Viren auf meinem PC

domi555 · 26.11.2010, 18:30

Hallo,
bin neu hier

Ich habe das Gefühl, dass ich ein paar Viren auf dem PC habe, habe Kaspersky drauf, aber auch das beste Anti-Vir programm kann nicht alles

Bei mir startet außerdem immer ein merkwürdiger ,,hostprozess.exe"

wie kann ich meinen ganzen pc sicher mal nachscannen ?

lg

markusg · 26.11.2010, 18:50

ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

domi555 · 26.11.2010, 19:21

Ist das normal, dass das scannen so lange dauert?

domi555 · 26.11.2010, 19:38

OTL.txt :

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 26.11.2010 19:03:13 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Arnold\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 247,31 Gb Total Space | 160,27 Gb Free Space | 64,81% Space Free | Partition Type: NTFS
 
Computer Name: ARNOLD-PC | User Name: Arnold | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Arnold\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\Arnold\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
PRC - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Arnold\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CryptBoxService) -- C:\Program Files\CryptBox\cryptboxservice.exe ()
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\Windows\system32\DRIVERS\tdrpman.sys (Acronis)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (mf) -- C:\Windows\System32\drivers\mf.sys (Microsoft Corporation)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NmPar) -- C:\Windows\System32\drivers\NmPar.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3649066946-1345504760-619247117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3649066946-1345504760-619247117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3649066946-1345504760-619247117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-3649066946-1345504760-619247117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3649066946-1345504760-619247117-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3649066946-1345504760-619247117-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3649066946-1345504760-619247117-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3649066946-1345504760-619247117-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3649066946-1345504760-619247117-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
 
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.11.21 17:18:00 | 000,000,000 | ---D | M]
 
[2010.08.25 18:29:42 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\mozilla\Extensions
[2010.08.25 18:29:45 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\mozilla\Firefox\Profiles\g4ly7xu9.default\extensions
[2010.08.25 18:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arnold\AppData\Roaming\mozilla\Firefox\Profiles\g4ly7xu9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.25 18:29:45 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\mozilla\Firefox\Profiles\g4ly7xu9.default\extensions\staged-xpis
[2010.10.10 18:22:21 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O3 - HKU\S-1-5-21-3649066946-1345504760-619247117-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3649066946-1345504760-619247117-1000..\Run: [Windows Update] C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe ()
O7 - HKU\S-1-5-21-3649066946-1345504760-619247117-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3649066946-1345504760-619247117-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3649066946-1345504760-619247117-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.230 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\hintergrund.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\hintergrund.jpg
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e8dcf3ac-acff-11df-9f4e-001cdf593653}\Shell\AutoRun\command - "" = E:\CryptBox\Abelssoft.CryptBox.TravelSafe.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD-Startbeschleuniger.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk - C:\PROGRA~1\GAMERS~1\LIVE!\Live.exe - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft-Indexerstellung.lnk - C:\PROGRA~1\MICROS~4\Office\FINDFAST.EXE - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Office-Start.lnk - C:\PROGRA~1\MICROS~4\Office\OSA.EXE - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^phase-6 Reminder.lnk - C:\Programme\phase-6\phase-6\reminder\reminder.exe - (phase-6)
MsConfig - StartUpFolder: C:^Users^Arnold^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpFolder: C:^Users^Arnold^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^STRATO HiDrive.lnk - C:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe - (STRATO)
MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig - StartUpReg: AcronisTimounterMonitor - hkey= - key= - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: F87CE2D25246152EBF6745525116B56F - hkey= - key= - C:\Program Files\A360\av360.exe File not found
MsConfig - StartUpReg: Hack.exe - hkey= - key= - C:\Users\Arnold\AppData\Roaming\Sysutils_Update\Hack.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: JFSW2Launch - hkey= - key= - C:\Users\Arnold\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe ()
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: rfxsrvtray - hkey= - key= - C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - StartUpReg: WPCUMI - hkey= - key= -  File not found
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
MsConfig - State: "bootini" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {44BBF79B-6769-B2F5-0B0E-A0447D813A54} - Themes Setup
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4B9B939A-BC83-BCB9-9C89-606BB584B78F} - Browser Customizations
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B498EA8B-6382-C15C-A32E-23D0F82CE8DC} - Microsoft Windows Media Player 11.0
ActiveX: {B979DE7C-4DEF-3651-1851-C9A5AD308893} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.26 19:01:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Arnold\Desktop\OTL.exe
[2010.11.26 15:32:29 | 000,000,000 | ---D | C] -- C:\Users\Arnold\Desktop\Dezember
[2010.11.25 15:59:19 | 000,000,000 | ---D | C] -- C:\Users\Arnold\Desktop\Neuer Ordner
[2010.11.23 21:48:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\syncdb
[2010.11.23 17:01:10 | 000,000,000 | ---D | C] -- C:\Programme\SolaSoft
[2010.11.23 17:00:08 | 000,000,000 | ---D | C] -- C:\Users\Arnold\AppData\Local\Downloaded Installations
[2010.11.23 16:55:05 | 000,578,560 | ---- | C] (MB-Tech) -- C:\Users\Arnold\Desktop\FastLock.exe
[2010.11.21 17:14:03 | 000,218,240 | ---- | C] (Abelssoft GmbH) -- C:\Windows\System32\drivers\CryptBox.sys
[2010.11.21 17:13:59 | 000,000,000 | ---D | C] -- C:\Users\Arnold\Documents\My Safes
[2010.11.21 17:13:59 | 000,000,000 | ---D | C] -- C:\Users\Arnold\AppData\Roaming\Abelssoft
[2010.11.21 17:13:30 | 000,000,000 | ---D | C] -- C:\Users\Arnold\AppData\Local\Abelssoft
[2010.11.21 17:13:21 | 000,000,000 | ---D | C] -- C:\Programme\CryptBox
[2010.11.21 11:53:35 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2010.11.21 11:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.11.20 11:18:02 | 000,000,000 | ---D | C] -- C:\Nexon
[2010.11.20 11:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU
[2010.11.19 17:05:46 | 000,000,000 | ---D | C] -- C:\Users\Arnold\AppData\Roaming\Scribus
[2010.11.18 18:07:32 | 000,000,000 | ---D | C] -- C:\Users\Arnold\.idlerc
[2010.11.17 15:52:37 | 000,000,000 | ---D | C] -- C:\Users\Arnold\AppData\Local\assembly
[2010.11.15 18:52:19 | 000,000,000 | ---D | C] -- C:\Users\Arnold\AppData\Local\_1_
[2010.11.15 18:26:07 | 000,000,000 | ---D | C] -- C:\Users\Arnold\AppData\Local\TimeShutDown
[2010.11.15 18:24:23 | 000,000,000 | ---D | C] -- C:\Users\Arnold\AppData\Local\nikeee13_Software
[2010.11.15 18:24:20 | 000,000,000 | ---D | C] -- C:\Users\Arnold\AppData\Roaming\nikeee13 Software
[2010.11.13 23:32:13 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010.11.13 23:32:13 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010.11.13 23:32:12 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010.11.13 23:32:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010.11.13 23:32:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010.11.13 23:32:12 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010.11.13 23:32:11 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010.11.13 23:32:11 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010.11.13 23:32:10 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010.11.13 23:32:10 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010.11.13 23:32:09 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010.11.13 23:32:09 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010.11.13 23:32:08 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010.11.13 23:32:08 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010.11.13 23:32:08 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010.11.13 23:32:08 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010.11.13 23:32:07 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010.11.13 23:32:06 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010.11.13 23:32:05 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010.11.13 23:32:05 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010.11.13 23:32:04 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010.11.13 23:32:04 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010.11.13 23:32:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010.11.13 23:32:04 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010.11.13 23:32:03 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010.11.13 23:32:03 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010.11.13 23:32:03 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010.11.13 23:32:02 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010.11.13 23:32:02 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010.11.13 23:32:02 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010.11.13 23:32:01 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010.11.13 23:32:01 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010.11.13 23:32:00 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010.11.13 23:32:00 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010.11.13 23:32:00 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010.11.13 23:32:00 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010.11.13 23:31:59 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010.11.13 23:31:59 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010.11.13 23:31:59 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010.11.13 23:31:58 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010.11.13 23:31:48 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010.11.13 23:31:48 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010.11.13 23:31:48 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010.11.13 23:31:47 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010.11.13 23:31:46 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010.11.13 23:31:44 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010.11.13 23:31:42 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010.11.08 15:41:40 | 000,000,000 | ---D | C] -- C:\Users\Arnold\AppData\Roaming\Transcend
[2010.11.06 11:49:00 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.11.06 09:51:16 | 000,000,000 | ---D | C] -- C:\Users\Arnold\AppData\Roaming\Microsoft Corporation
[2010.11.05 23:49:34 | 000,000,000 | ---D | C] -- C:\Users\Arnold\AppData\Local\Apps
[2010.11.05 23:49:33 | 000,000,000 | ---D | C] -- C:\Users\Arnold\AppData\Local\Deployment
[2010.11.05 22:57:14 | 000,000,000 | ---D | C] -- C:\Users\Arnold\Desktop\Programmierung
[2010.11.01 20:26:38 | 000,000,000 | ---D | C] -- C:\Users\Arnold\Documents\ICQ
[2010.10.31 15:06:01 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2010.10.31 15:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.10.31 15:05:23 | 000,000,000 | ---D | C] -- C:\Users\Arnold\AppData\Roaming\ICQ
[2010.10.31 15:05:20 | 000,000,000 | ---D | C] -- C:\Users\Arnold\AppData\Local\AOL
[2010.10.30 15:38:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Blizzard Entertainment
[2010.10.30 15:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.10.28 21:13:37 | 000,000,000 | ---D | C] -- C:\04f9dd0aecaa27d431cdae811c
[2010.10.27 21:01:59 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.10.27 21:01:59 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.10.27 21:01:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.26 19:07:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{43E7DD6F-99B1-4150-AC7D-A6CB9A6E2E20}.job
[2010.11.26 19:01:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Arnold\Desktop\OTL.exe
[2010.11.26 18:10:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.26 18:10:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.26 18:05:46 | 000,005,833 | ---- | M] () -- C:\Users\Arnold\.recently-used.xbel
[2010.11.26 16:16:41 | 000,027,648 | ---- | M] () -- C:\Users\Arnold\Desktop\Hack-Loader by Domi555 v1.0.0.exe
[2010.11.26 14:11:27 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\CryptBox.job
[2010.11.26 14:10:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.26 14:10:45 | 2010,587,136 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.25 17:36:00 | 000,822,764 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.25 17:36:00 | 000,768,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.25 17:36:00 | 000,171,882 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.25 17:35:59 | 000,206,034 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.25 15:58:17 | 004,195,631 | ---- | M] () -- C:\Users\Arnold\Desktop\FrancYescO D3D WarRock VIP (20.8.1) 18_11_2010.zip
[2010.11.25 14:47:32 | 000,502,272 | ---- | M] () -- C:\Users\Arnold\Desktop\Multi-Tool v1.1.1.exe
[2010.11.24 20:06:32 | 000,025,088 | ---- | M] () -- C:\Users\Arnold\Desktop\bericht_gebrauchsspielwarenmarkt.doc
[2010.11.24 19:41:11 | 000,002,637 | ---- | M] () -- C:\Users\Arnold\Desktop\Microsoft Office Word 2003.lnk
[2010.11.24 14:19:04 | 000,303,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.11.23 16:55:05 | 000,578,560 | ---- | M] (MB-Tech) -- C:\Users\Arnold\Desktop\FastLock.exe
[2010.11.22 19:23:27 | 000,000,357 | ---- | M] () -- C:\Users\Arnold\cryptboxdrives.xml
[2010.11.21 17:26:25 | 000,014,336 | ---- | M] () -- C:\Users\Arnold\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.21 12:07:35 | 000,115,465 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.11.21 12:07:35 | 000,097,545 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.11.21 11:54:21 | 000,001,122 | ---- | M] () -- C:\Users\Arnold\Desktop\Kaspersky Security Suite CBE 10.lnk
[2010.11.17 19:24:20 | 000,218,240 | ---- | M] (Abelssoft GmbH) -- C:\Windows\System32\drivers\CryptBox.sys
[2010.11.13 23:50:05 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.06 17:44:44 | 000,001,272 | ---- | M] () -- C:\Users\Arnold\Desktop\Microsoft Visual Basic 2008 Express Edition.lnk
[2010.11.06 10:46:44 | 000,020,480 | ---- | M] () -- C:\Users\Arnold\Documents\Datenbank.sdf
[2010.11.05 23:01:53 | 000,001,181 | ---- | M] () -- C:\Users\Arnold\Desktop\Microsoft Visual Basic 2010 Express.lnk
[2010.11.05 19:59:48 | 000,000,719 | ---- | M] () -- C:\Users\Arnold\SciTE.session
[2010.10.31 23:30:20 | 012,175,728 | ---- | M] () -- C:\Users\Arnold\Documents\Aline 2010-10-31 23.16.tvs
[2010.10.31 10:29:05 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.10.27 20:51:28 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
 
========== Files Created - No Company Name ==========
 
[2010.11.26 18:05:46 | 000,005,833 | ---- | C] () -- C:\Users\Arnold\.recently-used.xbel
[2010.11.26 16:17:04 | 000,027,648 | ---- | C] () -- C:\Users\Arnold\Desktop\Hack-Loader by Domi555 v1.0.0.exe
[2010.11.25 15:58:03 | 004,195,631 | ---- | C] () -- C:\Users\Arnold\Desktop\FrancYescO D3D WarRock VIP (20.8.1) 18_11_2010.zip
[2010.11.25 14:47:51 | 000,502,272 | ---- | C] () -- C:\Users\Arnold\Desktop\Multi-Tool v1.1.1.exe
[2010.11.24 20:01:58 | 000,025,088 | ---- | C] () -- C:\Users\Arnold\Desktop\bericht_gebrauchsspielwarenmarkt.doc
[2010.11.21 17:22:46 | 000,000,357 | ---- | C] () -- C:\Users\Arnold\cryptboxdrives.xml
[2010.11.21 17:13:30 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\CryptBox.job
[2010.11.21 11:54:28 | 000,115,465 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.11.21 11:54:27 | 000,097,545 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.11.21 11:54:21 | 000,001,122 | ---- | C] () -- C:\Users\Arnold\Desktop\Kaspersky Security Suite CBE 10.lnk
[2010.11.13 23:50:05 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.06 17:44:44 | 000,001,272 | ---- | C] () -- C:\Users\Arnold\Desktop\Microsoft Visual Basic 2008 Express Edition.lnk
[2010.11.06 10:46:30 | 000,020,480 | ---- | C] () -- C:\Users\Arnold\Documents\Datenbank.sdf
[2010.11.05 23:01:53 | 000,001,181 | ---- | C] () -- C:\Users\Arnold\Desktop\Microsoft Visual Basic 2010 Express.lnk
[2010.10.31 23:30:27 | 012,175,728 | ---- | C] () -- C:\Users\Arnold\Documents\Aline 2010-10-31 23.16.tvs
[2010.10.31 10:29:05 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.10.27 20:51:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.10.20 14:15:34 | 000,000,445 | ---- | C] () -- C:\Users\Arnold\AppData\Roaming\Autorun.vbs
[2010.10.20 14:15:33 | 000,000,176 | ---- | C] () -- C:\Users\Arnold\AppData\Roaming\delme.bat
[2010.08.20 11:39:23 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll
[2010.07.31 14:23:15 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2010.07.14 16:06:10 | 000,014,336 | ---- | C] () -- C:\Users\Arnold\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.14 15:15:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\B11gUSB.dll
[2009.11.09 16:37:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.02.20 19:56:14 | 000,000,279 | ---- | C] () -- C:\Windows\ccolwiz.ini
[2009.02.20 19:01:22 | 000,002,216 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.02.13 18:40:50 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.02.13 18:40:45 | 000,025,410 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.02.13 18:13:08 | 000,000,094 | ---- | C] () -- C:\Users\Arnold\AppData\Local\fusioncache.dat
[2009.02.13 18:05:54 | 000,000,680 | ---- | C] () -- C:\Users\Arnold\AppData\Local\d3d9caps.dat
[2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006.12.19 06:22:22 | 000,008,192 | ---- | C] () -- C:\Windows\System32\NmCoInst.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1997.10.18 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997.10.18 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2010.11.21 17:13:59 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Abelssoft
[2010.09.21 14:49:57 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Ambient Design
[2009.02.20 19:01:15 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Ansys
[2010.08.28 21:05:03 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Artisteer
[2010.07.15 08:39:25 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Ashampoo
[2010.07.14 16:48:23 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Autodesk
[2010.08.06 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\CD-LabelPrint
[2010.10.19 16:39:15 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Datarescue
[2010.08.23 21:58:07 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\FileZilla
[2010.11.26 18:05:46 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\gtk-2.0
[2010.11.05 22:58:18 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\ICQ
[2010.09.18 17:06:04 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\inkscape
[2010.11.15 18:24:20 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\nikeee13 Software
[2010.07.14 18:05:46 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\OpenOffice.org
[2009.04.29 16:11:31 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Opera
[2010.08.19 10:08:08 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\PeerNetworking
[2010.11.19 17:12:19 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Scribus
[2010.08.31 17:25:26 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\STRATO
[2010.11.21 10:02:30 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Sysutils_Update
[2010.07.15 20:22:52 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\TeamViewer
[2010.09.22 14:28:49 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Tobit
[2010.11.08 15:41:40 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Transcend
[2010.08.26 22:01:32 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\WindSolutions
[2010.11.26 14:11:27 | 000,000,278 | ---- | M] () -- C:\Windows\Tasks\CryptBox.job
[2010.11.25 22:20:56 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.11.26 19:07:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{43E7DD6F-99B1-4150-AC7D-A6CB9A6E2E20}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.11.21 17:13:59 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Abelssoft
[2010.11.23 21:53:12 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Adobe
[2009.02.20 15:57:29 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\AdobeUM
[2010.09.21 14:49:57 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Ambient Design
[2009.02.20 19:01:15 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Ansys
[2010.08.24 14:45:54 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Apple Computer
[2010.08.28 21:05:03 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Artisteer
[2010.07.15 08:39:25 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Ashampoo
[2010.07.14 16:48:23 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Autodesk
[2010.08.06 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\CD-LabelPrint
[2010.09.17 17:06:40 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\codeblocks
[2010.10.19 16:39:15 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Datarescue
[2010.08.16 11:32:29 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\DivX
[2010.08.23 21:58:07 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\FileZilla
[2010.11.26 18:05:46 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\gtk-2.0
[2010.11.05 22:58:18 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\ICQ
[2009.02.13 18:05:58 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Identities
[2010.09.18 17:06:04 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\inkscape
[2009.02.20 15:40:45 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\InstallShield
[2009.02.20 19:36:10 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Macromedia
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Media Center Programs
[2010.11.16 17:34:55 | 000,000,000 | --SD | M] -- C:\Users\Arnold\AppData\Roaming\Microsoft
[2010.11.06 09:51:16 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Microsoft Corporation
[2010.10.14 18:51:57 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Mozilla
[2010.08.12 13:11:03 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Mozilla-Cache
[2010.11.15 18:24:20 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\nikeee13 Software
[2010.07.14 18:05:46 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\OpenOffice.org
[2009.04.29 16:11:31 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Opera
[2010.08.19 10:08:08 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\PeerNetworking
[2010.11.19 17:12:19 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Scribus
[2010.09.28 13:10:44 | 000,000,000 | RH-D | M] -- C:\Users\Arnold\AppData\Roaming\SecuROM
[2010.11.26 18:57:12 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Skype
[2010.11.26 16:02:23 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\skypePM
[2010.08.15 15:40:25 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\SmartFTP
[2010.08.31 17:25:26 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\STRATO
[2010.11.21 10:02:30 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Sysutils_Update
[2010.07.15 20:22:52 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\TeamViewer
[2010.09.22 14:28:49 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Tobit
[2010.11.08 15:41:40 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Transcend
[2010.11.26 16:37:00 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\Winamp
[2010.08.26 22:01:32 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\WindSolutions
[2009.12.29 10:15:41 | 000,000,000 | ---D | M] -- C:\Users\Arnold\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.08.30 14:46:43 | 000,010,134 | R--- | M] () -- C:\Users\Arnold\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe
[2010.08.30 14:46:43 | 000,000,766 | R--- | M] () -- C:\Users\Arnold\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe
[2010.08.31 17:24:07 | 000,012,862 | R--- | M] () -- C:\Users\Arnold\AppData\Roaming\Microsoft\Installer\{3E00C574-B650-401D-A898-4581AAD6CC74}\_1760DDA0C4C2B29212C110.exe
[2010.08.31 17:24:07 | 000,012,862 | R--- | M] () -- C:\Users\Arnold\AppData\Roaming\Microsoft\Installer\{3E00C574-B650-401D-A898-4581AAD6CC74}\_6FEFF9B68218417F98F549.exe
[2010.08.31 17:24:07 | 000,012,862 | R--- | M] () -- C:\Users\Arnold\AppData\Roaming\Microsoft\Installer\{3E00C574-B650-401D-A898-4581AAD6CC74}\_D5E52E06F99DB6461552D9.exe
[2009.03.28 11:30:52 | 000,010,134 | R--- | M] () -- C:\Users\Arnold\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2009.02.20 18:24:55 | 000,010,134 | R--- | M] () -- C:\Users\Arnold\AppData\Roaming\Microsoft\Installer\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}\ARPPRODUCTICON.exe
[2010.10.26 18:08:03 | 000,316,928 | ---- | M] () -- C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
[2007.06.29 13:23:32 | 000,053,248 | ---- | M] (Prolific Technology Inc.) -- C:\Users\Arnold\AppData\Roaming\Transcend\JFSW2\IoctlSvc.exe
[2010.03.25 09:50:52 | 000,176,128 | ---- | M] () -- C:\Users\Arnold\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe
[2010.03.25 09:50:48 | 000,049,152 | ---- | M] () -- C:\Users\Arnold\AppData\Roaming\Transcend\JFSW2\PLIoctlInstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2006.11.02 10:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\expsrv.dll
[2008.01.21 03:24:11 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< End of report >

--- --- ---

Extras.txt

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 26.11.2010 19:03:13 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Arnold\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 247,31 Gb Total Space | 160,27 Gb Free Space | 64,81% Space Free | Partition Type: NTFS
 
Computer Name: ARNOLD-PC | User Name: Arnold | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-3649066946-1345504760-619247117-1000\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00010255-585B-46C4-BF90-7600BC50C31E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{062ED1E8-34BB-48F5-A3A8-D5025B8ED337}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2B9EC039-26EF-4EBE-A67D-103486685396}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2D57792F-69A5-4875-909C-249791BDFEEA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3485DC32-4B48-4A9F-8CED-5211F2F3AAC9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3533DEAD-59F7-4951-818F-29A43C2BAC22}" = rport=139 | protocol=6 | dir=out | app=system | 
"{59AD9975-D880-444C-9A0C-91E4E7BDB770}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5D2454EB-D830-4F90-A511-0A5E77284DAB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{69E04C4F-B158-490A-B218-EF38BD83280F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{70D8E0BE-25CE-44F3-AB69-1D9CBD125EA3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{83BA3AD9-EC4C-4C4A-B97A-D80B0DF45018}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A0BB3CBF-B582-46A5-A149-E37785C87715}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B8D6BB67-A6B1-495B-B30E-455B17CE308E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{BF18E65B-045D-419E-9867-BB68487E3082}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C2ED8441-E7C0-4C64-A4DA-5B690EF40170}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CAA635B0-721A-45DC-82D3-5F4998920630}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E33B46CB-245D-474D-B9B4-B2190EEB93DD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F379DC54-4347-4ABE-8D8D-38EA1B8E42E0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F74CF4C3-FCC2-43B2-9F53-22C1FF3EFF70}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FBC88904-859E-4411-BECF-1ACAD6BB17E9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FD191885-968D-4ED4-B7A0-72CDA64C3C9B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F303B7-8D98-4003-B509-16CB630A6B53}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{044A3CDF-5AE2-4A36-9581-A6DF992DB394}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0F9318E2-51F3-44BC-8836-7FE10E16AB4D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{124D244F-2163-4E47-BA68-1199DFA6A69D}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{1CC5ADAE-B5B2-4E52-AF30-F68B1A0B0015}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E6F0795-8FC3-4C1A-B300-B9151A06A369}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{20B06801-F2C7-4923-83D7-83B3984829CF}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | 
"{2EC854C7-4C6B-45E0-9FCB-F7CEEAFE5D78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{36FA65ED-32BE-4898-9631-C1DD1D90ACB6}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{49E035FF-F1B9-4F26-BD10-A1D197FBDFCC}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{4A2BE68F-D3C3-4D0D-9E36-E8DEF9F33EAF}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{4BE95A13-81FF-4268-B14B-686095E83658}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{59E3E742-D63C-48EB-B009-B96A89F506CE}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{5EA48C53-EF6B-4006-95D0-0CC16B6F9AAD}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{62E8D2EF-FEBB-4B7D-8E7A-082CF3016871}" = protocol=6 | dir=out | app=system | 
"{6304D635-6FCC-4C7C-AB05-5891AC380497}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{650BF919-DF27-413A-A9C9-720B4BE9C8E6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{65D913EB-629D-419D-9405-59047CB0DC1D}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\blizzard downloader.exe | 
"{6B10287F-2507-4014-9C5A-E8B5D3CACB33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{723669D9-DC0F-4CCE-9AA2-1D8D307255F8}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{73513135-3CCB-4B21-A807-23502F738F81}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{73DD2ACF-A640-4AFB-A625-C923C73D3995}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{7B3F708C-96B6-4369-884D-E81599BCA136}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{7BEA6540-6B97-4F6B-B4F0-6018B8C6D77C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{88E62ED1-6022-4CA8-981B-AA39E17FCA00}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8901E974-C70C-4588-B8A0-4703027CB64A}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | 
"{9EAF0A3F-B9D2-485D-90A2-33925E528F40}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5C6F4AC-2651-4B66-ADC8-7AEF599A207F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{A946F105-AD7C-452D-BD98-01C62ECB6C00}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | 
"{A94EAFA3-E409-40D5-AE51-E26EDE7E6E3A}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{AA4AB164-FE6A-4EE0-9E88-B96DBC9FEB77}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AAC0697C-EC67-403D-B55D-EB4CB6DF201D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB4BD6E4-A31C-4B02-8AFF-FDE30D7D68F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ACC50BFB-67C1-403D-80A0-988F357BABEE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B5FFDC66-449F-43E9-A2A0-9052AAEB2226}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BBCE5DC8-791B-481F-9F6C-249502F21317}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C7D63BB5-38AA-4DAA-A3C2-020A3984B4B3}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | 
"{C93CB59B-FA76-4940-A43A-44BCA2B2F9FE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{CB37B4DC-C0C9-4BD0-A229-19D4DE9D8577}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\blizzard downloader.exe | 
"{D8B8C998-C39A-4B42-84B6-FF8CA69D19D8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D8C10A7E-0289-4708-A148-9C3E3B044483}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{DBCAA085-27F4-4A87-88C5-72C9966C845B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{E78AFE2B-7C28-4F12-98A0-EFC185C3110D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FA9A7817-2B34-46AF-98E3-18DEC644BD8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FE3BC487-9B5A-48E9-BC05-3D314BD436AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{2E12A809-E5DB-4A79-A523-75AB499483C5}C:\users\arnold\appdata\local\virtualstore\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\users\arnold\appdata\local\virtualstore\program files\metin2\metin2client.bin | 
"TCP Query User{470AC019-CA0A-4226-9D09-DA4A88DCF319}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin | 
"TCP Query User{4CBECB4B-B905-4BDD-8929-59DD61EB031D}C:\program files\bittorrent++\bt++.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent++\bt++.exe | 
"TCP Query User{4F5D6453-DD44-442B-8FF3-B70B894FD6F4}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin | 
"TCP Query User{5465DE31-3863-4685-81A7-EC8765680A69}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{56B8E3A1-0197-47E1-9B48-7333568245E2}D:\d-link.exe" = protocol=6 | dir=in | app=d:\d-link.exe | 
"TCP Query User{63193F78-8938-4D14-8288-0E02E52E7AB1}C:\users\arnold\desktop\operausb1063\opera.exe" = protocol=6 | dir=in | app=c:\users\arnold\desktop\operausb1063\opera.exe | 
"TCP Query User{6430EED9-FCC9-4CE5-BBF5-7499090E236B}C:\users\arnold\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\arnold\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{74D0CF8D-02E8-4A6D-85C9-296978359A1F}C:\program files\strato ag\strato hidrive\openvpn\openvpn.exe" = protocol=6 | dir=in | app=c:\program files\strato ag\strato hidrive\openvpn\openvpn.exe | 
"TCP Query User{75D104AC-EF41-482D-9E5B-D8C64DB06E70}C:\program files\strato ag\strato hidrive\openvpn\openvpn.exe" = protocol=6 | dir=in | app=c:\program files\strato ag\strato hidrive\openvpn\openvpn.exe | 
"TCP Query User{76FFF593-8085-4470-9E01-35900FFC200A}C:\users\arnold\desktop\opera\operausb1060\opera.exe" = protocol=6 | dir=in | app=c:\users\arnold\desktop\opera\operausb1060\opera.exe | 
"TCP Query User{8945AB8B-763C-4783-830D-F61D7DD8EDE8}C:\users\arnold\desktop\operausb1060\opera.exe" = protocol=6 | dir=in | app=c:\users\arnold\desktop\operausb1060\opera.exe | 
"TCP Query User{E528082F-3A40-41C0-B925-0A6634D2D22C}D:\d-link.exe" = protocol=6 | dir=in | app=d:\d-link.exe | 
"TCP Query User{E978B53B-0160-4A61-921E-D07D9728706E}C:\users\arnold\desktop\neuer ordner\operausb1060\opera.exe" = protocol=6 | dir=in | app=c:\users\arnold\desktop\neuer ordner\operausb1060\opera.exe | 
"UDP Query User{0536FE4E-3EE6-4A6E-BD4C-734DACB7CF44}C:\users\arnold\appdata\local\virtualstore\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\users\arnold\appdata\local\virtualstore\program files\metin2\metin2client.bin | 
"UDP Query User{18B45CBB-1F55-40A6-A17E-F73164DE397D}D:\d-link.exe" = protocol=17 | dir=in | app=d:\d-link.exe | 
"UDP Query User{1E859255-4673-4C50-98A6-AD8C021A1B89}C:\users\arnold\desktop\neuer ordner\operausb1060\opera.exe" = protocol=17 | dir=in | app=c:\users\arnold\desktop\neuer ordner\operausb1060\opera.exe | 
"UDP Query User{2926C93C-5428-4D14-B9DE-F82BE4843583}C:\users\arnold\desktop\operausb1060\opera.exe" = protocol=17 | dir=in | app=c:\users\arnold\desktop\operausb1060\opera.exe | 
"UDP Query User{2BAA2AB3-4378-41B7-9DBC-AEECD79507B0}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{3EED3464-E0F9-4B66-9662-AD9D429FAB76}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin | 
"UDP Query User{3F3701CA-B287-47F8-8B17-5F138AD0BCA7}C:\program files\bittorrent++\bt++.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent++\bt++.exe | 
"UDP Query User{5F01017D-EBA2-4212-A62D-CF668A90757C}C:\users\arnold\desktop\opera\operausb1060\opera.exe" = protocol=17 | dir=in | app=c:\users\arnold\desktop\opera\operausb1060\opera.exe | 
"UDP Query User{8296CC81-7CCF-402E-A03A-FBF8622679E7}C:\users\arnold\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\arnold\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{9E8016D0-D46F-4E24-AECF-1191F88F7816}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin | 
"UDP Query User{A9ACB6A4-F275-45FC-A89C-8E56B0FE09DA}C:\users\arnold\desktop\operausb1063\opera.exe" = protocol=17 | dir=in | app=c:\users\arnold\desktop\operausb1063\opera.exe | 
"UDP Query User{EC965DF7-CFEE-41B5-89F6-407DA918F57C}D:\d-link.exe" = protocol=17 | dir=in | app=d:\d-link.exe | 
"UDP Query User{ED012AD1-898F-4689-B0EB-181D8B10D562}C:\program files\strato ag\strato hidrive\openvpn\openvpn.exe" = protocol=17 | dir=in | app=c:\program files\strato ag\strato hidrive\openvpn\openvpn.exe | 
"UDP Query User{FBE4EB47-1468-4A41-A2B4-D15ABF38A791}C:\program files\strato ag\strato hidrive\openvpn\openvpn.exe" = protocol=17 | dir=in | app=c:\program files\strato ag\strato hidrive\openvpn\openvpn.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{15A55108-72DD-4CC0-AB89-2B70196AC479}" = AudialsOne
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{30406D09-0004-4CFA-AB4C-12E30D40C960}" = AudialsOne
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{38DFF723-C0B1-44AB-A927-62EDB033908F}" = Belkin 54g USB Network Adapter
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E00C574-B650-401D-A898-4581AAD6CC74}" = STRATO HiDrive
"{426CC7B1-668B-41CB-AFF9-D1E09A67033E}" = NetObjects Fusion 9.1
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{56403FFF-145E-35C5-A090-96598BE57FB8}" = Microsoft Visual Basic 2008 Express Edition - DEU
"{59996900-0E6C-45B7-8C39-C64CB98462E4}" = Microsoft Web Platform Installer 2.0
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis*True*Image*Home
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E9CFEF5-0245-411F-8587-CF83DF9D4B05}" = Microsoft SQL Server 2008 Database Engine Services
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CFAEC66-BA0E-4076-AAA5-2BE29153E6DF}" = Microsoft XML Parser
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"AutoItv3" = AutoIt v3.3.6.1
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"GamersFirst War Rock" = War Rock
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition - DEU" = Microsoft Visual Basic 2008 Express Edition - DEU
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"MosChip Technology" = MosChip Multi-IO Controller
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"phase-6" = phase-6 2.1.2d
"Picasa 3" = Picasa 3
"TeamViewer 5" = TeamViewer 5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3649066946-1345504760-619247117-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

markusg · 26.11.2010, 20:27

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKU\S-1-5-21-3649066946-1345504760-619247117-1000..\Run: [Windows Update] C:\Users\Arnold\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe

:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten.

öffne den arbeitsplatz, c: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.

lade das archiv in unserem upload channel hoch.
http://www.trojaner-board.de/54791-a...ner-board.html

ich sehe true image, wird das auch regelmäßig genutzt?

domi555 · 26.11.2010, 20:49

So, habe das Ding hochgeladen!

True Image : Habe ich früher mal benutzt, macht momentan keine BackUps mehr !

markusg · 26.11.2010, 20:53

warum nicht? du hättest in 5 minuten nen backup zurück spielen können...

download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

domi555 · 26.11.2010, 22:11

Hier ist die Logdatei!

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5194

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

26.11.2010 22:08:43
mbam-log-2010-11-26 (22-08-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 336770
Laufzeit: 57 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\_OTL\MovedFiles\11262010_204104\C_Users\Arnold\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe (Trojan.Dropper) -> No action taken.
C:\Program Files\Common Files\System\Uninstall\Uninstall A360.lnk (Rogue.AV360) -> No action taken.
C:\Users\Arnold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\A360.lnk (Rogue.AntiVirus360) -> No action taken.

markusg · 27.11.2010, 12:00

hast du die funde entfernen lassen?

domi555 · 27.11.2010, 12:42

Nein, glaube ich nicht.
habe nur auf bericht ansehen geklickt..

markusg · 27.11.2010, 12:45

zum glauben gehe bitte in die kirche...
dann eben noch mal scannen und diesmal bitte funde entfernen lassen :-)

domi555 · 27.11.2010, 15:36

oki

Waren das gefährlich Sahcne?

markusg · 27.11.2010, 16:04

nein.
lade den CCleaner slim:
Piriform - Builds
falls der CCleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

domi555 · 27.11.2010, 18:17

so hier die txt

Zitat:

Acronis*True*Image*Home Acronis 08.08.2010 235MB 11.0.8105 notwenig
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 25.08.2010 10.1.82.76 notwenig
Adobe Reader 9.3.4 - Deutsch Adobe Systems Incorporated 24.08.2010 240MB 9.3.4 notwendig
Apple Application Support Apple Inc. 18.08.2010 42,8MB 1.3.0 notwendig
Apple Mobile Device Support Apple Inc. 18.08.2010 19,9MB 3.1.0.62 notwendig
Apple Software Update Apple Inc. 18.08.2010 2,26MB 2.1.2.120 notwendig
Ashampoo Burning Studio 2010 ashampoo GmbH & Co. KG 13.07.2010 77,6MB 9.12 notwendig
AudialsOne RapidSolution Software AG 22.10.2010 358MB 4.2.13600.0 notwendig
AutoIt v3.3.6.1 AutoIt Team 18.10.2010 28,9MB notwendig
Belkin 54g USB Network Adapter 13.07.2010 4,32MB notwendig
Bonjour Apple Inc. 18.08.2010 1,10MB 2.0.2.0 notwendig
CCleaner Piriform 12.11.2010 2,85MB 3.00 notwendig
DivX-Setup DivX, Inc. 15.08.2010 2,12MB 1.0.2.23 unbekannt
ESET Online Scanner v3 26.11.2010 750MB notwendig
GIMP 2.6.10 The GIMP Team 13.09.2010 112,7MB 2.6.10 notwendig
Google Chrome Google Inc. 13.07.2010 115,3MB 5.0.375.99 notwendig
ICQ Toolbar ICQ 26.11.2010 3.0.0 unnötig
ICQ7.2 ICQ 26.11.2010 43,5MB 7.2 notwendig
iTunes Apple Inc. 18.08.2010 161,7MB 9.2.1.5 notwendig
Java(TM) 6 Update 20 Sun Microsystems, Inc. 13.07.2010 97,2MB 6.0.200 notwendig
Kaspersky Security Suite CBE 10 Kaspersky Lab 20.11.2010 36,5MB 9.0.0.747 notwendig
Microsoft .NET Framework 1.1 15.02.2009
Microsoft .NET Framework 1.1 German Language Pack Microsoft 19.02.2009 3,02MB 1.1.4322
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 19.02.2009 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 15.02.2009 37,0MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 04.10.2010 182,9MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 04.10.2010 46,2MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 04.10.2010 46,0MB 4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 04.10.2010 11,7MB 4.0.30319
Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 04.10.2010 83,5MB 4.0.30319
Microsoft Help Viewer 1.0 Microsoft Corporation 04.10.2010 6,09MB 1.0.30319
Microsoft Help Viewer 1.0 Language Pack - DEU Microsoft Corporation 04.10.2010 6,09MB 1.0.30319
Microsoft Office Standard Edition 2003 Microsoft Corporation 11.11.2010 172,3MB 11.0.8173.0
Microsoft Silverlight Microsoft Corporation 29.09.2010 3,14MB 4.0.50917.0
Microsoft SQL Server 2005 Microsoft Corporation 19.02.2009 66,7MB
Microsoft SQL Server 2008 Microsoft Corporation 04.10.2010 600MB
Microsoft SQL Server 2008 Browser Microsoft Corporation 04.10.2010 8,00MB 10.1.2531.0
Microsoft SQL Server 2008 Native Client Microsoft Corporation 04.10.2010 3,24MB 10.1.2531.0
Microsoft SQL Server 2008 R2 Management Objects Microsoft Corporation 04.10.2010 17,1MB 10.50.1447.4
Microsoft SQL Server Compact 3.5 Design Tools DEU Microsoft Corporation 05.11.2010 8,54MB 3.5.5386.0
Microsoft SQL Server Compact 3.5 SP2 DEU Microsoft Corporation 04.10.2010 3,69MB 3.5.8080.0
Microsoft SQL Server Native Client Microsoft Corporation 27.03.2009 2,63MB 9.00.4035.00
Microsoft SQL Server System CLR Types Microsoft Corporation 04.10.2010 2,55MB 10.50.1447.4
Microsoft SQL Server VSS Writer Microsoft Corporation 04.10.2010 1,81MB 10.1.2531.0
Microsoft Visual Basic 2008 Express Edition - DEU Microsoft Corporation 05.11.2010 156,2MB
Microsoft Visual Basic 2010 Express - DEU Microsoft Corporation 04.10.2010 228MB 10.0.30319
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 10.08.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 18.11.2010 0,33MB 8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 14.08.2009 0,19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 11.08.2010 0,23MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 09.04.2009 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13.07.2010 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Corporation 04.10.2010 0,58MB 9.0.30729.4974
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Corporation 04.10.2010 35,4MB 10.0.30319
Microsoft Web Platform Installer 2.0 Microsoft Corporation 05.11.2010 4,08MB 2.1.1
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework Microsoft 18.10.2010 5,62MB 3.5.21022
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 Microsoft Corporation 18.10.2010 2,61MB 6.1.5288.17011
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries Microsoft Corporation 18.10.2010 115,0MB 6.1.5288.17011
Microsoft WSE 2.0 SP3 Runtime Microsoft Corp. 19.02.2009 0,69MB 2.0.5050.0
Microsoft WSE 3.0 Runtime Microsoft Corp. 27.03.2009 0,92MB 3.0.5305.0
MosChip Multi-IO Controller 19.02.2009 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 19.02.2009 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 28.12.2009 1,34MB 4.20.9876.0
MSXML 4.0 SP2 Parser und SDK Microsoft Corporation 19.02.2009 1,24MB 4.20.9818.0
NetObjects Fusion 9.1 19.08.2010 230MB 9.0 notwendig
NVIDIA Drivers 28.12.2009 notwendig
OpenOffice.org 3.2 OpenOffice.org 13.07.2010 379MB 3.2.9502 notwendig
Opera 10.63 Opera Software ASA 30.10.2010 23,3MB 10.63 unnötwendig
Paint.NET v3.5.6 dotPDN LLC 22.11.2010 10,4MB 3.56.0 unnötwendig
Pando Media Booster Pando Networks Inc. 09.10.2010 6,70MB 2.3.3.6 notwendig
PartyPoker PartyGaming 01.08.2010 68,9MB 145 notwendig
Phase 5 HTML-Editor Systemberatung Schommer 29.08.2010 3,72MB 5.6.2.3 notwendig
phase-6 2.1.2d phase-6 27.09.2010 67,4MB 2.1.2d notwendig
Picasa 3 Google, Inc. 10.08.2010 63,7MB 3.6 notwendig
QuickTime Apple Inc. 18.08.2010 73,8MB 7.66.73.0 notwendig
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista Realtek 19.02.2009 0,62MB 1.00.0000 notwendig
Skype Toolbars Skype Technologies S.A. 04.10.2010 5,39MB 1.0.4051 unnötig
Skype™ 4.2 Skype Technologies S.A. 04.10.2010 31,8MB 4.2.187 notwendig
STRATO HiDrive STRATO AG 30.08.2010 3,21MB 1.0.0 notwendig
TeamViewer 5 TeamViewer GmbH 29.07.2010 20,3MB 5.0.8703 notwendig
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 27.03.2009 23,3MB 9.00.4035.00
Unterstützungsdateien für Microsoft SQL Server 2008-Setup Microsoft Corporation 04.10.2010 30,1MB 10.1.2731.0
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU Microsoft Corporation 04.10.2010 11,2MB 4.0.8080.0
War Rock GamersFirst 09.10.2010 2.329MB
WebTablet IE Plugin Wacom Technology Corp. 20.09.2010 1.1.0.4 unbekannt
WebTablet Netscape Plugin Wacom Technology Corp. 20.09.2010 0,75MB 1.1.0.3 unbekannt
Winamp Nullsoft, Inc 13.07.2010 37,8MB 5.581 notwendig
Winamp Erkennungs-Plug-in Nullsoft, Inc 13.07.2010 0,13MB 1.0.0.1 notwendig
Windows Media Player Firefox Plugin Microso ft Corp 14.07.2010 0,29MB 1.0.0.8 notwendig
WinRAR 28.12.2009 3,78MB notwendig

markusg · 27.11.2010, 18:32

Adobe Reader 9.3.4
ersetzen durch:
Adobe - Adobe Reader herunterladen - Alle Versionen

bitte den mcafee security scan nicht mit instalieren.
öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus.
so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden.
unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken.
unter update, auf instalieren stellen.
klicke übernehmen /ok
ich kann dir nicht sagen ob du die chinese suport teile neu instalieren musst für den adobe reader 10

Deinstaliere:
Bonjour wird von 99 % aller user nicht benötigt, kann deinstaliert werden
DivX-Setup
ICQ Toolbar
ICQ7
ist häufig mit werbung, nutze lieber den schlankeren multimessenger miranda fusion
Miranda Fusion
und deinstaliere icq
iTunes
updaten:
Apple - iTunes - iTunes jetzt laden
Microsoft Silverlight
falls du nicht verwendest auch microsoft sql server
Opera ist opera notwendig oder nicht :d
ich persönlich würd nutzen, ist ein sicherer und schneller browser
Paint
Skype Toolbars
öffne skype, update, skype 5 instalieren
web tablett, beide weg.

27.11.2010, 12:00	#9
markusg /// Malware-holic	Viren auf meinem PC hast du die funde entfernen lassen? __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Viren auf meinem PC

Log-Analyse und Auswertung: Viren auf meinem PC