07-05 16:05:39 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\wshbth.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\version.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\SLLUA.exe
2009-07-05 16:05:38 ----A---- C:\Windows\system32\puiapi.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\olepro32.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\msjint40.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\msisip.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\mprapi.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\input.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\fdSSDP.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\fc.exe
2009-07-05 16:05:38 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\dmusic.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\dmsynth.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\cscapi.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\cdd.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\wsdchngr.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\Storprop.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\rrinstaller.exe
2009-07-05 16:05:37 ----A---- C:\Windows\system32\rasdial.exe
2009-07-05 16:05:37 ----A---- C:\Windows\system32\rasdiag.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\l2nacp.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\ftp.exe
2009-07-05 16:05:37 ----A---- C:\Windows\system32\fdWCN.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\eapp3hst.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\dot3cfg.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\cscdll.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\bthudtask.exe
2009-07-05 16:05:37 ----A---- C:\Windows\system32\bthci.dll
2009-07-05 16:05:36 ----A---- C:\Windows\system32\tscupgrd.exe
2009-07-05 16:05:36 ----A---- C:\Windows\system32\slcinst.dll
2009-07-05 16:05:36 ----A---- C:\Windows\system32\nslookup.exe
2009-07-05 16:05:36 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-07-05 16:05:36 ----A---- C:\Windows\system32\mfps.dll
2009-07-05 16:05:36 ----A---- C:\Windows\system32\ipconfig.exe
2009-07-05 16:05:36 ----A---- C:\Windows\system32\eappcfg.dll
2009-07-05 16:05:36 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-07-05 16:05:36 ----A---- C:\Windows\system32\aaclient.dll
2009-07-05 16:05:35 ----A---- C:\Windows\system32\tsgqec.dll
2009-07-05 16:05:35 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-07-05 16:05:35 ----A---- C:\Windows\system32\ocsetup.exe
2009-07-05 16:05:35 ----A---- C:\Windows\system32\mmcico.dll
2009-07-05 16:05:35 ----A---- C:\Windows\system32\mfpmp.exe
2009-07-05 16:05:35 ----A---- C:\Windows\system32\hbaapi.dll
2009-07-05 16:05:35 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-07-05 16:05:35 ----A---- C:\Windows\system32\fdeploy.dll
2009-07-05 16:05:35 ----A---- C:\Windows\system32\eappgnui.dll
2009-07-05 16:05:34 ----A---- C:\Windows\system32\NcdProp.dll
2009-07-05 16:05:34 ----A---- C:\Windows\system32\iscsilog.dll
2009-07-05 16:05:34 ----A---- C:\Windows\system32\gpupdate.exe
2009-07-05 16:05:34 ----A---- C:\Windows\system32\csrstub.exe
2009-07-05 16:05:34 ----A---- C:\Windows\system32\cbsra.exe
2009-07-05 16:05:34 ----A---- C:\Windows\system32\bitsigd.dll
2009-07-05 16:05:34 ----A---- C:\Windows\system32\atmlib.dll
2009-07-05 16:05:32 ----A---- C:\Windows\system32\vdmdbg.dll
2009-07-05 16:05:32 ----A---- C:\Windows\system32\odbcconf.dll
2009-07-05 16:05:30 ----A---- C:\Windows\system32\winrnr.dll
2009-07-05 16:05:30 ----A---- C:\Windows\system32\slwga.dll
2009-07-05 16:05:30 ----A---- C:\Windows\system32\inetppui.dll
2009-07-05 16:05:29 ----A---- C:\Windows\system32\midimap.dll
2009-07-05 16:05:26 ----A---- C:\Windows\system32\msimsg.dll
2009-07-05 16:05:26 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-07-05 16:05:25 ----A---- C:\Windows\system32\mferror.dll
2009-07-05 16:04:57 ----A---- C:\Windows\system32\SmiEngine.dll
2009-07-05 16:04:49 ----A---- C:\Windows\system32\wdscore.dll
2009-07-05 16:04:49 ----A---- C:\Windows\system32\PkgMgr.exe
2009-07-05 16:04:31 ----A---- C:\Windows\system32\drvstore.dll
2009-07-01 12:21:27 ----A---- C:\Windows\system32\TuneUpDefragService.exe
2009-06-24 16:17:27 ----D---- C:\Counter-Strike Source
2009-06-18 14:24:08 ----D---- C:\Users\moe\AppData\Roaming\AD ON Multimedia
2009-06-18 00:25:32 ----D---- C:\Program Files\EA Sports
2009-06-16 00:49:31 ----D---- C:\Users\moe\AppData\Roaming\GetRightToGo

Moe1991 · 17.08.2009, 01:06

1.1.4 RSIT: 4. Teil der Log.txt

2009-06-14 21:31:15 ----D---- C:\Users\moe\AppData\Roaming\Atari
2009-06-14 03:44:52 ----D---- C:\Program Files\Counter-Strike Source
2009-06-13 00:06:24 ----A---- C:\Windows\entpack.ini
2009-06-12 18:58:58 ----A---- C:\Windows\UniFish3.exe
2009-06-11 00:22:54 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-10 22:57:35 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-10 22:57:30 ----A---- C:\Windows\system32\localspl.dll
2009-06-09 01:34:38 ----D---- C:\Program Files\Xvid
2009-06-09 01:34:38 ----A---- C:\Windows\system32\xvidvfw.dll
2009-06-09 01:34:38 ----A---- C:\Windows\system32\xvidcore.dll
2009-05-27 21:14:10 ----D---- C:\Program Files\Funkyplot
2009-05-19 20:59:37 ----D---- C:\LMD2009

======List of files/folders modified in the last 3 months======

2009-08-16 02:29:11 ----D---- C:\Windows\Prefetch
2009-08-16 02:29:02 ----D---- C:\Windows\Temp
2009-08-16 02:04:21 ----D---- C:\Windows\System32
2009-08-16 02:04:21 ----D---- C:\Windows\inf
2009-08-16 02:04:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-16 00:37:46 ----RD---- C:\Users
2009-08-15 15:19:56 ----D---- C:\Windows
2009-08-15 03:20:37 ----D---- C:\Windows\system32\config
2009-08-15 03:20:32 ----D---- C:\Windows\Tasks
2009-08-15 03:20:32 ----D---- C:\Windows\system32\Tasks
2009-08-15 03:20:32 ----D---- C:\Windows\system32\spool
2009-08-15 03:20:32 ----D---- C:\Windows\system32\Msdtc
2009-08-15 03:20:32 ----D---- C:\Windows\system32\catroot2
2009-08-15 03:20:32 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-08-15 03:20:31 ----D---- C:\Windows\system32\wbem
2009-08-15 03:20:31 ----D---- C:\Windows\registration
2009-08-15 02:36:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-15 01:20:16 ----SHD---- C:\System Volume Information
2009-08-14 23:44:35 ----RD---- C:\Program Files
2009-08-14 13:16:20 ----SHD---- C:\Windows\Installer
2009-08-14 03:58:47 ----D---- C:\Windows\system32\drivers
2009-08-14 03:01:04 ----D---- C:\Windows\winsxs
2009-08-14 00:44:42 ----D---- C:\Windows\system32\catroot
2009-08-13 13:44:16 ----D---- C:\Program Files\Mozilla Firefox
2009-08-13 13:30:26 ----D---- C:\Program Files\Common Files\Apple
2009-08-13 03:04:50 ----D---- C:\Program Files\Windows Media Player
2009-08-12 19:00:41 ----HD---- C:\ProgramData
2009-08-12 18:57:28 ----HD---- C:\Windows\system32\GroupPolicyUsers
2009-08-12 17:50:21 ----SHD---- C:\$Recycle.Bin
2009-08-12 17:44:01 ----D---- C:\ProgramData\McAfee
2009-08-12 17:44:01 ----D---- C:\Program Files\Common Files
2009-08-09 21:56:23 ----D---- C:\Windows\Microsoft.NET
2009-08-09 21:55:33 ----RSD---- C:\Windows\assembly
2009-08-09 20:30:54 ----D---- C:\Windows\ehome
2009-08-09 20:30:26 ----D---- C:\Program Files\Internet Explorer
2009-08-09 19:59:27 ----D---- C:\Windows\system32\CodeIntegrity
2009-08-08 23:49:12 ----D---- C:\Program Files\Steinberg
2009-08-07 13:03:30 ----A---- C:\Windows\War3Unin.exe
2009-08-07 03:05:16 ----D---- C:\Users\moe\AppData\Roaming\Hamachi
2009-07-31 20:10:48 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-31 19:54:08 ----D---- C:\Program Files\DVDVideoSoft
2009-07-31 19:54:07 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-07-31 19:53:51 ----D---- C:\Users\moe\AppData\Roaming\NCH Swift Sound
2009-07-31 19:52:11 ----D---- C:\Program Files\Image-Line
2009-07-31 19:42:50 ----D---- C:\Windows\twain_32
2009-07-31 19:40:23 ----D---- C:\Program Files\DivX
2009-07-31 19:32:59 ----D---- C:\Program Files\NCH Software
2009-07-31 19:32:57 ----D---- C:\Users\moe\AppData\Roaming\NCH Software
2009-07-31 14:25:25 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-31 00:32:22 ----D---- C:\Windows\system32\migration
2009-07-31 00:32:22 ----D---- C:\Windows\system32\de-DE
2009-07-30 21:44:16 ----D---- C:\Windows\system32\LogFiles
2009-07-30 21:03:11 ----HD---- C:\Windows\system32\GroupPolicy
2009-07-30 02:49:14 ----A---- C:\Windows\system32\mrt.exe
2009-07-24 14:44:02 ----SD---- C:\Windows\Downloaded Program Files
2009-07-23 20:19:47 ----RSD---- C:\Windows\Fonts
2009-07-20 15:50:23 ----D---- C:\Program Files\VstPlugins
2009-07-16 22:24:44 ----D---- C:\Windows\Minidump
2009-07-14 11:53:04 ----D---- C:\Users\moe\AppData\Roaming\Toshiba
2009-07-11 06:19:53 ----DC---- C:\Windows\system32\DRVSTORE
2009-07-09 19:09:38 ----D---- C:\Windows\rescache
2009-07-05 16:48:02 ----SHD---- C:\Boot
2009-07-05 16:39:26 ----D---- C:\Program Files\Windows Mail
2009-07-05 16:39:26 ----D---- C:\Program Files\Windows Calendar
2009-07-05 16:39:25 ----D---- C:\Program Files\Movie Maker
2009-07-05 16:39:23 ----D---- C:\Program Files\Windows Sidebar
2009-07-05 16:39:22 ----D---- C:\Program Files\Windows Collaboration
2009-07-05 16:39:21 ----D---- C:\Program Files\Windows Journal
2009-07-05 16:39:19 ----D---- C:\Program Files\Windows Photo Gallery
2009-07-05 16:39:19 ----D---- C:\Program Files\Common Files\System
2009-07-05 16:39:13 ----D---- C:\Windows\servicing
2009-07-05 16:39:13 ----D---- C:\Program Files\Windows Defender
2009-07-05 16:38:45 ----D---- C:\Windows\IME
2009-07-05 16:38:44 ----D---- C:\Windows\system32\XPSViewer
2009-07-05 16:38:44 ----D---- C:\Windows\system32\sk-SK
2009-07-05 16:38:44 ----D---- C:\Windows\system32\lv-LV
2009-07-05 16:38:44 ----D---- C:\Windows\system32\ko-KR
2009-07-05 16:38:44 ----D---- C:\Windows\system32\hr-HR
2009-07-05 16:38:44 ----D---- C:\Windows\system32\et-EE
2009-07-05 16:38:44 ----D---- C:\Windows\system32\en-US
2009-07-05 16:38:44 ----D---- C:\Windows\system32\da-DK
2009-07-05 16:38:37 ----D---- C:\Windows\system32\oobe
2009-07-05 16:38:37 ----D---- C:\Windows\system32\it-IT
2009-07-05 16:38:37 ----D---- C:\Windows\system32\el-GR
2009-07-05 16:38:29 ----D---- C:\Windows\system32\sv-SE
2009-07-05 16:38:29 ----D---- C:\Windows\system32\setup
2009-07-05 16:38:29 ----D---- C:\Windows\system32\ru-RU
2009-07-05 16:38:29 ----D---- C:\Windows\system32\he-IL
2009-07-05 16:38:29 ----D---- C:\Windows\system32\fr-FR
2009-07-05 16:38:29 ----D---- C:\Windows\system32\fi-FI
2009-07-05 16:38:29 ----D---- C:\Windows\system32\AdvancedInstallers
2009-07-05 16:38:28 ----D---- C:\Windows\system32\SLUI
2009-07-05 16:38:28 ----D---- C:\Windows\system32\pt-PT
2009-07-05 16:38:28 ----D---- C:\Windows\system32\hu-HU
2009-07-05 16:38:28 ----D---- C:\Windows\system32\cs-CZ
2009-07-05 16:38:26 ----D---- C:\Windows\system32\zh-CN
2009-07-05 16:38:25 ----D---- C:\Windows\system32\sr-Latn-CS
2009-07-05 16:38:25 ----D---- C:\Windows\system32\sl-SI
2009-07-05 16:38:25 ----D---- C:\Windows\system32\manifeststore
2009-07-05 16:38:25 ----D---- C:\Windows\system32\es-ES
2009-07-05 16:38:24 ----D---- C:\Windows\system32\zh-TW
2009-07-05 16:38:24 ----D---- C:\Windows\system32\uk-UA
2009-07-05 16:38:24 ----D---- C:\Windows\system32\ro-RO
2009-07-05 16:38:24 ----D---- C:\Windows\system32\pl-PL
2009-07-05 16:38:24 ----D---- C:\Windows\system32\ja-JP
2009-07-05 16:38:24 ----D---- C:\Windows\system32\bg-BG
2009-07-05 16:38:22 ----D---- C:\Windows\system32\th-TH
2009-07-05 16:38:21 ----D---- C:\Windows\system32\tr-TR
2009-07-05 16:38:17 ----D---- C:\Windows\system32\nb-NO
2009-07-05 16:38:16 ----D---- C:\Windows\system32\nl-NL
2009-07-05 16:38:16 ----D---- C:\Windows\system32\lt-LT
2009-07-05 16:38:16 ----D---- C:\Windows\system32\ar-SA
2009-07-05 16:38:15 ----D---- C:\Windows\system32\pt-BR
2009-07-05 16:38:15 ----D---- C:\Windows\system32\migwiz
2009-07-05 16:36:50 ----D---- C:\Windows\AppPatch
2009-07-05 16:36:34 ----D---- C:\Windows\system32\Boot
2009-07-05 16:33:25 ----D---- C:\Windows\system32\RTCOM
2009-07-03 22:55:58 ----D---- C:\Program Files\Messenger Plus! Live
2009-07-01 11:29:12 ----D---- C:\ProgramData\Symantec
2009-07-01 11:26:59 ----D---- C:\Windows\Downloaded Installations
2009-06-12 18:52:40 ----D---- C:\Program Files\Google
2009-06-12 11:05:57 ----D---- C:\ProgramData\Google
2009-06-12 10:58:39 ----D---- C:\ProgramData\NCH Software
2009-06-08 15:41:27 ----D---- C:\Windows\Help
2009-06-08 15:41:23 ----HD---- C:\Program Files\Uninstall Information
2009-05-27 22:53:19 ----ASH---- C:\Program Files\desktop.ini
2009-05-27 00:46:41 ----D---- C:\Windows\SoftwareDistribution

Moe1991 · 17.08.2009, 01:08

1.1.5 RSIT: 5. Teil der Log.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsvsd;cdrbsvsd; C:\Windows\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080603.001\IDSvix86.sys [2008-02-14 261680]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-07-29 919552]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-21 2600960]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-05 1953944]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-01-09 12984]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-05-31 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-01-09 145976]
R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-01-09 40120]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-06-08 187448]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-16 11776]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 61883;61883-Einheitsgerät; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696]
S3 AF15BDA;Cinergy T USB XE (MKII) service; C:\Windows\system32\drivers\AF15BDA.sys [2006-11-20 283776]
S3 ajqvg5ve;ajqvg5ve; C:\Windows\system32\drivers\ajqvg5ve.sys []
S3 Avc;AVC-Gerät; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448]
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 38920]
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 FWLANUSB;AVM FRITZ!WLAN; C:\Windows\system32\DRIVERS\fwlanusb.sys [2006-04-06 264704]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-12-14 25280]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 pohci13F;pohci13F; \??\C:\Users\moe\AppData\Local\Temp\pohci13F.sys []
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 sembbus;SEMC WMC Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sembbus.sys [2008-02-06 260992]
S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM); C:\Windows\system32\DRIVERS\sembcard.sys [2008-02-06 337408]
S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter; C:\Windows\system32\DRIVERS\sembmdfl2.sys [2008-02-06 14976]
S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver; C:\Windows\system32\DRIVERS\sembmdm2.sys [2008-02-06 380672]
S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\sembmgmt.sys [2008-02-06 343680]
S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS); C:\Windows\system32\DRIVERS\sembnd5.sys [2008-02-06 24960]
S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM); C:\Windows\system32\DRIVERS\sembunic.sys [2008-02-06 344064]
S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM); C:\Windows\system32\DRIVERS\sembwwan.sys [2008-02-06 337408]
S3 SEMCReserved;SEMC Reserved Interface; C:\Windows\system32\DRIVERS\semcreserved.sys [2008-02-15 17408]
S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader; C:\Windows\system32\DRIVERS\sesc.sys [2007-08-14 12672]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys []
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-30 27416]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-06-21 606208]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 LexBceS;LexBce Server; C:\Windows\System32\LEXBCES.EXE [2004-01-14 311296]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 NMSAccessU;NMSAccessU; C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 65536]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-04-26 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2008-04-26 107832]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 Start BT in service;Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-06-28 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-03-30 604416]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton Internet Security\isPwdSvc.exe []
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-26 1251720]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-07-01 360704]
S4 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2007-12-27 166520]
S4 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S4 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
S4 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
S4 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]

-----------------EOF-----------------

Moe1991 · 17.08.2009, 01:16

1.2 RSIT : 1.Teil der Info.txt

info.txt logfile of random's system information tool 1.06 2009-08-16 02:29:14

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x7
3D Wunschhaus Architekt Wohnungs-Edition-->E:\\Uninstall.exe
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
ACDSee for PENTAX 3.0-->MsiExec.exe /X{C40FDA46-40CD-46EE-A79D-EA4AE56EA008}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.4 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Athan Basic 3.3-->C:\Windows\iun6002.exe "C:\Program Files\Athan\irunin.ini"
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x7 -removeonly
Audiosurf-->MsiExec.exe /I{6D316D67-DA52-4659-9C98-F479963534D6}
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Bluesoleil2.7.0.13 VoIP Release 071227-->MsiExec.exe /X{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0007
Catalyst Control Center - Branding-->MsiExec.exe /I{22543949-70E8-45D0-A938-F38143EB8BF8}
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0007 -removeonly
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Counter Strike 1.6 Reloaded-->C:\Windows\Counter Strike 1.6 Reloaded Uninstaller.exe
Counter-Strike: Source v17-->C:\Program Files\Counter-Strike Source\Uninstal.exe
Desktop SMS-->MsiExec.exe /I{5980B928-1C95-4B3E-957B-B02D8147FF9E}
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x7
EAX Unified-->C:\Windows\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
Emdedded IR Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{A6D4234C-CB02-4048-AC3E-AD09404FA35A}
FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)-->C:\Program Files\MAGIX\Common\Database\uninstall.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
FL Studio v7.0-->"C:\Program Files\Image-Line\FL Studio 7\unins000.exe"
Free 3GP Video Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free 3GP Video Converter\unins000.exe"
Free Video to iPhone Converter version 2.1-->"C:\Program Files\DVDVideoSoft\Free Video to iPhone Converter\unins000.exe"
Free Video to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
FreeMind-->"C:\Program Files\FreeMind\unins000.exe"
Funkyplot 1.1.0-pre1-->"C:\Program Files\Funkyplot\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Development Kit 6 Update 11-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160110}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
MAGIX Digital Foto Maker SE 4.1.0.835 (D)-->C:\Program Files\MAGIX\DigitalFotoMaker2007_SE\instslct.exe
MAGIX Foto Suite 1.12.0.89 (D)-->C:\Program Files\MAGIX\Foto_Suite\instslct.exe
MAGIX Online Druck Service 2.3.2.0 (D)-->C:\Program Files\MAGIX\Online_Druck_Service\instslct.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Miroslav Philharmonik CE-->C:\Program Files\InstallShield Installation Information\{8ED43CF1-5E56-4D0C-AEB1-A9F9C164B9BC}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Miroslav Philharmonik-->C:\Program Files\InstallShield Installation Information\{BA0D0121-A3BA-487D-9C78-7AB0E676C722}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
myphotobook 3.1-->C:\Program Files\myphotobook\uninst.exe
Native Instruments Pro-53-->C:\PROGRA~1\NATIVE~1\Pro-53\UNWISE.EXE C:\PROGRA~1\NATIVE~1\Pro-53\INSTALL.LOG
Native Instruments Service Center-->C:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG
Nero 7 Demo-->MsiExec.exe /I{C7E1449D-7638-6832-426D-589655951031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netlog 24-->C:\Windows\system32\Netlog24Uninstaller.exe
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Numedia CD-DVD writing as non-admin user-->MsiExec.exe /X{94056AE8-EF0F-45E4-A1B4-D754115F8A28}
OpenOffice.org 2.4-->MsiExec.exe /I{1B14B0C3-2D60-477C-A1FE-B88E60948854}
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rob Papen Albino 3-->C:\Program Files\VstPlugins\UninstalAlbino3.exe
Roll-->C:\Windows\UniFish3.exe E:\Programme\RollerCoaster Tycoon.log
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Sony Ericsson MD300 Wireless Modem-->MsiExec.exe /I{EF4E0DA6-02E0-47BF-9BB6-DC0E83CC6F4C}
Sony Ericsson Wireless Manager 5-->MsiExec.exe /I{37964A88-DAA1-488B-AE88-A5B6DDC6E9A6}
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steinberg Hypersonic 2-->E:\Programme\Hypersonic\unins000.exe
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
Syncrosofts Lizenz Kontrolle-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Technobox CAD6-->C:\Windows\IsUn0407.exe -f"C:\Program Files\Technobox CAD6\CAD6.isu"
TerraTec Home Cinema-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\setup.exe" -l0x7
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0407
Tom Clancy's Rainbow Six Vegas 2-->"C:\Program Files\InstallShield Installation Information\{FD416706-875C-4B0B-A23A-9E740DAE029E}\setup.exe" -runfromtemp -l0x0007 -removeonly
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA Benutzerhandbücher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56995235-B76E-44A6-BA17-8FF13D3F907A}\setup.exe" -l0x7 -removeonly
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0007 uninstall
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0007 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0407
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1031
Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Supervisorkennwort-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1031
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0407
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Family Safety-->MsiExec.exe /X{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}
Windows Live Fotogalerie-->MsiExec.exe /X{119B7481-0216-40D2-A5CC-C3E1F461ECC1}
Windows Live Mail-->MsiExec.exe /I{5A166C0B-9557-4364-A057-F946D674E6AC}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sync-->MsiExec.exe /X{ED636101-1959-4360-8BF7-209436E7DEE4}
Windows Live Toolbar-->MsiExec.exe /X{70B7A167-0B88-445D-A3EA-97C73AA88CAC}
Windows Live Writer-->MsiExec.exe /X{81821BF8-DA20-4F8C-AA87-F70A274828D4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

=====HijackThis Backups=====

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2009-08-15]
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing) [2009-08-15]
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) [2009-08-15]
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - (no file) [2009-08-15]
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing) [2009-08-15]
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-08-15]
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing) [2009-08-15]
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) [2009-08-15]
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - (no file) [2009-08-15]

======Security center information======

AV: Norton Internet Security (disabled) (outdated)
FW: Norton Internet Security (disabled)
AS: Windows-Defender
AS: Norton Internet Security (outdated)

Moe1991 · 17.08.2009, 01:17

1.2.2 RSIT : 2. Teil der Info.txt

=====Application event log=====

Computer Name: moe-PC
Event Code: 101
Message:
Record Number: 11909
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20080601214746.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: moe-PC
Event Code: 101
Message:
Record Number: 11908
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20080601214746.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: moe-PC
Event Code: 902
Message: Der Softwarelizenzierungsdienst wurde gestartet.

Record Number: 11907
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20080601214714.000000-000
Event Type: Informationen
User:

Computer Name: moe-PC
Event Code: 1005
Message: Ergebnis der Inanspruchnahme von Windows-Rechten: hr=0x0

Record Number: 11906
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20080601214712.000000-000
Event Type: Informationen
User:

Computer Name: moe-PC
Event Code: 1003
Message: Softwarelizenzierungsdienst hat die Überprüfung des Lizenzierungsstatus abgeschlossen.
Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f
Lizenzierungsstatus=
{1,[9e042223-03bf-49ae-808f-ff37f128d40d, 8, 0xC004F014,0x0]}

{1,[a4eec485-e375-48b4-8f51-80d13a4086b6, 8, 0xC004F014,0x0]}

{1,[b6795467-dc45-4acf-af87-e948ee3f15f4, 8, 0xC004F014,0x0]}

{1,[bffdc375-bbd5-499d-8ef1-4f37b61c895f, 0, 0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]}

{1,[f3acdd3c-119a-4932-a3d7-0b6f33a1dca9, 8, 0xC004F014,0x0]}

{1,[afd5f68f-b70f-4000-a21d-28dbc8be8b07, 8, 0xC004F014,0x0]}

Record Number: 11905
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20080601214712.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: moe-PC
Event Code: 4907
Message: Die Überwachungseinstellungen für ein Objekt wurden geändert:

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: MOE-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Objekt:
Objektserver: Security
Objekttyp: File
Objektname: C:\Windows\System32\rasctrs.dll
Handle-ID: 0x20

Prozessinformationen:
Prozess-ID: 0x14fc
Prozessname: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe

Überwachungseinstellungen:
Originalsicherheitsbeschreibung:
Neue Sicherheitsbeschreibung: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 27147
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081215210344.911956-000
Event Type: Überwachung erfolgreich
User:

Computer Name: moe-PC
Event Code: 4907
Message: Die Überwachungseinstellungen für ein Objekt wurden geändert:

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: MOE-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Objekt:
Objektserver: Security
Objekttyp: File
Objektname: C:\Windows\System32\certmgr.dll
Handle-ID: 0x20

Prozessinformationen:
Prozess-ID: 0x14fc
Prozessname: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe

Überwachungseinstellungen:
Originalsicherheitsbeschreibung:
Neue Sicherheitsbeschreibung: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 27146
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081215210344.865156-000
Event Type: Überwachung erfolgreich
User:

Computer Name: moe-PC
Event Code: 4907
Message: Die Überwachungseinstellungen für ein Objekt wurden geändert:

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: MOE-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Objekt:
Objektserver: Security
Objekttyp: File
Objektname: C:\Windows\System32\certutil.exe
Handle-ID: 0x20

Prozessinformationen:
Prozess-ID: 0x14fc
Prozessname: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe

Überwachungseinstellungen:
Originalsicherheitsbeschreibung:
Neue Sicherheitsbeschreibung: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 27145
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081215210344.599956-000
Event Type: Überwachung erfolgreich
User:

Computer Name: moe-PC
Event Code: 4907
Message: Die Überwachungseinstellungen für ein Objekt wurden geändert:

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: MOE-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Objekt:
Objektserver: Security
Objekttyp: File
Objektname: C:\Windows\System32\ieakeng.dll
Handle-ID: 0x20

Prozessinformationen:
Prozess-ID: 0x14fc
Prozessname: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe

Überwachungseinstellungen:
Originalsicherheitsbeschreibung:
Neue Sicherheitsbeschreibung: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 27144
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081215210344.506356-000
Event Type: Überwachung erfolgreich
User:

Computer Name: moe-PC
Event Code: 4907
Message: Die Überwachungseinstellungen für ein Objekt wurden geändert:

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: MOE-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Objekt:
Objektserver: Security
Objekttyp: File
Objektname: C:\Windows\System32\kd1394.dll
Handle-ID: 0x20

Prozessinformationen:
Prozess-ID: 0x14fc
Prozessname: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe

Überwachungseinstellungen:
Originalsicherheitsbeschreibung:
Neue Sicherheitsbeschreibung: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 27143
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081215210344.397156-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6802
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------

Moe1991 · 17.08.2009, 01:22

2.1 GMER: 1. Teil der Log.txt

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-08-16 22:51:00
Windows 6.0.6002 Service Pack 2

---- System - GMER 1.0.15 ----

SSDT 87634A18 ZwConnectPort

INT 0x52 ? 86A0DF00
INT 0x52 ? 86A0DF00
INT 0x62 ? 86A0DF00
INT 0x72 ? 86A0DF00
INT 0x81 ? 8508CBF8
INT 0x91 ? 8508CBF8
INT 0xA1 ? 8508CBF8
INT 0xA1 ? 8508CBF8
INT 0xA1 ? 8508CBF8
INT 0xB3 ? 86A0DF00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 1C1 82CBF904 4 Bytes [18, 4A, 63, 87]
? System32\Drivers\spve.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8E1C641B 5 Bytes JMP 86A0D4E0
.text a1klmsmo.SYS 88B8F000 22 Bytes [82, 33, FD, 82, 6C, 32, FD, ...]
.text a1klmsmo.SYS 88B8F017 159 Bytes [00, 32, B7, 30, 83, 3D, B5, ...]
.text a1klmsmo.SYS 88B8F0B7 22 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a1klmsmo.SYS 88B8F0CE 80 Bytes [00, 00, 26, 00, 00, 00, E0, ...]
.text a1klmsmo.SYS 88B8F11F 194 Bytes [7E, 38, 40, 39, 82, 3B, C4, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[576] ADVAPI32.dll!RegOpenKeyExA 75CF7C42 5 Bytes JMP 0009F7BF C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Family Safety Service/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [832026D2] \SystemRoot\System32\Drivers\spve.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [83202040] \SystemRoot\System32\Drivers\spve.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [832027FC] \SystemRoot\System32\Drivers\spve.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [832020BE] \SystemRoot\System32\Drivers\spve.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8320213C] \SystemRoot\System32\Drivers\spve.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [83212048] \SystemRoot\System32\Drivers\spve.sys
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortNotification] F73BFF33
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortCompleteRequest] D1642446
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortMoveMemory] 7E3988B9
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] C7077528
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] D1902846
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 468B88B9
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortReadPortUshort] 244E8B2C
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7468016A
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortInitialize] 500000FA
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73467817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [734BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7346BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7345F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [734675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7345E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73498395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7346DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7345FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7345FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [734571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [734ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7348C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7345D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73456853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7345687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73462AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85A201F8
Device \FileSystem\fastfat \FatCdrom 86A071F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 8508E1F8
Device \Driver\usbohci \Device\USBPDO-0 869F61F8
Device \Driver\usbohci \Device\USBPDO-1 869F61F8
Device \Driver\usbohci \Device\USBPDO-2 869F61F8
Device \Driver\usbohci \Device\USBPDO-3 869F61F8
Device \Driver\usbohci \Device\USBPDO-4 869F61F8

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbehci \Device\USBPDO-5 869E71F8
Device \Driver\volmgr \Device\HarddiskVolume1 8508E1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8508E1F8
Device \Driver\cdrom \Device\CdRom0 869CF1F8
Device \Driver\volmgr \Device\HarddiskVolume3 8508E1F8
Device \Driver\cdrom \Device\CdRom1 869CF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85A1F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 85A1F1F8
Device \Driver\atapi \Device\Ide\IdePort0 85A1F1F8
Device \Driver\atapi \Device\Ide\IdePort1 85A1F1F8
Device \Driver\atapi \Device\Ide\IdePort2 85A1F1F8
Device \Driver\atapi \Device\Ide\IdePort3 85A1F1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{96A19C1F-9834-4868-A803-63FC30551EFA} 87733500
Device \Driver\volmgr \Device\HarddiskVolume4 8508E1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 87733500
Device \Driver\USBSTOR \Device\00000091 87D861F8
Device \Driver\netbt \Device\NetBT_Tcpip_{E2388F1A-F2FB-4258-BF9D-DACA784A68D1} 87733500
Device \Driver\USBSTOR \Device\00000092 87D861F8
Device \Driver\Smb \Device\NetbiosSmb 87735500
Device \Driver\iScsiPrt \Device\RaidPort0 869EC1F8
Device \Driver\sptd \Device\4224700714 spve.sys

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbohci \Device\USBFDO-0 869F61F8
Device \Driver\PCI_PNP4683 \Device\0000006c spve.sys
Device \Driver\usbohci \Device\USBFDO-1 869F61F8
Device \Driver\usbohci \Device\USBFDO-2 869F61F8
Device \Driver\usbohci \Device\USBFDO-3 869F61F8
Device \Driver\usbohci \Device\USBFDO-4 869F61F8
Device \Driver\usbehci \Device\USBFDO-5 869E71F8
Device \Driver\a1klmsmo \Device\Scsi\a1klmsmo1Port5Path0Target0Lun0 86B881F8
Device \Driver\a1klmsmo \Device\Scsi\a1klmsmo1 86B881F8
Device \FileSystem\fastfat \Fat 86A071F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 989F14B8

16.08.2009, 23:52	#6
kira /// Helfer-Team	Browser werden blockiert ! Bitte um kontrolle des HiJackThis Logs. kopiere bitte alles da rein! wenn auf einmal auch nicht geht, dann aufgeteilt...

Browser werden blockiert ! Bitte um kontrolle des HiJackThis Logs.

Log-Analyse und Auswertung: Browser werden blockiert ! Bitte um kontrolle des HiJackThis Logs.