Byavubohido rundll32.exe<-- internet abbruch, und keine updates mehr, fenster fehler

Black-Night · 07.10.2010, 07:58

hallöchen euch allen

mein system
Windows vista home premium sp 1
toshiba satalite l40-30c laptop
intel celeron 1,86 ghz
ram 1,00gb
32 bit

vor circa einer woche hatte avira angeschlagen und fand einiges ich habs beseitigt doch dann trat das auf

Uploaded with ImageShack.us

ich machte mich auf die suche um mir die datei genauer anzusehen fand sie aber nicht. ich ließ hijack drüberlaufen und fand
O4 - HKLM\..\Run: [Byavubohido] rundll32.exe "C:\Users\****\AppData\Local\uvoxesakorilowad.dll",Startup ich habs gefixt aber die fehlermeldung kommt weiterhin.

aber das ist noch nicht alles ich kann keine windows updates machen und nach unbestimmter zeit wird das internet abgebrochen, die tastleiste wie auch die fenster werden weiß (sieht wie eine alte windows version aus) und ich bekomme die fehlermeldung >hostprozess für windows-dienste wurde beendet und geschlossen<.
das lässt sich dann nur noch durch einen neustart beheben. danach gehts dann wieder von vorne los.

ich hab dann noch unter >aufführen< msconfig eingegeben und hab dann wieder da hab ich folgendes gefunden
Byavubohido rundll32.exe"c:\users\****\appData\Local\uvoxesakorilowad.dll",Startup<
diese datei ist 2mal vorhanden einmal aktiviert einmal nicht. diese bekomm ich auch nicht gelöscht.

hier noch die logs von hijack und mbam

mbam ist aktuell und ein komplett scan von heute nacht

hijack
HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:02:20, on 07.10.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Byavubohido] rundll32.exe "C:\Users\Stuffi\AppData\Local\uvoxesakorilowad.dll",Startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6E66A60-A87F-4C5B-AFF1-FDD83092597B}: NameServer = 213.191.74.18 62.109.123.196
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: Orphalese Deck Service - Orphalese Data Solutions Ltd - C:\Orphalese Tarot\DeckService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 7968 bytes

--- --- ---
und mbam

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3930

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

07.10.2010 06:59:28
mbam-log-2010-10-07 (06-59-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 277726
Laufzeit: 4 Stunde(n), 9 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\byavubohido (Trojan.Agent.U) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

die infizierte datei hab ich noch nicht glöscht...... denn auch das hatte ich zusammen mit hijack schon einmal durchlaufen lassen und konnte es auch nicht entfernen.........

ich hoffe das ihr mir helfen könnt

vielen dank schon mal im voraus Black Night

markusg · 07.10.2010, 10:10

schau mal unter avira, reports, suche den report mit den funden und poste die, falls aviras guard etwas gefunden hatt, schau unter ereignisse und poste diese meldungen.

ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.

Black-Night · 07.10.2010, 11:42

vielen dank ersteinmal

hier ist avira

29.09.2012

4mal gefunden und gelöscht
In der Datei 'C:\Windows\System32\dwmhone.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen

2mal gefunden und gelöscht
In der Datei 'C:\Users\Stuffi\AppData\Local\Temp\tmp8010.tmp.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen

2mal gefunden und gelöscht
In der Datei 'C:\Users\Stuffi\AppData\Local\Temp\eapp32hst.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen

3mal gefunden und gelöscht
In der Datei 'C:\Users\Stuffi\AppData\Local\Temp\tmp8010.tmp.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen

In der Datei 'C:\Users\Stuffi\AppData\Local\Temp\eapp32hst.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen

In der Datei 'C:\Users\Stuffi\AppData\Local\Temp\tmp8010.tmp.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen

In der Datei 'C:\Users\Stuffi\AppData\Local\Temp\eapp32hst.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen

In der Datei 'C:\Users\Stuffi\AppData\Local\Temp\eapp32hst.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen

6mal gefunden und gelöscht
In der Datei 'C:\Users\Stuffi\AppData\Local\Temp\tmp8010.tmp.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen

2mal gefunden und gelöscht
In der Datei 'C:\Users\Stuffi\AppData\Local\Temp\eapp32hst.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen

126mal gefunden und gelöscht
In der Datei 'C:\Users\Stuffi\AppData\Local\Temp\eapp32hst.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen

dann otlOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.10.2010 12:07:49 - Run 1
OTL by OldTimer - Version 3.2.1.2     Folder = C:\Users\Stuffi\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 313,00 Mb Available Physical Memory | 31,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 51,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,66 Gb Total Space | 16,51 Gb Free Space | 29,66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54,66 Gb Total Space | 18,99 Gb Free Space | 34,74% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 931,51 Gb Total Space | 373,66 Gb Free Space | 40,11% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: STUFFIS-LAPPI
Current User Name: Stuffi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stuffi\Downloads\-olt-.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Orphalese Tarot\DeckService.exe (Orphalese Data Solutions Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Stuffi\Downloads\-olt-.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Orphalese Deck Service) -- C:\Orphalese Tarot\DeckService.exe (Orphalese Data Solutions Ltd)
SRV - (O&O Defrag) -- C:\Windows\System32\oodag.exe (O&O Software GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (lxbc_device) -- C:\Windows\System32\lxbccoms.exe ( )
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS ()
DRV - (SVKP) -- C:\Windows\System32\SVKP.sys (AntiCracking)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - Reg Error: Key error. File not found
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2422499485-3765178413-3129067992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-2422499485-3765178413-3129067992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2422499485-3765178413-3129067992-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2422499485-3765178413-3129067992-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.googel.de"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {12e4c684-c03e-4e4d-85bc-0c065e7a9489}:5.23.2.10
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.2.3
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {20EDA46E-2436-46E3-BB5C-853B9EA5DE5C}:1.9.1
FF - prefs.js..extensions.enabledItems: {9f94fab0-58a2-11dd-ae16-0800200c9a66}:3.0.26
FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100805
FF - prefs.js..extensions.enabledItems: {e7348bc0-16f6-11de-8c30-0800200c9a66}:3.6.19.02.10
FF - prefs.js..extensions.enabledItems: theme@yogurttree.com:0.6.2
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord
FF - HKLM\software\mozilla\Firefox\Extensions\\{20EDA46E-2436-46E3-BB5C-853B9EA5DE5C}: C:\Users\Stuffi\AppData\Local\{20EDA46E-2436-46E3-BB5C-853B9EA5DE5C} [2010.09.29 01:24:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.04 22:31:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.04 22:31:49 | 000,000,000 | ---D | M]
 
[2008.08.25 17:46:04 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\mozilla\Extensions
[2008.04.01 19:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stuffi\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2008.08.25 17:46:04 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.10.06 15:35:08 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions
[2010.09.01 04:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009.03.08 20:27:02 | 000,000,000 | ---D | M] (SHOUTcast Radio Toolbar) -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
[2010.06.01 09:24:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.17 08:51:08 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2010.02.19 22:03:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.09.29 00:23:44 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2008.05.09 15:01:25 | 000,000,000 | ---D | M] (BlackJapanMAX) -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{8e12f188-352c-4476-8198-e9b8f4a4353a}
[2010.08.10 09:48:45 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2009.08.24 10:08:38 | 000,000,000 | ---D | M] (AvantGarde Rosepetal) -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
[2008.10.15 17:15:16 | 000,000,000 | ---D | M] (Blue Ice 2) -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2009.08.24 10:08:38 | 000,000,000 | ---D | M] (MushroomKingdom) -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2010.09.08 08:49:24 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.08.31 21:17:40 | 000,000,000 | ---D | M] (Veoh Web Player Toolbar) -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2010.06.01 09:25:00 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.02.21 09:24:44 | 000,000,000 | ---D | M] (Pink Fox) -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66}
[2009.05.22 10:53:19 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\moveplayer@movenetworks.com
[2010.09.01 04:19:06 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\nasanightlaunch@example.com
[2010.08.09 23:28:06 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\searchrecs@veoh.com
[2010.04.17 08:51:10 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\theme@yogurttree.com
[2010.09.10 16:41:44 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\mozilla\Firefox\Profiles\akwi0k9g.default\extensions\youtube2mp3@mondayx.de
[2010.06.29 17:22:34 | 000,000,933 | ---- | M] () -- C:\Users\Stuffi\AppData\Roaming\Mozilla\FireFox\Profiles\akwi0k9g.default\searchplugins\conduit.xml
[2008.06.21 21:13:48 | 000,002,921 | ---- | M] () -- C:\Users\Stuffi\AppData\Roaming\Mozilla\FireFox\Profiles\akwi0k9g.default\searchplugins\daemon-search.xml
[2010.10.04 07:02:39 | 000,000,950 | ---- | M] () -- C:\Users\Stuffi\AppData\Roaming\Mozilla\FireFox\Profiles\akwi0k9g.default\searchplugins\icqplugin-1.xml
[2008.02.19 18:16:46 | 000,000,951 | ---- | M] () -- C:\Users\Stuffi\AppData\Roaming\Mozilla\FireFox\Profiles\akwi0k9g.default\searchplugins\icqplugin.xml
[2009.03.08 22:44:46 | 000,001,184 | ---- | M] () -- C:\Users\Stuffi\AppData\Roaming\Mozilla\FireFox\Profiles\akwi0k9g.default\searchplugins\winamp-search.xml
[2010.10.07 12:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.01 15:06:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.07.28 20:20:58 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.28 20:20:58 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.28 20:20:58 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.28 20:20:58 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.28 20:20:58 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.02.20 01:22:35 | 000,250,462 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 8731 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2422499485-3765178413-3129067992-1000\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-2422499485-3765178413-3129067992-1000\..\Toolbar\WebBrowser: (no name) - {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - No CLSID value found.
O3 - HKU\S-1-5-21-2422499485-3765178413-3129067992-1000\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-2422499485-3765178413-3129067992-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Byavubohido] C:\Users\Stuffi\AppData\Local\uvoxesakorilowad.DLL File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2422499485-3765178413-3129067992-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Stuffi\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Stuffi\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.04.12 12:36:34 | 000,000,000 | ---D | M] - C:\Autorun Eater -- [ NTFS ]
O33 - MountPoints2\{0dddb45b-6e3c-11dd-8dd2-001a92fa7b35}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{88393af8-c22d-11dc-a6c5-001a92fa7b35}\Shell - "" = AutoRun
O33 - MountPoints2\{88393af8-c22d-11dc-a6c5-001a92fa7b35}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBSautocheck turegopt) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: ciphl386 - (C:\Windows\system32\dwmhone.dll) - C:\Windows\System32\dwmhone.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.09.11 18:22:58 | 000,000,000 | ---D | M]
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Byavubohido - hkey= - key= - C:\Users\Stuffi\AppData\Local\uvoxesakorilowad.DLL File not found
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - Reg Error: Value error.
SafeBootMin: sdcoreservice - Reg Error: Value error.
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger -  File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - Reg Error: Value error.
SafeBootNet: sdcoreservice - Reg Error: Value error.
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Reg Error: Value error.
SafeBootNet: WudfUsbccidDriver - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
OTL cannot create restorepoints on Vista OSs!
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.06 11:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.10.05 18:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010.10.04 22:50:04 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.10.04 22:19:10 | 000,000,000 | ---D | C] -- C:\Users\Stuffi\AppData\Roaming\Canneverbe Limited
[2010.10.04 22:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010.10.04 22:18:16 | 000,000,000 | ---D | C] -- C:\CDBurnerXP
[2010.10.04 19:38:43 | 000,909,176 | ---- | C] (Microsoft Corporation) -- C:\Users\Stuffi\Desktop\WGAPluginInstall.exe
[2010.10.01 07:35:24 | 000,000,000 | ---D | C] -- C:\Sophos
[2010.09.30 23:06:10 | 000,000,000 | ---D | C] -- C:\Users\Stuffi\Desktop\gmer1015
[2010.09.30 22:43:06 | 000,000,000 | ---D | C] -- C:\e5445938d3f1b486dfd34b5e2078
[2010.09.29 19:23:53 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2010.09.29 19:23:53 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2010.09.29 19:23:53 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2010.09.29 19:23:53 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2010.09.29 19:23:52 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2010.09.29 19:23:52 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2010.09.29 19:23:52 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2010.09.29 19:23:51 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2010.09.29 19:23:51 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.09.29 19:23:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.09.29 19:23:50 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.09.29 19:23:50 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.09.29 19:23:50 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010.09.29 19:23:50 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.09.29 19:23:49 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010.09.29 19:23:49 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010.09.29 19:23:48 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010.09.29 19:23:48 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010.09.29 19:23:45 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.09.29 19:23:42 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010.09.29 19:23:42 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010.09.29 19:23:41 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010.09.29 19:23:41 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010.09.29 19:23:41 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010.09.29 19:23:41 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010.09.29 19:23:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010.09.29 18:50:38 | 000,000,000 | ---D | C] -- C:\Users\Stuffi\Desktop\sims dl
[2010.09.29 01:24:46 | 000,000,000 | ---D | C] -- C:\Users\Stuffi\AppData\Local\{20EDA46E-2436-46E3-BB5C-853B9EA5DE5C}
[2010.09.17 13:35:43 | 000,000,000 | ---D | C] -- C:\Users\Stuffi\AppData\Local\memocard
[2010.09.17 13:34:41 | 000,000,000 | ---D | C] -- C:\MemoCard
[2010.09.15 14:59:42 | 000,000,000 | ---D | C] -- C:\Users\Stuffi\Desktop\EHSA
[2010.09.15 14:16:16 | 000,000,000 | ---D | C] -- C:\Lernkartei
[2010.09.15 14:15:54 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010.09.15 14:15:50 | 001,392,671 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvbvm60.dll
[2010.09.15 14:15:50 | 000,151,622 | ---- | C] (Microsoft Corporation) -- C:\Windows\modcas.dll
[2010.09.15 14:15:50 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\vb6de.dll
[2010.09.15 14:15:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\odestkit.dll
[2010.09.15 14:15:50 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\ODEUNST.EXE
[2010.09.15 12:31:22 | 000,000,000 | ---D | C] -- C:\Users\Stuffi\Documents\FinePrint files
[2010.09.15 12:30:26 | 000,401,408 | ---- | C] (FinePrint Software, LLC) -- C:\Windows\System32\fpres632.dll
[2010.09.15 12:30:26 | 000,385,024 | ---- | C] (FinePrint Software, LLC) -- C:\Windows\System32\fpmon6.dll
[2010.09.15 12:06:02 | 000,000,000 | ---D | C] -- C:\CUEcards
[2010.09.15 00:25:10 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.14 20:03:06 | 000,000,000 | ---D | C] -- C:\Users\Stuffi\AppData\Roaming\Scribus
[2010.09.14 20:00:25 | 000,000,000 | ---D | C] -- C:\Scribus 1.3.8
[2010.09.11 12:40:23 | 000,000,000 | ---D | C] -- C:\Users\Stuffi\AppData\Roaming\pics
[2010.09.11 12:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\pics
[2010.09.11 12:37:25 | 000,000,000 | ---D | C] -- C:\Users\Stuffi\Desktop\raetsel
[2010.09.10 21:00:50 | 000,000,000 | ---D | C] -- C:\Users\Stuffi\Documents\Astalavista
[2010.09.10 17:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared
[2010.09.10 17:06:30 | 000,304,128 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\unin0407.exe
[2010.09.03 20:11:26 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbcusb1.dll
[2010.09.03 20:11:26 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbcinpa.dll
[2010.09.03 20:11:26 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbciesc.dll
[2010.09.03 20:11:26 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBChcp.dll
[2010.09.03 20:11:25 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbcserv.dll
[2010.09.03 20:11:25 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbcpmui.dll
[2010.09.03 20:11:25 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbclmpm.dll
[2010.09.03 20:11:25 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbcprox.dll
[2010.09.03 20:11:25 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbcpplc.dll
[2010.09.03 20:11:24 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbchbn3.dll
[2010.09.03 20:11:20 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbccomm.dll
[2010.09.03 20:11:19 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbccomc.dll
[2010.06.02 05:22:02 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Users\Stuffi\DSETUP.dll
[2009.04.02 07:30:08 | 000,092,064 | ---- | C] (MCCI) -- C:\Users\Stuffi\mqdmmdm.sys
[2009.04.02 07:30:08 | 000,079,328 | ---- | C] (MCCI) -- C:\Users\Stuffi\mqdmserd.sys
[2009.04.02 07:30:08 | 000,066,656 | ---- | C] (MCCI) -- C:\Users\Stuffi\mqdmbus.sys
[2009.04.02 07:30:08 | 000,009,232 | ---- | C] (MCCI) -- C:\Users\Stuffi\mqdmmdfl.sys
[2009.04.02 07:30:08 | 000,006,208 | ---- | C] (MCCI) -- C:\Users\Stuffi\mqdmcmnt.sys
[2009.04.02 07:30:08 | 000,005,936 | ---- | C] (MCCI) -- C:\Users\Stuffi\mqdmwhnt.sys
[2009.04.02 07:30:08 | 000,004,048 | ---- | C] (MCCI) -- C:\Users\Stuffi\mqdmcr.sys
[2009.04.02 07:19:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\Stuffi\usbsermptxp.sys
[2009.04.02 07:19:25 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\Stuffi\usbsermpt.sys
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.07 12:09:48 | 006,291,456 | ---- | M] () -- C:\Users\Stuffi\ntuser.dat
[2010.10.07 11:06:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.07 11:06:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.07 10:25:18 | 000,191,488 | ---- | M] () -- C:\Users\Stuffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.07 07:22:23 | 000,027,741 | ---- | M] () -- C:\Users\Stuffi\Desktop\fehlermeldung.jpg
[2010.10.07 07:12:00 | 000,341,586 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.07 07:12:00 | 000,171,288 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.07 07:12:00 | 000,092,822 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.07 07:12:00 | 000,048,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.07 07:12:00 | 000,019,578 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.07 07:06:39 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile
[2010.10.07 07:06:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.07 07:05:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.07 07:03:53 | 000,524,288 | -HS- | M] () -- C:\Users\Stuffi\ntuser.dat{c25c0a47-9a13-11df-80be-001a92fa7b35}.TMContainer00000000000000000001.regtrans-ms
[2010.10.07 07:03:53 | 000,065,536 | -HS- | M] () -- C:\Users\Stuffi\ntuser.dat{c25c0a47-9a13-11df-80be-001a92fa7b35}.TM.blf
[2010.10.07 07:03:37 | 004,097,563 | -H-- | M] () -- C:\Users\Stuffi\AppData\Local\IconCache.db
[2010.10.06 18:32:10 | 000,136,832 | ---- | M] () -- C:\Users\Stuffi\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.10.06 18:29:52 | 000,444,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.06 15:10:11 | 000,491,424 | ---- | M] () -- C:\Windows\System32\OODBS.lor
[2010.10.04 22:18:19 | 000,001,465 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.10.04 19:38:46 | 000,909,176 | ---- | M] (Microsoft Corporation) -- C:\Users\Stuffi\Desktop\WGAPluginInstall.exe
[2010.10.01 07:30:22 | 001,339,288 | ---- | M] () -- C:\Users\Stuffi\Desktop\sar_15_sfx.exe
[2010.09.30 22:42:26 | 000,278,161 | ---- | M] () -- C:\Users\Stuffi\Desktop\gmer1015.zip
[2010.09.30 20:05:26 | 000,003,854 | ---- | M] () -- C:\Users\Stuffi\Desktop\cc_20100930_200429.reg
[2010.09.30 19:14:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010.09.29 09:16:48 | 000,000,120 | ---- | M] () -- C:\Users\Stuffi\AppData\Local\Oxafepa.dat
[2010.09.29 01:24:56 | 000,000,000 | ---- | M] () -- C:\Users\Stuffi\AppData\Local\Rmitefova.bin
[2010.09.29 00:34:47 | 000,057,192 | ---- | M] () -- C:\Users\Stuffi\Desktop\regelkalender.pdf
[2010.09.22 11:25:41 | 000,013,093 | ---- | M] () -- C:\Users\Stuffi\Desktop\backimage.jpg
[2010.09.21 06:41:55 | 000,948,224 | ---- | M] () -- C:\Users\Stuffi\Desktop\Amigurumi.doc
[2010.09.21 06:26:32 | 000,611,045 | ---- | M] () -- C:\Users\Stuffi\Desktop\WolleUndDesignEnglischeStrickbegriffe2004.pdf
[2010.09.20 06:32:10 | 000,000,062 | ---- | M] () -- C:\CPU-DATA.INI
[2010.09.17 13:34:57 | 000,001,403 | ---- | M] () -- C:\Users\Public\Desktop\memoCARD.lnk
[2010.09.17 12:52:06 | 000,000,665 | ---- | M] () -- C:\Windows\Lexstat.ini
[2010.09.15 14:15:54 | 000,331,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010.09.15 14:15:50 | 001,392,671 | ---- | M] (Microsoft Corporation) -- C:\Windows\msvbvm60.dll
[2010.09.15 14:15:50 | 000,151,622 | ---- | M] (Microsoft Corporation) -- C:\Windows\modcas.dll
[2010.09.15 14:15:50 | 000,125,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\vb6de.dll
[2010.09.15 14:15:50 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\odestkit.dll
[2010.09.15 14:15:50 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\ODEUNST.EXE
[2010.09.14 19:07:41 | 001,036,531 | ---- | M] () -- C:\Users\Stuffi\Desktop\lexmark bed.an..pdf
[2010.09.11 18:49:11 | 000,030,538 | ---- | M] () -- C:\Users\Stuffi\Desktop\singer190707REX_228x614.jpg
[2010.09.11 17:43:50 | 000,000,926 | ---- | M] () -- C:\Windows\posteriza.INI
[2010.09.11 17:26:45 | 000,035,840 | -H-- | M] () -- C:\Users\Stuffi\AppData\Roaming\MBSGWorldPlugin3550.dll
[2010.09.11 17:26:44 | 000,065,024 | -H-- | M] () -- C:\Users\Stuffi\AppData\Roaming\MBSPicturePlugin3595.dll
[2010.09.11 17:26:44 | 000,027,648 | -H-- | M] () -- C:\Users\Stuffi\AppData\Roaming\MBSRegistrationPlugin3596.dll
[2010.09.11 17:26:43 | 000,120,832 | -H-- | M] () -- C:\Users\Stuffi\AppData\Roaming\MBSJPEGDecompressionPlugin3597.dll
[2010.09.11 17:26:42 | 000,086,528 | -H-- | M] () -- C:\Users\Stuffi\AppData\Roaming\rbap500.dll
[2010.09.11 15:04:57 | 000,000,846 | ---- | M] () -- C:\Users\Stuffi\Documents\jürgen.lst
[2010.09.11 14:07:21 | 000,000,453 | ---- | M] () -- C:\Users\Stuffi\Documents\cyffhoff rätzel.lst
[2010.09.11 12:39:38 | 000,330,240 | ---- | M] () -- C:\Windows\PICSUninstall.exe
[2010.09.10 16:53:14 | 003,752,469 | ---- | M] () -- C:\Users\Stuffi\Desktop\E-De-Cologne - Zimboculture.mp3
[2010.09.10 16:50:10 | 006,533,152 | ---- | M] () -- C:\Users\Stuffi\Desktop\Buzz Fuzz - D-Leria(2).mp3
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.07 07:22:23 | 000,027,741 | ---- | C] () -- C:\Users\Stuffi\Desktop\fehlermeldung.jpg
[2010.10.04 22:18:19 | 000,001,465 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.10.01 07:30:08 | 001,339,288 | ---- | C] () -- C:\Users\Stuffi\Desktop\sar_15_sfx.exe
[2010.09.30 22:42:20 | 000,278,161 | ---- | C] () -- C:\Users\Stuffi\Desktop\gmer1015.zip
[2010.09.30 20:05:19 | 000,003,854 | ---- | C] () -- C:\Users\Stuffi\Desktop\cc_20100930_200429.reg
[2010.09.30 19:14:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010.09.29 01:24:56 | 000,000,120 | ---- | C] () -- C:\Users\Stuffi\AppData\Local\Oxafepa.dat
[2010.09.29 01:24:56 | 000,000,000 | ---- | C] () -- C:\Users\Stuffi\AppData\Local\Rmitefova.bin
[2010.09.29 00:34:46 | 000,057,192 | ---- | C] () -- C:\Users\Stuffi\Desktop\regelkalender.pdf
[2010.09.22 11:25:31 | 000,013,093 | ---- | C] () -- C:\Users\Stuffi\Desktop\backimage.jpg
[2010.09.21 06:41:54 | 000,948,224 | ---- | C] () -- C:\Users\Stuffi\Desktop\Amigurumi.doc
[2010.09.21 06:26:32 | 000,611,045 | ---- | C] () -- C:\Users\Stuffi\Desktop\WolleUndDesignEnglischeStrickbegriffe2004.pdf
[2010.09.20 06:32:10 | 000,000,062 | ---- | C] () -- C:\CPU-DATA.INI
[2010.09.17 13:34:57 | 000,001,403 | ---- | C] () -- C:\Users\Public\Desktop\memoCARD.lnk
[2010.09.14 19:07:41 | 001,036,531 | ---- | C] () -- C:\Users\Stuffi\Desktop\lexmark bed.an..pdf
[2010.09.11 18:48:56 | 000,030,538 | ---- | C] () -- C:\Users\Stuffi\Desktop\singer190707REX_228x614.jpg
[2010.09.11 17:25:41 | 000,035,840 | -H-- | C] () -- C:\Users\Stuffi\AppData\Roaming\MBSGWorldPlugin3550.dll
[2010.09.11 17:25:37 | 000,065,024 | -H-- | C] () -- C:\Users\Stuffi\AppData\Roaming\MBSPicturePlugin3595.dll
[2010.09.11 17:25:37 | 000,027,648 | -H-- | C] () -- C:\Users\Stuffi\AppData\Roaming\MBSRegistrationPlugin3596.dll
[2010.09.11 17:25:36 | 000,120,832 | -H-- | C] () -- C:\Users\Stuffi\AppData\Roaming\MBSJPEGDecompressionPlugin3597.dll
[2010.09.11 17:25:35 | 000,086,528 | -H-- | C] () -- C:\Users\Stuffi\AppData\Roaming\rbap500.dll
[2010.09.11 15:04:57 | 000,000,846 | ---- | C] () -- C:\Users\Stuffi\Documents\jürgen.lst
[2010.09.11 13:57:20 | 000,000,453 | ---- | C] () -- C:\Users\Stuffi\Documents\cyffhoff rätzel.lst
[2010.09.11 12:39:38 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe
[2010.09.10 17:07:26 | 000,185,344 | ---- | C] () -- C:\Windows\System32\BDEADMIN.CPL
[2010.09.10 16:53:11 | 003,752,469 | ---- | C] () -- C:\Users\Stuffi\Desktop\E-De-Cologne - Zimboculture.mp3
[2010.09.10 16:50:06 | 006,533,152 | ---- | C] () -- C:\Users\Stuffi\Desktop\Buzz Fuzz - D-Leria(2).mp3
[2010.09.03 20:11:26 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbcutil.dll
[2010.09.03 20:11:26 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBCinst.dll
[2010.09.03 17:27:27 | 000,000,132 | ---- | C] () -- C:\Windows\System32\lxbzplc.ini
[2010.09.03 16:00:02 | 000,004,990 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.09.03 14:09:41 | 000,000,926 | ---- | C] () -- C:\Windows\posteriza.INI
[2010.09.01 16:01:35 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.07.28 08:46:29 | 000,524,288 | -HS- | C] () -- C:\Users\Stuffi\ntuser.dat{c25c0a47-9a13-11df-80be-001a92fa7b35}.TMContainer00000000000000000002.regtrans-ms
[2010.07.28 08:46:29 | 000,524,288 | -HS- | C] () -- C:\Users\Stuffi\ntuser.dat{c25c0a47-9a13-11df-80be-001a92fa7b35}.TMContainer00000000000000000001.regtrans-ms
[2010.07.28 08:46:28 | 000,065,536 | -HS- | C] () -- C:\Users\Stuffi\ntuser.dat{c25c0a47-9a13-11df-80be-001a92fa7b35}.TM.blf
[2010.07.08 18:24:38 | 000,000,431 | ---- | C] () -- C:\Windows\viewer.ini
[2010.06.02 05:22:54 | 001,412,902 | ---- | C] () -- C:\Users\Stuffi\OCT2006_d3dx9_31_x64.cab
[2010.06.02 05:22:54 | 001,127,217 | ---- | C] () -- C:\Users\Stuffi\OCT2006_d3dx9_31_x86.cab
[2010.06.02 05:22:54 | 000,273,960 | ---- | C] () -- C:\Users\Stuffi\Nov2008_XAudio_x64.cab
[2010.06.02 05:22:54 | 000,272,611 | ---- | C] () -- C:\Users\Stuffi\Nov2008_XAudio_x86.cab
[2010.06.02 05:22:54 | 000,182,361 | ---- | C] () -- C:\Users\Stuffi\OCT2006_XACT_x64.cab
[2010.06.02 05:22:54 | 000,138,017 | ---- | C] () -- C:\Users\Stuffi\OCT2006_XACT_x86.cab
[2010.06.02 05:22:54 | 000,086,037 | ---- | C] () -- C:\Users\Stuffi\Oct2005_xinput_x64.cab
[2010.06.02 05:22:54 | 000,045,359 | ---- | C] () -- C:\Users\Stuffi\Oct2005_xinput_x86.cab
[2010.06.02 05:22:52 | 001,906,878 | ---- | C] () -- C:\Users\Stuffi\Nov2008_d3dx9_40_x64.cab
[2010.06.02 05:22:52 | 001,550,796 | ---- | C] () -- C:\Users\Stuffi\Nov2008_d3dx9_40_x86.cab
[2010.06.02 05:22:52 | 000,965,421 | ---- | C] () -- C:\Users\Stuffi\Nov2008_d3dx10_40_x86.cab
[2010.06.02 05:22:52 | 000,121,794 | ---- | C] () -- C:\Users\Stuffi\Nov2008_XACT_x64.cab
[2010.06.02 05:22:52 | 000,092,684 | ---- | C] () -- C:\Users\Stuffi\Nov2008_XACT_x86.cab
[2010.06.02 05:22:52 | 000,054,522 | ---- | C] () -- C:\Users\Stuffi\Nov2008_X3DAudio_x64.cab
[2010.06.02 05:22:52 | 000,021,851 | ---- | C] () -- C:\Users\Stuffi\Nov2008_X3DAudio_x86.cab
[2010.06.02 05:22:50 | 000,994,154 | ---- | C] () -- C:\Users\Stuffi\Nov2008_d3dx10_40_x64.cab
[2010.06.02 05:22:50 | 000,196,762 | ---- | C] () -- C:\Users\Stuffi\NOV2007_XACT_x64.cab
[2010.06.02 05:22:50 | 000,148,264 | ---- | C] () -- C:\Users\Stuffi\NOV2007_XACT_x86.cab
[2010.06.02 05:22:50 | 000,046,144 | ---- | C] () -- C:\Users\Stuffi\NOV2007_X3DAudio_x64.cab
[2010.06.02 05:22:50 | 000,018,496 | ---- | C] () -- C:\Users\Stuffi\NOV2007_X3DAudio_x86.cab
[2010.06.02 05:22:48 | 001,802,058 | ---- | C] () -- C:\Users\Stuffi\Nov2007_d3dx9_36_x64.cab
[2010.06.02 05:22:48 | 001,709,360 | ---- | C] () -- C:\Users\Stuffi\Nov2007_d3dx9_36_x86.cab
[2010.06.02 05:22:48 | 000,864,600 | ---- | C] () -- C:\Users\Stuffi\Nov2007_d3dx10_36_x64.cab
[2010.06.02 05:22:48 | 000,803,884 | ---- | C] () -- C:\Users\Stuffi\Nov2007_d3dx10_36_x86.cab
[2010.06.02 05:22:48 | 000,273,018 | ---- | C] () -- C:\Users\Stuffi\Mar2009_XAudio_x86.cab
[2010.06.02 05:22:46 | 000,275,044 | ---- | C] () -- C:\Users\Stuffi\Mar2009_XAudio_x64.cab
[2010.06.02 05:22:46 | 000,121,506 | ---- | C] () -- C:\Users\Stuffi\Mar2009_XACT_x64.cab
[2010.06.02 05:22:46 | 000,092,740 | ---- | C] () -- C:\Users\Stuffi\Mar2009_XACT_x86.cab
[2010.06.02 05:22:38 | 000,054,600 | ---- | C] () -- C:\Users\Stuffi\Mar2009_X3DAudio_x64.cab
[2010.06.02 05:22:38 | 000,021,298 | ---- | C] () -- C:\Users\Stuffi\Mar2009_X3DAudio_x86.cab
[2010.06.02 05:22:36 | 001,973,702 | ---- | C] () -- C:\Users\Stuffi\Mar2009_d3dx9_41_x64.cab
[2010.06.02 05:22:36 | 001,612,446 | ---- | C] () -- C:\Users\Stuffi\Mar2009_d3dx9_41_x86.cab
[2010.06.02 05:22:36 | 001,067,160 | ---- | C] () -- C:\Users\Stuffi\Mar2009_d3dx10_41_x64.cab
[2010.06.02 05:22:36 | 001,040,745 | ---- | C] () -- C:\Users\Stuffi\Mar2009_d3dx10_41_x86.cab
[2010.06.02 05:22:36 | 000,251,194 | ---- | C] () -- C:\Users\Stuffi\Mar2008_XAudio_x64.cab
[2010.06.02 05:22:36 | 000,226,250 | ---- | C] () -- C:\Users\Stuffi\Mar2008_XAudio_x86.cab
[2010.06.02 05:22:36 | 000,122,336 | ---- | C] () -- C:\Users\Stuffi\Mar2008_XACT_x64.cab
[2010.06.02 05:22:36 | 000,093,734 | ---- | C] () -- C:\Users\Stuffi\Mar2008_XACT_x86.cab
[2010.06.02 05:22:34 | 001,769,862 | ---- | C] () -- C:\Users\Stuffi\Mar2008_d3dx9_37_x64.cab
[2010.06.02 05:22:34 | 001,443,282 | ---- | C] () -- C:\Users\Stuffi\Mar2008_d3dx9_37_x86.cab
[2010.06.02 05:22:34 | 000,818,260 | ---- | C] () -- C:\Users\Stuffi\Mar2008_d3dx10_37_x86.cab
[2010.06.02 05:22:34 | 000,055,058 | ---- | C] () -- C:\Users\Stuffi\Mar2008_X3DAudio_x64.cab
[2010.06.02 05:22:34 | 000,021,867 | ---- | C] () -- C:\Users\Stuffi\Mar2008_X3DAudio_x86.cab
[2010.06.02 05:22:32 | 000,937,246 | ---- | C] () -- C:\Users\Stuffi\Jun2010_d3dx9_43_x64.cab
[2010.06.02 05:22:32 | 000,844,884 | ---- | C] () -- C:\Users\Stuffi\Mar2008_d3dx10_37_x64.cab
[2010.06.02 05:22:32 | 000,768,036 | ---- | C] () -- C:\Users\Stuffi\Jun2010_d3dx9_43_x86.cab
[2010.06.02 05:22:32 | 000,278,060 | ---- | C] () -- C:\Users\Stuffi\Jun2010_XAudio_x86.cab
[2010.06.02 05:22:32 | 000,277,338 | ---- | C] () -- C:\Users\Stuffi\Jun2010_XAudio_x64.cab
[2010.06.02 05:22:32 | 000,124,596 | ---- | C] () -- C:\Users\Stuffi\Jun2010_XACT_x64.cab
[2010.06.02 05:22:32 | 000,093,686 | ---- | C] () -- C:\Users\Stuffi\Jun2010_XACT_x86.cab
[2010.06.02 05:22:30 | 000,762,188 | ---- | C] () -- C:\Users\Stuffi\Jun2010_d3dcsx_43_x86.cab
[2010.06.02 05:22:30 | 000,235,955 | ---- | C] () -- C:\Users\Stuffi\Jun2010_d3dx10_43_x64.cab
[2010.06.02 05:22:30 | 000,197,283 | ---- | C] () -- C:\Users\Stuffi\Jun2010_d3dx10_43_x86.cab
[2010.06.02 05:22:30 | 000,138,205 | ---- | C] () -- C:\Users\Stuffi\Jun2010_d3dx11_43_x64.cab
[2010.06.02 05:22:30 | 000,109,445 | ---- | C] () -- C:\Users\Stuffi\Jun2010_d3dx11_43_x86.cab
[2010.06.02 05:22:28 | 000,944,460 | ---- | C] () -- C:\Users\Stuffi\Jun2010_D3DCompiler_43_x64.cab
[2010.06.02 05:22:28 | 000,931,471 | ---- | C] () -- C:\Users\Stuffi\Jun2010_D3DCompiler_43_x86.cab
[2010.06.02 05:22:28 | 000,752,783 | ---- | C] () -- C:\Users\Stuffi\Jun2010_d3dcsx_43_x64.cab
[2010.06.02 05:22:20 | 000,269,024 | ---- | C] () -- C:\Users\Stuffi\JUN2008_XAudio_x86.cab
[2010.06.02 05:22:18 | 001,792,608 | ---- | C] () -- C:\Users\Stuffi\JUN2008_d3dx9_38_x64.cab
[2010.06.02 05:22:18 | 001,463,878 | ---- | C] () -- C:\Users\Stuffi\JUN2008_d3dx9_38_x86.cab
[2010.06.02 05:22:18 | 000,867,828 | ---- | C] () -- C:\Users\Stuffi\JUN2008_d3dx10_38_x64.cab
[2010.06.02 05:22:18 | 000,849,919 | ---- | C] () -- C:\Users\Stuffi\JUN2008_d3dx10_38_x86.cab
[2010.06.02 05:22:18 | 000,269,628 | ---- | C] () -- C:\Users\Stuffi\JUN2008_XAudio_x64.cab
[2010.06.02 05:22:18 | 000,152,909 | ---- | C] () -- C:\Users\Stuffi\JUN2007_XACT_x86.cab
[2010.06.02 05:22:18 | 000,121,054 | ---- | C] () -- C:\Users\Stuffi\JUN2008_XACT_x64.cab
[2010.06.02 05:22:18 | 000,093,128 | ---- | C] () -- C:\Users\Stuffi\JUN2008_XACT_x86.cab
[2010.06.02 05:22:18 | 000,055,154 | ---- | C] () -- C:\Users\Stuffi\JUN2008_X3DAudio_x64.cab
[2010.06.02 05:22:18 | 000,021,905 | ---- | C] () -- C:\Users\Stuffi\JUN2008_X3DAudio_x86.cab
[2010.06.02 05:22:16 | 001,607,774 | ---- | C] () -- C:\Users\Stuffi\JUN2007_d3dx9_34_x64.cab
[2010.06.02 05:22:16 | 001,607,286 | ---- | C] () -- C:\Users\Stuffi\JUN2007_d3dx9_34_x86.cab
[2010.06.02 05:22:16 | 001,064,925 | ---- | C] () -- C:\Users\Stuffi\Jun2005_d3dx9_26_x86.cab
[2010.06.02 05:22:16 | 000,699,044 | ---- | C] () -- C:\Users\Stuffi\JUN2007_d3dx10_34_x64.cab
[2010.06.02 05:22:16 | 000,698,472 | ---- | C] () -- C:\Users\Stuffi\JUN2007_d3dx10_34_x86.cab
[2010.06.02 05:22:16 | 000,197,122 | ---- | C] () -- C:\Users\Stuffi\JUN2007_XACT_x64.cab
[2010.06.02 05:22:16 | 000,180,785 | ---- | C] () -- C:\Users\Stuffi\JUN2006_XACT_x64.cab
[2010.06.02 05:22:16 | 000,133,671 | ---- | C] () -- C:\Users\Stuffi\JUN2006_XACT_x86.cab
[2010.06.02 05:22:14 | 001,336,002 | ---- | C] () -- C:\Users\Stuffi\Jun2005_d3dx9_26_x64.cab
[2010.06.02 05:22:14 | 000,277,191 | ---- | C] () -- C:\Users\Stuffi\Feb2010_XAudio_x86.cab
[2010.06.02 05:22:14 | 000,276,960 | ---- | C] () -- C:\Users\Stuffi\Feb2010_XAudio_x64.cab
[2010.06.02 05:22:14 | 000,122,446 | ---- | C] () -- C:\Users\Stuffi\Feb2010_XACT_x64.cab
[2010.06.02 05:22:14 | 000,093,180 | ---- | C] () -- C:\Users\Stuffi\Feb2010_XACT_x86.cab
[2010.06.02 05:22:12 | 000,194,675 | ---- | C] () -- C:\Users\Stuffi\FEB2007_XACT_x64.cab
[2010.06.02 05:22:12 | 000,147,983 | ---- | C] () -- C:\Users\Stuffi\FEB2007_XACT_x86.cab
[2010.06.02 05:22:12 | 000,054,678 | ---- | C] () -- C:\Users\Stuffi\Feb2010_X3DAudio_x64.cab
[2010.06.02 05:22:12 | 000,020,713 | ---- | C] () -- C:\Users\Stuffi\Feb2010_X3DAudio_x86.cab
[2010.06.02 05:22:10 | 000,178,359 | ---- | C] () -- C:\Users\Stuffi\Feb2006_XACT_x64.cab
[2010.06.02 05:22:10 | 000,132,409 | ---- | C] () -- C:\Users\Stuffi\Feb2006_XACT_x86.cab
[2010.06.02 05:22:04 | 001,084,720 | ---- | C] () -- C:\Users\Stuffi\Feb2006_d3dx9_29_x86.cab
[2010.06.02 05:22:02 | 001,801,048 | ---- | C] () -- C:\Users\Stuffi\dsetup32.dll
[2010.06.02 05:22:02 | 001,574,376 | ---- | C] () -- C:\Users\Stuffi\DEC2006_d3dx9_32_x86.cab
[2010.06.02 05:22:02 | 001,362,796 | ---- | C] () -- C:\Users\Stuffi\Feb2006_d3dx9_29_x64.cab
[2010.06.02 05:22:02 | 001,247,499 | ---- | C] () -- C:\Users\Stuffi\Feb2005_d3dx9_24_x64.cab
[2010.06.02 05:22:02 | 001,013,225 | ---- | C] () -- C:\Users\Stuffi\Feb2005_d3dx9_24_x86.cab
[2010.06.02 05:22:02 | 000,192,475 | ---- | C] () -- C:\Users\Stuffi\DEC2006_XACT_x64.cab
[2010.06.02 05:22:02 | 000,145,599 | ---- | C] () -- C:\Users\Stuffi\DEC2006_XACT_x86.cab
[2010.06.02 05:22:02 | 000,094,011 | ---- | C] () -- C:\Users\Stuffi\dxupdate.cab
[2010.06.02 05:22:02 | 000,042,410 | ---- | C] () -- C:\Users\Stuffi\dxdllreg_x86.cab
[2010.06.02 05:22:00 | 001,571,154 | ---- | C] () -- C:\Users\Stuffi\DEC2006_d3dx9_32_x64.cab
[2010.06.02 05:22:00 | 001,357,976 | ---- | C] () -- C:\Users\Stuffi\Dec2005_d3dx9_28_x64.cab
[2010.06.02 05:22:00 | 001,079,456 | ---- | C] () -- C:\Users\Stuffi\Dec2005_d3dx9_28_x86.cab
[2010.06.02 05:22:00 | 000,273,264 | ---- | C] () -- C:\Users\Stuffi\Aug2009_XAudio_x64.cab
[2010.06.02 05:22:00 | 000,272,642 | ---- | C] () -- C:\Users\Stuffi\Aug2009_XAudio_x86.cab
[2010.06.02 05:22:00 | 000,212,807 | ---- | C] () -- C:\Users\Stuffi\DEC2006_d3dx10_00_x64.cab
[2010.06.02 05:22:00 | 000,191,720 | ---- | C] () -- C:\Users\Stuffi\DEC2006_d3dx10_00_x86.cab
[2010.06.02 05:22:00 | 000,122,408 | ---- | C] () -- C:\Users\Stuffi\Aug2009_XACT_x64.cab
[2010.06.02 05:22:00 | 000,093,106 | ---- | C] () -- C:\Users\Stuffi\Aug2009_XACT_x86.cab
[2010.06.02 05:21:58 | 000,930,116 | ---- | C] () -- C:\Users\Stuffi\Aug2009_d3dx9_42_x64.cab
[2010.06.02 05:21:58 | 000,728,456 | ---- | C] () -- C:\Users\Stuffi\Aug2009_d3dx9_42_x86.cab
[2010.06.02 05:21:58 | 000,232,635 | ---- | C] () -- C:\Users\Stuffi\Aug2009_d3dx10_42_x64.cab
[2010.06.02 05:21:58 | 000,192,131 | ---- | C] () -- C:\Users\Stuffi\Aug2009_d3dx10_42_x86.cab
[2010.06.02 05:21:58 | 000,136,301 | ---- | C] () -- C:\Users\Stuffi\Aug2009_d3dx11_42_x64.cab
[2010.06.02 05:21:58 | 000,105,044 | ---- | C] () -- C:\Users\Stuffi\Aug2009_d3dx11_42_x86.cab
[2010.06.02 05:21:56 | 003,319,740 | ---- | C] () -- C:\Users\Stuffi\Aug2009_d3dcsx_42_x86.cab
[2010.06.02 05:21:56 | 003,112,111 | ---- | C] () -- C:\Users\Stuffi\Aug2009_d3dcsx_42_x64.cab
[2010.06.02 05:21:56 | 000,900,598 | ---- | C] () -- C:\Users\Stuffi\Aug2009_D3DCompiler_42_x86.cab
[2010.06.02 05:21:46 | 000,919,044 | ---- | C] () -- C:\Users\Stuffi\Aug2009_D3DCompiler_42_x64.cab
[2010.06.02 05:21:46 | 000,271,412 | ---- | C] () -- C:\Users\Stuffi\Aug2008_XAudio_x64.cab
[2010.06.02 05:21:46 | 000,271,038 | ---- | C] () -- C:\Users\Stuffi\Aug2008_XAudio_x86.cab
[2010.06.02 05:21:44 | 001,794,084 | ---- | C] () -- C:\Users\Stuffi\Aug2008_d3dx9_39_x64.cab
[2010.06.02 05:21:44 | 001,464,672 | ---- | C] () -- C:\Users\Stuffi\Aug2008_d3dx9_39_x86.cab
[2010.06.02 05:21:44 | 000,849,167 | ---- | C] () -- C:\Users\Stuffi\Aug2008_d3dx10_39_x86.cab
[2010.06.02 05:21:44 | 000,198,096 | ---- | C] () -- C:\Users\Stuffi\AUG2007_XACT_x64.cab
[2010.06.02 05:21:44 | 000,153,012 | ---- | C] () -- C:\Users\Stuffi\AUG2007_XACT_x86.cab
[2010.06.02 05:21:44 | 000,121,772 | ---- | C] () -- C:\Users\Stuffi\Aug2008_XACT_x64.cab
[2010.06.02 05:21:44 | 000,092,996 | ---- | C] () -- C:\Users\Stuffi\Aug2008_XACT_x86.cab
[2010.06.02 05:21:42 | 001,800,160 | ---- | C] () -- C:\Users\Stuffi\AUG2007_d3dx9_35_x64.cab
[2010.06.02 05:21:42 | 001,708,152 | ---- | C] () -- C:\Users\Stuffi\AUG2007_d3dx9_35_x86.cab
[2010.06.02 05:21:42 | 000,867,612 | ---- | C] () -- C:\Users\Stuffi\Aug2008_d3dx10_39_x64.cab
[2010.06.02 05:21:42 | 000,852,286 | ---- | C] () -- C:\Users\Stuffi\AUG2007_d3dx10_35_x64.cab
[2010.06.02 05:21:42 | 000,796,867 | ---- | C] () -- C:\Users\Stuffi\AUG2007_d3dx10_35_x86.cab
[2010.06.02 05:21:40 | 001,350,542 | ---- | C] () -- C:\Users\Stuffi\Aug2005_d3dx9_27_x64.cab
[2010.06.02 05:21:40 | 001,077,644 | ---- | C] () -- C:\Users\Stuffi\Aug2005_d3dx9_27_x86.cab
[2010.06.02 05:21:40 | 000,182,903 | ---- | C] () -- C:\Users\Stuffi\AUG2006_XACT_x64.cab
[2010.06.02 05:21:40 | 000,137,235 | ---- | C] () -- C:\Users\Stuffi\AUG2006_XACT_x86.cab
[2010.06.02 05:21:40 | 000,087,142 | ---- | C] () -- C:\Users\Stuffi\AUG2006_xinput_x64.cab
[2010.06.02 05:21:40 | 000,053,302 | ---- | C] () -- C:\Users\Stuffi\APR2007_xinput_x86.cab
[2010.06.02 05:21:40 | 000,046,058 | ---- | C] () -- C:\Users\Stuffi\AUG2006_xinput_x86.cab
[2010.06.02 05:21:38 | 001,606,039 | ---- | C] () -- C:\Users\Stuffi\APR2007_d3dx9_33_x86.cab
[2010.06.02 05:21:38 | 000,195,766 | ---- | C] () -- C:\Users\Stuffi\APR2007_XACT_x64.cab
[2010.06.02 05:21:38 | 000,151,225 | ---- | C] () -- C:\Users\Stuffi\APR2007_XACT_x86.cab
[2010.06.02 05:21:38 | 000,096,817 | ---- | C] () -- C:\Users\Stuffi\APR2007_xinput_x64.cab
[2010.06.02 05:21:36 | 001,607,358 | ---- | C] () -- C:\Users\Stuffi\APR2007_d3dx9_33_x64.cab
[2010.06.02 05:21:36 | 000,698,612 | ---- | C] () -- C:\Users\Stuffi\APR2007_d3dx10_33_x64.cab
[2010.06.02 05:21:36 | 000,695,865 | ---- | C] () -- C:\Users\Stuffi\APR2007_d3dx10_33_x86.cab
[2010.06.02 05:21:34 | 000,046,010 | ---- | C] () -- C:\Users\Stuffi\Apr2006_xinput_x86.cab
[2010.06.02 05:21:20 | 000,087,101 | ---- | C] () -- C:\Users\Stuffi\Apr2006_xinput_x64.cab
[2010.06.02 05:21:18 | 004,162,630 | ---- | C] () -- C:\Users\Stuffi\Apr2006_MDX1_x86_Archive.cab
[2010.06.02 05:21:18 | 000,916,430 | ---- | C] () -- C:\Users\Stuffi\Apr2006_MDX1_x86.cab
[2010.06.02 05:21:18 | 000,179,133 | ---- | C] () -- C:\Users\Stuffi\Apr2006_XACT_x64.cab
[2010.06.02 05:21:18 | 000,133,103 | ---- | C] () -- C:\Users\Stuffi\Apr2006_XACT_x86.cab
[2010.06.02 05:21:16 | 001,397,830 | ---- | C] () -- C:\Users\Stuffi\Apr2006_d3dx9_30_x64.cab
[2010.06.02 05:21:16 | 001,347,354 | ---- | C] () -- C:\Users\Stuffi\Apr2005_d3dx9_25_x64.cab
[2010.06.02 05:21:16 | 001,115,221 | ---- | C] () -- C:\Users\Stuffi\Apr2006_d3dx9_30_x86.cab
[2010.06.02 05:21:16 | 001,078,962 | ---- | C] () -- C:\Users\Stuffi\Apr2005_d3dx9_25_x86.cab
[2010.05.04 21:26:15 | 000,000,000 | ---- | C] () -- C:\Windows\PanelExe.INI
[2010.05.04 21:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\FileMgrExe.INI
[2010.04.02 19:06:14 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.02.11 09:55:58 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini
[2010.01.12 15:26:50 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
[2009.12.11 18:47:37 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2009.11.20 13:21:55 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.11.17 11:19:03 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.11.17 11:19:01 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.10.08 20:28:17 | 000,000,019 | ---- | C] () -- C:\Windows\KNP.INI
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.20 16:01:56 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini
[2009.07.13 13:02:12 | 000,000,321 | ---- | C] () -- C:\Windows\Sampler.INI
[2009.07.13 13:02:10 | 000,000,344 | ---- | C] () -- C:\Windows\BeatBox.INI
[2009.07.13 09:08:03 | 000,000,086 | ---- | C] () -- C:\Windows\MusicMaker.INI
[2009.06.19 15:42:36 | 000,000,094 | ---- | C] () -- C:\Users\Stuffi\AppData\Local\fusioncache.dat
[2009.05.23 21:23:04 | 000,000,008 | ---- | C] () -- C:\Users\Stuffi\AppData\Roaming\NMM-MetaData.db
[2009.04.03 12:38:59 | 000,001,351 | ---- | C] () -- C:\Windows\psmplay.ini
[2009.04.02 08:25:16 | 000,000,025 | ---- | C] () -- C:\Windows\MotoSkin.INI
[2009.04.02 07:30:08 | 000,009,913 | ---- | C] () -- C:\Users\Stuffi\MCCI_MDM.INF
[2009.04.02 07:30:08 | 000,006,989 | ---- | C] () -- C:\Users\Stuffi\MCCI_BUS.INF
[2009.04.02 07:30:08 | 000,004,477 | ---- | C] () -- C:\Users\Stuffi\MCCI_SDM.INF
[2009.04.02 07:30:05 | 000,020,848 | ---- | C] () -- C:\Users\Stuffi\1238650205-(null) - Kopie
[2009.04.02 07:30:05 | 000,015,884 | ---- | C] () -- C:\Users\Stuffi\1238650204-(null) - Kopie (7)
[2009.04.02 07:30:05 | 000,009,232 | ---- | C] () -- C:\Users\Stuffi\1238650205-(null)
[2009.04.02 07:30:04 | 000,018,104 | ---- | C] () -- C:\Users\Stuffi\1238650204-(null) - Kopie
[2009.04.02 07:30:04 | 000,016,524 | ---- | C] () -- C:\Users\Stuffi\1238650204-(null) - Kopie (3)
[2009.04.02 07:30:04 | 000,016,348 | ---- | C] () -- C:\Users\Stuffi\1238650204-(null) - Kopie (5)
[2009.04.02 07:30:04 | 000,006,947 | ---- | C] () -- C:\Users\Stuffi\1238650204-(null)
[2009.04.02 07:30:04 | 000,006,009 | ---- | C] () -- C:\Users\Stuffi\1238650204-(null) - Kopie (4)
[2009.04.02 07:30:04 | 000,005,877 | ---- | C] () -- C:\Users\Stuffi\1238650204-(null) - Kopie (2)
[2009.04.02 07:30:04 | 000,005,813 | ---- | C] () -- C:\Users\Stuffi\1238650204-(null) - Kopie (6)
[2009.04.02 07:19:25 | 000,009,232 | ---- | C] () -- C:\Users\Stuffi\USB_MOT_BRIT.INF
[2009.04.02 07:19:25 | 000,007,201 | ---- | C] () -- C:\Users\Stuffi\USBMOT2000.INF
[2009.04.02 07:19:25 | 000,006,141 | ---- | C] () -- C:\Users\Stuffi\USBMOT2000XP.INF
[2009.04.02 07:19:25 | 000,005,960 | ---- | C] () -- C:\Users\Stuffi\USB_MOT_A1000.INF
[2009.04.02 07:19:25 | 000,005,880 | ---- | C] () -- C:\Users\Stuffi\USB_CMCS_2000.INF
[2009.04.02 07:19:20 | 000,025,424 | ---- | C] () -- C:\Users\Stuffi\1238649560-oem44.PNF
[2009.04.02 07:19:20 | 000,010,070 | ---- | C] () -- C:\Users\Stuffi\1238649560-oem44.inf
[2009.04.02 07:18:42 | 000,044,865 | ---- | C] () -- C:\Users\Stuffi\Motorola_Driver_Log.txt
[2009.02.23 14:05:15 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2009.02.23 13:35:54 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2009.02.23 13:33:53 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.02.22 00:10:44 | 000,000,016 | -H-- | C] () -- C:\Users\Stuffi\AppData\Roaming\mxfilerelatedcache.mxc2
[2009.02.22 00:10:43 | 000,000,016 | -H-- | C] () -- C:\Users\Stuffi\AppData\Local\mxfilerelatedcache.mxc2
[2009.02.19 22:51:29 | 000,000,000 | ---- | C] () -- C:\Windows\OODCNT.INI
[2009.02.19 22:24:09 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009.01.31 00:28:29 | 000,114,816 | ---- | C] () -- C:\Windows\System32\MSMT4232.DLL
[2009.01.31 00:14:00 | 000,000,409 | ---- | C] () -- C:\Windows\cmbtll.ini
[2009.01.31 00:14:00 | 000,000,185 | ---- | C] () -- C:\Windows\cmbtctl.ini
[2009.01.31 00:11:18 | 000,000,091 | ---- | C] () -- C:\Windows\combit.ini
[2009.01.31 00:11:18 | 000,000,063 | ---- | C] () -- C:\Windows\VISKARTE.INI
[2008.12.27 23:11:31 | 000,073,216 | ---- | C] () -- C:\Windows\System32\drivers\sentinel.sys
[2008.12.27 23:11:31 | 000,002,421 | ---- | C] () -- C:\Windows\System32\drivers\enport.sys
[2008.12.17 08:48:21 | 000,000,016 | -H-- | C] () -- C:\Users\Stuffi\mxfilerelatedcache.mxc2
[2008.12.14 12:59:10 | 000,000,377 | ---- | C] () -- C:\Users\Stuffi\Dokumente - Verknüpfung.lnk
[2008.12.08 14:02:04 | 000,005,456 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.12.06 19:49:18 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.11.15 13:17:25 | 000,000,665 | ---- | C] () -- C:\Windows\Lexstat.ini
[2008.11.15 12:49:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbccoin.dll
[2008.11.15 12:49:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbcvs.dll
[2008.11.14 13:55:42 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2008.10.27 20:50:20 | 000,228,354 | ---- | C] () -- C:\Users\Stuffi\AppData\Local\wgymqui_nav.dat
[2008.10.27 20:50:20 | 000,005,024 | ---- | C] () -- C:\Users\Stuffi\AppData\Local\wgymqui.dat
[2008.10.27 20:50:20 | 000,001,704 | ---- | C] () -- C:\Users\Stuffi\AppData\Local\wgymqui_navps.dat
[2008.10.01 14:18:32 | 000,000,020 | -HS- | C] () -- C:\Users\Stuffi\ntuser.ini
[2008.08.14 15:33:46 | 000,035,024 | ---- | C] () -- C:\Windows\System32\drivers\fses.sys
[2008.06.21 20:49:04 | 000,001,294 | ---- | C] () -- C:\Windows\wininit.ini
[2008.04.28 23:19:56 | 000,524,288 | -HS- | C] () -- C:\Users\Stuffi\ntuser.dat{06b0b65a-1567-11dd-b098-001a92fa7b35}.TMContainer00000000000000000002.regtrans-ms
[2008.04.28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.04.28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.04.28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.04.28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.04.28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.04.28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.04.28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.04.28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.04.28 12:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.04.20 20:07:28 | 000,000,187 | ---- | C] () -- C:\Windows\Lcars.ini
[2008.03.30 12:50:39 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.19 22:23:13 | 000,031,007 | ---- | C] () -- C:\Users\Stuffi\AppData\Roaming\UserTile.png
[2008.02.11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.06 22:54:35 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2008.01.24 02:29:14 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008.01.20 06:26:32 | 000,000,748 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.01.14 04:47:14 | 000,000,029 | ---- | C] () -- C:\Windows\games.INI
[2008.01.14 02:37:49 | 000,001,356 | ---- | C] () -- C:\Users\Stuffi\AppData\Local\d3d9caps.dat
[2008.01.14 01:33:02 | 000,191,488 | ---- | C] () -- C:\Users\Stuffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.13 23:11:14 | 006,291,456 | ---- | C] () -- C:\Users\Stuffi\ntuser.dat
[2008.01.13 23:11:14 | 000,262,144 | -H-- | C] () -- C:\Users\Stuffi\ntuser.dat.LOG2
[2008.01.13 23:11:14 | 000,262,144 | -H-- | C] () -- C:\Users\Stuffi\ntuser.dat.LOG1
[2008.01.02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007.05.24 14:01:06 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.05.24 13:35:15 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.05.24 13:32:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.05.24 13:32:29 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.05.24 13:32:29 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.05.24 13:32:29 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.05.24 13:32:29 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.05.24 13:32:29 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.05.24 13:25:55 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.05.24 13:24:01 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.05.24 13:24:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.05.24 13:24:01 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.05.24 13:24:01 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.05.24 12:48:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.05.24 12:47:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007.03.30 00:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.05.15 21:39:00 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2008.06.09 03:38:25 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\.purple
[2010.10.04 21:54:41 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Ashampoo
[2010.04.02 17:07:11 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\avidemux
[2010.09.26 21:12:29 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Azureus
[2009.02.23 15:01:33 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Babylon
[2008.12.11 01:02:53 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\BinarySense
[2010.10.04 22:19:10 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Canneverbe Limited
[2010.09.03 16:00:05 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Carambis
[2010.07.19 14:11:58 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Cytyom
[2010.09.29 17:12:16 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\DAEMON Tools
[2009.07.13 00:00:39 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\DarkWave Studio
[2009.12.02 07:57:57 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Desktopicon
[2009.03.08 16:08:42 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Dexpot
[2010.07.20 09:28:43 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Foxit Software
[2010.02.08 15:18:19 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\FreeVideoConverter
[2008.12.19 00:26:15 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\GibbHill Properties Ltd
[2009.04.22 07:59:43 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\GMX
[2010.07.14 14:47:32 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\gtk-2.0
[2008.05.15 02:44:42 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\ICQ
[2008.05.15 02:18:45 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\ICQ Toolbar
[2009.08.12 13:45:04 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Image Zone Express
[2008.05.23 05:55:23 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\IrfanView
[2009.08.15 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Leadertech
[2009.03.07 14:49:18 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\LimeWire
[2010.08.24 17:00:32 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Lionhead Studios
[2009.07.16 13:12:25 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\MAGIX
[2010.09.29 11:51:23 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Mairyh
[2008.11.14 13:51:29 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Megaupload
[2008.05.12 21:39:42 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Miranda
[2009.05.23 21:23:05 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Nokia
[2009.03.30 19:33:49 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\OpenOffice.org
[2010.08.13 12:55:19 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Opera
[2010.10.06 21:24:53 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Ossy
[2010.08.03 20:13:49 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Otheoz
[2008.01.18 14:38:33 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Participatory Culture Foundation
[2008.09.13 18:49:42 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\PC Suite
[2008.10.11 22:08:35 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\PCF-VLC
[2008.02.19 22:23:13 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\PeerNetworking
[2010.09.11 12:40:23 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\pics
[2008.12.08 15:52:13 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Printer Info Cache
[2010.09.28 19:02:03 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\QuickScan
[2010.01.25 08:42:25 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\RDecke
[2010.09.14 20:07:35 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Scribus
[2009.03.18 21:39:15 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Shareaza
[2008.02.07 16:09:48 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\SmartSurfer
[2008.10.15 11:00:59 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Spamihilator
[2008.08.25 17:45:59 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\TomTom
[2009.03.04 23:16:55 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Toshiba
[2008.01.14 14:53:08 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\TuneUp Software
[2010.02.05 21:54:20 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\TuxPaint
[2009.11.17 11:25:39 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Ubisoft
[2008.03.04 12:37:01 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Ulead Systems
[2009.10.21 21:19:00 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\UltimateZip
[2008.09.04 17:04:32 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\uTorrent
[2008.03.04 11:50:21 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\WEBDE
[2008.11.24 23:33:49 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Wormux
[2010.04.02 09:50:38 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Xilisoft
[2010.10.07 07:04:18 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.06.09 03:38:25 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\.purple
[2008.12.17 09:46:53 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Adobe
[2010.04.02 19:34:28 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Ahead
[2008.02.06 22:55:06 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\AOL
[2009.10.31 11:25:29 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Apple Computer
[2010.10.04 21:54:41 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Ashampoo
[2010.04.02 17:07:11 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\avidemux
[2009.04.10 11:41:32 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\AVS4YOU
[2010.09.26 21:12:29 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Azureus
[2009.02.23 15:01:33 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Babylon
[2008.12.11 01:02:53 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\BinarySense
[2010.10.04 22:19:10 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Canneverbe Limited
[2010.09.03 16:00:05 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Carambis
[2010.07.19 14:11:58 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Cytyom
[2010.09.29 17:12:16 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\DAEMON Tools
[2009.07.13 00:00:39 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\DarkWave Studio
[2009.12.02 07:57:57 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Desktopicon
[2009.03.08 16:08:42 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Dexpot
[2008.01.19 17:34:28 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\DivX
[2010.09.29 17:12:16 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\dvdcss
[2009.06.25 01:30:04 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\dvdcss-BackupByVLCPortable
[2010.07.20 09:28:43 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Foxit Software
[2010.02.08 15:18:19 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\FreeVideoConverter
[2008.12.19 00:26:15 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\GibbHill Properties Ltd
[2009.04.22 07:59:43 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\GMX
[2008.09.16 16:04:12 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Google
[2010.07.14 14:47:32 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\gtk-2.0
[2008.12.08 22:17:04 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\HP
[2008.05.15 02:44:42 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\ICQ
[2008.05.15 02:18:45 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\ICQ Toolbar
[2008.01.13 23:13:56 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Identities
[2009.08.12 13:45:04 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Image Zone Express
[2008.01.24 02:24:55 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\InstallShield
[2008.05.23 05:55:23 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\IrfanView
[2009.08.15 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Leadertech
[2009.03.07 14:49:18 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\LimeWire
[2010.08.24 17:00:32 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Lionhead Studios
[2008.01.14 00:45:48 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Macromedia
[2009.07.16 13:12:25 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\MAGIX
[2010.09.29 11:51:23 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Mairyh
[2009.01.12 16:12:31 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Media Center Programs
[2008.11.14 13:51:29 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Megaupload
[2010.10.06 08:28:03 | 000,000,000 | --SD | M] -- C:\Users\Stuffi\AppData\Roaming\Microsoft
[2008.05.12 21:39:42 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Miranda
[2008.04.01 19:52:16 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Mozilla
[2010.04.18 14:51:18 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Nero
[2009.05.23 21:23:05 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Nokia
[2009.03.30 19:33:49 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\OpenOffice.org
[2010.08.13 12:55:19 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Opera
[2010.10.06 21:24:53 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Ossy
[2010.08.03 20:13:49 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Otheoz
[2008.01.18 14:38:33 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Participatory Culture Foundation
[2008.09.13 18:49:42 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\PC Suite
[2008.10.11 22:08:35 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\PCF-VLC
[2008.02.19 22:23:13 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\PeerNetworking
[2010.09.11 12:40:23 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\pics
[2008.12.08 15:52:13 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Printer Info Cache
[2010.09.28 19:02:03 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\QuickScan
[2010.01.25 08:42:25 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\RDecke
[2008.11.24 19:07:22 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Real
[2010.09.14 20:07:35 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Scribus
[2009.03.18 21:39:15 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Shareaza
[2010.03.05 13:13:38 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Skype
[2010.03.05 13:13:25 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\skypePM
[2008.02.07 16:09:48 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\SmartSurfer
[2008.10.15 11:00:59 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Spamihilator
[2008.11.14 10:04:54 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\teamspeak2
[2008.08.25 17:45:59 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\TomTom
[2009.03.04 23:16:55 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Toshiba
[2008.01.14 14:53:08 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\TuneUp Software
[2010.02.05 21:54:20 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\TuxPaint
[2009.11.17 11:25:39 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Ubisoft
[2008.03.04 12:37:01 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Ulead Systems
[2009.10.21 21:19:00 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\UltimateZip
[2008.09.04 17:04:32 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\uTorrent
[2010.10.07 12:03:42 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\vlc
[2008.03.04 11:50:21 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\WEBDE
[2010.04.25 09:03:33 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Winamp
[2008.01.14 00:51:52 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\WinRAR
[2008.11.24 23:33:49 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Wormux
[2010.04.02 09:50:38 | 000,000,000 | ---D | M] -- C:\Users\Stuffi\AppData\Roaming\Xilisoft
 
< %APPDATA%\*.exe /s >
[2009.02.08 13:28:23 | 000,010,134 | R--- | M] () -- C:\Users\Stuffi\AppData\Roaming\Microsoft\Installer\{23BB7035-B5A4-47B1-81E4-51E88A31F3DD}\ARPPRODUCTICON.exe
[2009.02.08 13:28:24 | 000,008,854 | R--- | M] () -- C:\Users\Stuffi\AppData\Roaming\Microsoft\Installer\{23BB7035-B5A4-47B1-81E4-51E88A31F3DD}\ck_software.de.url_49086A1D874D4FBC906FEF470C7CE829.exe
[2009.02.08 13:28:24 | 000,204,800 | R--- | M] (Macrovision Corporation) -- C:\Users\Stuffi\AppData\Roaming\Microsoft\Installer\{23BB7035-B5A4-47B1-81E4-51E88A31F3DD}\visitenkarten.exe1_49086A1D874D4FBC906FEF470C7CE829.exe
[2009.02.08 13:28:24 | 000,204,800 | R--- | M] (Macrovision Corporation) -- C:\Users\Stuffi\AppData\Roaming\Microsoft\Installer\{23BB7035-B5A4-47B1-81E4-51E88A31F3DD}\visitenkarten.exe_49086A1D874D4FBC906FEF470C7CE829.exe
[2009.03.13 17:02:17 | 000,010,134 | R--- | M] () -- C:\Users\Stuffi\AppData\Roaming\Microsoft\Installer\{81BEDFC2-CD4B-4D3B-AF88-2EE7EAEC812F}\_27FC0B1E244C1D46306F2A.exe
[2009.03.13 17:02:17 | 000,134,984 | R--- | M] () -- C:\Users\Stuffi\AppData\Roaming\Microsoft\Installer\{81BEDFC2-CD4B-4D3B-AF88-2EE7EAEC812F}\_6EEA5261A5E665D26E8C80.exe
[2009.03.13 17:02:17 | 000,010,134 | R--- | M] () -- C:\Users\Stuffi\AppData\Roaming\Microsoft\Installer\{81BEDFC2-CD4B-4D3B-AF88-2EE7EAEC812F}\_C7356206FDA831A9E3AF79.exe
[2009.03.13 17:02:17 | 000,134,984 | R--- | M] () -- C:\Users\Stuffi\AppData\Roaming\Microsoft\Installer\{81BEDFC2-CD4B-4D3B-AF88-2EE7EAEC812F}\_E4F363F9282A42AFED0EE1.exe
[2009.03.11 18:32:00 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Stuffi\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2009.03.11 18:32:01 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Stuffi\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2009.03.11 18:32:01 | 000,008,854 | R--- | M] () -- C:\Users\Stuffi\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
[2010.09.11 17:32:19 | 000,015,086 | R--- | M] () -- C:\Users\Stuffi\AppData\Roaming\Microsoft\Installer\{A8EC49E4-5EB8-444C-8CE0-446904D5E629}\_6FEFF9B68218417F98F549.exe
[2010.09.11 17:32:20 | 000,015,086 | R--- | M] () -- C:\Users\Stuffi\AppData\Roaming\Microsoft\Installer\{A8EC49E4-5EB8-444C-8CE0-446904D5E629}\_7388FD78BF342A77A38BCE.exe
[2010.09.11 17:32:20 | 000,015,086 | R--- | M] () -- C:\Users\Stuffi\AppData\Roaming\Microsoft\Installer\{A8EC49E4-5EB8-444C-8CE0-446904D5E629}\_831906F2FDA02E6A09BEB0.exe
 
< %SYSTEMDRIVE%\*.exe >
[2010.04.19 09:11:09 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2007.03.22 01:10:01 | 000,229,440 | ---- | M] () -- C:\KeyViewer.exe
[2007.03.16 02:23:58 | 000,304,048 | ---- | M] ( ) -- C:\Setup.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.07 04:05:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.03.07 04:05:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.03.07 04:05:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.01.14 04:23:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.01.14 04:23:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: KR10N.SYS  >
[2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10i\KR10N.sys
[2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10n\KR10N.sys
[2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Windows\System32\drivers\KR10N.sys
[2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Windows\System32\DriverStore\FileRepository\kr10.inf_95888b8d\KR10N.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.05.24 13:09:42 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007.05.24 13:09:43 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.01.18 23:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.18 23:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]
 
< %systemroot%\System32\config\*.sav >
[2007.05.24 12:35:06 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.05.24 12:35:04 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.05.24 12:35:07 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.05.24 12:35:19 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.05.24 12:35:21 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.18 23:38:04 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.18 23:36:12 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2010.03.05 16:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbscript.dll
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 16 bytes -> C:\Users\Stuffi\Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F8B88761
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2BE9FEFC
@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
< End of report >

--- --- ---

Black-Night · 07.10.2010, 11:43

und die extraOTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 07.10.2010 12:07:49 - Run 1
OTL by OldTimer - Version 3.2.1.2     Folder = C:\Users\Stuffi\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 313,00 Mb Available Physical Memory | 31,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 51,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,66 Gb Total Space | 16,51 Gb Free Space | 29,66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54,66 Gb Total Space | 18,99 Gb Free Space | 34,74% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 931,51 Gb Total Space | 373,66 Gb Free Space | 40,11% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: STUFFIS-LAPPI
Current User Name: Stuffi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2422499485-3765178413-3129067992-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2422499485-3765178413-3129067992-1000]
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"e:\BitTorrent\bittorrent.exe" = e:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E9D18E7-B925-4C6F-91C3-7C0B64EFFF6D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1E2A3132-8B3D-45AF-A01F-A30B7C8ED3AB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{685DEF0F-24F3-41B4-9D57-CFB107819AF3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6D3FADFA-864C-444C-9FD5-17771240DB58}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{82EDADAE-7E38-484C-BC51-B4E2D00F184C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{90B2E876-A7E7-4B4A-B597-0BAB129FADEB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9ADD1ED2-5CAC-4808-A808-93444ED8C884}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BF8C857A-FA7D-444D-B59C-76961F11C39D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CD6FC623-6ED8-4669-B633-F4A49881B554}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D5358CD4-D99D-4E91-9255-A16F6074CACD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{DFAF975A-03B4-4BAF-9710-826CEF640A07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EE7BAD41-17CC-4A48-8388-BB93C546943A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EEB71833-0DA1-40D6-ADF8-2BB21876D4F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0626D6AD-F5E7-4C2B-BD4B-3CE67C7427E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{14DB5A6F-BA11-44D5-AF7F-A936B2465BA2}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{15D40B67-4072-4424-B82F-031C46BD3194}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2E3D7702-379F-40A5-83D6-9DFD5270FE06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E709F5E-3582-4330-B8F5-AE8C35EB8A88}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3AA095F3-C786-461C-818F-73F9EB00A5FA}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{3B4F1764-D80E-41A3-A5CB-52D17FC17F8C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{472A8205-FB37-41BF-AB1D-7299C68E4160}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe | 
"{473F1322-6D76-43BA-A74C-898CFC3A8C40}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{581F2433-1B93-419F-A00A-E7CB2EBA0358}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{65F97C73-06E5-4E78-A5D5-2D277328B0D8}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe | 
"{69BC56DC-E2B8-4E47-99F6-E9DEBDDF1805}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{719419BD-A57B-4DEF-B140-58DDBE98C799}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{76F4639E-61ED-4D67-8DA1-102BB00773CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{78554092-4A69-43F2-994A-CFDD93C1C680}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe | 
"{7AF1A6D5-9992-45CD-98A5-B01ACBBC9ECC}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{7C61713A-BB76-4518-A8DE-6746CCBE1F83}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe | 
"{85244A3F-97B9-4A2D-8F01-41AE1230EB6F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{894D1B9C-AD33-48F0-896C-15416E31ED8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BDDBC61-9900-428A-B1A3-0338C304854C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{8F63B0A1-5975-4E75-9E17-B8FF469D3CFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{907F3DB5-839D-4E3C-A54F-7106BBB50BAB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{9216C105-D834-4C6D-B493-D25341F40617}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{92BBD3E0-A2BE-4D54-9A43-F342BDA8C1A1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{92D44584-9735-44B6-82C0-C7C3428698DA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{A027DFAB-CF48-41B4-B178-D4CC1110AF98}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{A1F65FCB-9772-4EC4-80C8-BE20D3CB5D95}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe | 
"{A31B925C-851D-448F-AB06-432019BF41C2}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{ABC3200E-8C86-4978-BFCA-F5BE09D7B1F9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{C0EC6696-C1BB-48A7-A4AC-E895A6BA416B}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe | 
"{C5C3A2F3-BB30-45C3-A714-5E8A3B11E718}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe | 
"{C6B4E386-2DC7-493A-8807-72D12040E5DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C8FC58C3-FA0E-4BEA-9105-54D0D8F1D524}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D6D8232A-6F71-4948-8E29-FEC2843A6295}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{DAEE7719-6152-400D-8290-54CC053E4638}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{DB010718-98A4-4E29-AA68-5D5920869B2E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{DD357CCD-95AF-4960-9A47-7E070FF10778}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{DD7F2B09-D0C7-4D30-B137-4DE7376935AF}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe | 
"{E0BD55FF-2919-4F25-B688-46D86EA67BD2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E3B17765-B48A-4780-A5FD-1F7FEE1756E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F2B51D56-7A7E-491B-8D10-5E172C8C4957}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{F4734E4E-AB78-469C-BDA2-437626AA0A51}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{F5658BBD-C245-499A-AA48-C85233264DED}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{F8BDD760-C0C4-436A-9FD3-F075B2E4F3BF}" = protocol=6 | dir=out | app=system | 
"{FEF824D4-84D7-4B27-A53E-04F2FD39DE91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF6FE1CA-D2DD-4D19-B3EF-CEB541775922}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{27D3331A-6369-431F-8931-CB3EEB4EF4EB}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe | 
"TCP Query User{2CCAA17B-1974-46D0-A4EA-00930ED4751C}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"TCP Query User{5587CE61-AB78-494D-A718-94DF7EABB1CE}C:\windows\system32\spool\drivers\w32x86\3\lexpps.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lexpps.exe | 
"TCP Query User{573E8A76-07A9-419B-940A-E85C17C6D3DA}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{625F0FE9-E4E2-43BB-857B-D56FBE5E2D3C}C:\program files\gmx\gmx multimessenger\messengr.exe" = protocol=6 | dir=in | app=c:\program files\gmx\gmx multimessenger\messengr.exe | 
"TCP Query User{79CCDC59-8BE7-42B9-AE15-16ED449AC7CD}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{8DCE95A8-03D8-48CC-9B84-A89DCDD41D9E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{94BADB22-6412-4693-B3A3-EC67477A346F}C:\program files\screamer radio\screamer.exe" = protocol=6 | dir=in | app=c:\program files\screamer radio\screamer.exe | 
"TCP Query User{9AA22273-F714-4ABC-82AD-18DC2B098929}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{CB378532-4935-40A5-A41C-A28C3DF0AC53}C:\emule\emule.exe" = protocol=6 | dir=in | app=c:\emule\emule.exe | 
"TCP Query User{D5C851C9-E47F-471D-B4F9-B88619EE8126}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{D7558B54-64CF-42FE-B605-542567AB0C46}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{02029B0D-97AB-4B5E-A4FF-E59BCE0DD91A}C:\program files\screamer radio\screamer.exe" = protocol=17 | dir=in | app=c:\program files\screamer radio\screamer.exe | 
"UDP Query User{053FFE9B-929A-4B2F-8AE6-0E7EB0300873}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"UDP Query User{211FCB84-A86B-45C0-88D1-CC00B0D1D180}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{4BB3720F-FD86-46A7-B0BD-9271B9156222}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{59613937-8795-42F8-99BD-4B77BF51C02D}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe | 
"UDP Query User{746A8C63-7C86-4ECF-AE18-34B2665AC96F}C:\emule\emule.exe" = protocol=17 | dir=in | app=c:\emule\emule.exe | 
"UDP Query User{776B4B27-32FE-4BBF-8DA7-31E72CBCEA89}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{88200C5F-0F64-4BC9-B57D-B27B088B6766}C:\windows\system32\spool\drivers\w32x86\3\lexpps.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lexpps.exe | 
"UDP Query User{C1607F1E-77E5-4943-A23A-7D2D5FF1549E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{E174DBA6-2F31-4BA9-ADA0-42B89A49C94A}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{EDB2F70E-1E36-4B75-BE58-5DE0E56BB632}C:\program files\gmx\gmx multimessenger\messengr.exe" = protocol=17 | dir=in | app=c:\program files\gmx\gmx multimessenger\messengr.exe | 
"UDP Query User{F94C2D66-0A70-4D3C-93B8-EEC7B18537C2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F6A7971-0F11-4A79-A0E9-133D0963A570}" = ISO Recorder
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23BB7035-B5A4-47B1-81E4-51E88A31F3DD}" = CK Visitenkarten Designer
"{23DD6DAA-DDEF-41F5-A527-CECF07FA2CAF}" = 1500
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{284CF4B8-4055-4D2E-BC04-5ADD7AA10E3D}" = The Movies(TM) 1.1 Patch
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BDBD1DE-2959-407F-BBC2-C9B2828CEDF2}" = HPSSupply
"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44B3522B-195C-488D-84AC-9526FA99CB73}" = Motorola Handset USB Driver
"{49C09E32-B9FD-4EDC-9152-9BC0CC618A13}" = GetDataBack for FAT and GetDataBack for NTFS
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
"{55923A85-EB57-4547-A278-20741E8EEB93}" = MSN Star Check
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D482078-8D15-4FD3-B838-C7B49174650F}" = Opera 10.61
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{72D25670-523F-43D0-A1CB-BC239F15245F}" = PC SpeedScan Pro
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{744E32F8-7678-4124-9FD5-431ADC0B4509}" = Du und Dein Heim für Tiere
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80F24F31-F641-4349-83F3-59E335976D16}" = PC SpeedScan Pro
"{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}" = Motorola Driver Installation 3.4.0
"{81BEDFC2-CD4B-4D3B-AF88-2EE7EAEC812F}" = Orphalese Tarot
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1" = Tetris
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}" = Visual C++ CRT 9.0
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A8EC49E4-5EB8-444C-8CE0-446904D5E629}" = Easy Poster Printer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A918DE8A-98C8-0950-0000-000005380008}" = Motorola RAZR V3 - PEBL U6 MA730G - Handset Manager lite V9.5
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AFC4FEEE-6E08-4CC9-815E-5CEDF2C15E2E}_is1" = Terminplaner .Net
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5577624-0626-4C4B-87AA-D966DA1739D6}" = Nokia PC Suite
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 Königs- Edition
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{e4b49e64-036a-4448-8a0f-7ab109abd20c}" = Nero 9 Lite
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Zweckform Assistent 3.1
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Alex Kidd in the Enchanted Castle_is1" = Alex Kidd in the Enchanted Castle
"Art Dabbler 2.1" = Art Dabbler 2.1
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.4
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Autorun Eater_is1" = Autorun Eater v2.3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bejeweled Twist 1.0" = Bejeweled Twist 1.0
"BUST-A-MOVE 4" = BUST-A-MOVE 4
"CCleaner" = CCleaner (remove only)
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"Chakrasaver" = Chakrasaver
"CloneDVD2" = CloneDVD2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eMule" = eMule
"ETKA" = ETKA
"FinePrint" = FinePrint
"Flash File Recovery_is1" = Flash File Recovery v3.7
"FLV Player" = FLV Player 2.0 (build 25)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"GMX MultiMessenger" = GMX MultiMessenger
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (nur entfernen)
"HDD Health_is1" = HDD Health v3.3 Beta
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Zweckform Assistent 3.1
"IrfanView" = IrfanView (remove only)
"Juicy Business Cards_is1" = Juicy Business Cards 1.40
"Lexmark 510 Series" = Lexmark 510 Series
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"Loki Browser Plugin" = Loki Browser Plugin
"Lycos WLAN Manager, Spotigo GmbH" = Lycos WLAN Manager
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mandala Painter 3 Demo_is1" = Mandala Painter 3.0 Demo
"MBRtool" = DIY DataRecovery MBRtool 2
"memoCARD" = memoCARD 4.4.29 
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"Miro" = Miro
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSNIACC" = MSN Connection Center
"myphotobook" = myphotobook 3.1
"Nokia PC Suite" = Nokia PC Suite
"ODEUNST #1" = Lernkartei
"p.i.c.s. Rätsel-Generator" = p.i.c.s. Rätsel-Generator
"Picasa 3" = Picasa 3
"POSTERIZA" = POSTERIZA 1.1.1
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ratDVD" = ratDVD 0.78.1444
"Scribus 1.3.8" = Scribus 1.3.8
"SharkMate" = SharkMate 1.30
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"SHOUTcast Radio Toolbar" = SHOUTcast Radio Toolbar
"Sim AQUARIUM 2_is1" = Sim AQUARIUM 2
"Sim File Maid 2" = Sim File Maid 2 1.0.2
"SimPE_is1" = SimPE 0.72 (alpha)
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer 
"SimsFileMover_is1" = SimsFileMover
"Sonic 3D Blast_is1" = Sonic 3D Blast
"Sonic the Hedgehog_is1" = Sonic the Hedgehog
"SpeedFan" = SpeedFan (remove only)
"ST5UNST #1" = Yoga&Meditation
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System Tool_is1" = System Tool
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Total Video Converter 3.0 beta_is1" = Total Video Converter 3.0 beta
"TuneUp Utilities" = TuneUp Utilities
"TVgenial_is1" = TVgenial 3.40
"UltimateZip_is1" = UltimateZip
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"VirtualCloneDrive" = VirtualCloneDrive
"Visitenkarten in 2 Minuten" = Visitenkarten in 2 Minuten
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinGTK-2_is1" = GTK+ 2.6.7-2 runtime environment
"WinISO_is1" = WinISO 5.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wisterer HX_is1" = Wisterer HX 4.2.32
"Yahoo! Customizations" = Yahoo! Extras
"ZC2.10w" = Zelda Classic 2.10w
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2422499485-3765178413-3129067992-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Freewar Profil Editor" = Freewar Profil Editor
"TwistedBrush Pro Studio" = TwistedBrush Pro Studio
"Vista Pack" = Vista Pack
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.04.2009 16:55:37 | Computer Name = Stuffis-Lappi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.04.2009 16:55:38 | Computer Name = Stuffis-Lappi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.04.2009 16:55:38 | Computer Name = Stuffis-Lappi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.04.2009 16:55:38 | Computer Name = Stuffis-Lappi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.04.2009 16:55:38 | Computer Name = Stuffis-Lappi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.04.2009 16:55:38 | Computer Name = Stuffis-Lappi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.04.2009 16:55:38 | Computer Name = Stuffis-Lappi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.04.2009 16:55:38 | Computer Name = Stuffis-Lappi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 17.04.2009 16:55:38 | Computer Name = Stuffis-Lappi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 22.04.2009 14:14:26 | Computer Name = Stuffis-Lappi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vlc.exe, Version 0.9.8.0, Zeitstempel 0x4937ebcd,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x69496ea2,  Prozess-ID 0x144c, Anwendungsstartzeit 01c9c361cf326440.
 
[ Media Center Events ]
Error - 04.03.2008 06:49:48 | Computer Name = Stuffis-Lappi | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 04.03.2008 07:05:29 | Computer Name = Stuffis-Lappi | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 28.08.2010 10:36:55 | Computer Name = Stuffis-Lappi | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 06.10.2010 12:40:25 | Computer Name = Stuffis-Lappi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.10.2010 12:40:25 | Computer Name = Stuffis-Lappi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.10.2010 12:40:47 | Computer Name = Stuffis-Lappi | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 07.10.2010 01:06:23 | Computer Name = Stuffis-Lappi | Source = HTTP | ID = 15016
Description = 
 
Error - 07.10.2010 01:07:32 | Computer Name = Stuffis-Lappi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.10.2010 01:07:32 | Computer Name = Stuffis-Lappi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.10.2010 01:07:32 | Computer Name = Stuffis-Lappi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.10.2010 01:07:32 | Computer Name = Stuffis-Lappi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.10.2010 01:07:32 | Computer Name = Stuffis-Lappi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.10.2010 01:08:00 | Computer Name = Stuffis-Lappi | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

--- --- ---

ich hoffe wirklich das ihr mir helfen könnt vielle liebe grüße Black Night

markusg · 07.10.2010, 12:20

machst du online banking?
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Black-Night · 07.10.2010, 12:26

Zitat:

Zitat von markusg

machst du online banking?
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

seid einigen monaten nicht mehr......

ich werd mir das tool runterladen und dann durchlaufen lassen.....

ich meld mich dann wieder
vielen dank bis hier her

Black-Night · 08.10.2010, 06:48

einen wunderschönen guten morgen

ich hab gestern abend combofix durchlaufen lassen, alles soweit ok.
ich mach den lappy auf und dachte mir nur "wow" klasse die fehlermeldung ist weg, eben grade gucke mir das log an auch wunderbar der mist
>Byavubohido, uvoxesakorilowad< ist schon mal im großen und ganzen nicht mehr da......
nun wollte ich euch bzw dir den log schicken aber nix da ich komm mit dem lappy nicht mehr ins netz die netzwerkverbindung geht aber bei jeder anderen anwendung firefox wie auch windows exlporer die ich machen will, einschließlich zb bilder gehen nicht mehr und ich bekomm die fehlermeldung

>es wurde versucht, einen registrierungsschlüssel einem unzulässigen vorgang zu unterziehen, der zum löschen markiert wurde<

das heißt ich kann jetzt auch nicht die log schicken wie soll ich jetzt weiter vorgehen????

Black-Night · 08.10.2010, 08:13

hallöle noch einmal

ich hab mal in anderen foren nachgesehen und da wurde geschrieben das man nach dem combofix durchgelaufen ist noch mal nen neustart machen soll.....
hab ich gemacht lappy läuft wieder ohne fehlermeldung. fährt wieder normal hoch und runter.

ich werd mich dann an die arbeit machen und alle online passwörter ändern

muß ich noch etwas beachten?

und eine wirklich große frage wo kann man sich so ein mist einfangen????

hier das log

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-10-07.01 - Stuffi 07.10.2010  23:36:19.1.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.1015.345 [GMT 2:00]
ausgeführt von:: c:\users\Stuffi\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Datenschutzrichtlinien.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Geschäftsbedingungen.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Website.url
C:\setup.exe
c:\users\Stuffi\AppData\Local\{20EDA46E-2436-46E3-BB5C-853B9EA5DE5C}
c:\users\Stuffi\AppData\Local\{20EDA46E-2436-46E3-BB5C-853B9EA5DE5C}\chrome.manifest
c:\users\Stuffi\AppData\Local\{20EDA46E-2436-46E3-BB5C-853B9EA5DE5C}\chrome\content\_cfg.js
c:\users\Stuffi\AppData\Local\{20EDA46E-2436-46E3-BB5C-853B9EA5DE5C}\chrome\content\overlay.xul
c:\users\Stuffi\AppData\Local\{20EDA46E-2436-46E3-BB5C-853B9EA5DE5C}\install.rdf
c:\users\Stuffi\AppData\Local\wgymqui.dat
c:\users\Stuffi\AppData\Local\wgymqui_nav.dat
c:\users\Stuffi\AppData\Local\wgymqui_navps.dat
c:\users\Stuffi\AppData\Roaming\Desktopicon
c:\users\Stuffi\AppData\Roaming\MBSGWorldPlugin3550.dll
c:\users\Stuffi\AppData\Roaming\MBSJPEGDecompressionPlugin3597.dll
c:\users\Stuffi\AppData\Roaming\MBSPicturePlugin3595.dll
c:\users\Stuffi\AppData\Roaming\MBSRegistrationPlugin3596.dll
c:\users\Stuffi\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Stuffi\AppData\Roaming\rbap500.dll
c:\users\Stuffi\FAVORI~1\mxfilerelatedcache.mxc2
c:\users\Stuffi\Favorites\mxfilerelatedcache.mxc2
c:\windows\system32\DEBUG.log

.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-07 bis 2010-10-07  ))))))))))))))))))))))))))))))
.

2010-10-07 21:50 . 2010-10-07 22:21	--------	d-----w-	c:\users\Stuffi\AppData\Local\temp
2010-10-07 21:50 . 2010-10-07 21:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-10-07 11:34 . 2010-10-07 11:34	317952	----a-w-	c:\users\Stuffi\AppData\Roaming\Adobe\Update\forres.exe
2010-10-05 16:25 . 2010-10-06 13:56	--------	d-----w-	c:\program files\MSECACHE
2010-10-04 20:50 . 2010-04-16 16:10	1314816	----a-w-	c:\windows\system32\quartz.dll
2010-10-04 20:19 . 2010-10-04 20:19	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\Canneverbe Limited
2010-10-04 20:19 . 2010-10-04 20:19	--------	d-----w-	c:\programdata\Canneverbe Limited
2010-10-04 20:18 . 2010-10-04 20:18	--------	d-----w-	C:\CDBurnerXP
2010-10-01 05:35 . 2010-10-01 05:35	--------	d-----w-	C:\Sophos
2010-09-30 20:43 . 2010-09-30 20:55	--------	d-----w-	C:\e5445938d3f1b486dfd34b5e2078
2010-09-28 23:24 . 2010-09-29 07:16	120	----a-w-	c:\users\Stuffi\AppData\Local\Oxafepa.dat
2010-09-28 23:24 . 2010-09-28 23:24	0	----a-w-	c:\users\Stuffi\AppData\Local\Rmitefova.bin
2010-09-17 11:35 . 2010-09-17 11:47	--------	d-----w-	c:\users\Stuffi\AppData\Local\memocard
2010-09-17 11:34 . 2010-09-17 11:34	--------	d-----w-	C:\MemoCard
2010-09-17 11:34 . 2010-09-17 11:35	--------	d-----w-	c:\windows\uninstall\memoCARD
2010-09-15 12:16 . 2010-09-15 12:17	--------	d-----w-	C:\Lernkartei
2010-09-15 12:15 . 2010-09-15 12:15	331776	------w-	c:\windows\Setup1.exe
2010-09-15 12:15 . 2010-09-15 12:15	74240	----a-w-	c:\windows\ODEUNST.EXE
2010-09-15 12:15 . 2010-09-15 12:15	151622	------w-	c:\windows\modcas.dll
2010-09-15 12:15 . 2010-09-15 12:15	1392671	------w-	c:\windows\msvbvm60.dll
2010-09-15 12:15 . 2010-09-15 12:15	125712	------w-	c:\windows\vb6de.dll
2010-09-15 12:15 . 2010-09-15 12:15	101888	------w-	c:\windows\odestkit.dll
2010-09-15 10:30 . 2009-06-05 13:59	385024	------w-	c:\windows\system32\fpmon6.dll
2010-09-15 10:30 . 2009-06-05 13:58	401408	------w-	c:\windows\system32\fpres632.dll
2010-09-15 10:06 . 2010-09-15 10:06	--------	d-----w-	C:\CUEcards
2010-09-14 22:25 . 2010-04-16 16:10	501760	----a-w-	c:\windows\system32\usp10.dll
2010-09-14 22:25 . 2010-08-17 13:32	126464	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-14 22:25 . 2010-04-05 17:02	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-14 22:24 . 2010-05-27 19:16	738816	----a-w-	c:\windows\system32\inetcomm.dll
2010-09-14 18:03 . 2010-09-14 18:07	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\Scribus
2010-09-14 18:00 . 2010-09-14 18:02	--------	d-----w-	C:\Scribus 1.3.8
2010-09-11 15:32 . 2010-09-11 15:32	15086	----a-r-	c:\users\Stuffi\AppData\Roaming\Microsoft\Installer\{A8EC49E4-5EB8-444C-8CE0-446904D5E629}\_831906F2FDA02E6A09BEB0.exe
2010-09-11 15:32 . 2010-09-11 15:32	15086	----a-r-	c:\users\Stuffi\AppData\Roaming\Microsoft\Installer\{A8EC49E4-5EB8-444C-8CE0-446904D5E629}\_7388FD78BF342A77A38BCE.exe
2010-09-11 15:32 . 2010-09-11 15:32	15086	----a-r-	c:\users\Stuffi\AppData\Roaming\Microsoft\Installer\{A8EC49E4-5EB8-444C-8CE0-446904D5E629}\_6FEFF9B68218417F98F549.exe
2010-09-11 10:40 . 2010-09-11 10:40	--------	d-----w-	c:\programdata\pics
2010-09-11 10:40 . 2010-09-11 10:40	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\pics
2010-09-11 10:39 . 2010-09-11 10:39	330240	----a-w-	c:\windows\PICSUninstall.exe
2010-09-10 15:07 . 2010-09-10 15:07	--------	d-----w-	c:\program files\Common Files\Borland Shared
2010-09-10 15:06 . 1999-03-23 07:12	304128	----a-w-	c:\windows\unin0407.exe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 22:23 . 2006-11-02 15:33	92822	----a-w-	c:\windows\system32\perfh007.dat
2010-10-07 22:23 . 2006-11-02 15:33	171288	----a-w-	c:\windows\system32\perfc007.dat
2010-10-07 11:24 . 2010-04-20 07:49	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\vlc
2010-10-06 19:24 . 2010-02-02 11:51	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\Ossy
2010-10-06 16:32 . 2008-01-13 21:11	136832	----a-w-	c:\users\Stuffi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-10-06 14:53 . 2008-01-13 21:24	--------	d-----w-	c:\program files\Google
2010-10-06 13:56 . 2010-04-19 10:17	--------	d-----w-	c:\program files\Sophos
2010-10-06 13:43 . 2010-10-06 09:10	--------	d-----w-	c:\programdata\SecTaskMan
2010-10-05 15:23 . 2008-06-21 11:32	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-10-05 06:21 . 2008-05-06 16:45	66560	----a-w-	c:\windows\system32\drivers\smb.sys
2010-10-04 19:54 . 2008-02-05 19:08	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\Ashampoo
2010-10-04 19:51 . 2008-02-05 18:43	--------	d-----w-	c:\program files\Ashampoo
2010-10-04 03:53 . 2010-08-13 10:50	--------	d-----w-	c:\program files\Opera
2010-09-30 17:22 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Calendar
2010-09-30 17:22 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-09-30 17:22 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar
2010-09-30 17:22 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Journal
2010-09-30 17:22 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Collaboration
2010-09-30 17:22 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Photo Gallery
2010-09-30 17:22 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Defender
2010-09-30 17:19 . 2006-11-02 10:25	51200	----a-w-	c:\windows\Inf\infpub.dat
2010-09-30 17:19 . 2006-11-02 10:25	143360	----a-w-	c:\windows\Inf\infstrng.dat
2010-09-30 17:19 . 2006-11-02 10:25	143360	----a-w-	c:\windows\Inf\infstor.dat
2010-09-30 17:14 . 2010-09-30 17:14	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-09-30 04:06 . 2009-03-08 18:01	--------	d-----w-	c:\program files\Microsoft
2010-09-29 15:12 . 2009-06-29 21:46	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\dvdcss
2010-09-29 15:12 . 2008-06-21 19:08	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\DAEMON Tools
2010-09-29 15:12 . 2008-01-14 14:10	--------	d-----w-	c:\program files\IrfanView
2010-09-29 09:51 . 2008-07-29 06:20	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\Mairyh
2010-09-29 07:15 . 2007-05-24 11:22	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-09-28 17:02 . 2010-04-19 06:48	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\QuickScan
2010-09-26 19:12 . 2008-09-27 08:29	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\Azureus
2010-09-15 11:08 . 2009-03-30 17:35	1	----a-w-	c:\users\Stuffi\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-04 08:39 . 2010-09-03 18:11	--------	d-----w-	c:\program files\Lexmark Z500-Z600 Series
2010-09-04 08:21 . 2010-09-03 19:45	73851	----a-w-	c:\windows\hpqins16.dat
2010-09-03 19:47 . 2008-12-08 12:28	--------	d-----w-	c:\program files\HP
2010-09-03 15:28 . 2010-09-03 15:28	--------	d-----w-	c:\program files\Lexmark 510 Series
2010-09-03 14:00 . 2010-09-03 14:00	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\Carambis
2010-09-03 13:58 . 2010-09-03 13:58	--------	d-----w-	c:\program files\Carambis
2010-08-31 09:14 . 2010-08-31 09:14	1079048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-24 15:00 . 2008-09-27 10:19	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\Lionhead Studios
2010-08-16 13:41 . 2009-04-02 05:21	--------	d-----w-	c:\program files\Motorola Phone Tools
2010-08-16 12:55 . 2009-04-02 05:26	--------	d-----w-	c:\program files\Avanquest update
2010-08-11 19:09 . 2010-08-11 19:08	--------	d-----w-	c:\program files\TuneUp Utilities 2010
2010-08-11 19:05 . 2008-01-14 12:52	--------	d-----w-	c:\programdata\TuneUp Software
2010-08-11 18:56 . 2008-01-14 12:48	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-08-11 18:55 . 2008-01-14 12:51	--------	d-----w-	c:\program files\TuneUp Utilities 2008
2010-08-09 21:27 . 2010-08-09 21:27	--------	d-----w-	c:\program files\Veoh Networks
2010-07-12 08:56 . 2010-08-03 17:36	2979280	-c--a-w-	c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2010-06-09 05:18	64288	----a-w-	c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2010-04-11 10:15	15880	----a-w-	c:\windows\system32\lsdelete.exe
2008-01-13 23:35 . 2008-01-13 23:35	0	--sha-w-	c:\windows\SE8DA6CED(57).tmp
2008-01-13 23:35 . 2008-01-13 23:35	0	--sha-w-	c:\windows\SE8DA6CED(66).tmp
2008-01-13 23:35 . 2008-01-13 23:35	0	--sha-w-	c:\windows\SE8DA6CED(74).tmp
2008-01-13 23:35 . 2008-01-13 23:35	0	--sh--w-	c:\windows\SE8DA6CED.tmp
2008-01-24 00:36 . 2008-01-24 00:29	952	--sha-w-	c:\windows\System32\KGyGaAvL.sys
2008-07-28 10:44 . 2008-07-09 12:30	6157344	--sha-w-	c:\windows\System32\drivers\fidbox(67).dat
2008-07-28 10:44 . 2008-07-09 12:30	409632	--sha-w-	c:\windows\System32\drivers\fidbox2(69).dat
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 861744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBSautocheck turegopt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-10-02 06:00	1124352	----a-w-	c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-24 16:53	185896	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Byavubohido"=rundll32.exe "c:\users\Stuffi\AppData\Local\uvoxesakorilowad.dll",Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2422499485-3765178413-3129067992-1000]
"EnableNotificationsRef"=dword:00000002

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 adxapie;adxapie;c:\users\Stuffi\AppData\Local\Temp\adxapie.sys [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-15 15008]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6A08.tmp [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe [2007-03-15 537520]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-26 1355928]
S2 Orphalese Deck Service;Orphalese Deck Service;c:\orphalese tarot\DeckService.exe [2009-01-17 28672]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2008-11-23 2368]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-16 1010504]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
TCP: interfaces = 124.217.231.7,124.217.231.9
FF - ProfilePath - c:\users\Stuffi\AppData\Roaming\Mozilla\Firefox\Profiles\akwi0k9g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - www.googel.de
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Stuffi\AppData\Roaming\Mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - component: c:\users\Stuffi\AppData\Roaming\Mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\FFExternalAlert.dll
FF - component: c:\users\Stuffi\AppData\Roaming\Mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\RadioWMPCore.dll
FF - plugin: c:\google\Picasa3\npPicasa2.dll
FF - plugin: c:\google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Skyhook Wireless\Loki Browser Plugin\versions\3.1.0.05\nploki.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Stuffi\AppData\Roaming\Mozilla\Firefox\Profiles\akwi0k9g.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-Byavubohido - c:\users\Stuffi\AppData\Local\uvoxesakorilowad.dll
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
MSConfigStartUp-Byavubohido - c:\users\Stuffi\AppData\Local\uvoxesakorilowad.dll



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84D3D718]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x86d57322
\Driver\ACPI -> acpi.sys @ 0x86898d4c
\Driver\atapi -> 0x84d3d718
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK 

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6A08.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="D69D51B767A9419E155E31C6523587BA82B062EC2A6DB4EAAA76160316D5E07BE09503A8F09EAD75D2B03DB28EE585CCF26C64A3C602B42CB2C39EB25C65493C08EF696E28084B8EC561B1601BE93F0C48FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555BA7FD869164D6794A6171C11EC38DE3D914629DEAFF02FE6D63195F627DB679ABBB078DDA0BD4EDE310FA39256CB9889CC32603271FE885AC1BD9F7D0913629CE7F330A3B15D6B25CFFD0B679A727F16EAF1308ABD1A33FCC0B10C151B9103B5391474E00CA399266CE536F81C8923C710B42A507F22A97BE969E3BB87F68E37D5B86945B88B08FA60DA004EE709389A671B06FCE4AE4B58D73659FDBD152B486B0059968AC5468D07676D81CD9E59601FBE9CA16087DB68A8DABE0470F1686328F9B02E94B44B1EC209233F64AA86BE6629EF60A72A81D7000F0E8418C8355940AC80F930EF6EC1773369CB8340202C74DA21EF34C8CA21837F614AEE88664AEA11FC7977446F5F0DCBB07C49A96EF504C5771EC64924995ECCF7B7F3D2342EE4147FC44BAF6DB270AA0ABB16E39ABECFD05D47DDC461E3BE0B38C0EAFE3ACFEC960502D0E5EFCA14A0AA08109CB2799CD6636043093A7BD840A8EC5A96794EC6EC2E706FCF5F0C696D6D7320BA2A6F2EA73A707E16CA2DE1EAF4588DD9561CBA604161538609AF6C49CFA3F2D557BD4E06B9135EA4921C9479ECB414B81AFE132F25386CDC1EBE975CF2D3F9BBF3554BA8DCF5759A733CAFCF8545C05C6F132189E6F06F53B41B6B451E52E96B9E7A76BB43DD9A1836D8F6C756E12B9D68C7B693B917D323C5F7ED163A01BC995A45A5DCADA2666D058FAEAB1AF7AD0BF75D2D686FCB57372FDC2855D556AEAE8CA4B21F062D382071D1A4BCB1866768F7ECDF9383C5F7AFB225A4FB23DC42C80057F90B547FB069EB64252DA0A33D2AA260AD95904C7A5E748175F876B1BA3763F2DE1A49ABB7384EE203A7107553FD1BF5F965D9BEE7CCFDF52F2ECB08A2FE49DEC5BBB758762E53BA16C5C9B9983F6441AEEAC20D0CB63D58E9F13F26475728DA19D315415B9E1A2DB897BFC03882E6293482D4BC760A8457C20D1466B82F59F4C638FDB5991526CE48A304EDA80D6FE77D7DBC677CEA07705A3F2E364D241D933FB4B01A25CDDE0C296050B91FDAAD8BFBA2C93AB4306078D5391A999C0D936E790710643ABB8F2040B87FB01719B67827A8F3F57CE60C96DC2184258570C4936D64231FD483679FF90F91F351AA82E5FBBE53EFF3CD6D469B913F04280E1AE19AF1146B397E7AEDC33529B54EA56D5CF9042393FED7485945983FF3E952E29081CCB27B6CB93FC490F49040D756383BA30E455BC52D46718BB72048F4E451"
"OODEFRAG11.00.00.01WORKSTATION"="094F16539429E28F81F836A6E4A1564CEB8DE14426AD6B64A3EAB33C7ED22DD7290A423C8CB893FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74CC038D530D6EB345218D96913CFD19E95E345CE2F52A39DBECF2994576FEF19CE5002A3B9F0E563149282D6F9CEF5233A3F29ABA0E4B329BC206F4794F9C396EE8402C1B29164DC90068A4A62907CFC780C0E144C353EA4C630529A13D7D9972DE65BAFA57DC367C67BF4DD9B43FD7BFB5FCE16A48E0666FA43243305103E16BB867A47291A76C319F1E541BC487944F8C46956DF6C3399FB115EC8625C61DFCB6971F513FED7856B5B27B41D31D0D0223C018B7802D03BF0471C29662D171A1509F33C81F5A514A51DA890DB49CB6D33B6DC7F2C344E1E04049D328F2398B9D452DBAED300802BB5127A3D588C923A691EE713FD9BFEE5E3DBC4D9A19603894A2525782ED0EC5A8A86533AB8A936AD864B30B932069A0D43D69C27A21154A9B7D77155774E56069ABF8C186607A78ECE0EE9F955763D63D9F14FB85F50728A66B38597DE1689E55D70A4008DBC3D7A0E29EB6F34A0E488E09BAC3C654725F521F44BA351F5B60650C43D292018B1E290D32FC8E0EEF4F218B9A978099D9A84B74C4DF385F27445F2D91C64D218230BA83954CA317FB6EBC023DD43E1ACE0A57DDE3E947243BBD84B412B921FF1940EAAF79E4BBF23D212A2A3048949036E1CCAC6F2A753536A46E182F72AC18D6B56F0A373B5EBDE5BD6877BFCCCDE649AFD7A10E2E1A941C0EAC19636353C09F2A5DA43DE89D56D427F3F5F4C2087462138ECBB2D0CB9E26576FD6CB95353B3D811485110DA65BB5E261C769A2DE7D2A307864091850B3EE0ECA8E3FD35901330019EBCD74F44EAEC3A74DCB22EEDE826FEAC83F33DE88E22A45C559E22C1DE70B14869AFA35F510CF922A306F4C51C11064D66DEB96644F7CBB48A60F2F603F0B433AD31A6E9F7BFFD05CDA76465B1B05756377E14D4039ADFD2BFA61806A072EF50D49BBBD91C6EAF7F534EF602A53581BC3C24F9CC2121B5DB297D12070D171A941D515AE92FE4CB78A1D7B617A4336677AD442BABAB8A7577EA91F8D8CF65BF7C3BD98C17D751E4D91743456512233E82B9F77F10E0B61953A035759AA5464402D4DFF2A4EE47E0930834D6EC0461135C80FB5D5FB4EC739ED7DD46337E0A592A0632411882BEF8173CF1B378462E440A173144C1CFD5258F9125BC4B80620A78DBC33CBB5214BB5A716AB610562E0393069D44A20CFC285DC5C941CF046432765C2C429ED58489D9D5AD528567EAD8034CE78233F8D647C5DBAE4CF1938C0333FBA44191B6341A930FEC89E95E4E1E69D85EB8E5DB37220934D7ECA671B8014027"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{26dd8bc1-2c56-4046-93f0-4fa751349816}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001a92
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{9ab958b9-ed21-4057-bf29-33f9b19175c9}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:22000000
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{b9b90979-5ec2-4d6b-bcf8-ebf37e7dc0f0}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:08020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{c4656556-3f93-404c-b244-1063af6ed6fa}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d001a92
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ecf5945f-f6be-48b9-b1d7-5526711f6f4b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:090016e3
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{fac4593e-ecf8-4ac1-80ea-a0df95441eaf}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0b001b9e
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(704)
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\iashost.exe
c:\windows\system32\conime.exe
c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-08  00:35:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-10-07 22:35

Vor Suchlauf: 74 Verzeichnis(se), 17.013.059.584 Bytes frei
Nach Suchlauf: 80 Verzeichnis(se), 17.411.289.088 Bytes frei

Current=2 Default=2 Failed=9 LastKnownGood=5 Sets=1,2,3,5,9
- - End Of File - - ED9DDE10810037B94D63ECF8048CA901

--- --- ---

markusg · 08.10.2010, 09:15

wer hat was von passwörter endern geschrieben, woher willst du wissen ob wir fertig sind?

Lade
http://filepony.de/download-defogger/
herunter und speichere es auf Deinem Desktop.

Doppelklicke DeFogger, um das Tool zu starten.

• Es öffnet sich das Programm-Fenster des Tools.
• Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren.
• Klicke Ja, um fortzufahren.
• Wenn die Nachricht 'Finished!' erscheint,
• klicke OK.
• DeFogger wird nun einen Reboot erfragen - klicke OK
• Poste mir das defogger_disable.log hier in den Thread. Keinesfalls die Treiber reaktivieren,
bevor es angewiesen wird.
lass noch mal combofix laufen bitte
und poste das log

Black-Night · 08.10.2010, 09:19

sorry aber ich hatte gedacht das man bei einem backdoor oder wie der auch immer heißen mag das machen sollte....... ich werd die schritte abarbeiten und mich dann noch mal melden

vielen dank bis hierher Black Night

markusg · 08.10.2010, 09:44

ja sollte man auch aber erst wenn wir sicher sind das er weg ist, ich sag dir schon bescheid wann du die pws endern kannst

Black-Night · 08.10.2010, 11:14

ich hab meine fehlermeldung wieder

ok nur gut das ich die pws noch nicht geändert hab

hier die logs

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:53 on 08/10/2010 (Stuffi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled

-=E.O.F=-

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-10-07.01 - Stuffi 08.10.2010  11:16:53.2.1 - x86
ausgeführt von:: c:\users\Stuffi\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-09-08 bis 2010-10-08  ))))))))))))))))))))))))))))))
.

2010-10-08 09:34 . 2010-10-08 09:42	--------	d-----w-	c:\users\Stuffi\AppData\Local\temp
2010-10-08 09:34 . 2010-10-08 09:34	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-10-08 09:34 . 2010-10-08 09:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-10-07 11:34 . 2010-10-07 11:34	317952	----a-w-	c:\users\Stuffi\AppData\Roaming\Adobe\Update\forres.exe
2010-10-05 16:25 . 2010-10-06 13:56	--------	d-----w-	c:\program files\MSECACHE
2010-10-04 20:50 . 2010-04-16 16:10	1314816	----a-w-	c:\windows\system32\quartz.dll
2010-10-04 20:19 . 2010-10-04 20:19	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\Canneverbe Limited
2010-10-04 20:19 . 2010-10-04 20:19	--------	d-----w-	c:\programdata\Canneverbe Limited
2010-10-04 20:18 . 2010-10-04 20:18	--------	d-----w-	C:\CDBurnerXP
2010-10-01 05:35 . 2010-10-01 05:35	--------	d-----w-	C:\Sophos
2010-09-30 20:43 . 2010-09-30 20:55	--------	d-----w-	C:\e5445938d3f1b486dfd34b5e2078
2010-09-28 23:24 . 2010-09-29 07:16	120	----a-w-	c:\users\Stuffi\AppData\Local\Oxafepa.dat
2010-09-28 23:24 . 2010-09-28 23:24	0	----a-w-	c:\users\Stuffi\AppData\Local\Rmitefova.bin
2010-09-17 11:35 . 2010-09-17 11:47	--------	d-----w-	c:\users\Stuffi\AppData\Local\memocard
2010-09-17 11:34 . 2010-09-17 11:34	--------	d-----w-	C:\MemoCard
2010-09-17 11:34 . 2010-09-17 11:35	--------	d-----w-	c:\windows\uninstall\memoCARD
2010-09-15 12:16 . 2010-09-15 12:17	--------	d-----w-	C:\Lernkartei
2010-09-15 12:15 . 2010-09-15 12:15	331776	------w-	c:\windows\Setup1.exe
2010-09-15 12:15 . 2010-09-15 12:15	74240	----a-w-	c:\windows\ODEUNST.EXE
2010-09-15 12:15 . 2010-09-15 12:15	151622	------w-	c:\windows\modcas.dll
2010-09-15 12:15 . 2010-09-15 12:15	1392671	------w-	c:\windows\msvbvm60.dll
2010-09-15 12:15 . 2010-09-15 12:15	125712	------w-	c:\windows\vb6de.dll
2010-09-15 12:15 . 2010-09-15 12:15	101888	------w-	c:\windows\odestkit.dll
2010-09-15 10:30 . 2009-06-05 13:59	385024	------w-	c:\windows\system32\fpmon6.dll
2010-09-15 10:30 . 2009-06-05 13:58	401408	------w-	c:\windows\system32\fpres632.dll
2010-09-15 10:06 . 2010-09-15 10:06	--------	d-----w-	C:\CUEcards
2010-09-14 22:25 . 2010-04-16 16:10	501760	----a-w-	c:\windows\system32\usp10.dll
2010-09-14 22:25 . 2010-08-17 13:32	126464	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-14 22:25 . 2010-04-05 17:02	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-14 22:24 . 2010-05-27 19:16	738816	----a-w-	c:\windows\system32\inetcomm.dll
2010-09-14 18:03 . 2010-09-14 18:07	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\Scribus
2010-09-14 18:00 . 2010-09-14 18:02	--------	d-----w-	C:\Scribus 1.3.8
2010-09-11 15:32 . 2010-09-11 15:32	15086	----a-r-	c:\users\Stuffi\AppData\Roaming\Microsoft\Installer\{A8EC49E4-5EB8-444C-8CE0-446904D5E629}\_831906F2FDA02E6A09BEB0.exe
2010-09-11 15:32 . 2010-09-11 15:32	15086	----a-r-	c:\users\Stuffi\AppData\Roaming\Microsoft\Installer\{A8EC49E4-5EB8-444C-8CE0-446904D5E629}\_7388FD78BF342A77A38BCE.exe
2010-09-11 15:32 . 2010-09-11 15:32	15086	----a-r-	c:\users\Stuffi\AppData\Roaming\Microsoft\Installer\{A8EC49E4-5EB8-444C-8CE0-446904D5E629}\_6FEFF9B68218417F98F549.exe
2010-09-11 10:40 . 2010-09-11 10:40	--------	d-----w-	c:\programdata\pics
2010-09-11 10:40 . 2010-09-11 10:40	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\pics
2010-09-11 10:39 . 2010-09-11 10:39	330240	----a-w-	c:\windows\PICSUninstall.exe
2010-09-10 15:07 . 2010-09-10 15:07	--------	d-----w-	c:\program files\Common Files\Borland Shared
2010-09-10 15:06 . 1999-03-23 07:12	304128	----a-w-	c:\windows\unin0407.exe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 09:18 . 2006-11-02 15:33	92822	----a-w-	c:\windows\system32\perfh007.dat
2010-10-08 09:18 . 2006-11-02 15:33	171288	----a-w-	c:\windows\system32\perfc007.dat
2010-10-08 08:20 . 2010-04-20 07:49	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\vlc
2010-10-06 19:24 . 2010-02-02 11:51	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\Ossy
2010-10-06 16:32 . 2008-01-13 21:11	136832	----a-w-	c:\users\Stuffi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-10-06 14:53 . 2008-01-13 21:24	--------	d-----w-	c:\program files\Google
2010-10-06 13:56 . 2010-04-19 10:17	--------	d-----w-	c:\program files\Sophos
2010-10-06 13:43 . 2010-10-06 09:10	--------	d-----w-	c:\programdata\SecTaskMan
2010-10-05 15:23 . 2008-06-21 11:32	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-10-05 06:21 . 2008-05-06 16:45	66560	----a-w-	c:\windows\system32\drivers\smb.sys
2010-10-04 19:54 . 2008-02-05 19:08	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\Ashampoo
2010-10-04 19:51 . 2008-02-05 18:43	--------	d-----w-	c:\program files\Ashampoo
2010-10-04 03:53 . 2010-08-13 10:50	--------	d-----w-	c:\program files\Opera
2010-09-30 17:22 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Calendar
2010-09-30 17:22 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-09-30 17:22 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar
2010-09-30 17:22 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Journal
2010-09-30 17:22 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Collaboration
2010-09-30 17:22 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Photo Gallery
2010-09-30 17:22 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Defender
2010-09-30 17:19 . 2006-11-02 10:25	51200	----a-w-	c:\windows\Inf\infpub.dat
2010-09-30 17:19 . 2006-11-02 10:25	143360	----a-w-	c:\windows\Inf\infstrng.dat
2010-09-30 17:19 . 2006-11-02 10:25	143360	----a-w-	c:\windows\Inf\infstor.dat
2010-09-30 17:14 . 2010-09-30 17:14	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-09-30 04:06 . 2009-03-08 18:01	--------	d-----w-	c:\program files\Microsoft
2010-09-29 15:12 . 2009-06-29 21:46	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\dvdcss
2010-09-29 15:12 . 2008-06-21 19:08	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\DAEMON Tools
2010-09-29 15:12 . 2008-01-14 14:10	--------	d-----w-	c:\program files\IrfanView
2010-09-29 09:51 . 2008-07-29 06:20	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\Mairyh
2010-09-29 07:15 . 2007-05-24 11:22	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-09-28 17:02 . 2010-04-19 06:48	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\QuickScan
2010-09-26 19:12 . 2008-09-27 08:29	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\Azureus
2010-09-15 11:08 . 2009-03-30 17:35	1	----a-w-	c:\users\Stuffi\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-04 08:39 . 2010-09-03 18:11	--------	d-----w-	c:\program files\Lexmark Z500-Z600 Series
2010-09-04 08:21 . 2010-09-03 19:45	73851	----a-w-	c:\windows\hpqins16.dat
2010-09-03 19:47 . 2008-12-08 12:28	--------	d-----w-	c:\program files\HP
2010-09-03 15:28 . 2010-09-03 15:28	--------	d-----w-	c:\program files\Lexmark 510 Series
2010-09-03 14:00 . 2010-09-03 14:00	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\Carambis
2010-09-03 13:58 . 2010-09-03 13:58	--------	d-----w-	c:\program files\Carambis
2010-08-31 09:14 . 2010-08-31 09:14	1079048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-24 15:00 . 2008-09-27 10:19	--------	d-----w-	c:\users\Stuffi\AppData\Roaming\Lionhead Studios
2010-08-16 13:41 . 2009-04-02 05:21	--------	d-----w-	c:\program files\Motorola Phone Tools
2010-08-16 12:55 . 2009-04-02 05:26	--------	d-----w-	c:\program files\Avanquest update
2010-08-11 19:09 . 2010-08-11 19:08	--------	d-----w-	c:\program files\TuneUp Utilities 2010
2010-08-11 19:05 . 2008-01-14 12:52	--------	d-----w-	c:\programdata\TuneUp Software
2010-08-11 18:56 . 2008-01-14 12:48	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-08-11 18:55 . 2008-01-14 12:51	--------	d-----w-	c:\program files\TuneUp Utilities 2008
2010-08-09 21:27 . 2010-08-09 21:27	--------	d-----w-	c:\program files\Veoh Networks
2010-07-12 08:56 . 2010-08-03 17:36	2979280	-c--a-w-	c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2010-06-09 05:18	64288	----a-w-	c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2010-04-11 10:15	15880	----a-w-	c:\windows\system32\lsdelete.exe
2008-01-13 23:35 . 2008-01-13 23:35	0	--sha-w-	c:\windows\SE8DA6CED(57).tmp
2008-01-13 23:35 . 2008-01-13 23:35	0	--sha-w-	c:\windows\SE8DA6CED(66).tmp
2008-01-13 23:35 . 2008-01-13 23:35	0	--sha-w-	c:\windows\SE8DA6CED(74).tmp
2008-01-13 23:35 . 2008-01-13 23:35	0	--sh--w-	c:\windows\SE8DA6CED.tmp
2008-01-24 00:36 . 2008-01-24 00:29	952	--sha-w-	c:\windows\System32\KGyGaAvL.sys
2008-07-28 10:44 . 2008-07-09 12:30	6157344	--sha-w-	c:\windows\System32\drivers\fidbox(67).dat
2008-07-28 10:44 . 2008-07-09 12:30	409632	--sha-w-	c:\windows\System32\drivers\fidbox2(69).dat
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 861744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Byavubohido"="c:\users\Stuffi\AppData\Local\uvoxesakorilowad.dll" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBSautocheck turegopt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-10-02 06:00	1124352	----a-w-	c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-24 16:53	185896	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Byavubohido"=rundll32.exe "c:\users\Stuffi\AppData\Local\uvoxesakorilowad.dll",Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2422499485-3765178413-3129067992-1000]
"EnableNotificationsRef"=dword:00000002

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 adxapie;adxapie;c:\users\Stuffi\AppData\Local\Temp\adxapie.sys [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-15 15008]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6A08.tmp [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe [2007-03-15 537520]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-26 1355928]
S2 Orphalese Deck Service;Orphalese Deck Service;c:\orphalese tarot\DeckService.exe [2009-01-17 28672]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2008-11-23 2368]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-16 1010504]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
TCP: interfaces = 124.217.231.7,124.217.231.9
FF - ProfilePath - c:\users\Stuffi\AppData\Roaming\Mozilla\Firefox\Profiles\akwi0k9g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - www.googel.de
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Stuffi\AppData\Roaming\Mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - component: c:\users\Stuffi\AppData\Roaming\Mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\FFExternalAlert.dll
FF - component: c:\users\Stuffi\AppData\Roaming\Mozilla\Firefox\Profiles\akwi0k9g.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\RadioWMPCore.dll
FF - plugin: c:\google\Picasa3\npPicasa2.dll
FF - plugin: c:\google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Skyhook Wireless\Loki Browser Plugin\versions\3.1.0.05\nploki.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Stuffi\AppData\Roaming\Mozilla\Firefox\Profiles\akwi0k9g.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84E15600]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x86d62322
\Driver\ACPI -> acpi.sys @ 0x8689fd4c
\Driver\atapi -> 0x84e15600
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK 

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6A08.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="D69D51B767A9419E155E31C6523587BA82B062EC2A6DB4EAAA76160316D5E07BE09503A8F09EAD75D2B03DB28EE585CCF26C64A3C602B42CB2C39EB25C65493C08EF696E28084B8EC561B1601BE93F0C48FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555BA7FD869164D6794A6171C11EC38DE3D914629DEAFF02FE6D63195F627DB679ABBB078DDA0BD4EDE310FA39256CB9889CC32603271FE885AC1BD9F7D0913629CE7F330A3B15D6B25CFFD0B679A727F16EAF1308ABD1A33FCC0B10C151B9103B5391474E00CA399266CE536F81C8923C710B42A507F22A97BE969E3BB87F68E37D5B86945B88B08FA60DA004EE709389A671B06FCE4AE4B58D73659FDBD152B486B0059968AC5468D07676D81CD9E59601FBE9CA16087DB68A8DABE0470F1686328F9B02E94B44B1EC209233F64AA86BE6629EF60A72A81D7000F0E8418C8355940AC80F930EF6EC1773369CB8340202C74DA21EF34C8CA21837F614AEE88664AEA11FC7977446F5F0DCBB07C49A96EF504C5771EC64924995ECCF7B7F3D2342EE4147FC44BAF6DB270AA0ABB16E39ABECFD05D47DDC461E3BE0B38C0EAFE3ACFEC960502D0E5EFCA14A0AA08109CB2799CD6636043093A7BD840A8EC5A96794EC6EC2E706FCF5F0C696D6D7320BA2A6F2EA73A707E16CA2DE1EAF4588DD9561CBA604161538609AF6C49CFA3F2D557BD4E06B9135EA4921C9479ECB414B81AFE132F25386CDC1EBE975CF2D3F9BBF3554BA8DCF5759A733CAFCF8545C05C6F132189E6F06F53B41B6B451E52E96B9E7A76BB43DD9A1836D8F6C756E12B9D68C7B693B917D323C5F7ED163A01BC995A45A5DCADA2666D058FAEAB1AF7AD0BF75D2D686FCB57372FDC2855D556AEAE8CA4B21F062D382071D1A4BCB1866768F7ECDF9383C5F7AFB225A4FB23DC42C80057F90B547FB069EB64252DA0A33D2AA260AD95904C7A5E748175F876B1BA3763F2DE1A49ABB7384EE203A7107553FD1BF5F965D9BEE7CCFDF52F2ECB08A2FE49DEC5BBB758762E53BA16C5C9B9983F6441AEEAC20D0CB63D58E9F13F26475728DA19D315415B9E1A2DB897BFC03882E6293482D4BC760A8457C20D1466B82F59F4C638FDB5991526CE48A304EDA80D6FE77D7DBC677CEA07705A3F2E364D241D933FB4B01A25CDDE0C296050B91FDAAD8BFBA2C93AB4306078D5391A999C0D936E790710643ABB8F2040B87FB01719B67827A8F3F57CE60C96DC2184258570C4936D64231FD483679FF90F91F351AA82E5FBBE53EFF3CD6D469B913F04280E1AE19AF1146B397E7AEDC33529B54EA56D5CF9042393FED7485945983FF3E952E29081CCB27B6CB93FC490F49040D756383BA30E455BC52D46718BB72048F4E451"
"OODEFRAG11.00.00.01WORKSTATION"="094F16539429E28F81F836A6E4A1564CEB8DE14426AD6B64A3EAB33C7ED22DD7290A423C8CB893FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74CC038D530D6EB345218D96913CFD19E95E345CE2F52A39DBECF2994576FEF19CE5002A3B9F0E563149282D6F9CEF5233A3F29ABA0E4B329BC206F4794F9C396EE8402C1B29164DC90068A4A62907CFC780C0E144C353EA4C630529A13D7D9972DE65BAFA57DC367C67BF4DD9B43FD7BFB5FCE16A48E0666FA43243305103E16BB867A47291A76C319F1E541BC487944F8C46956DF6C3399FB115EC8625C61DFCB6971F513FED7856B5B27B41D31D0D0223C018B7802D03BF0471C29662D171A1509F33C81F5A514A51DA890DB49CB6D33B6DC7F2C344E1E04049D328F2398B9D452DBAED300802BB5127A3D588C923A691EE713FD9BFEE5E3DBC4D9A19603894A2525782ED0EC5A8A86533AB8A936AD864B30B932069A0D43D69C27A21154A9B7D77155774E56069ABF8C186607A78ECE0EE9F955763D63D9F14FB85F50728A66B38597DE1689E55D70A4008DBC3D7A0E29EB6F34A0E488E09BAC3C654725F521F44BA351F5B60650C43D292018B1E290D32FC8E0EEF4F218B9A978099D9A84B74C4DF385F27445F2D91C64D218230BA83954CA317FB6EBC023DD43E1ACE0A57DDE3E947243BBD84B412B921FF1940EAAF79E4BBF23D212A2A3048949036E1CCAC6F2A753536A46E182F72AC18D6B56F0A373B5EBDE5BD6877BFCCCDE649AFD7A10E2E1A941C0EAC19636353C09F2A5DA43DE89D56D427F3F5F4C2087462138ECBB2D0CB9E26576FD6CB95353B3D811485110DA65BB5E261C769A2DE7D2A307864091850B3EE0ECA8E3FD35901330019EBCD74F44EAEC3A74DCB22EEDE826FEAC83F33DE88E22A45C559E22C1DE70B14869AFA35F510CF922A306F4C51C11064D66DEB96644F7CBB48A60F2F603F0B433AD31A6E9F7BFFD05CDA76465B1B05756377E14D4039ADFD2BFA61806A072EF50D49BBBD91C6EAF7F534EF602A53581BC3C24F9CC2121B5DB297D12070D171A941D515AE92FE4CB78A1D7B617A4336677AD442BABAB8A7577EA91F8D8CF65BF7C3BD98C17D751E4D91743456512233E82B9F77F10E0B61953A035759AA5464402D4DFF2A4EE47E0930834D6EC0461135C80FB5D5FB4EC739ED7DD46337E0A592A0632411882BEF8173CF1B378462E440A173144C1CFD5258F9125BC4B80620A78DBC33CBB5214BB5A716AB610562E0393069D44A20CFC285DC5C941CF046432765C2C429ED58489D9D5AD528567EAD8034CE78233F8D647C5DBAE4CF1938C0333FBA44191B6341A930FEC89E95E4E1E69D85EB8E5DB37220934D7ECA671B8014027"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-10-08  11:55:31
ComboFix-quarantined-files.txt  2010-10-08 09:55
ComboFix2.txt  2010-10-07 22:35

Vor Suchlauf: 79 Verzeichnis(se), 15.437.643.776 Bytes frei
Nach Suchlauf: 79 Verzeichnis(se), 15.300.845.568 Bytes frei

- - End Of File - - 346267FBB1AC8E0112199D07E3906C9C

--- --- ---

markusg · 08.10.2010, 11:32

bitte nutze den tdss killer
Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
ergebniss posten

Black-Night · 08.10.2010, 11:45

und hier wäre das log

2010/10/08 12:39:35.0848 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/08 12:39:35.0848 ================================================================================
2010/10/08 12:39:35.0848 SystemInfo:
2010/10/08 12:39:35.0848
2010/10/08 12:39:35.0848 OS Version: 6.0.6001 ServicePack: 1.0
2010/10/08 12:39:35.0848 Product type: Workstation
2010/10/08 12:39:35.0848 ComputerName: STUFFIS-LAPPI
2010/10/08 12:39:35.0848 UserName: Stuffi
2010/10/08 12:39:35.0848 Windows directory: C:\Windows
2010/10/08 12:39:35.0849 System windows directory: C:\Windows
2010/10/08 12:39:35.0849 Processor architecture: Intel x86
2010/10/08 12:39:35.0849 Number of processors: 1
2010/10/08 12:39:35.0849 Page size: 0x1000
2010/10/08 12:39:35.0849 Boot type: Normal boot
2010/10/08 12:39:35.0849 ================================================================================
2010/10/08 12:39:36.0923 Initialize success
2010/10/08 12:39:40.0692 ================================================================================
2010/10/08 12:39:40.0692 Scan started
2010/10/08 12:39:40.0692 Mode: Manual;
2010/10/08 12:39:40.0692 ================================================================================
2010/10/08 12:39:43.0591 ACEDRV07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\Windows\system32\drivers\ACEDRV07.sys
2010/10/08 12:39:43.0709 acedrv10 (553ba53445795cbc0d4f9fa37eb855a6) C:\Windows\system32\drivers\acedrv10.sys
2010/10/08 12:39:43.0821 acehlp10 (8ce00b6a46962a1808b19cd1dae5170c) C:\Windows\system32\drivers\acehlp10.sys
2010/10/08 12:39:43.0953 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/10/08 12:39:44.0093 ADIHdAudAddService (18214c7b97ae093a6631a2fba4129f68) C:\Windows\system32\drivers\ADIHdAud.sys
2010/10/08 12:39:44.0175 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/10/08 12:39:44.0231 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/10/08 12:39:44.0333 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/10/08 12:39:44.0396 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/10/08 12:39:44.0673 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/10/08 12:39:44.0799 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/10/08 12:39:44.0922 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/10/08 12:39:45.0014 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/08 12:39:45.0071 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/10/08 12:39:45.0145 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/10/08 12:39:45.0237 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/10/08 12:39:45.0310 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/10/08 12:39:45.0340 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/10/08 12:39:45.0475 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/10/08 12:39:45.0555 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/10/08 12:39:45.0647 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/08 12:39:45.0765 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2010/10/08 12:39:45.0890 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
2010/10/08 12:39:46.0011 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2010/10/08 12:39:46.0134 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/10/08 12:39:46.0206 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/10/08 12:39:46.0352 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2010/10/08 12:39:46.0441 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/08 12:39:46.0618 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/08 12:39:46.0664 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/08 12:39:46.0717 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/08 12:39:46.0764 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/10/08 12:39:46.0868 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/08 12:39:46.0911 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/08 12:39:46.0968 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/10/08 12:39:47.0004 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/10/08 12:39:47.0261 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/08 12:39:47.0340 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/08 12:39:47.0412 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/10/08 12:39:47.0528 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2010/10/08 12:39:47.0652 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/08 12:39:47.0696 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/10/08 12:39:47.0783 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/08 12:39:47.0886 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/10/08 12:39:47.0933 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/10/08 12:39:48.0113 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/10/08 12:39:48.0220 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/10/08 12:39:48.0343 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2010/10/08 12:39:48.0401 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/10/08 12:39:48.0477 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/10/08 12:39:48.0555 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/08 12:39:48.0656 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/08 12:39:48.0862 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/08 12:39:48.0985 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/10/08 12:39:49.0079 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/10/08 12:39:49.0171 ElbyDelay (e205c313417da6fa7afe85912a310a65) C:\Windows\system32\Drivers\ElbyDelay.sys
2010/10/08 12:39:49.0266 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/10/08 12:39:49.0354 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/10/08 12:39:49.0440 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/10/08 12:39:49.0540 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/08 12:39:49.0619 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/08 12:39:49.0706 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/08 12:39:49.0790 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/08 12:39:49.0867 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/10/08 12:39:49.0956 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/10/08 12:39:50.0111 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/08 12:39:50.0154 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/08 12:39:50.0254 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/10/08 12:39:50.0353 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2010/10/08 12:39:50.0463 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\Windows\system32\drivers\hardlock.sys
2010/10/08 12:39:50.0578 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/10/08 12:39:50.0661 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/08 12:39:50.0693 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/08 12:39:50.0752 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/10/08 12:39:50.0859 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/08 12:39:50.0951 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/10/08 12:39:51.0040 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2010/10/08 12:39:51.0122 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/10/08 12:39:51.0177 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/08 12:39:51.0341 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/10/08 12:39:51.0565 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/10/08 12:39:51.0730 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/10/08 12:39:51.0923 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/08 12:39:52.0027 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/10/08 12:39:52.0192 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/08 12:39:52.0275 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/08 12:39:52.0397 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/08 12:39:52.0534 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/08 12:39:52.0626 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/08 12:39:52.0687 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/10/08 12:39:52.0821 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/08 12:39:52.0888 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/08 12:39:52.0949 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/08 12:39:53.0111 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/08 12:39:53.0187 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2010/10/08 12:39:53.0271 KR10I (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys
2010/10/08 12:39:53.0412 KR10N (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys
2010/10/08 12:39:53.0571 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/08 12:39:53.0756 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/10/08 12:39:53.0952 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2010/10/08 12:39:54.0158 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2010/10/08 12:39:54.0292 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/08 12:39:54.0432 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/08 12:39:54.0566 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/08 12:39:54.0618 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/08 12:39:54.0699 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/08 12:39:54.0890 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/10/08 12:39:55.0026 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/08 12:39:55.0105 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/08 12:39:55.0276 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
2010/10/08 12:39:55.0360 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/08 12:39:55.0432 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/08 12:39:55.0586 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/08 12:39:55.0652 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/10/08 12:39:55.0749 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/08 12:39:55.0892 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/08 12:39:55.0957 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/10/08 12:39:56.0085 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/08 12:39:56.0213 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/08 12:39:56.0278 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/08 12:39:56.0358 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/10/08 12:39:56.0491 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/10/08 12:39:56.0618 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/08 12:39:56.0759 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/08 12:39:56.0852 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/08 12:39:56.0895 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/08 12:39:56.0942 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/08 12:39:57.0104 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/10/08 12:39:57.0174 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/08 12:39:57.0229 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/08 12:39:57.0337 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2010/10/08 12:39:57.0451 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/10/08 12:39:57.0526 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/08 12:39:57.0774 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2010/10/08 12:39:57.0966 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/08 12:39:58.0048 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/08 12:39:58.0126 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/08 12:39:58.0306 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/08 12:39:58.0409 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/08 12:39:58.0578 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/08 12:39:58.0700 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/08 12:39:58.0899 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\Windows\system32\drivers\ccdcmb.sys
2010/10/08 12:39:58.0975 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\Windows\system32\drivers\ccdcmbo.sys
2010/10/08 12:39:59.0386 nmwcdnsu (02e96113511171ba7559386d10d3daea) C:\Windows\system32\drivers\nmwcdnsu.sys
2010/10/08 12:39:59.0542 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/10/08 12:39:59.0639 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/08 12:39:59.0786 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/10/08 12:39:59.0947 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/08 12:40:00.0025 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/08 12:40:00.0095 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/10/08 12:40:00.0220 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/10/08 12:40:00.0277 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/10/08 12:40:00.0401 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/10/08 12:40:00.0518 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/10/08 12:40:00.0600 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/10/08 12:40:00.0736 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/10/08 12:40:00.0854 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2010/10/08 12:40:00.0971 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/10/08 12:40:01.0151 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/10/08 12:40:01.0250 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/10/08 12:40:01.0409 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/08 12:40:01.0704 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/08 12:40:01.0764 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/10/08 12:40:01.0867 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/08 12:40:02.0078 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2010/10/08 12:40:02.0187 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/10/08 12:40:02.0380 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/08 12:40:02.0457 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/08 12:40:02.0564 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/08 12:40:02.0692 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/08 12:40:02.0759 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/08 12:40:02.0845 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/08 12:40:03.0022 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/08 12:40:03.0113 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/08 12:40:03.0241 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/10/08 12:40:03.0308 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/08 12:40:03.0412 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/10/08 12:40:03.0557 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/10/08 12:40:03.0604 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/10/08 12:40:03.0687 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/10/08 12:40:03.0805 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/08 12:40:03.0890 RTL8023xp (8de22fb05e4a0f797b1e442eb4b3b51c) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2010/10/08 12:40:04.0011 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/08 12:40:04.0190 sdbus (5bafd52831ea802f8d3940f5c92fdeec) C:\Windows\system32\DRIVERS\sdbus.sys
2010/10/08 12:40:04.0279 secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\Windows\system32\drivers\secdrv.sys
2010/10/08 12:40:04.0411 Sentinel (99c81af18c0bf4d3b2ce0b36941e150f) C:\Windows\System32\Drivers\SENTINEL.SYS
2010/10/08 12:40:04.0537 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/10/08 12:40:04.0592 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/10/08 12:40:04.0689 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/08 12:40:04.0895 sfdrv01a (4d0ce0fadca29e7da68ce597ac9010bd) C:\Windows\system32\drivers\sfdrv01a.sys
2010/10/08 12:40:05.0001 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/10/08 12:40:05.0144 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/08 12:40:05.0254 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/10/08 12:40:05.0333 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
2010/10/08 12:40:05.0432 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/08 12:40:05.0549 sfsync04 (c526ad307ff1900bc4c864f74553f762) C:\Windows\system32\drivers\sfsync04.sys
2010/10/08 12:40:05.0704 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/10/08 12:40:05.0805 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/10/08 12:40:05.0878 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/10/08 12:40:06.0104 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/10/08 12:40:06.0296 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2010/10/08 12:40:06.0412 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/08 12:40:06.0621 srv (9a0163e7fbe59da0591bb1ad77d92e63) C:\Windows\system32\DRIVERS\srv.sys
2010/10/08 12:40:06.0709 srv2 (c7da26d2c7d480b1dd38ca19cc90b821) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/08 12:40:06.0858 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/08 12:40:06.0985 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/10/08 12:40:07.0184 SVKP (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys
2010/10/08 12:40:07.0270 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/08 12:40:07.0342 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/08 12:40:07.0472 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/08 12:40:07.0563 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/08 12:40:07.0637 SynTP (21ff75c9351f5c2ac78e106efdb07284) C:\Windows\system32\DRIVERS\SynTP.sys
2010/10/08 12:40:07.0908 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2010/10/08 12:40:08.0230 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/08 12:40:08.0408 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/08 12:40:08.0473 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2010/10/08 12:40:08.0625 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/08 12:40:08.0694 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/08 12:40:08.0769 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/08 12:40:08.0869 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/08 12:40:09.0145 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2010/10/08 12:40:09.0258 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/08 12:40:09.0384 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
2010/10/08 12:40:09.0541 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/08 12:40:09.0624 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/08 12:40:09.0687 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/10/08 12:40:09.0834 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/08 12:40:09.0963 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/08 12:40:10.0157 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/10/08 12:40:10.0240 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/08 12:40:10.0291 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/08 12:40:10.0413 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/08 12:40:10.0542 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2010/10/08 12:40:10.0675 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/08 12:40:10.0726 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/08 12:40:10.0814 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/08 12:40:10.0931 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/08 12:40:11.0031 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/10/08 12:40:11.0136 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/08 12:40:11.0203 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/08 12:40:11.0343 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
2010/10/08 12:40:11.0396 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
2010/10/08 12:40:11.0450 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/08 12:40:11.0537 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/08 12:40:11.0682 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/10/08 12:40:11.0776 VClone (e986f81fa0b3aed21f188a0fd044d80e) C:\Windows\system32\DRIVERS\VClone.sys
2010/10/08 12:40:11.0870 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/08 12:40:11.0998 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/08 12:40:12.0072 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/10/08 12:40:12.0144 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/10/08 12:40:12.0220 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/10/08 12:40:12.0361 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/08 12:40:12.0470 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/10/08 12:40:12.0599 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/10/08 12:40:12.0753 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/10/08 12:40:12.0848 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/08 12:40:12.0943 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/08 12:40:12.0972 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/08 12:40:13.0219 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/10/08 12:40:13.0361 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/08 12:40:13.0719 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/10/08 12:40:13.0845 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/08 12:40:14.0001 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/08 12:40:14.0148 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/08 12:40:14.0269 ================================================================================
2010/10/08 12:40:14.0269 Scan finished
2010/10/08 12:40:14.0269 ================================================================================
2010/10/08 12:40:35.0557 Deinitialize success

markusg · 08.10.2010, 12:06

poste einen GMER report
http://www.trojaner-board.de/74908-a...t-scanner.html

07.10.2010, 12:20	#5
markusg /// Malware-holic	Byavubohido rundll32.exe<-- internet abbruch, und keine updates mehr, fenster fehler machst du online banking? bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix

08.10.2010, 09:44	#11
markusg /// Malware-holic	Byavubohido rundll32.exe<-- internet abbruch, und keine updates mehr, fenster fehler ja sollte man auch aber erst wenn wir sicher sind das er weg ist, ich sag dir schon bescheid wann du die pws endern kannst

08.10.2010, 11:32	#13
markusg /// Malware-holic	Byavubohido rundll32.exe<-- internet abbruch, und keine updates mehr, fenster fehler bitte nutze den tdss killer Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? ergebniss posten

08.10.2010, 12:06	#15
markusg /// Malware-holic	Byavubohido rundll32.exe<-- internet abbruch, und keine updates mehr, fenster fehler poste einen GMER report http://www.trojaner-board.de/74908-a...t-scanner.html

Byavubohido rundll32.exe<-- internet abbruch, und keine updates mehr, fenster fehler

Plagegeister aller Art und deren Bekämpfung: Byavubohido rundll32.exe<-- internet abbruch, und keine updates mehr, fenster fehler