Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Browser werden blockiert ! Bitte um kontrolle des HiJackThis Logs. (https://www.trojaner-board.de/76433-browser-blockiert-bitte-um-kontrolle-hijackthis-logs.html)

Moe1991 15.08.2009 02:41
Browser werden blockiert ! Bitte um kontrolle des HiJackThis Logs.
 
Hallo Profis!

Ich hoffe mein Problem passt in diese Kategorie, wenn nicht bitte ich um entschuldigung.

Wie man sicherlich aus der Überschrift erkennen kann , liegt ein Problem mit meinen Browsern vor.

Ich habe eine Reihe von Foren nach diesem Problem durchsucht. Und bin auf das Programm LSPfix gestoßen. Bevor ich irgendeinen Unsinn mache , wollte ich meinen HiJackThis-Log von euch Auswerten lassen. Vielleicht könnt ihr mir mehr helfen mein Problem zu lösen.

Ich kann mit keinem der installierten Browser (Opera, firebird, IE) mehr auf das Internet zugreifen obwohl eine Verbindung steht. z.B. ping auf gmx.de funktioniert einwandfrei.

Leider sind es nicht nur die Browser die blockiert sind!
Auch die Antivrenprogramme können keine Verbindung zum internet aufbauen.
Dienste von Avira-Antivir lassen sich nicht starten.
Und Spybot Update will auch nicht rauswählen.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:09:25, on 15.08.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~4.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729; MSN OptimizedIE8;DEDE)" -"http://www.habbo.de/client"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - h*tp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - (no file)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - (no file)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - h*tp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\Skype4COM.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8793 bytes

Ich muss sagen , dass ich folgende Zeile sehr auffällig finde:
Zitat:
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
Vielleicht kann mir einer von euch mehr dazu sagen !?

Die Windows Firewall habe ich deaktiviert und nach dem ich das System nach Viren überprüft habe , habe ich auch Avira Antivirus deinstalliert.
Leider haben die Browser trotzdem nicht funktioniert. :heulen:



Ich hoffe , dass ihr mir helfen und meinen Log auswerten könnt.
Ich bin für jede Art von Hilfe dankbar !


Mit freundlichen Grüßen
Moe1991

kira 15.08.2009 22:14
Hallo und Herzlich Willkommen! :)

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:

1.
Lade eines dieser Programme runter: WinsockFix
Lass das ausgewählte Programm auf deinem Rechner laufen, wenn es Probleme mit der Internet-Verbindung gibt.
Danach einfach den Rechner neu starten. Solltest du dich für LSP entscheiden, bitte das Programm laufen lassen, dann ein Häkchen in "I know what I'm doing" setzen, sonst nichts machen, aber auf den Finished Button klicken.

2.
bitte Versteckte - und Systemdateien sichtbar machen::
→ Klicke unter Start auf Arbeitsplatz.
→ Klicke im Menü Extras auf Ordneroptionen.
→ Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden → Haken entfernen
→ Geschützte und Systemdateien ausblenden → Haken entfernen
→ Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen → Haken setzen.
→ Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein.
für Vista User

3.
- Lade dir RSIT - http://filepony.de/download-rsit/:
- an einen Ort deiner Wahl und führe die rsit.exe aus
- wird "Hijackthis" auch von Rsit installiert und ausgeführt
- RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool ccleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

5.
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird Gmer beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

6.
  • lade F-Secure Blacklight in einen neuen Ordner C:\programme\blacklight.
  • schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
  • nichts am Pc machen während der Scan läuft!
  • starte in diesem Ordner fsbl.exe
  • klicke auf "I accept the agreement" → "next" → "Scan"
  • wenn der Scan beendet ist, wähle Close.
  • der Bericht ist fsbl-XXX.log und befindet sich im Blacklight Verzeichnis. (anstelle der XXX stehen Zahlen, die Datum und Uhrzeit enthalten). Den Inhalt dieser Datei bitte posten.
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein log schreibst du:[code]
hier kommt dein logfile rein
→ dahinter:[/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow

Moe1991 16.08.2009 23:06
Hallo Coverflow ,

vielen Dank für deine ausführliche Antwort. :daumenhoc

Ich bin allen Schritten gefolgt. Es folgen die von dir erwarteten Logs:

http://rapidshare.com/files/268170875/Logs.rar.html

Moe1991 16.08.2009 23:08
In der Rapidshare datei befinden sich alle Logs die ich dir besorgen sollte ;)

Moe1991 16.08.2009 23:19
Ich hoffe man darf Links einfach so posten !? :S

kira 16.08.2009 23:52
kopiere bitte alles da rein! wenn auf einmal auch nicht geht, dann aufgeteilt... :)

Moe1991 16.08.2009 23:56
zuerst wollte ich es auch machen ... aber die Logs runterladen ist doch viel einfacher,übersichtlicher und es spart Zeit :)

Wieso dann Posten !?



Aber ich kanns gerne machen , wenn es dir lieber ist

Moe1991 17.08.2009 00:58
1.1.1 RSIT : 1. Teil der Log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by moe at 2009-08-16 02:29:09
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 7 GB (7%) free of 95 GB
Total RAM: 2045 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:29:11, on 16.08.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\moe\Desktop\RSIT.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\moe.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~4.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729; MSN OptimizedIE8;DEDE)" -"http://www.habbo.de/client"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (file missing)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - (no file)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - (no file)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - Amazon.de: Günstige Preise bei Elektronik & Foto, DVD, Musik, Bücher, Games, Spielzeug & mehr (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\Skype4COM.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9259 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Klick-Wartung.job
C:\Windows\tasks\User_Feed_Synchronization-{63DB1AA5-FDE1-4834-B7EF-54CDFCD13B7D}.job
C:\Windows\tasks\User_Feed_Synchronization-{EFF19B53-7D0C-4F72-A3B6-5DA91026BF10}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-12 96936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-26 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-26 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-01-12 607888]
{AD6E6555-FB2C-47D4-8339-3E2965509877} - &TerraTec Home Cinema - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL [2007-11-07 527360]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-29 411192]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-22 438272]
"NDSTray.exe"=NDSTray.exe []
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-03 4702208]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-08 894512]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=TOSCDSPD.EXE []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~4.EXE [2009-01-16 460216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
C:\Program Files\Athan\Athan.exe [2008-08-18 1089536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadCamRun]
C:\Program Files\NCH Software\BroadCam\broadCam.exe -logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EyelineRun]
C:\Program Files\NCH Software\Eyeline\eyeline.exe -logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-03-28 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe /VeohHide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlueSoleil.lnk]
C:\PROGRA~1\IVTCOR~1\BLUESO~1\gprs.exe [2007-12-27 43608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^moe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19fb6e7f-f754-11dc-8e27-001eec01daa0}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23a43b02-eba6-11dc-a63c-001eec01daa0}]
shell\AutoRun\command - D:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{295fd680-6169-11de-8cd5-001167bc5c2d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43224409-e0b5-11dd-a7a0-001167bc5c2d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4544f429-208f-11de-a92a-001167bc5c2d}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b51ef8e-f9c5-11dc-8887-001eec01daa0}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baf534a1-d930-11dd-950d-001167bc5c2d}]
shell\AutoRun\command - G:\Install\Setup.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

Moe1991 17.08.2009 01:02
1.1.2 RSIT : 2. Teil der Log.txt


======List of files/folders created in the last 3 months======

2009-08-16 02:29:09 ----D---- C:\rsit
2009-08-14 23:44:35 ----D---- C:\Program Files\QS
2009-08-14 23:44:14 ----D---- C:\Users\moe\AppData\Roaming\TeamViewer
2009-08-14 23:33:33 ----D---- C:\Program Files\Trend Micro
2009-08-14 03:48:29 ----D---- C:\CBTDATA
2009-08-14 00:46:20 ----A---- C:\Windows\system32\kerberos.dll
2009-08-14 00:46:19 ----A---- C:\Windows\system32\wdigest.dll
2009-08-14 00:46:19 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-14 00:46:18 ----A---- C:\Windows\system32\schannel.dll
2009-08-14 00:46:17 ----A---- C:\Windows\system32\secur32.dll
2009-08-14 00:46:17 ----A---- C:\Windows\system32\lsass.exe
2009-08-14 00:46:17 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-13 00:52:35 ----A---- C:\Windows\system32\atl.dll
2009-08-13 00:52:31 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-13 00:52:26 ----A---- C:\Windows\system32\mstscax.dll
2009-08-13 00:52:22 ----A---- C:\Windows\system32\avifil32.dll
2009-08-13 00:52:14 ----A---- C:\Windows\system32\wmp.dll
2009-08-13 00:52:12 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-13 00:52:11 ----A---- C:\Windows\system32\spwmp.dll
2009-08-13 00:52:11 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-13 00:52:09 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-13 00:23:14 ----A---- C:\Windows\ntbtlog.txt
2009-08-11 01:13:16 ----A---- C:\Windows\system32\tmp.txt
2009-08-11 01:12:48 ----A---- C:\rapport.txt
2009-08-11 01:10:40 ----A---- C:\Windows\system32\o4Patch.exe
2009-08-11 01:10:40 ----A---- C:\Windows\system32\IEDFix.C.exe
2009-08-11 01:10:40 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe
2009-08-11 01:10:40 ----A---- C:\Windows\system32\404Fix.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\WS2Fix.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\VCCLSID.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\VACFix.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\swxcacls.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\swsc.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\swreg.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\SrchSTS.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\Process.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\IEDFix.exe
2009-08-11 01:10:39 ----A---- C:\Windows\system32\dumphive.exe
2009-08-10 15:20:42 ----D---- C:\Windows\planTEK
2009-08-10 15:20:40 ----A---- C:\Windows\system32\MSVCRTD.DLL
2009-08-10 15:20:39 ----A---- C:\Windows\system32\MFC42D.DLL
2009-08-10 15:20:36 ----A---- C:\Windows\system32\AcShlExt.dll
2009-08-10 15:14:11 ----D---- C:\Program Files\BHV
2009-08-09 00:15:34 ----D---- C:\Users\moe\AppData\Roaming\Steinberg
2009-08-08 23:50:14 ----A---- C:\Windows\system32\Synsopos.exe
2009-08-08 23:50:11 ----A---- C:\Windows\system32\SynsoLChk.dll
2009-08-08 23:50:11 ----A---- C:\Windows\system32\SYNSOACC.dll
2009-08-08 23:50:10 ----D---- C:\Program Files\Syncrosoft
2009-08-08 22:30:34 ----A---- C:\Windows\system32\msvcsv60.dll
2009-08-07 13:00:06 ----D---- C:\Program Files\Warcraft III
2009-08-07 00:58:23 ----D---- C:\Users\moe\AppData\Roaming\Malwarebytes
2009-08-07 00:58:17 ----D---- C:\ProgramData\Malwarebytes
2009-08-07 00:58:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-06 20:59:41 ----D---- C:\Warcraft III
2009-08-05 23:36:48 ----D---- C:\Users\moe\AppData\Roaming\Opera
2009-08-05 23:36:35 ----D---- C:\Program Files\Opera
2009-08-01 10:56:43 ----A---- C:\Windows\system32\uxtuneup.dll
2009-07-29 14:20:56 ----A---- C:\Windows\system32\mshtml.dll
2009-07-29 14:20:52 ----A---- C:\Windows\system32\ieframe.dll
2009-07-29 14:20:49 ----A---- C:\Windows\system32\wininet.dll
2009-07-29 14:20:49 ----A---- C:\Windows\system32\urlmon.dll
2009-07-29 14:20:49 ----A---- C:\Windows\system32\occache.dll
2009-07-29 14:20:49 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-29 14:20:49 ----A---- C:\Windows\system32\iertutil.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\msfeedssync.exe
2009-07-29 14:20:48 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-29 14:20:48 ----A---- C:\Windows\system32\ieui.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\iesysprep.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\iesetup.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\iernonce.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\iepeers.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-29 14:20:48 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-24 14:52:28 ----D---- C:\Users\moe\AppData\Roaming\Mozilla
2009-07-23 22:10:40 ----D---- C:\Program Files\7-Zip
2009-07-20 15:50:23 ----D---- C:\Program Files\Common Files\digidesign
2009-07-20 15:48:42 ----D---- C:\Program Files\Native Instruments
2009-07-20 15:26:19 ----D---- C:\Program Files\IK Multimedia
2009-07-14 23:03:12 ----A---- C:\Windows\system32\t2embed.dll
2009-07-14 23:03:12 ----A---- C:\Windows\system32\lpk.dll
2009-07-14 23:03:12 ----A---- C:\Windows\system32\fontsub.dll
2009-07-14 23:03:12 ----A---- C:\Windows\system32\dciman32.dll
2009-07-14 23:03:12 ----A---- C:\Windows\system32\atmfd.dll
2009-07-11 06:19:53 ----A---- C:\Windows\system32\GEARAspi.dll
2009-07-11 06:19:01 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-11 03:19:47 ----D---- C:\ProgramData\KONAMI
2009-07-11 03:05:27 ----D---- C:\Program Files\KONAMI
2009-07-05 16:36:40 ----D---- C:\Windows\system32\eu-ES
2009-07-05 16:36:40 ----D---- C:\Windows\system32\ca-ES
2009-07-05 16:36:34 ----D---- C:\Windows\system32\vi-VN
2009-07-05 16:09:32 ----D---- C:\Windows\system32\EventProviders
2009-07-05 16:07:46 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-07-05 16:07:37 ----A---- C:\Windows\system32\SLCExt.dll
2009-07-05 16:07:36 ----A---- C:\Windows\system32\SLsvc.exe
2009-07-05 16:07:34 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-07-05 16:07:34 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-07-05 16:07:33 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-07-05 16:07:30 ----A---- C:\Windows\system32\mssrch.dll
2009-07-05 16:07:28 ----A---- C:\Windows\system32\tquery.dll
2009-07-05 16:07:26 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-07-05 16:07:25 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-07-05 16:07:24 ----A---- C:\Windows\system32\scavenge.dll
2009-07-05 16:07:24 ----A---- C:\Windows\system32\RMActivate.exe
2009-07-05 16:07:21 ----A---- C:\Windows\system32\msi.dll
2009-07-05 16:07:20 ----A---- C:\Windows\system32\imapi2fs.dll
2009-07-05 16:07:18 ----A---- C:\Windows\system32\WscEapPr.dll
2009-07-05 16:07:18 ----A---- C:\Windows\system32\secproc_isv.dll
2009-07-05 16:07:17 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-07-05 16:07:17 ----A---- C:\Windows\system32\sysmain.dll
2009-07-05 16:07:15 ----A---- C:\Windows\system32\mf.dll
2009-07-05 16:07:15 ----A---- C:\Windows\system32\icardagt.exe
2009-07-05 16:07:14 ----A---- C:\Windows\system32\EhStorShell.dll
2009-07-05 16:07:14 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-07-05 16:07:13 ----A---- C:\Windows\system32\spreview.exe
2009-07-05 16:07:13 ----A---- C:\Windows\system32\spinstall.exe
2009-07-05 16:07:12 ----A---- C:\Windows\system32\drmv2clt.dll
2009-07-05 16:07:10 ----A---- C:\Windows\system32\spwizui.dll
2009-07-05 16:07:10 ----A---- C:\Windows\system32\shell32.dll
2009-07-05 16:07:10 ----A---- C:\Windows\system32\secproc.dll
2009-07-05 16:07:10 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-07-05 16:07:07 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-07-05 16:07:07 ----A---- C:\Windows\system32\p2psvc.dll
2009-07-05 16:07:06 ----A---- C:\Windows\system32\mssvp.dll
2009-07-05 16:07:06 ----A---- C:\Windows\system32\mssphtb.dll
2009-07-05 16:07:06 ----A---- C:\Windows\system32\mssph.dll
2009-07-05 16:07:06 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-07-05 16:07:06 ----A---- C:\Windows\system32\mscoree.dll
2009-07-05 16:07:05 ----A---- C:\Windows\system32\sdohlp.dll
2009-07-05 16:07:05 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-07-05 16:07:05 ----A---- C:\Windows\system32\imapi2.dll
2009-07-05 16:07:05 ----A---- C:\Windows\system32\esent.dll
2009-07-05 16:07:04 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-07-05 16:07:04 ----A---- C:\Windows\system32\DevicePairing.dll
2009-07-05 16:07:03 ----A---- C:\Windows\system32\wevtsvc.dll
2009-07-05 16:07:03 ----A---- C:\Windows\system32\sperror.dll
2009-07-05 16:07:03 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-07-05 16:07:03 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-07-05 16:07:03 ----A---- C:\Windows\system32\korwbrkr.dll
2009-07-05 16:07:02 ----A---- C:\Windows\system32\SLC.dll
2009-07-05 16:07:02 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-07-05 16:07:02 ----A---- C:\Windows\system32\IasMigReader.exe
2009-07-05 16:07:01 ----A---- C:\Windows\system32\msshsq.dll
2009-07-05 16:06:59 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-07-05 16:06:58 ----A---- C:\Windows\system32\msjet40.dll
2009-07-05 16:06:58 ----A---- C:\Windows\system32\MPSSVC.dll
2009-07-05 16:06:57 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-07-05 16:06:57 ----A---- C:\Windows\system32\msxml6.dll
2009-07-05 16:06:56 ----A---- C:\Windows\system32\Query.dll
2009-07-05 16:06:55 ----A---- C:\Windows\system32\qmgr.dll
2009-07-05 16:06:54 ----A---- C:\Windows\system32\msexch40.dll
2009-07-05 16:06:53 ----A---- C:\Windows\system32\P2PGraph.dll
2009-07-05 16:06:53 ----A---- C:\Windows\system32\diagperf.dll
2009-07-05 16:06:52 ----A---- C:\Windows\system32\ole32.dll
2009-07-05 16:06:52 ----A---- C:\Windows\system32\ntdll.dll
2009-07-05 16:06:51 ----A---- C:\Windows\system32\winload.exe
2009-07-05 16:06:51 ----A---- C:\Windows\system32\srchadmin.dll
2009-07-05 16:06:51 ----A---- C:\Windows\system32\msxml3.dll
2009-07-05 16:06:51 ----A---- C:\Windows\system32\mblctr.exe
2009-07-05 16:06:51 ----A---- C:\Windows\system32\EncDec.dll
2009-07-05 16:06:50 ----A---- C:\Windows\system32\uDWM.dll
2009-07-05 16:06:50 ----A---- C:\Windows\system32\riched20.dll
2009-07-05 16:06:50 ----A---- C:\Windows\system32\mmc.exe
2009-07-05 16:06:50 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-07-05 16:06:50 ----A---- C:\Windows\system32\dfsr.exe
2009-07-05 16:06:49 ----A---- C:\Windows\system32\RacEngn.dll
2009-07-05 16:06:49 ----A---- C:\Windows\system32\fdBth.dll
2009-07-05 16:06:47 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-07-05 16:06:47 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-07-05 16:06:47 ----A---- C:\Windows\system32\milcore.dll
2009-07-05 16:06:47 ----A---- C:\Windows\system32\kernel32.dll
2009-07-05 16:06:46 ----A---- C:\Windows\system32\spoolss.dll
2009-07-05 16:06:46 ----A---- C:\Windows\system32\schedsvc.dll
2009-07-05 16:06:46 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-07-05 16:06:46 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-07-05 16:06:46 ----A---- C:\Windows\system32\CertEnroll.dll
2009-07-05 16:06:45 ----A---- C:\Windows\system32\msvcp60.dll
2009-07-05 16:06:45 ----A---- C:\Windows\system32\msjtes40.dll
2009-07-05 16:06:45 ----A---- C:\Windows\system32\gpedit.dll
2009-07-05 16:06:45 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-07-05 16:06:44 ----A---- C:\Windows\system32\infocardapi.dll
2009-07-05 16:06:42 ----A---- C:\Windows\system32\WinSAT.exe
2009-07-05 16:06:41 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-07-05 16:06:41 ----A---- C:\Windows\system32\es.dll
2009-07-05 16:06:40 ----A---- C:\Windows\system32\mstext40.dll
2009-07-05 16:06:40 ----A---- C:\Windows\system32\Magnify.exe
2009-07-05 16:06:40 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-07-05 16:06:40 ----A---- C:\Windows\system32\advapi32.dll
2009-07-05 16:06:39 ----A---- C:\Windows\system32\WMPhoto.dll
2009-07-05 16:06:39 ----A---- C:\Windows\system32\WebClnt.dll
2009-07-05 16:06:39 ----A---- C:\Windows\system32\slwmi.dll
2009-07-05 16:06:39 ----A---- C:\Windows\system32\msexcl40.dll
2009-07-05 16:06:39 ----A---- C:\Windows\system32\comsvcs.dll
2009-07-05 16:06:38 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-07-05 16:06:38 ----A---- C:\Windows\system32\vssapi.dll
2009-07-05 16:06:38 ----A---- C:\Windows\system32\msxbde40.dll
2009-07-05 16:06:37 ----A---- C:\Windows\system32\authui.dll
2009-07-05 16:06:35 ----A---- C:\Windows\system32\PresentationHost.exe
2009-07-05 16:06:35 ----A---- C:\Windows\system32\NetProjW.dll
2009-07-05 16:06:35 ----A---- C:\Windows\system32\msrepl40.dll
2009-07-05 16:06:34 ----A---- C:\Windows\system32\propsys.dll
2009-07-05 16:06:34 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-05 16:06:34 ----A---- C:\Windows\system32\newdev.dll
2009-07-05 16:06:34 ----A---- C:\Windows\system32\iasrecst.dll
2009-07-05 16:06:34 ----A---- C:\Windows\system32\gpsvc.dll
2009-07-05 16:06:34 ----A---- C:\Windows\system32\eudcedit.exe
2009-07-05 16:06:34 ----A---- C:\Windows\system32\crypt32.dll
2009-07-05 16:06:33 ----A---- C:\Windows\system32\setupapi.dll
2009-07-05 16:06:33 ----A---- C:\Windows\system32\rpcss.dll
2009-07-05 16:06:33 ----A---- C:\Windows\system32\mspbde40.dll
2009-07-05 16:06:33 ----A---- C:\Windows\explorer.exe
2009-07-05 16:06:32 ----A---- C:\Windows\system32\shlwapi.dll
2009-07-05 16:06:32 ----A---- C:\Windows\system32\msltus40.dll
2009-07-05 16:06:32 ----A---- C:\Windows\system32\mfc42.dll
2009-07-05 16:06:32 ----A---- C:\Windows\system32\davclnt.dll
2009-07-05 16:06:32 ----A---- C:\Windows\system32\d3d9.dll
2009-07-05 16:06:31 ----A---- C:\Windows\system32\msrd3x40.dll
2009-07-05 16:06:31 ----A---- C:\Windows\system32\msdtctm.dll
2009-07-05 16:06:31 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-07-05 16:06:31 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-07-05 16:06:30 ----A---- C:\Windows\system32\wevtapi.dll
2009-07-05 16:06:30 ----A---- C:\Windows\system32\photowiz.dll
2009-07-05 16:06:30 ----A---- C:\Windows\system32\nlhtml.dll
2009-07-05 16:06:30 ----A---- C:\Windows\system32\browseui.dll
2009-07-05 16:06:28 ----A---- C:\Windows\system32\user32.dll
2009-07-05 16:06:28 ----A---- C:\Windows\system32\samsrv.dll
2009-07-05 16:06:28 ----A---- C:\Windows\system32\ci.dll
2009-07-05 16:06:27 ----A---- C:\Windows\system32\win32spl.dll
2009-07-05 16:06:27 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-07-05 16:06:27 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-07-05 16:06:27 ----A---- C:\Windows\system32\quartz.dll
2009-07-05 16:06:26 ----A---- C:\Windows\system32\winhttp.dll
2009-07-05 16:06:26 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-07-05 16:06:26 ----A---- C:\Windows\system32\oleaut32.dll
2009-07-05 16:06:26 ----A---- C:\Windows\system32\netshell.dll
2009-07-05 16:06:26 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-07-05 16:06:26 ----A---- C:\Windows\system32\compcln.exe
2009-07-05 16:06:26 ----A---- C:\Windows\system32\apds.dll
2009-07-05 16:06:25 ----A---- C:\Windows\system32\xmlfilter.dll
2009-07-05 16:06:25 ----A---- C:\Windows\system32\mswstr10.dll
2009-07-05 16:06:25 ----A---- C:\Windows\system32\msctf.dll
2009-07-05 16:06:25 ----A---- C:\Windows\system32\emdmgmt.dll
2009-07-05 16:06:25 ----A---- C:\Windows\system32\audiosrv.dll
2009-07-05 16:06:24 ----A---- C:\Windows\system32\VSSVC.exe
2009-07-05 16:06:24 ----A---- C:\Windows\system32\SLUI.exe
2009-07-05 16:06:24 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-07-05 16:06:24 ----A---- C:\Windows\system32\msvcrt.dll
2009-07-05 16:06:24 ----A---- C:\Windows\system32\mfc42u.dll
2009-07-05 16:06:24 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-07-05 16:06:24 ----A---- C:\Windows\system32\gdi32.dll
2009-07-05 16:06:24 ----A---- C:\Windows\system32\eapphost.dll
2009-07-05 16:06:23 ----A---- C:\Windows\system32\winresume.exe
2009-07-05 16:06:23 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-07-05 16:06:23 ----A---- C:\Windows\system32\propdefs.dll
2009-07-05 16:06:23 ----A---- C:\Windows\system32\odbc32.dll
2009-07-05 16:06:23 ----A---- C:\Windows\system32\msrd2x40.dll
2009-07-05 16:06:22 ----A---- C:\Windows\system32\shdocvw.dll
2009-07-05 16:06:20 ----A---- C:\Windows\system32\dbgeng.dll
2009-07-05 16:06:19 ----A---- C:\Windows\system32\wevtutil.exe
2009-07-05 16:06:18 ----A---- C:\Windows\system32\mssitlb.dll

Moe1991 17.08.2009 01:05
1.1.3 RSIT: 3. Teil der Log.txt

2009-07-05 16:06:16 ----A---- C:\Windows\system32\WsmSvc.dll
2009-07-05 16:06:16 ----A---- C:\Windows\system32\usp10.dll
2009-07-05 16:06:16 ----A---- C:\Windows\system32\swprv.dll
2009-07-05 16:06:16 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-07-05 16:06:15 ----A---- C:\Windows\system32\vds.exe
2009-07-05 16:06:15 ----A---- C:\Windows\system32\netlogon.dll
2009-07-05 16:06:15 ----A---- C:\Windows\system32\msscb.dll
2009-07-05 16:06:15 ----A---- C:\Windows\system32\msctfp.dll
2009-07-05 16:06:15 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-07-05 16:06:15 ----A---- C:\Windows\system32\drvinst.exe
2009-07-05 16:06:15 ----A---- C:\Windows\system32\devmgr.dll
2009-07-05 16:06:15 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-07-05 16:06:15 ----A---- C:\Windows\system32\BFE.DLL
2009-07-05 16:06:15 ----A---- C:\Windows\system32\adsldpc.dll
2009-07-05 16:06:14 ----A---- C:\Windows\system32\WSDApi.dll
2009-07-05 16:06:14 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-07-05 16:06:14 ----A---- C:\Windows\system32\Wldap32.dll
2009-07-05 16:06:14 ----A---- C:\Windows\system32\wcnwiz.dll
2009-07-05 16:06:14 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-07-05 16:06:14 ----A---- C:\Windows\system32\evr.dll
2009-07-05 16:06:13 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-07-05 16:06:13 ----A---- C:\Windows\system32\wercon.exe
2009-07-05 16:06:13 ----A---- C:\Windows\system32\services.exe
2009-07-05 16:06:12 ----A---- C:\Windows\system32\wcncsvc.dll
2009-07-05 16:06:12 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-07-05 16:06:12 ----A---- C:\Windows\system32\msdrm.dll
2009-07-05 16:06:12 ----A---- C:\Windows\system32\mimefilt.dll
2009-07-05 16:06:12 ----A---- C:\Windows\system32\comdlg32.dll
2009-07-05 16:06:12 ----A---- C:\Windows\system32\certcli.dll
2009-07-05 16:06:12 ----A---- C:\Windows\system32\adtschema.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\taskeng.exe
2009-07-05 16:06:11 ----A---- C:\Windows\system32\rtffilt.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\reg.exe
2009-07-05 16:06:11 ----A---- C:\Windows\system32\mswdat10.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\msjter40.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\msdtcprx.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\dnsapi.dll
2009-07-05 16:06:11 ----A---- C:\Windows\system32\certutil.exe
2009-07-05 16:06:10 ----A---- C:\Windows\system32\w32time.dll
2009-07-05 16:06:10 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-07-05 16:06:10 ----A---- C:\Windows\system32\bcrypt.dll
2009-07-05 16:06:09 ----A---- C:\Windows\system32\rsaenh.dll
2009-07-05 16:06:09 ----A---- C:\Windows\system32\msshooks.dll
2009-07-05 16:06:09 ----A---- C:\Windows\system32\msscntrs.dll
2009-07-05 16:06:09 ----A---- C:\Windows\system32\msihnd.dll
2009-07-05 16:06:09 ----A---- C:\Windows\system32\bthserv.dll
2009-07-05 16:06:08 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-07-05 16:06:08 ----A---- C:\Windows\system32\msstrc.dll
2009-07-05 16:06:08 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\netapi32.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\mtxclu.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\mscories.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\inetpp.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\inetcomm.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\hidserv.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\fundisc.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\dfshim.dll
2009-07-05 16:06:07 ----A---- C:\Windows\system32\cryptsvc.dll
2009-07-05 16:06:06 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-07-05 16:06:06 ----A---- C:\Windows\system32\termsrv.dll
2009-07-05 16:06:06 ----A---- C:\Windows\system32\shsvcs.dll
2009-07-05 16:06:06 ----A---- C:\Windows\system32\profsvc.dll
2009-07-05 16:06:06 ----A---- C:\Windows\system32\msiexec.exe
2009-07-05 16:06:06 ----A---- C:\Windows\system32\imapi.dll
2009-07-05 16:06:06 ----A---- C:\Windows\system32\gameux.dll
2009-07-05 16:06:05 ----A---- C:\Windows\system32\wdc.dll
2009-07-05 16:06:05 ----A---- C:\Windows\system32\rasmans.dll
2009-07-05 16:06:05 ----A---- C:\Windows\system32\iassdo.dll
2009-07-05 16:06:05 ----A---- C:\Windows\system32\chsbrkr.dll
2009-07-05 16:06:04 ----A---- C:\Windows\system32\spoolsv.exe
2009-07-05 16:06:04 ----A---- C:\Windows\system32\pnidui.dll
2009-07-05 16:06:04 ----A---- C:\Windows\system32\icardres.dll
2009-07-05 16:06:04 ----A---- C:\Windows\system32\autofmt.exe
2009-07-05 16:06:03 ----A---- C:\Windows\system32\wersvc.dll
2009-07-05 16:06:03 ----A---- C:\Windows\system32\slmgr.vbs
2009-07-05 16:06:03 ----A---- C:\Windows\system32\scrrun.dll
2009-07-05 16:06:03 ----A---- C:\Windows\system32\PSHED.DLL
2009-07-05 16:06:03 ----A---- C:\Windows\system32\pdh.dll
2009-07-05 16:06:03 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-07-05 16:06:02 ----A---- C:\Windows\system32\wmpmde.dll
2009-07-05 16:06:02 ----A---- C:\Windows\system32\pidgenx.dll
2009-07-05 16:06:02 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-07-05 16:06:02 ----A---- C:\Windows\system32\azroles.dll
2009-07-05 16:06:01 ----A---- C:\Windows\system32\winlogon.exe
2009-07-05 16:06:01 ----A---- C:\Windows\system32\SyncCenter.dll
2009-07-05 16:06:01 ----A---- C:\Windows\system32\SLUINotify.dll
2009-07-05 16:06:01 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-07-05 16:06:01 ----A---- C:\Windows\system32\comuid.dll
2009-07-05 16:06:01 ----A---- C:\Windows\system32\certmgr.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\wisptis.exe
2009-07-05 16:06:00 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\untfs.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\spp.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\sethc.exe
2009-07-05 16:06:00 ----A---- C:\Windows\system32\scrobj.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\rtutils.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\ncrypt.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\kd1394.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\iassam.dll
2009-07-05 16:06:00 ----A---- C:\Windows\system32\dwm.exe
2009-07-05 16:05:59 ----A---- C:\Windows\system32\taskcomp.dll
2009-07-05 16:05:59 ----A---- C:\Windows\system32\autochk.exe
2009-07-05 16:05:58 ----A---- C:\Windows\system32\printui.dll
2009-07-05 16:05:58 ----A---- C:\Windows\system32\iasnap.dll
2009-07-05 16:05:57 ----A---- C:\Windows\system32\winsrv.dll
2009-07-05 16:05:57 ----A---- C:\Windows\system32\onex.dll
2009-07-05 16:05:57 ----A---- C:\Windows\system32\kdcom.dll
2009-07-05 16:05:57 ----A---- C:\Windows\system32\cscript.exe
2009-07-05 16:05:57 ----A---- C:\Windows\system32\basecsp.dll
2009-07-05 16:05:57 ----A---- C:\Windows\system32\autoconv.exe
2009-07-05 16:05:56 ----A---- C:\Windows\system32\wow32.dll
2009-07-05 16:05:56 ----A---- C:\Windows\system32\userenv.dll
2009-07-05 16:05:56 ----A---- C:\Windows\system32\spcmsg.dll
2009-07-05 16:05:56 ----A---- C:\Windows\system32\RelMon.dll
2009-07-05 16:05:56 ----A---- C:\Windows\system32\osk.exe
2009-07-05 16:05:56 ----A---- C:\Windows\system32\mswsock.dll
2009-07-05 16:05:56 ----A---- C:\Windows\system32\kdusb.dll
2009-07-05 16:05:56 ----A---- C:\Windows\system32\audiodg.exe
2009-07-05 16:05:55 ----A---- C:\Windows\system32\WinSCard.dll
2009-07-05 16:05:55 ----A---- C:\Windows\system32\winmm.dll
2009-07-05 16:05:55 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-07-05 16:05:55 ----A---- C:\Windows\system32\rdpencom.dll
2009-07-05 16:05:55 ----A---- C:\Windows\system32\offfilt.dll
2009-07-05 16:05:55 ----A---- C:\Windows\system32\msftedit.dll
2009-07-05 16:05:55 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\wsepno.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\wscript.exe
2009-07-05 16:05:54 ----A---- C:\Windows\system32\wiaservc.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\WerFault.exe
2009-07-05 16:05:54 ----A---- C:\Windows\system32\Utilman.exe
2009-07-05 16:05:54 ----A---- C:\Windows\system32\sysclass.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\stobject.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\SndVol.exe
2009-07-05 16:05:54 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\prnntfy.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\odbccp32.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\msnetobj.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\mscms.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\mfplat.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\mcmde.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\iasdatastore.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\diskraid.exe
2009-07-05 16:05:54 ----A---- C:\Windows\system32\apphelp.dll
2009-07-05 16:05:54 ----A---- C:\Windows\system32\adsmsext.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\wscntfy.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\wlansvc.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\ulib.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\rastapi.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\pnpsetup.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-07-05 16:05:53 ----A---- C:\Windows\system32\fdProxy.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\dsound.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\cryptui.dll
2009-07-05 16:05:53 ----A---- C:\Windows\system32\brcpl.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\wscsvc.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-07-05 16:05:52 ----A---- C:\Windows\system32\wlangpui.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\vdsdyn.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\regsvc.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\rastls.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\rasapi32.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\ntprint.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\netiohlp.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\logman.exe
2009-07-05 16:05:52 ----A---- C:\Windows\system32\iashlpr.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\gpapi.dll
2009-07-05 16:05:52 ----A---- C:\Windows\system32\diskpart.exe
2009-07-05 16:05:51 ----A---- C:\Windows\system32\zipfldr.dll
2009-07-05 16:05:51 ----A---- C:\Windows\system32\wusa.exe
2009-07-05 16:05:51 ----A---- C:\Windows\system32\wshext.dll
2009-07-05 16:05:51 ----A---- C:\Windows\system32\wpccpl.dll
2009-07-05 16:05:51 ----A---- C:\Windows\system32\mscorier.dll
2009-07-05 16:05:51 ----A---- C:\Windows\system32\iasrad.dll
2009-07-05 16:05:51 ----A---- C:\Windows\system32\findstr.exe
2009-07-05 16:05:50 ----A---- C:\Windows\system32\wsnmp32.dll
2009-07-05 16:05:50 ----A---- C:\Windows\system32\wer.dll
2009-07-05 16:05:50 ----A---- C:\Windows\system32\themecpl.dll
2009-07-05 16:05:50 ----A---- C:\Windows\system32\rasdlg.dll
2009-07-05 16:05:50 ----A---- C:\Windows\system32\netcenter.dll
2009-07-05 16:05:50 ----A---- C:\Windows\system32\iassvcs.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\uxsms.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\tsbyuv.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\srvsvc.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\slcc.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\scansetting.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\powrprof.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\powercpl.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\ntmarta.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\networkmap.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\msutb.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\mstsc.exe
2009-07-05 16:05:49 ----A---- C:\Windows\system32\mstlsapi.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\mssprxy.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\iasads.dll
2009-07-05 16:05:49 ----A---- C:\Windows\system32\iasacct.dll
2009-07-05 16:05:48 ----A---- C:\Windows\system32\wlanhlp.dll
2009-07-05 16:05:48 ----A---- C:\Windows\system32\themeui.dll
2009-07-05 16:05:48 ----A---- C:\Windows\system32\systemcpl.dll
2009-07-05 16:05:48 ----A---- C:\Windows\system32\sud.dll
2009-07-05 16:05:48 ----A---- C:\Windows\system32\pcaui.dll
2009-07-05 16:05:48 ----A---- C:\Windows\system32\newdev.exe
2009-07-05 16:05:48 ----A---- C:\Windows\system32\dot3svc.dll
2009-07-05 16:05:48 ----A---- C:\Windows\system32\connect.dll
2009-07-05 16:05:48 ----A---- C:\Windows\system32\authz.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\wlanpref.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\usercpl.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\samlib.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\rpchttp.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\regapi.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\qdvd.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\mmci.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\autoplay.dll
2009-07-05 16:05:47 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\wscisvif.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\wpcao.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\vdsutil.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\tapisrv.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\sdclt.exe
2009-07-05 16:05:46 ----A---- C:\Windows\system32\scksp.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\scesrv.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\rekeywiz.exe
2009-07-05 16:05:46 ----A---- C:\Windows\system32\qedit.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\psisdecd.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\pnpui.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\perfdisk.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\oleprn.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\ncryptui.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\msinfo32.exe
2009-07-05 16:05:46 ----A---- C:\Windows\system32\mpr.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\imm32.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\iaspolcy.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\feclient.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\Faultrep.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\dpapimig.exe
2009-07-05 16:05:46 ----A---- C:\Windows\system32\dot3msm.dll
2009-07-05 16:05:46 ----A---- C:\Windows\system32\DeviceEject.exe
2009-07-05 16:05:46 ----A---- C:\Windows\system32\certreq.exe
2009-07-05 16:05:46 ----A---- C:\Windows\system32\AudioSes.dll
2009-07-05 16:05:45 ----A---- C:\Windows\system32\scecli.dll
2009-07-05 16:05:45 ----A---- C:\Windows\system32\rasgcw.dll
2009-07-05 16:05:45 ----A---- C:\Windows\system32\hdwwiz.exe
2009-07-05 16:05:45 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-07-05 16:05:44 ----A---- C:\Windows\system32\whealogr.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\TSTheme.exe
2009-07-05 16:05:44 ----A---- C:\Windows\system32\tcpmon.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\srcore.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\spwinsat.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\SnippingTool.exe
2009-07-05 16:05:44 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\SCardSvr.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\rasplap.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\raschap.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-07-05 16:05:44 ----A---- C:\Windows\system32\fontext.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\fdWSD.dll
2009-07-05 16:05:44 ----A---- C:\Windows\system32\conime.exe
2009-07-05 16:05:44 ----A---- C:\Windows\system32\cmmon32.exe
2009-07-05 16:05:44 ----A---- C:\Windows\system32\cmdial32.dll
2009-07-05 16:05:43 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-07-05 16:05:43 ----A---- C:\Windows\system32\wlanui.dll
2009-07-05 16:05:43 ----A---- C:\Windows\system32\wiaaut.dll
2009-07-05 16:05:43 ----A---- C:\Windows\system32\rasppp.dll
2009-07-05 16:05:43 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\wlanmsm.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\shwebsvc.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\shsetup.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\rasmontr.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\PnPutil.exe
2009-07-05 16:05:42 ----A---- C:\Windows\system32\oobefldr.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\mscandui.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\modemui.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\dsprop.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\dimsroam.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\dataclen.dll
2009-07-05 16:05:42 ----A---- C:\Windows\system32\chtbrkr.dll
2009-07-05 16:05:41 ----A---- C:\Windows\system32\WSDMon.dll
2009-07-05 16:05:41 ----A---- C:\Windows\system32\wmpeffects.dll
2009-07-05 16:05:41 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-07-05 16:05:41 ----A---- C:\Windows\system32\smss.exe
2009-07-05 16:05:41 ----A---- C:\Windows\system32\rdpwsx.dll
2009-07-05 16:05:41 ----A---- C:\Windows\system32\netplwiz.dll
2009-07-05 16:05:41 ----A---- C:\Windows\system32\credui.dll
2009-07-05 16:05:41 ----A---- C:\Windows\system32\certprop.dll
2009-07-05 16:05:41 ----A---- C:\Windows\system32\blackbox.dll
2009-07-05 16:05:40 ----A---- C:\Windows\system32\wpcsvc.dll
2009-07-05 16:05:40 ----A---- C:\Windows\system32\networkexplorer.dll
2009-07-05 16:05:40 ----A---- C:\Windows\system32\msscp.dll
2009-07-05 16:05:40 ----A---- C:\Windows\system32\logagent.exe
2009-07-05 16:05:40 ----A---- C:\Windows\system32\InkEd.dll
2009-07-05 16:05:40 ----A---- C:\Windows\system32\ifmon.dll
2009-07-05 16:05:40 ----A---- C:\Windows\system32\gpresult.exe
2009-07-05 16:05:40 ----A---- C:\Windows\system32\cipher.exe
2009-07-05 16:05:39 ----A---- C:\Windows\system32\wscapi.dll
2009-07-05 16:05:39 ----A---- C:\Windows\system32\thawbrkr.dll
2009-07-05 16:05:39 ----A---- C:\Windows\system32\softkbd.dll
2009-07-05 16:05:39 ----A---- C:\Windows\system32\sendmail.dll
2009-07-05 16:05:39 ----A---- C:\Windows\system32\msimtf.dll
2009-07-05 16:05:39 ----A---- C:\Windows\system32\msctfui.dll
2009-07-05 16:05:39 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\wshbth.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\version.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\SLLUA.exe
2009-07-05 16:05:38 ----A---- C:\Windows\system32\puiapi.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\olepro32.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\msjint40.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\msisip.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\mprapi.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\input.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\fdSSDP.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\fc.exe
2009-07-05 16:05:38 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\dmusic.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\dmsynth.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\cscapi.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\cdd.dll
2009-07-05 16:05:38 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\wsdchngr.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\Storprop.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\rrinstaller.exe
2009-07-05 16:05:37 ----A---- C:\Windows\system32\rasdial.exe
2009-07-05 16:05:37 ----A---- C:\Windows\system32\rasdiag.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\l2nacp.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\ftp.exe
2009-07-05 16:05:37 ----A---- C:\Windows\system32\fdWCN.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\eapp3hst.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\dot3cfg.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\cscdll.dll
2009-07-05 16:05:37 ----A---- C:\Windows\system32\bthudtask.exe
2009-07-05 16:05:37 ----A---- C:\Windows\system32\bthci.dll
2009-07-05 16:05:36 ----A---- C:\Windows\system32\tscupgrd.exe
2009-07-05 16:05:36 ----A---- C:\Windows\system32\slcinst.dll
2009-07-05 16:05:36 ----A---- C:\Windows\system32\nslookup.exe
2009-07-05 16:05:36 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-07-05 16:05:36 ----A---- C:\Windows\system32\mfps.dll
2009-07-05 16:05:36 ----A---- C:\Windows\system32\ipconfig.exe
2009-07-05 16:05:36 ----A---- C:\Windows\system32\eappcfg.dll
2009-07-05 16:05:36 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-07-05 16:05:36 ----A---- C:\Windows\system32\aaclient.dll
2009-07-05 16:05:35 ----A---- C:\Windows\system32\tsgqec.dll
2009-07-05 16:05:35 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-07-05 16:05:35 ----A---- C:\Windows\system32\ocsetup.exe
2009-07-05 16:05:35 ----A---- C:\Windows\system32\mmcico.dll
2009-07-05 16:05:35 ----A---- C:\Windows\system32\mfpmp.exe
2009-07-05 16:05:35 ----A---- C:\Windows\system32\hbaapi.dll
2009-07-05 16:05:35 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-07-05 16:05:35 ----A---- C:\Windows\system32\fdeploy.dll
2009-07-05 16:05:35 ----A---- C:\Windows\system32\eappgnui.dll
2009-07-05 16:05:34 ----A---- C:\Windows\system32\NcdProp.dll
2009-07-05 16:05:34 ----A---- C:\Windows\system32\iscsilog.dll
2009-07-05 16:05:34 ----A---- C:\Windows\system32\gpupdate.exe
2009-07-05 16:05:34 ----A---- C:\Windows\system32\csrstub.exe
2009-07-05 16:05:34 ----A---- C:\Windows\system32\cbsra.exe
2009-07-05 16:05:34 ----A---- C:\Windows\system32\bitsigd.dll
2009-07-05 16:05:34 ----A---- C:\Windows\system32\atmlib.dll
2009-07-05 16:05:32 ----A---- C:\Windows\system32\vdmdbg.dll
2009-07-05 16:05:32 ----A---- C:\Windows\system32\odbcconf.dll
2009-07-05 16:05:30 ----A---- C:\Windows\system32\winrnr.dll
2009-07-05 16:05:30 ----A---- C:\Windows\system32\slwga.dll
2009-07-05 16:05:30 ----A---- C:\Windows\system32\inetppui.dll
2009-07-05 16:05:29 ----A---- C:\Windows\system32\midimap.dll
2009-07-05 16:05:26 ----A---- C:\Windows\system32\msimsg.dll
2009-07-05 16:05:26 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-07-05 16:05:25 ----A---- C:\Windows\system32\mferror.dll
2009-07-05 16:04:57 ----A---- C:\Windows\system32\SmiEngine.dll
2009-07-05 16:04:49 ----A---- C:\Windows\system32\wdscore.dll
2009-07-05 16:04:49 ----A---- C:\Windows\system32\PkgMgr.exe
2009-07-05 16:04:31 ----A---- C:\Windows\system32\drvstore.dll
2009-07-01 12:21:27 ----A---- C:\Windows\system32\TuneUpDefragService.exe
2009-06-24 16:17:27 ----D---- C:\Counter-Strike Source
2009-06-18 14:24:08 ----D---- C:\Users\moe\AppData\Roaming\AD ON Multimedia
2009-06-18 00:25:32 ----D---- C:\Program Files\EA Sports
2009-06-16 00:49:31 ----D---- C:\Users\moe\AppData\Roaming\GetRightToGo

Moe1991 17.08.2009 01:06
1.1.4 RSIT: 4. Teil der Log.txt


2009-06-14 21:31:15 ----D---- C:\Users\moe\AppData\Roaming\Atari
2009-06-14 03:44:52 ----D---- C:\Program Files\Counter-Strike Source
2009-06-13 00:06:24 ----A---- C:\Windows\entpack.ini
2009-06-12 18:58:58 ----A---- C:\Windows\UniFish3.exe
2009-06-11 00:22:54 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-10 22:57:35 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-10 22:57:30 ----A---- C:\Windows\system32\localspl.dll
2009-06-09 01:34:38 ----D---- C:\Program Files\Xvid
2009-06-09 01:34:38 ----A---- C:\Windows\system32\xvidvfw.dll
2009-06-09 01:34:38 ----A---- C:\Windows\system32\xvidcore.dll
2009-05-27 21:14:10 ----D---- C:\Program Files\Funkyplot
2009-05-19 20:59:37 ----D---- C:\LMD2009

======List of files/folders modified in the last 3 months======

2009-08-16 02:29:11 ----D---- C:\Windows\Prefetch
2009-08-16 02:29:02 ----D---- C:\Windows\Temp
2009-08-16 02:04:21 ----D---- C:\Windows\System32
2009-08-16 02:04:21 ----D---- C:\Windows\inf
2009-08-16 02:04:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-16 00:37:46 ----RD---- C:\Users
2009-08-15 15:19:56 ----D---- C:\Windows
2009-08-15 03:20:37 ----D---- C:\Windows\system32\config
2009-08-15 03:20:32 ----D---- C:\Windows\Tasks
2009-08-15 03:20:32 ----D---- C:\Windows\system32\Tasks
2009-08-15 03:20:32 ----D---- C:\Windows\system32\spool
2009-08-15 03:20:32 ----D---- C:\Windows\system32\Msdtc
2009-08-15 03:20:32 ----D---- C:\Windows\system32\catroot2
2009-08-15 03:20:32 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-08-15 03:20:31 ----D---- C:\Windows\system32\wbem
2009-08-15 03:20:31 ----D---- C:\Windows\registration
2009-08-15 02:36:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-15 01:20:16 ----SHD---- C:\System Volume Information
2009-08-14 23:44:35 ----RD---- C:\Program Files
2009-08-14 13:16:20 ----SHD---- C:\Windows\Installer
2009-08-14 03:58:47 ----D---- C:\Windows\system32\drivers
2009-08-14 03:01:04 ----D---- C:\Windows\winsxs
2009-08-14 00:44:42 ----D---- C:\Windows\system32\catroot
2009-08-13 13:44:16 ----D---- C:\Program Files\Mozilla Firefox
2009-08-13 13:30:26 ----D---- C:\Program Files\Common Files\Apple
2009-08-13 03:04:50 ----D---- C:\Program Files\Windows Media Player
2009-08-12 19:00:41 ----HD---- C:\ProgramData
2009-08-12 18:57:28 ----HD---- C:\Windows\system32\GroupPolicyUsers
2009-08-12 17:50:21 ----SHD---- C:\$Recycle.Bin
2009-08-12 17:44:01 ----D---- C:\ProgramData\McAfee
2009-08-12 17:44:01 ----D---- C:\Program Files\Common Files
2009-08-09 21:56:23 ----D---- C:\Windows\Microsoft.NET
2009-08-09 21:55:33 ----RSD---- C:\Windows\assembly
2009-08-09 20:30:54 ----D---- C:\Windows\ehome
2009-08-09 20:30:26 ----D---- C:\Program Files\Internet Explorer
2009-08-09 19:59:27 ----D---- C:\Windows\system32\CodeIntegrity
2009-08-08 23:49:12 ----D---- C:\Program Files\Steinberg
2009-08-07 13:03:30 ----A---- C:\Windows\War3Unin.exe
2009-08-07 03:05:16 ----D---- C:\Users\moe\AppData\Roaming\Hamachi
2009-07-31 20:10:48 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-31 19:54:08 ----D---- C:\Program Files\DVDVideoSoft
2009-07-31 19:54:07 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-07-31 19:53:51 ----D---- C:\Users\moe\AppData\Roaming\NCH Swift Sound
2009-07-31 19:52:11 ----D---- C:\Program Files\Image-Line
2009-07-31 19:42:50 ----D---- C:\Windows\twain_32
2009-07-31 19:40:23 ----D---- C:\Program Files\DivX
2009-07-31 19:32:59 ----D---- C:\Program Files\NCH Software
2009-07-31 19:32:57 ----D---- C:\Users\moe\AppData\Roaming\NCH Software
2009-07-31 14:25:25 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-31 00:32:22 ----D---- C:\Windows\system32\migration
2009-07-31 00:32:22 ----D---- C:\Windows\system32\de-DE
2009-07-30 21:44:16 ----D---- C:\Windows\system32\LogFiles
2009-07-30 21:03:11 ----HD---- C:\Windows\system32\GroupPolicy
2009-07-30 02:49:14 ----A---- C:\Windows\system32\mrt.exe
2009-07-24 14:44:02 ----SD---- C:\Windows\Downloaded Program Files
2009-07-23 20:19:47 ----RSD---- C:\Windows\Fonts
2009-07-20 15:50:23 ----D---- C:\Program Files\VstPlugins
2009-07-16 22:24:44 ----D---- C:\Windows\Minidump
2009-07-14 11:53:04 ----D---- C:\Users\moe\AppData\Roaming\Toshiba
2009-07-11 06:19:53 ----DC---- C:\Windows\system32\DRVSTORE
2009-07-09 19:09:38 ----D---- C:\Windows\rescache
2009-07-05 16:48:02 ----SHD---- C:\Boot
2009-07-05 16:39:26 ----D---- C:\Program Files\Windows Mail
2009-07-05 16:39:26 ----D---- C:\Program Files\Windows Calendar
2009-07-05 16:39:25 ----D---- C:\Program Files\Movie Maker
2009-07-05 16:39:23 ----D---- C:\Program Files\Windows Sidebar
2009-07-05 16:39:22 ----D---- C:\Program Files\Windows Collaboration
2009-07-05 16:39:21 ----D---- C:\Program Files\Windows Journal
2009-07-05 16:39:19 ----D---- C:\Program Files\Windows Photo Gallery
2009-07-05 16:39:19 ----D---- C:\Program Files\Common Files\System
2009-07-05 16:39:13 ----D---- C:\Windows\servicing
2009-07-05 16:39:13 ----D---- C:\Program Files\Windows Defender
2009-07-05 16:38:45 ----D---- C:\Windows\IME
2009-07-05 16:38:44 ----D---- C:\Windows\system32\XPSViewer
2009-07-05 16:38:44 ----D---- C:\Windows\system32\sk-SK
2009-07-05 16:38:44 ----D---- C:\Windows\system32\lv-LV
2009-07-05 16:38:44 ----D---- C:\Windows\system32\ko-KR
2009-07-05 16:38:44 ----D---- C:\Windows\system32\hr-HR
2009-07-05 16:38:44 ----D---- C:\Windows\system32\et-EE
2009-07-05 16:38:44 ----D---- C:\Windows\system32\en-US
2009-07-05 16:38:44 ----D---- C:\Windows\system32\da-DK
2009-07-05 16:38:37 ----D---- C:\Windows\system32\oobe
2009-07-05 16:38:37 ----D---- C:\Windows\system32\it-IT
2009-07-05 16:38:37 ----D---- C:\Windows\system32\el-GR
2009-07-05 16:38:29 ----D---- C:\Windows\system32\sv-SE
2009-07-05 16:38:29 ----D---- C:\Windows\system32\setup
2009-07-05 16:38:29 ----D---- C:\Windows\system32\ru-RU
2009-07-05 16:38:29 ----D---- C:\Windows\system32\he-IL
2009-07-05 16:38:29 ----D---- C:\Windows\system32\fr-FR
2009-07-05 16:38:29 ----D---- C:\Windows\system32\fi-FI
2009-07-05 16:38:29 ----D---- C:\Windows\system32\AdvancedInstallers
2009-07-05 16:38:28 ----D---- C:\Windows\system32\SLUI
2009-07-05 16:38:28 ----D---- C:\Windows\system32\pt-PT
2009-07-05 16:38:28 ----D---- C:\Windows\system32\hu-HU
2009-07-05 16:38:28 ----D---- C:\Windows\system32\cs-CZ
2009-07-05 16:38:26 ----D---- C:\Windows\system32\zh-CN
2009-07-05 16:38:25 ----D---- C:\Windows\system32\sr-Latn-CS
2009-07-05 16:38:25 ----D---- C:\Windows\system32\sl-SI
2009-07-05 16:38:25 ----D---- C:\Windows\system32\manifeststore
2009-07-05 16:38:25 ----D---- C:\Windows\system32\es-ES
2009-07-05 16:38:24 ----D---- C:\Windows\system32\zh-TW
2009-07-05 16:38:24 ----D---- C:\Windows\system32\uk-UA
2009-07-05 16:38:24 ----D---- C:\Windows\system32\ro-RO
2009-07-05 16:38:24 ----D---- C:\Windows\system32\pl-PL
2009-07-05 16:38:24 ----D---- C:\Windows\system32\ja-JP
2009-07-05 16:38:24 ----D---- C:\Windows\system32\bg-BG
2009-07-05 16:38:22 ----D---- C:\Windows\system32\th-TH
2009-07-05 16:38:21 ----D---- C:\Windows\system32\tr-TR
2009-07-05 16:38:17 ----D---- C:\Windows\system32\nb-NO
2009-07-05 16:38:16 ----D---- C:\Windows\system32\nl-NL
2009-07-05 16:38:16 ----D---- C:\Windows\system32\lt-LT
2009-07-05 16:38:16 ----D---- C:\Windows\system32\ar-SA
2009-07-05 16:38:15 ----D---- C:\Windows\system32\pt-BR
2009-07-05 16:38:15 ----D---- C:\Windows\system32\migwiz
2009-07-05 16:36:50 ----D---- C:\Windows\AppPatch
2009-07-05 16:36:34 ----D---- C:\Windows\system32\Boot
2009-07-05 16:33:25 ----D---- C:\Windows\system32\RTCOM
2009-07-03 22:55:58 ----D---- C:\Program Files\Messenger Plus! Live
2009-07-01 11:29:12 ----D---- C:\ProgramData\Symantec
2009-07-01 11:26:59 ----D---- C:\Windows\Downloaded Installations
2009-06-12 18:52:40 ----D---- C:\Program Files\Google
2009-06-12 11:05:57 ----D---- C:\ProgramData\Google
2009-06-12 10:58:39 ----D---- C:\ProgramData\NCH Software
2009-06-08 15:41:27 ----D---- C:\Windows\Help
2009-06-08 15:41:23 ----HD---- C:\Program Files\Uninstall Information
2009-05-27 22:53:19 ----ASH---- C:\Program Files\desktop.ini
2009-05-27 00:46:41 ----D---- C:\Windows\SoftwareDistribution

Moe1991 17.08.2009 01:08
1.1.5 RSIT: 5. Teil der Log.txt



======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsvsd;cdrbsvsd; C:\Windows\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080603.001\IDSvix86.sys [2008-02-14 261680]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-07-29 919552]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-21 2600960]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-05 1953944]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-01-09 12984]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-05-31 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-01-09 145976]
R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-01-09 40120]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-06-08 187448]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-16 11776]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 61883;61883-Einheitsgerät; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696]
S3 AF15BDA;Cinergy T USB XE (MKII) service; C:\Windows\system32\drivers\AF15BDA.sys [2006-11-20 283776]
S3 ajqvg5ve;ajqvg5ve; C:\Windows\system32\drivers\ajqvg5ve.sys []
S3 Avc;AVC-Gerät; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448]
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 38920]
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 FWLANUSB;AVM FRITZ!WLAN; C:\Windows\system32\DRIVERS\fwlanusb.sys [2006-04-06 264704]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-12-14 25280]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 pohci13F;pohci13F; \??\C:\Users\moe\AppData\Local\Temp\pohci13F.sys []
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 sembbus;SEMC WMC Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sembbus.sys [2008-02-06 260992]
S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM); C:\Windows\system32\DRIVERS\sembcard.sys [2008-02-06 337408]
S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter; C:\Windows\system32\DRIVERS\sembmdfl2.sys [2008-02-06 14976]
S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver; C:\Windows\system32\DRIVERS\sembmdm2.sys [2008-02-06 380672]
S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\sembmgmt.sys [2008-02-06 343680]
S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS); C:\Windows\system32\DRIVERS\sembnd5.sys [2008-02-06 24960]
S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM); C:\Windows\system32\DRIVERS\sembunic.sys [2008-02-06 344064]
S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM); C:\Windows\system32\DRIVERS\sembwwan.sys [2008-02-06 337408]
S3 SEMCReserved;SEMC Reserved Interface; C:\Windows\system32\DRIVERS\semcreserved.sys [2008-02-15 17408]
S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader; C:\Windows\system32\DRIVERS\sesc.sys [2007-08-14 12672]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys []
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-30 27416]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-06-21 606208]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 LexBceS;LexBce Server; C:\Windows\System32\LEXBCES.EXE [2004-01-14 311296]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 NMSAccessU;NMSAccessU; C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 65536]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-04-26 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2008-04-26 107832]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 Start BT in service;Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-06-28 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-03-30 604416]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton Internet Security\isPwdSvc.exe []
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-26 1251720]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-07-01 360704]
S4 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2007-12-27 166520]
S4 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S4 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
S4 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
S4 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]

-----------------EOF-----------------

Moe1991 17.08.2009 01:16
1.2 RSIT : 1.Teil der Info.txt



info.txt logfile of random's system information tool 1.06 2009-08-16 02:29:14

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x7
3D Wunschhaus Architekt Wohnungs-Edition-->E:\\Uninstall.exe
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
ACDSee for PENTAX 3.0-->MsiExec.exe /X{C40FDA46-40CD-46EE-A79D-EA4AE56EA008}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.4 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Athan Basic 3.3-->C:\Windows\iun6002.exe "C:\Program Files\Athan\irunin.ini"
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x7 -removeonly
Audiosurf-->MsiExec.exe /I{6D316D67-DA52-4659-9C98-F479963534D6}
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Bluesoleil2.7.0.13 VoIP Release 071227-->MsiExec.exe /X{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0007
Catalyst Control Center - Branding-->MsiExec.exe /I{22543949-70E8-45D0-A938-F38143EB8BF8}
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0007 -removeonly
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Counter Strike 1.6 Reloaded-->C:\Windows\Counter Strike 1.6 Reloaded Uninstaller.exe
Counter-Strike: Source v17-->C:\Program Files\Counter-Strike Source\Uninstal.exe
Desktop SMS-->MsiExec.exe /I{5980B928-1C95-4B3E-957B-B02D8147FF9E}
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x7
EAX Unified-->C:\Windows\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
Emdedded IR Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{A6D4234C-CB02-4048-AC3E-AD09404FA35A}
FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)-->C:\Program Files\MAGIX\Common\Database\uninstall.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
FL Studio v7.0-->"C:\Program Files\Image-Line\FL Studio 7\unins000.exe"
Free 3GP Video Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free 3GP Video Converter\unins000.exe"
Free Video to iPhone Converter version 2.1-->"C:\Program Files\DVDVideoSoft\Free Video to iPhone Converter\unins000.exe"
Free Video to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
FreeMind-->"C:\Program Files\FreeMind\unins000.exe"
Funkyplot 1.1.0-pre1-->"C:\Program Files\Funkyplot\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Development Kit 6 Update 11-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160110}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
MAGIX Digital Foto Maker SE 4.1.0.835 (D)-->C:\Program Files\MAGIX\DigitalFotoMaker2007_SE\instslct.exe
MAGIX Foto Suite 1.12.0.89 (D)-->C:\Program Files\MAGIX\Foto_Suite\instslct.exe
MAGIX Online Druck Service 2.3.2.0 (D)-->C:\Program Files\MAGIX\Online_Druck_Service\instslct.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Miroslav Philharmonik CE-->C:\Program Files\InstallShield Installation Information\{8ED43CF1-5E56-4D0C-AEB1-A9F9C164B9BC}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Miroslav Philharmonik-->C:\Program Files\InstallShield Installation Information\{BA0D0121-A3BA-487D-9C78-7AB0E676C722}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
myphotobook 3.1-->C:\Program Files\myphotobook\uninst.exe
Native Instruments Pro-53-->C:\PROGRA~1\NATIVE~1\Pro-53\UNWISE.EXE C:\PROGRA~1\NATIVE~1\Pro-53\INSTALL.LOG
Native Instruments Service Center-->C:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG
Nero 7 Demo-->MsiExec.exe /I{C7E1449D-7638-6832-426D-589655951031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netlog 24-->C:\Windows\system32\Netlog24Uninstaller.exe
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Numedia CD-DVD writing as non-admin user-->MsiExec.exe /X{94056AE8-EF0F-45E4-A1B4-D754115F8A28}
OpenOffice.org 2.4-->MsiExec.exe /I{1B14B0C3-2D60-477C-A1FE-B88E60948854}
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rob Papen Albino 3-->C:\Program Files\VstPlugins\UninstalAlbino3.exe
Roll-->C:\Windows\UniFish3.exe E:\Programme\RollerCoaster Tycoon.log
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Sony Ericsson MD300 Wireless Modem-->MsiExec.exe /I{EF4E0DA6-02E0-47BF-9BB6-DC0E83CC6F4C}
Sony Ericsson Wireless Manager 5-->MsiExec.exe /I{37964A88-DAA1-488B-AE88-A5B6DDC6E9A6}
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steinberg Hypersonic 2-->E:\Programme\Hypersonic\unins000.exe
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
Syncrosofts Lizenz Kontrolle-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Technobox CAD6-->C:\Windows\IsUn0407.exe -f"C:\Program Files\Technobox CAD6\CAD6.isu"
TerraTec Home Cinema-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\setup.exe" -l0x7
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0407
Tom Clancy's Rainbow Six Vegas 2-->"C:\Program Files\InstallShield Installation Information\{FD416706-875C-4B0B-A23A-9E740DAE029E}\setup.exe" -runfromtemp -l0x0007 -removeonly
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA Benutzerhandbücher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56995235-B76E-44A6-BA17-8FF13D3F907A}\setup.exe" -l0x7 -removeonly
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0007 uninstall
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0007 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0407
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1031
Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Supervisorkennwort-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1031
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0407
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Family Safety-->MsiExec.exe /X{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}
Windows Live Fotogalerie-->MsiExec.exe /X{119B7481-0216-40D2-A5CC-C3E1F461ECC1}
Windows Live Mail-->MsiExec.exe /I{5A166C0B-9557-4364-A057-F946D674E6AC}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sync-->MsiExec.exe /X{ED636101-1959-4360-8BF7-209436E7DEE4}
Windows Live Toolbar-->MsiExec.exe /X{70B7A167-0B88-445D-A3EA-97C73AA88CAC}
Windows Live Writer-->MsiExec.exe /X{81821BF8-DA20-4F8C-AA87-F70A274828D4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

=====HijackThis Backups=====

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2009-08-15]
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing) [2009-08-15]
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) [2009-08-15]
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - (no file) [2009-08-15]
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing) [2009-08-15]
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-08-15]
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing) [2009-08-15]
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) [2009-08-15]
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - (no file) [2009-08-15]

======Security center information======

AV: Norton Internet Security (disabled) (outdated)
FW: Norton Internet Security (disabled)
AS: Windows-Defender
AS: Norton Internet Security (outdated)

Moe1991 17.08.2009 01:17
1.2.2 RSIT : 2. Teil der Info.txt


=====Application event log=====

Computer Name: moe-PC
Event Code: 101
Message:
Record Number: 11909
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20080601214746.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: moe-PC
Event Code: 101
Message:
Record Number: 11908
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20080601214746.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: moe-PC
Event Code: 902
Message: Der Softwarelizenzierungsdienst wurde gestartet.

Record Number: 11907
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20080601214714.000000-000
Event Type: Informationen
User:

Computer Name: moe-PC
Event Code: 1005
Message: Ergebnis der Inanspruchnahme von Windows-Rechten: hr=0x0

Record Number: 11906
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20080601214712.000000-000
Event Type: Informationen
User:

Computer Name: moe-PC
Event Code: 1003
Message: Softwarelizenzierungsdienst hat die Überprüfung des Lizenzierungsstatus abgeschlossen.
Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f
Lizenzierungsstatus=
{1,[9e042223-03bf-49ae-808f-ff37f128d40d, 8, 0xC004F014,0x0]}

{1,[a4eec485-e375-48b4-8f51-80d13a4086b6, 8, 0xC004F014,0x0]}

{1,[b6795467-dc45-4acf-af87-e948ee3f15f4, 8, 0xC004F014,0x0]}

{1,[bffdc375-bbd5-499d-8ef1-4f37b61c895f, 0, 0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]}

{1,[f3acdd3c-119a-4932-a3d7-0b6f33a1dca9, 8, 0xC004F014,0x0]}

{1,[afd5f68f-b70f-4000-a21d-28dbc8be8b07, 8, 0xC004F014,0x0]}

Record Number: 11905
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20080601214712.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: moe-PC
Event Code: 4907
Message: Die Überwachungseinstellungen für ein Objekt wurden geändert:

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: MOE-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Objekt:
Objektserver: Security
Objekttyp: File
Objektname: C:\Windows\System32\rasctrs.dll
Handle-ID: 0x20

Prozessinformationen:
Prozess-ID: 0x14fc
Prozessname: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe

Überwachungseinstellungen:
Originalsicherheitsbeschreibung:
Neue Sicherheitsbeschreibung: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 27147
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081215210344.911956-000
Event Type: Überwachung erfolgreich
User:

Computer Name: moe-PC
Event Code: 4907
Message: Die Überwachungseinstellungen für ein Objekt wurden geändert:

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: MOE-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Objekt:
Objektserver: Security
Objekttyp: File
Objektname: C:\Windows\System32\certmgr.dll
Handle-ID: 0x20

Prozessinformationen:
Prozess-ID: 0x14fc
Prozessname: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe

Überwachungseinstellungen:
Originalsicherheitsbeschreibung:
Neue Sicherheitsbeschreibung: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 27146
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081215210344.865156-000
Event Type: Überwachung erfolgreich
User:

Computer Name: moe-PC
Event Code: 4907
Message: Die Überwachungseinstellungen für ein Objekt wurden geändert:

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: MOE-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Objekt:
Objektserver: Security
Objekttyp: File
Objektname: C:\Windows\System32\certutil.exe
Handle-ID: 0x20

Prozessinformationen:
Prozess-ID: 0x14fc
Prozessname: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe

Überwachungseinstellungen:
Originalsicherheitsbeschreibung:
Neue Sicherheitsbeschreibung: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 27145
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081215210344.599956-000
Event Type: Überwachung erfolgreich
User:

Computer Name: moe-PC
Event Code: 4907
Message: Die Überwachungseinstellungen für ein Objekt wurden geändert:

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: MOE-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Objekt:
Objektserver: Security
Objekttyp: File
Objektname: C:\Windows\System32\ieakeng.dll
Handle-ID: 0x20

Prozessinformationen:
Prozess-ID: 0x14fc
Prozessname: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe

Überwachungseinstellungen:
Originalsicherheitsbeschreibung:
Neue Sicherheitsbeschreibung: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 27144
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081215210344.506356-000
Event Type: Überwachung erfolgreich
User:

Computer Name: moe-PC
Event Code: 4907
Message: Die Überwachungseinstellungen für ein Objekt wurden geändert:

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: MOE-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Objekt:
Objektserver: Security
Objekttyp: File
Objektname: C:\Windows\System32\kd1394.dll
Handle-ID: 0x20

Prozessinformationen:
Prozess-ID: 0x14fc
Prozessname: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe

Überwachungseinstellungen:
Originalsicherheitsbeschreibung:
Neue Sicherheitsbeschreibung: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 27143
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081215210344.397156-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6802
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------

Moe1991 17.08.2009 01:22
2.1 GMER: 1. Teil der Log.txt


GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-08-16 22:51:00
Windows 6.0.6002 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 87634A18 ZwConnectPort

INT 0x52 ? 86A0DF00
INT 0x52 ? 86A0DF00
INT 0x62 ? 86A0DF00
INT 0x72 ? 86A0DF00
INT 0x81 ? 8508CBF8
INT 0x91 ? 8508CBF8
INT 0xA1 ? 8508CBF8
INT 0xA1 ? 8508CBF8
INT 0xA1 ? 8508CBF8
INT 0xB3 ? 86A0DF00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 1C1 82CBF904 4 Bytes [18, 4A, 63, 87]
? System32\Drivers\spve.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8E1C641B 5 Bytes JMP 86A0D4E0
.text a1klmsmo.SYS 88B8F000 22 Bytes [82, 33, FD, 82, 6C, 32, FD, ...]
.text a1klmsmo.SYS 88B8F017 159 Bytes [00, 32, B7, 30, 83, 3D, B5, ...]
.text a1klmsmo.SYS 88B8F0B7 22 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a1klmsmo.SYS 88B8F0CE 80 Bytes [00, 00, 26, 00, 00, 00, E0, ...]
.text a1klmsmo.SYS 88B8F11F 194 Bytes [7E, 38, 40, 39, 82, 3B, C4, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[576] ADVAPI32.dll!RegOpenKeyExA 75CF7C42 5 Bytes JMP 0009F7BF C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Family Safety Service/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [832026D2] \SystemRoot\System32\Drivers\spve.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [83202040] \SystemRoot\System32\Drivers\spve.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [832027FC] \SystemRoot\System32\Drivers\spve.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [832020BE] \SystemRoot\System32\Drivers\spve.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8320213C] \SystemRoot\System32\Drivers\spve.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [83212048] \SystemRoot\System32\Drivers\spve.sys
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortNotification] F73BFF33
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortCompleteRequest] D1642446
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortMoveMemory] 7E3988B9
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] C7077528
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] D1902846
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 468B88B9
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortReadPortUshort] 244E8B2C
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7468016A
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortInitialize] 500000FA
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF
IAT \SystemRoot\System32\Drivers\a1klmsmo.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73467817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [734BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7346BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7345F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [734675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7345E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73498395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7346DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7345FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7345FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [734571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [734ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7348C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7345D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73456853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7345687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2980] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73462AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85A201F8
Device \FileSystem\fastfat \FatCdrom 86A071F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 8508E1F8
Device \Driver\usbohci \Device\USBPDO-0 869F61F8
Device \Driver\usbohci \Device\USBPDO-1 869F61F8
Device \Driver\usbohci \Device\USBPDO-2 869F61F8
Device \Driver\usbohci \Device\USBPDO-3 869F61F8
Device \Driver\usbohci \Device\USBPDO-4 869F61F8

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbehci \Device\USBPDO-5 869E71F8
Device \Driver\volmgr \Device\HarddiskVolume1 8508E1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8508E1F8
Device \Driver\cdrom \Device\CdRom0 869CF1F8
Device \Driver\volmgr \Device\HarddiskVolume3 8508E1F8
Device \Driver\cdrom \Device\CdRom1 869CF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85A1F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 85A1F1F8
Device \Driver\atapi \Device\Ide\IdePort0 85A1F1F8
Device \Driver\atapi \Device\Ide\IdePort1 85A1F1F8
Device \Driver\atapi \Device\Ide\IdePort2 85A1F1F8
Device \Driver\atapi \Device\Ide\IdePort3 85A1F1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{96A19C1F-9834-4868-A803-63FC30551EFA} 87733500
Device \Driver\volmgr \Device\HarddiskVolume4 8508E1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 87733500
Device \Driver\USBSTOR \Device\00000091 87D861F8
Device \Driver\netbt \Device\NetBT_Tcpip_{E2388F1A-F2FB-4258-BF9D-DACA784A68D1} 87733500
Device \Driver\USBSTOR \Device\00000092 87D861F8
Device \Driver\Smb \Device\NetbiosSmb 87735500
Device \Driver\iScsiPrt \Device\RaidPort0 869EC1F8
Device \Driver\sptd \Device\4224700714 spve.sys

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbohci \Device\USBFDO-0 869F61F8
Device \Driver\PCI_PNP4683 \Device\0000006c spve.sys
Device \Driver\usbohci \Device\USBFDO-1 869F61F8
Device \Driver\usbohci \Device\USBFDO-2 869F61F8
Device \Driver\usbohci \Device\USBFDO-3 869F61F8
Device \Driver\usbohci \Device\USBFDO-4 869F61F8
Device \Driver\usbehci \Device\USBFDO-5 869E71F8
Device \Driver\a1klmsmo \Device\Scsi\a1klmsmo1Port5Path0Target0Lun0 86B881F8
Device \Driver\a1klmsmo \Device\Scsi\a1klmsmo1 86B881F8
Device \FileSystem\fastfat \Fat 86A071F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 989F14B8

Moe1991 17.08.2009 01:26
2.2 GMER: 2. Teil der Log.txt



---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167bc5c2d
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167bc5c2d@0015b9528d75 0xB8 0x3C 0x22 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0xDF 0x4E 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x57 0x82 0x63 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x57 0x96 0x44 0xC9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x78 0x4A 0x0B 0x4F ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001167bc5c2d
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001167bc5c2d@0015b9528d75 0xB8 0x3C 0x22 0xCD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0xDF 0x4E 0x54 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x57 0x82 0x63 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x57 0x96 0x44 0xC9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x78 0x4A 0x0B 0x4F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9441FF82-03EF-259E-FF50-928F70193367}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9441FF82-03EF-259E-FF50-928F70193367}@naodmcpfnmdbjgjefajcjgflpcba 0x6B 0x61 0x6D 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9441FF82-03EF-259E-FF50-928F70193367}@oaaegmlhoeakggnnooeacdadpfhgmj 0x6B 0x61 0x6D 0x62 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\LogFiles\Scm\SCM.EVM (size mismatch) 360448/294912 bytes
File C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl (size mismatch) 20480/4096 bytes
File C:\Windows\System32\wfp\wfpdiag.etl (size mismatch) 65536/0 bytes

---- EOF - GMER 1.0.15 ----

Moe1991 17.08.2009 01:27
3. Installierte Programme


7-Zip 4.65 22.07.2009 3,13MB
ACDSee for PENTAX 3.0 ACD Systems Ltd. 23.09.2008 57,7MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 19.03.2009
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 23.03.2009
Adobe Reader 8.1.4 - Deutsch Adobe Systems Incorporated 22.03.2009 99,8MB
Adobe Shockwave Player 11 Adobe Systems, Inc. 19.03.2009
Athan Basic 3.3 26.03.2008 17,3MB
Atheros Driver Installation Program Atheros 26.08.2007 4,00KB
ATI Catalyst Install Manager ATI Technologies, Inc. 07.03.2008 13,8MB
Audiosurf BestGameEver 16.03.2009 362,5MB
Bluesoleil2.7.0.13 VoIP Release 071227 IVT Corporation 21.10.2008 13,5MB
Bluetooth Stack for Windows by Toshiba 26.08.2007 56,4MB
Bonjour Apple Inc. 12.02.2009 0,49MB
Camera Assistant Software for Toshiba Chicony Electronics Co.,Ltd. 26.08.2007 62,8MB
Catalyst Control Center - Branding ATI 05.03.2008 0,41MB
CCleaner (remove only) Piriform 15.08.2009 2,63MB
CD/DVD Drive Acoustic Silencer TOSHIBA 26.08.2007 0,57MB
CloneCD SlySoft 23.03.2008 5,20MB
Collab Image-Line bvba 11.01.2009 1,87MB
Counter Strike 1.6 Reloaded The Reloaded Team 12.12.2008 600,1MB
Counter-Strike: Source v17 26.06.2009 3.759,7MB
Desktop SMS IDM 26.08.2007 15,2MB
DivX Player DivX, Inc. 10.06.2009 51,3MB
DivX Plus DirectShow Filters DivX, Inc. 10.06.2009 1,58MB
DivX Web Player DivX,Inc. 10.06.2009 51,3MB
DVD MovieFactory for TOSHIBA Ulead Systems, Inc. 05.03.2008 251,4MB
EAX Unified 05.03.2008 8,00KB
Emdedded IR Driver Compal Electronics, Inc. 26.08.2007 0,89MB
FIFA 09 Electronic Arts 26.02.2009 1.539,5MB
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) MAGIX AG 26.08.2007 6,34MB
FL Studio 8 Image-Line bvba 11.01.2009 254,8MB
FL Studio v7.0 AiR, Inc. 07.06.2008 1.115,0MB
Free 3GP Video Converter version 3.1 DVD Video Soft Limited. 22.10.2008 5,65MB
Free Video to iPhone Converter version 2.1 DVD Video Soft Limited. 18.02.2009 5,57MB
Free Video to Mp3 Converter version 3.1 DVD Video Soft Limited. 18.02.2009 2,31MB
FreeMind 28.05.2008 13,4MB
Funkyplot 1.1.0-pre1 LOGICIEL 26.05.2009 19,9MB
Google Earth Google 30.07.2008 25,3MB
Hamachi 1.0.3.0 13.12.2008 0,84MB
HijackThis 2.0.2 TrendMicro 13.08.2009 0,39MB
IL Download Manager Image-Line bvba 11.01.2009 2,90MB
Java DB 10.4.1.3 Sun Microsystems, Inc 17.02.2009 28,0MB
Java(TM) 6 Update 11 Sun Microsystems, Inc. 25.01.2009 94,4MB
Java(TM) 6 Update 5 Sun Microsystems, Inc. 05.03.2008 163,7MB
Java(TM) SE Development Kit 6 Update 11 Sun Microsystems, Inc. 17.02.2009 131,5MB
Java(TM) SE Runtime Environment 6 Sun Microsystems, Inc. 26.08.2007 114,6MB
LiveUpdate Notice (Symantec Corporation) Symantec Corporation 30.05.2008 7,59MB
MAGIX Digital Foto Maker SE 4.1.0.835 (D) MAGIX AG 26.08.2007 239,7MB
MAGIX Foto Suite 1.12.0.89 (D) MAGIX AG 26.08.2007 122,4MB
MAGIX Online Druck Service 2.3.2.0 (D) MAGIX AG 26.08.2007 9,35MB
Malwarebytes' Anti-Malware Malwarebytes Corporation 06.08.2009 3,50MB
Messenger Plus! Live Patchou 02.07.2009 12,1MB
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 23.07.2009 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 23.07.2009 37,0MB
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 26.01.2009 28,4MB
Microsoft Office Live Add-in 1.3 Microsoft Corporation 02.02.2009 0,48MB
Microsoft Office XP Professional mit FrontPage Microsoft Corporation 10.06.2009 270,7MB
Microsoft Silverlight Microsoft Corporation 30.07.2009 11,8MB
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 02.02.2009 1,74MB
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 20.02.2009 0,61MB
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 20.02.2009 1,45MB
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 27.08.2007 2,38MB
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 28.07.2009 0,19MB
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 26.06.2009 0,58MB
Miroslav Philharmonik IK Multimedia 19.07.2009 146,8MB
Miroslav Philharmonik CE IK Multimedia 19.07.2009 1.512,9MB
MobileMe Control Panel Apple Inc. 10.07.2009 6,78MB
Mozilla Firefox (3.5.1) Mozilla 23.07.2009 34,1MB
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 26.08.2007 1,25MB
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 07.03.2008 1,27MB
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11.11.2008 1,28MB
myphotobook 3.1 myphotobook 05.03.2008 16,9MB
Native Instruments Pro-53 19.07.2009 43,6MB
Native Instruments Service Center 19.07.2009 18,6MB
Nero 7 Demo Nero AG 22.03.2008 275,4MB
Netlog 24 13.08.2008
Norton Internet Security (Symantec Corporation) Symantec Corporation 05.03.2008
Numedia CD-DVD writing as non-admin user H&M System Software GmbH 30.07.2008 48,00KB
OpenOffice.org 2.4 OpenOffice.org 28.05.2008 327,9MB
PoiZone Image-Line bvba 11.01.2009 9,15MB
Pro Evolution Soccer 2009 KONAMI 10.07.2009 3.406,8MB
Project64 1.6 Project64 29.09.2008 3,47MB
PunkBuster Services Even Balance, Inc. 25.04.2008
RealPlayer 27.03.2008 33,8MB
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Realtek 26.08.2007 4,59MB
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 18.09.2007 15,4MB
Rob Papen Albino 3 31.01.2009 35,2MB
Roll 11.06.2009
Sony Ericsson MD300 Wireless Modem Sony Ericsson 06.01.2009 2,41MB
Sony Ericsson Wireless Manager 5 Sony Ericsson 06.01.2009 17,9MB
Sony USB Driver 29.08.2008 1,41MB
Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 03.12.2008 32,5MB
Spybot - Search & Destroy Safer Networking Limited 14.08.2009 34,8MB
Steinberg Hypersonic 2 Steinberg Media Technologies GmbH. 07.08.2009 10,0MB
Synaptics Pointing Device Driver Synaptics 05.03.2008 13,4MB
SyncroSoft Emu (Remove only) 07.08.2009 10,5MB
Syncrosofts Lizenz Kontrolle SIA Syncrosoft 07.08.2009 10,5MB
Technobox CAD6 01.09.2008 86,2MB
TerraTec Home Cinema 16.06.2008 124,6MB
Texas Instruments PCIxx21/x515/xx12 drivers. Ihr Firmenname 26.08.2007 0,94MB
Tom Clancy's Rainbow Six Vegas 2 Ubisoft 26.01.2009 4,98MB
TOSHIBA Assist TOSHIBA 26.08.2007 1,16MB
TOSHIBA Benutzerhandbücher TOSHIBA 26.08.2007 6,43MB
TOSHIBA ConfigFree TOSHIBA 26.08.2007 39,6MB
TOSHIBA Disc Creator TOSHIBA Corporation 26.08.2007 9,68MB
TOSHIBA DVD PLAYER TOSHIBA Corporation 05.03.2008 20,3MB
TOSHIBA Extended Tiles for Windows Mobility Center Toshiba 26.08.2007 1,28MB
TOSHIBA Flash Cards Support Utility TOSHIBA 26.08.2007
TOSHIBA Hardware Setup TOSHIBA 26.08.2007
Toshiba Online Product Information TOSHIBA 26.08.2007 5,51MB
TOSHIBA SD Memory Utilities TOSHIBA 26.08.2007 1,61MB
TOSHIBA Software Modem Agere Systems 26.08.2007
TOSHIBA Supervisorkennwort TOSHIBA 26.08.2007
TOSHIBA Value Added Package TOSHIBA Corporation 26.08.2007 48,00KB
TuneUp Utilities 2009 TuneUp Software 29.03.2009 44,8MB
Uninstall 1.0.0.1 04.07.2009 17,3MB
VideoLAN VLC media player 0.8.6e VideoLAN Team 27.03.2008 32,6MB
Warcraft III 20.03.2008 593,7MB
Winamp Nullsoft, Inc 27.03.2008 27,9MB
Windows Live Anmelde-Assistent Microsoft Corporation 20.02.2009 1,93MB
Windows Live Essentials Microsoft Corporation 20.02.2009 144,3MB
Windows Live OneCare safety scanner Microsoft Corporation 24.03.2008 23,2MB
Windows Live Sync Microsoft Corporation 20.02.2009 2,80MB
Windows Live-Uploadtool Microsoft Corporation 02.02.2009 0,22MB
Windows Media Encoder 9-Reihe 26.08.2007 13,7MB
WinRAR archiver 23.03.2008 2,74MB
Xvid 1.2.1 final uninstall Xvid team (Koepi) 16.06.2009 0,78MB

Moe1991 17.08.2009 01:28
4. F-Secure Blacklight Log.txt



08/16/09 23:05:29 [Info]: BlackLight Engine 1.0.67 initialized
08/16/09 23:05:29 [Info]: OS: 6.0 build 6002 (Service Pack 2)
08/16/09 23:05:29 [Note]: 7019 4
08/16/09 23:05:29 [Note]: 7005 0
08/16/09 23:05:31 [Note]: 7006 0
08/16/09 23:05:31 [Note]: 7027 0
08/16/09 23:05:32 [Note]: 7026 0
08/16/09 23:05:32 [Note]: 7026 0
08/16/09 23:05:34 [Note]: FSRAW library version 1.7.1024
08/16/09 23:06:35 [Note]: 2000 1012
08/16/09 23:11:30 [Note]: 7007 0

Moe1991 17.08.2009 01:33
Ne kleine Übersicht der unglaublich langen Beiträge :)



4. F-Secure Blacklight Log.txt

3. Installierte Programme

2.2 GMER: 2. Teil der Log.txt
2.1 GMER: 1. Teil der Log.txt

1.2.2 RSIT : 2. Teil der Info.txt
1.2 RSIT : 1.Teil der Info.txt

1.1.5 RSIT: 5. Teil der Log.txt
1.1.4 RSIT: 4. Teil der Log.txt
1.1.3 RSIT: 3. Teil der Log.txt
1.1.2 RSIT : 2. Teil der Log.txt
1.1.1 RSIT : 1. Teil der Log.txt

kira 17.08.2009 21:10
hi

1.
deinstalliere:
`Systemsteuerung -->Software -->Ändern/Entfernen...`

Code:
Bonjour Apple Inc.
Messenger Plus! Live
- Bonjour wird von Apple (mit Quicktime, Photoshop und iTunes) wird ungefragt mitinstalliert :rolleyes:
*Wikipedia/Bonjour*
*marijan-kelava.com*
*Unerwartetes Verhalten des iPod, wenn Windows den iPod mit einem Netzwerklaufwerk verwechselt*

- Messenger Plus! Live
Bei der Installation sollte man immer `mitlesen` und Sponsoren-Programm, Toolbars etc abwählen, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte ;)

2.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ Einträge auswählen→ Häckhen setzen→ "Fix checked"klicken→ PC neu aufstarten):
Zitat:
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~4.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729; MSN OptimizedIE8;DEDE)" -"http://www.habbo.de/client"
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (file missing)
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - (no file)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - (no file)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - Amazon.de: Günstige Preise bei Elektronik & Foto, DVD, Musik, Bücher, Games, Spielzeug & mehr (file missing)
3.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Java aktualisieren `Start→ Systemsteuereung→ Java→ Aktualisierung...
danach alte Version deinstallieren
`Systemsteuerung → Software → Ändern/Entfernen...`

Adobe Reader: sehe nach, ob neuere Versionen vorhanden sind

4.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Den kompletten Rechner zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online - Scanner - wähle "My Computer" aus:
im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- speichere die Ergebnis als *.txt Datei und poste das Logfile des Scans

6.
poste erneut:
Trend Micro HijackThis-Logfile

also nochmal bitte:
Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du:[code]
hier kommt dein Logfile rein
→ dahinter:[/code]

Moe1991 18.08.2009 22:36
Hallo ,

Ich hab das Problem beheben können :D:D:D:D

Norton Internet Security (NIS) war an all dem Schlamassel Schuld !

Bisher habe ich immer versucht Norton ganz normal zu deinstallieren. Dies war jedoch immer Erfolglos. Als ich dann mit dem Norton Removal Tool versucht habe NIS zu deinstallieren , funktionierte es reibungslos !!

Ich startete den PC neu... und sie einer an : der Browser öffnet wieder Websites :taenzer:

Problem also gelöst :party:


Ich bin bedanke mich sehr für deine Bemühungen und Hilfe Coverflow ! :daumenhoc



PS:
Zitat:
also nochmal bitte:
Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du:
Code:
hier kommt dein Logfile rein
→ dahinter:
Sorry, das muss ich irgendwie übersehen haben !

kira 18.08.2009 23:49
hi

- trotzdem empfehle ich Dir die Punkte abarbeiten: -> http://www.trojaner-board.de/76433-b...tml#post457215
auch Messenger Plus! Live...deinstallieren!:
Zitat:
Der Messenger Plus enthält einige Komponenten, die deinen Rechner ausspionieren (Trojaner) deshalb wird von diesem Programm abgeraten.Du musst messenger plus Deinstallieren, achte aber darauf, ob da etwas beim Deinstallieren mit da steht, wie "Partnerprogramme entfernen"!
Wenn du unbedingt möchtest (es ist besser ein Spy- und Adware freies Messenger Tool einzusetzen - wie Trillian,kann man in der Basisversion von Trillian die Instant Messenger ICQ, AIM, Yahoo! Messenger, Windows Live Messenger (MSN) und IRC vereinen) oder Miranda ),kannst du nochmal installieren,aber alles genau durchlesen, und Partnerprogrammen,Sponsoren etc musst du abwählen!
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
also deinstallieren

- also Norton verlangsammt das System gewaltig, aber wegen IE klingt nicht ganz als Verursacher...ausser mit die Konfiguration etwas nicht in Ordnung war
Ob Du jetzt ein andere Antivirenprogramm installiert hast ?

Moe1991 27.08.2009 16:08
Ja ich hab wieder ein Antivirusprogramm installiert. Funktioniert wieder alles :daumenhoc
Den Messenger Plus hab ich auch schon deinstalliert. Dass Messenger Plus den PC ausspioniert, davon habe ich noch nie gehört... Woher weißt du , dass es ein "Trojaner" ist ( wenn man das Trojaner nennen kann)

kira 28.08.2009 00:57
heißt das: Kostenlos (Adware )
Wer diesen Messenger downloaden möchte, der sei jedoch vorgewarnt. Beim akzeptieren aller Fragen wird Ad-Aware, Spybot oder ein anderes Tool Alarm schlagen, denn während der Installation wird mal eben nachgefragt, ob man das Sponsor-Programm auch haben möchte. Dies dient der Unterstützung des Entwicklers. Wer sich für: "Ich möchte Messenger Plus! nicht unterstützen, Installation ohne Sponsor" entscheidet, dem entstehen keine Nachteile, das Programm wird dann aber ohne die lästige Werbe-Software installiert!
Messenger Plus! finanziert sich über eine Adware -Komponente, die Sie jedoch von der Installation ausschließen können.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:35 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131