Downloads werden ständig abgebrochen!

markus538 · 30.09.2010, 11:24

Hallo, seit kurzem werden meine Downloads ständig abgebrochen, da ich mich nur sehr wenig auskenne woran das liegen könnte poste ich hier mal meinen HijackThis Log. Danke für die Hilfe!
HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:14:42, on 30.09.2010
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\windows\system32\igfxsrvc.exe
C:\windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\windows\system32\conime.exe
C:\windows\explorer.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Gruber\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [appcore707en0setup.exe] C:\Users\Gruber\AppData\Roaming\8D1716F70C8969084DC768F156116516\appcore707en0setup.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.0.18)_Gecko/2010020220_Firefox/3.0.18_(.NET_CLR_3.5.30729)" -"hxxp://www.spielspiele.de/spiel/mahjong/mahjong_towers_eternity.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CCA8D14-B0E2-435D-84C0-FD7CF1866260}: NameServer = 151.99.0.100,212.216.112.112
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service for encrypted drives (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Trend Micro Zentrale Steuerkomponente (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 8699 bytes

--- --- ---

markusg · 30.09.2010, 12:44

wieso hast du noch nie windows updates gemacht??

ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide

markus538 · 30.09.2010, 13:09

Danke für die Hilfe...und für was ist das gut?

EXTRAS.TXTOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 30.09.2010 13:49:11 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Gruber\Downloads
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): c:\pagefile.sys 2000 2000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,09 Gb Total Space | 25,12 Gb Free Space | 17,93% Space Free | Partition Type: NTFS
Drive D: | 7,71 Gb Total Space | 2,26 Gb Free Space | 29,27% Space Free | Partition Type: NTFS
Drive E: | 1,25 Gb Total Space | 1,05 Gb Free Space | 83,74% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 149,05 Gb Total Space | 92,19 Gb Free Space | 61,86% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: WKSERVER
Current User Name: Gruber
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1971630747-227664097-368435551-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{136A4FAA-E144-4CA3-854D-41E87CCA3645}" = rport=137 | protocol=17 | dir=out | app=system | 
"{15AC89BD-81AE-4FBA-A3DA-6F8D88C80C04}" = lport=7705 | protocol=6 | dir=in | name=fmsnn | 
"{32BE865F-FF6F-4DE1-9153-56BDC71ED75F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{370A1611-9991-43A6-8569-11D79D8012CF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3ECA623C-219E-45AF-B981-8B8B757DD41C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{50121C61-8273-49AA-BA71-69CCB330C1C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B01FB5E6-963A-465F-B4DE-CCBFBD672FAC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B92DF1CE-39B8-4AAA-8B52-9091B0AE9697}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{BF66C034-CFD0-4175-A18F-A818B9421C60}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EC975D1B-10C0-4CFA-B326-9AEE8A844853}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EE49F3B6-856C-4E24-AC9F-2942A1C36693}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F79597F4-ECA7-481F-AB0A-7082CAC85A01}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E50AB3-1AE1-456B-B93E-A05C865BA519}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"{076974F7-B089-4BF8-BA8F-73BC8EAD2C66}" = protocol=6 | dir=in | app=c:\windows\temp\~os7f1e.tmp\rlvknlg.exe | 
"{096BC5D7-89C0-498A-AD80-9831FDE8673D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C3E6D65-1F3A-405A-A561-5975C0C1DFA0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{23F87B05-08B1-4E11-86B1-D99CA73B0A30}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe | 
"{2EBB7FB9-1FF3-4A0A-8486-37431A23F611}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{32E6473A-7FAC-4C2C-9D6C-781D36626FCB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3A9AB87E-8481-41C8-B5B4-2E02AD35179C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3D0728A6-2FE0-405C-810B-8927E1314424}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{48CD878F-FD6A-4ADA-820F-5A062B3AACEA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4A5DFFB2-D5B6-4B43-8862-6D3B43592734}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4EBB67FC-EA13-4F07-B530-1AF1114889CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{539A6792-9D9F-4184-8DBA-CDCDB73D31A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5E6BEAA6-A17C-4AD5-8B3C-5E9530806E23}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{722A056F-914B-4D7C-A134-208304F72860}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7D7B1404-4367-49D5-90F7-3B6A0447E37D}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"{7F0DA811-D4D2-4A1A-A98D-78358A1D6EAC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A92683BA-7344-4514-8D40-FCDEEDF52517}" = protocol=6 | dir=in | app=c:\windows\temp\~os21e2.tmp\rlvknlg.exe | 
"{AF47CBE8-1B05-450C-9D44-6731D5E99232}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B2582F99-3964-4739-8DE6-FB2948EE7F7D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B305C9FD-D7D9-4CB6-A41C-7683FD8D0AF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B9A4EDEF-8DDF-4B93-A834-68AFAFFFDF64}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB2F2513-B226-4BA0-8494-15FC33040D6D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D3EB2678-4C01-4836-B634-A83B59345E18}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe | 
"{D73F993C-8902-469D-BC2D-490FB33BC789}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe | 
"{E19106EA-0676-4C72-80E0-6E17AF9BEF20}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E3818189-F4E2-4DFB-8C8B-1297B61B3230}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E3B86155-F2EE-496B-B7A5-B9D38F3656EF}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe | 
"{F122980A-7BBB-4895-889F-190C3665845A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{449A42AB-EDDF-495F-859E-6593E52403A2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{5410EE43-0EE2-4F13-AD32-B070A047F6CA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell-Druckersoftware
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{25EEBED4-8CA8-412D-9B5E-690359EEE630}" = SoundSoap SM
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2AD74810-E122-4D37-9CE8-EC4BF9A065CC}" = Drive Encryption for HP ProtectTools
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup & Recovery Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40FC81EA-21F7-44FB-A6F2-A4D6328F4C4F}" = CorelDRAW Graphics Suite X4 - Lang SU
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{515B6FE8-7428-48D5-A39B-3E64A0BCCABE}" = hppscanM1522
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6834B8AE-D23B-4B26-A919-6515844CF2BA}" = CorelDRAW Graphics Suite X4 - Lang PL
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.14.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9CDA415B-974B-4384-8CA6-9327D5B4270B}" = CorelDRAW Graphics Suite X4 - Lang SV
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B00690AD-B4F5-4730-9110-5C495B89E647}" = Scan
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C8A37F1F-E13B-48ae-93F8-4669264969F9}" = HP LaserJet M1522 MFP Series 4.0
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software  1.12.29.2
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F42CF6B5-8594-4D3A-B96F-30FD3BC1AAA5}" = Embedded Security for HP ProtectTools
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FileZilla Client" = FileZilla Client 3.2.0
"Foxit Creator" = Foxit Creator
"Foxit Reader" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel® Management-Engine-Interface
"HijackThis" = HijackThis 2.0.2
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel® Active-Management-Technologie
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"PDF Complete" = PDF Complete
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSetDX" = Intel(R) PRO Network Connections 12.1.14.1
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealAlt_is1" = Real Alternative 2.0.2
"RMVB Player_is1" = RMVB Player 1.0
"SystemRequirementsLab" = System Requirements Lab
"Trapcode Shine" = Trapcode Shine
"Trapcode Starglow" = Trapcode Starglow
"VLC media player" = VLC media player 0.9.2
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.09.2010 02:28:10 | Computer Name = WKSERVER | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00040026,  Prozess-ID 0x4dc, Anwendungsstartzeit
 01cb5f99e8fd525b.
 
Error - 29.09.2010 03:49:42 | Computer Name = WKSERVER | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00040026,  Prozess-ID 0x1120, Anwendungsstartzeit
 01cb5f9fa9debb45.
 
Error - 29.09.2010 08:10:59 | Computer Name = WKSERVER | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x14f0, Anwendungsstartzeit
 01cb5fab0a7a0535.
 
Error - 30.09.2010 01:58:11 | Computer Name = WKSERVER | Source = Intel(R) AMT | ID = 2002
Description =  [UNS] Failed to subscribe to local Intel(R) AMT. 
 
Error - 30.09.2010 01:58:22 | Computer Name = WKSERVER | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.09.2010 02:37:32 | Computer Name = WKSERVER | Source = WerSvc | ID = 5007
Description = 
 
Error - 30.09.2010 02:41:59 | Computer Name = WKSERVER | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc0000374, Fehleroffset 0x000af1c9,  Prozess-ID 0x4dc, Anwendungsstartzeit
 01cb606460e6031c.
 
Error - 30.09.2010 03:19:28 | Computer Name = WKSERVER | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00040026,  Prozess-ID 0x10a8, Anwendungsstartzeit
 01cb606ad177290b.
 
Error - 30.09.2010 03:34:05 | Computer Name = WKSERVER | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x010202be,  Prozess-ID 0x158, Anwendungsstartzeit
 01cb606ffd4f462b.
 
Error - 30.09.2010 06:59:20 | Computer Name = WKSERVER | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00040026,  Prozess-ID 0x894, Anwendungsstartzeit
 01cb60720522129b.
 
[ System Events ]
Error - 29.09.2010 01:49:46 | Computer Name = WKSERVER | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 29.09.2010 08:14:14 | Computer Name = WKSERVER | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 29.09.2010 08:14:14 | Computer Name = WKSERVER | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 29.09.2010 08:14:14 | Computer Name = WKSERVER | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 29.09.2010 08:14:14 | Computer Name = WKSERVER | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 29.09.2010 08:14:14 | Computer Name = WKSERVER | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 29.09.2010 08:14:14 | Computer Name = WKSERVER | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 30.09.2010 01:57:05 | Computer Name = WKSERVER | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 28, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 30.09.2010 01:59:04 | Computer Name = WKSERVER | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 30.09.2010 03:24:41 | Computer Name = WKSERVER | Source = Service Control Manager | ID = 7032
Description = 
 
 
< End of report >

--- --- ---

OTL.TXTOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 30.09.2010 13:49:11 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Gruber\Downloads
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): c:\pagefile.sys 2000 2000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,09 Gb Total Space | 25,12 Gb Free Space | 17,93% Space Free | Partition Type: NTFS
Drive D: | 7,71 Gb Total Space | 2,26 Gb Free Space | 29,27% Space Free | Partition Type: NTFS
Drive E: | 1,25 Gb Total Space | 1,05 Gb Free Space | 83,74% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 149,05 Gb Total Space | 92,19 Gb Free Space | 61,86% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: WKSERVER
Current User Name: Gruber
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gruber\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
PRC - C:\Programme\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
PRC - C:\Windows\SMINST\Scheduler.exe ()
PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
PRC - C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.)
PRC - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
PRC - C:\Programme\Intel\AMT\UNS.exe (Intel)
PRC - C:\Programme\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Programme\Intel\AMT\atchk.exe (Intel Corporation)
PRC - C:\Programme\Intel\AMT\LMS.exe (Intel)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\Hewlett-Packard\Embedded Security Software\PSDrt.exe (Infineon Technologies AG)
PRC - C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)
PRC - C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wermgr.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Gruber\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (qibvqim) --  File not found
SRV - (TmPfw) -- C:\Programme\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
SRV - (UNS) Intel(R) -- C:\Programme\Intel\AMT\UNS.exe (Intel)
SRV - (atchksrv) Intel(R) -- C:\Programme\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\AMT\LMS.exe (Intel)
SRV - (PersonalSecureDriveService) -- C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (DLSDB) -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)
SRV - (DLPWD) -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\windows\System32\DRIVERS\ipinip.sys File not found
DRV - (GearAspiWDM) -- C:\windows\System32\drivers\gearaspiwdm.sys File not found
DRV - (blbdrive) -- C:\windows\System32\drivers\blbdrive.sys File not found
DRV - (agp440) -- C:\windows\system32\drivers\agp440.sys ()
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (SafeBoot International)
DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (SafeBoot International)
DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys ()
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (PersonalSecureDrive) -- C:\windows\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (ql2300) -- C:\windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (SafeBoot N.V.)
DRV - (DRVMCDB) -- C:\windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1971630747-227664097-368435551-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=desktop
IE - HKU\S-1-5-21-1971630747-227664097-368435551-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKU\S-1-5-21-1971630747-227664097-368435551-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=desktop
IE - HKU\S-1-5-21-1971630747-227664097-368435551-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1971630747-227664097-368435551-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1971630747-227664097-368435551-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.29 17:32:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.29 17:32:33 | 000,000,000 | ---D | M]
 
[2010.09.30 12:15:23 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.01.07 10:39:34 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 20:34:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2007.12.19 19:52:28 | 000,000,808 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1       HPSystem # LMS GENERATED LINE
O3 - HKU\S-1-5-21-1971630747-227664097-368435551-1006\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SetRefresh] C:\Programme\HP\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1971630747-227664097-368435551-1006..\Run: [appcore707en0setup.exe] C:\Users\Gruber\AppData\Roaming\8D1716F70C8969084DC768F156116516\appcore707en0setup.exe ()
O4 - HKU\S-1-5-21-1971630747-227664097-368435551-1006..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - HKU\S-1-5-21-1971630747-227664097-368435551-1006..\RunOnce: [Shockwave Updater] C:\windows\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\5.0_( File not found
O4 - Startup: C:\Users\Gruber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Gruber\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gruber\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.06.23 18:52:22 | 000,000,023 | ---- | M] () - C:\autohook.bat -- [ NTFS ]
O32 - AutoRun File - [2007.12.19 20:10:35 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{6103d96f-8fd4-11df-abfa-000ffed2e36c}\Shell - "" = AutoRun
O33 - MountPoints2\{6103d96f-8fd4-11df-abfa-000ffed2e36c}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{94f0e305-74cb-11dd-80f7-000ffed2e36c}\Shell\AutoRun\command - "" = K:\.\Start.exe -- File not found
O33 - MountPoints2\{b7dd181d-cc06-11dd-887c-000ffed2e36c}\Shell - "" = AutoRun
O33 - MountPoints2\{b7dd181d-cc06-11dd-887c-000ffed2e36c}\Shell\AutoRun\command - "" = F:\loader.exe -- File not found
O33 - MountPoints2\{f72d035d-9ab3-11dd-af78-000ffed2e36c}\Shell - "" = AutoRun
O33 - MountPoints2\{f72d035d-9ab3-11dd-af78-000ffed2e36c}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\loader.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: qibvqim -  File not found
 
MsConfig - StartUpReg: PTHOSTTR - hkey= - key= - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.divxa32 - C:\windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.29 07:55:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.09.29 07:55:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.09.29 07:55:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.29 07:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.28 17:53:28 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2010.09.28 17:51:26 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.30 13:51:17 | 000,843,264 | ---- | M] () -- C:\windows\System32\drivers\tlevmv.sys
[2010.09.30 13:47:05 | 003,932,160 | -HS- | M] () -- C:\Users\Gruber\ntuser.dat
[2010.09.30 12:57:55 | 000,003,456 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.30 12:57:55 | 000,003,456 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.30 09:20:42 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010.09.30 09:19:48 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\hldayd.sys
[2010.09.30 07:57:28 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010.09.30 07:57:25 | 2099,564,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.29 07:55:34 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 17:51:42 | 000,843,264 | ---- | M] () -- C:\windows\System32\drivers\agp440.sys
[2010.09.27 08:36:32 | 000,644,616 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010.09.27 08:36:32 | 000,612,848 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010.09.27 08:36:32 | 000,117,510 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010.09.27 08:36:32 | 000,104,570 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010.09.27 08:36:31 | 001,470,336 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2010.09.30 09:19:48 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\hldayd.sys
[2010.09.29 07:55:34 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.28 17:51:42 | 000,843,264 | ---- | C] () -- C:\windows\System32\drivers\tlevmv.sys
[2009.05.14 10:01:48 | 000,000,000 | ---- | C] () -- C:\windows\PROTOCOL.INI
[2009.04.16 08:01:58 | 000,101,640 | RHS- | C] () -- C:\windows\System32\amycsunn.dll
[2009.01.25 15:41:50 | 000,000,098 | ---- | C] () -- C:\windows\MSUTIL.INI
[2009.01.14 18:50:06 | 000,000,150 | ---- | C] () -- C:\windows\System32\AddPort.ini
[2009.01.14 18:48:45 | 000,000,790 | ---- | C] () -- C:\windows\hpntwksetup.ini
[2009.01.14 18:46:26 | 000,001,459 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.01.10 01:13:22 | 000,057,344 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2008.12.07 14:08:06 | 000,795,648 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2008.12.07 14:08:04 | 000,130,048 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\windows\System32\dtu100.dll.manifest
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\windows\System32\dpl100.dll.manifest
[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\windows\System32\DivXWMPExtType.dll
[2008.10.15 14:42:44 | 002,463,976 | ---- | C] () -- C:\windows\System32\NPSWF32.dll
[2008.10.15 14:20:57 | 000,717,296 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2008.08.27 17:01:25 | 000,055,792 | ---- | C] () -- C:\windows\System32\DLAAPI_W.DLL
[2008.08.27 17:01:23 | 000,000,120 | ---- | C] () -- C:\windows\wininit.ini
[2008.02.28 18:02:10 | 000,000,000 | ---- | C] () -- C:\windows\System32\px.ini
[2007.12.20 04:01:38 | 000,249,856 | ---- | C] () -- C:\windows\System32\igfxTMM.dll
[2007.12.20 04:01:38 | 000,204,800 | ---- | C] () -- C:\windows\System32\igfxCoIn_v1283.dll
[2007.12.19 19:55:45 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2007.12.19 19:55:45 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2007.12.19 19:55:45 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2007.12.19 19:55:45 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2007.12.19 19:55:45 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2007.12.19 19:55:45 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\windows\System32\unrar.dll
[2007.08.24 20:46:48 | 000,147,456 | ---- | C] () -- C:\windows\System32\igfxCoIn_v1322.dll
[2007.08.24 20:38:54 | 001,238,832 | ---- | C] () -- C:\windows\System32\igmedkrn.dll
[2007.08.24 20:38:54 | 000,104,636 | ---- | C] () -- C:\windows\System32\igmedcompkrn.dll
[2007.06.27 18:13:51 | 000,516,096 | ---- | C] () -- C:\windows\System32\RegisterDialog.dll
[2007.06.13 18:53:28 | 000,101,167 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\windows\System32\hpotscl1.dll
[2006.11.02 10:35:06 | 000,843,264 | ---- | C] () -- C:\windows\System32\drivers\agp440.sys
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006.09.24 23:02:34 | 000,520,192 | ---- | C] () -- C:\windows\System32\CddbPlaylist2Roxio.dll
[2006.09.24 23:02:34 | 000,204,800 | ---- | C] () -- C:\windows\System32\CddbFileTaggerRoxio.dll
[2001.07.07 05:00:00 | 000,003,254 | ---- | C] () -- C:\windows\System32\HPTCPMON.INI
[1998.05.07 04:10:00 | 000,069,632 | R--- | C] () -- C:\windows\System32\ODMA32.dll
 
========== LOP Check ==========
 
[2009.05.14 11:10:06 | 000,000,000 | ---D | M] -- C:\Users\ACS\AppData\Roaming\Offline Explorer
[2008.02.11 07:22:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Infineon
[2008.02.11 07:22:41 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\SampleView
[2008.02.11 07:22:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Infineon
[2008.02.11 07:22:41 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\SampleView
[2010.09.28 17:51:33 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\8D1716F70C8969084DC768F156116516
[2009.01.20 13:20:50 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Axosoft
[2008.10.15 14:20:33 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\DAEMON Tools
[2010.02.09 17:24:12 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\FileZilla
[2009.01.07 10:39:40 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Foxit
[2010.03.23 16:07:06 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Foxit Software
[2009.04.15 10:17:14 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\GrabPro
[2008.02.11 07:22:42 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Infineon
[2009.02.06 15:28:23 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\InterVideo
[2009.04.16 09:53:50 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Orbit
[2008.02.11 07:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\SampleView
[2010.09.30 09:34:13 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.09.28 17:51:33 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\8D1716F70C8969084DC768F156116516
[2009.02.16 18:33:26 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Adobe
[2009.01.20 13:20:50 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Axosoft
[2008.10.08 14:13:56 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Corel
[2008.10.15 14:20:33 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\DAEMON Tools
[2008.12.08 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\DivX
[2009.05.04 16:34:00 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\dvdcss
[2010.02.09 17:24:12 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\FileZilla
[2009.01.07 10:39:40 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Foxit
[2010.03.23 16:07:06 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Foxit Software
[2009.04.15 10:17:14 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\GrabPro
[2008.02.11 07:25:56 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Identities
[2008.02.11 07:22:42 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Infineon
[2009.02.06 15:28:23 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\InterVideo
[2008.09.17 11:28:49 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Macromedia
[2010.09.29 07:55:40 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Malwarebytes
[2009.04.27 18:56:49 | 000,000,000 | --SD | M] -- C:\Users\Gruber\AppData\Roaming\Microsoft
[2008.09.25 17:21:07 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Mozilla
[2009.04.16 09:53:50 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Orbit
[2008.02.11 07:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\SampleView
[2010.01.23 15:15:12 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\Skype
[2008.11.27 15:42:06 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\SmartFTP
[2008.09.25 16:03:07 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\vlc
[2008.10.08 16:58:36 | 000,000,000 | ---D | M] -- C:\Users\Gruber\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.09.28 17:51:42 | 000,728,064 | ---- | M] () -- C:\Users\Gruber\AppData\Roaming\hotfix.exe
[2010.09.28 17:54:15 | 001,058,816 | ---- | M] () -- C:\Users\Gruber\AppData\Roaming\8D1716F70C8969084DC768F156116516\appcore707en0setup.exe
[2010.09.28 17:54:18 | 001,058,816 | ---- | M] () -- C:\Users\Gruber\AppData\Roaming\8D1716F70C8969084DC768F156116516\fixmediaset70700en00.exe
[2008.11.25 09:55:02 | 001,850,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Gruber\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.01.14 16:16:19 | 000,010,134 | R--- | M] () -- C:\Users\Gruber\AppData\Roaming\Microsoft\Installer\{25EEBED4-8CA8-412D-9B5E-690359EEE630}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2010.09.28 17:51:42 | 000,843,264 | ---- | M] () MD5=C22A61FF2EF64E52D82DA398EB503225 -- C:\Windows\System32\drivers\agp440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.26 13:12:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008.03.26 13:12:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.03.26 13:12:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.03.26 13:12:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.02.11 08:53:38 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=84F3E11A153D99202A67B9AFFE11EC65 -- C:\Windows\explorer.exe
[2008.02.11 08:53:38 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\swsetup\Drivers\MSD\RAID\Intel\ICH9\IaStor.sys
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.12.20 04:22:17 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2007.12.20 04:22:17 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2007.12.20 04:22:17 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007.06.13 18:53:28 | 000,101,167 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\SafeBoot.sys
[2008.10.15 14:20:57 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
[2010.09.30 14:02:10 | 000,843,264 | ---- | M] () Unable to obtain MD5 -- C:\windows\System32\drivers\tlevmv.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.02.13 09:26:37 | 000,101,640 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\System32\amycsunn.dll
[2006.11.02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007.12.20 04:25:55 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< End of report >

--- --- ---

markusg · 30.09.2010, 13:55

updates sind für dein system wichtig, du hast hunderte sicherheitslücken, durch die malware eindringen kann, darum kümmern wir uns später.

Lade
http://www.trojaner-board.de/54791-a...ner-board.html

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

30.09.2010, 13:55	#4
markusg /// Malware-holic	Downloads werden ständig abgebrochen! updates sind für dein system wichtig, du hast hunderte sicherheitslücken, durch die malware eindringen kann, darum kümmern wir uns später. Lade http://www.trojaner-board.de/54791-a...ner-board.html bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Downloads werden ständig abgebrochen!

Log-Analyse und Auswertung: Downloads werden ständig abgebrochen!