Trojaner-Board - 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - 2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google (https://www.trojaner-board.de/101737-2-probleme-automatisches-offnen-ies-weiterleitung-google.html)

2 Probleme: Automatisches Öffnen des IEs und Weiterleitung bei Google

Hey,
ich habe 2 Probleme

1.) Es öffnet sich alle paar Minuten automatisch der Internet Explorer und es wird eine Fehlermeldung angezeigt,dass er nicht geöffnet werden kann.

2.) Wenn ich manche Seiten auf der Suchergebnisseite bei Google anklicke lande ich auf einer Spamseite bzw. werde zu einer weitergeleitet

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems

Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

Zitat:

Malware versucht die Arbeit mit dem Computer zu erschweren: z.B. wenn Du auf von mir angegebenen Link klickst, kann es sein, dass Du dann automatisch auf eine gefälschte Seite weitergeleitet wirst.
In diesem Fall bitte möglichst sofortige Rückmeldung!

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird Gmer beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung/virus-protect.org

3.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

4.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

5.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

DER OTL-Scan:
OTL Logfile:

Code:

OTL logfile created on: 27.07.2011 16:56:33 - Run 1

OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Rapho\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,42 Gb Available Physical Memory | 21,33% Memory free

4,21 Gb Paging File | 1,40 Gb Available in Paging File | 33,18% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 143,95 Gb Total Space | 48,04 Gb Free Space | 33,37% Space Free | Partition Type: NTFS

 

Computer Name: RAPHO-PC | User Name: Rapho | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Rapho\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)

PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)

PRC - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)

PRC - C:\Programme\Tobit Radio.fx\Client\rfx-client.exe (Tobit.Software)

PRC - C:\Programme\Tobit Radio.fx\Server\rfx-server.exe ()

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Programme\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)

PRC - C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)

PRC - C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)

PRC - C:\Programme\M-Audio\Xponent\MAUSBXPInst.exe (Avid Technology, Inc.)

PRC - C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe (Lenovo Group Limited)

PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)

PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)

PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)

PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)

PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)

PRC - C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo)

PRC - C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)

PRC - C:\Programme\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)

PRC - C:\Programme\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Programme\Lenovo\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Programme\Lenovo\PM Driver\PMSveH.exe (Lenovo)

PRC - C:\Programme\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.)

PRC - C:\Programme\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)

PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe ()

PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)

PRC - C:\Programme\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)

PRC - C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Rapho\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

MOD - C:\Programme\Mindjet\MindManager 9\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)

SRV - (Radio.fx) -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe ()

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MAudioXponentService) -- C:\Programme\M-Audio\Xponent\MAUSBXPInst.exe (Avid Technology, Inc.)

SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)

SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)

SRV - (FNF5SVC) -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)

SRV - (PMSveH) -- C:\Programme\Lenovo\PM Driver\PMSveH.exe (Lenovo)

SRV - (nmservice) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.)

SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)

SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe ()

SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (IPSSVC) -- C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)

SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)

DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (MADFUXPONENT) -- C:\Windows\System32\drivers\MAudioXponent_DFU.sys (M-Audio)

DRV - (MAUSBXPONENT) -- C:\Windows\System32\drivers\MAudioXponent.sys (Avid Technology, Inc.)

DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)

DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)

DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (PROCDD) -- C:\Windows\System32\drivers\PROCDD.SYS (Lenovo Group Limited)

DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/3000notebook [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/3000notebook [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.23 13:27:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.14 15:29:13 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2011.04.09 15:53:18 | 000,000,000 | ---D | M]

 

[2011.04.09 18:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rapho\AppData\Roaming\mozilla\Extensions

[2011.07.18 00:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rapho\AppData\Roaming\mozilla\Firefox\Profiles\6wmvbu2m.default\extensions

[2011.06.22 19:43:50 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Rapho\AppData\Roaming\mozilla\Firefox\Profiles\6wmvbu2m.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}

[2011.07.06 18:52:42 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\Rapho\AppData\Roaming\mozilla\Firefox\Profiles\6wmvbu2m.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack

[2011.06.14 15:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.04.09 19:06:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.04.09 18:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.14 15:29:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

File not found (No name found) -- 

[2011.04.09 18:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.14 15:29:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\RAPHO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6WMVBU2M.DEFAULT\EXTENSIONS\{1F91CDE0-C040-11DA-A94D-0800200C9A66}.XPI

() (No name found) -- C:\USERS\RAPHO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6WMVBU2M.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI

[2011.04.12 13:30:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.06.23 13:27:13 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)

O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)

O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5.5ServiceManager]  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)

O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)

O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()

O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)

O4 - HKLM..\Run: [PMHandler] C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [{A528D4C2-8D70-CF99-9E74-C495DA3E6BA0}]  File not found

O4 - HKCU..\Run: [4Y3Y0C3AZF7XXHYWMAFFXA]  File not found

O4 - HKCU..\Run: [AdobeBridge]  File not found

O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rapho\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Programme\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Rapho\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Rapho\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) -  File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.07.26 19:35:51 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2011.07.26 19:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011.07.21 14:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.07.21 14:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011.07.21 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011.07.21 13:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2011.07.18 19:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon

[2011.07.18 19:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\No23 Recorder

[2011.07.18 19:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23 Recorder

[2011.07.18 18:51:12 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Simfy

[2011.07.18 18:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy

[2011.07.18 18:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\simfy

[2011.07.16 13:44:07 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Ovvy

[2011.07.16 13:44:07 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Aguhi

[2011.07.13 22:23:33 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.07.13 22:23:30 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2011.07.13 22:23:30 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2011.07.12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll

[2011.07.12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe

[2011.07.12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll

[2011.07.12 11:20:54 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll

[2011.07.09 17:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software

[2011.07.09 17:17:33 | 001,844,488 | ---- | C] (Tobit.Software) -- C:\Windows\RXSUnins.exe

[2011.07.09 17:17:33 | 001,844,488 | ---- | C] (Tobit.Software) -- C:\Windows\RXCUnins.exe

[2011.07.07 19:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys

[2011.07.07 19:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys

[2011.07.07 19:01:07 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll

[2011.07.07 19:01:07 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[2011.07.01 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Ugab

[2011.07.01 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Ucef

[2011.06.30 13:57:57 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Veavna

[2011.06.30 13:57:57 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Acurpo

[2011.06.29 19:54:41 | 020,535,942 | ---- | C] (MatchWare A/S) -- C:\Users\Rapho\Desktop\reco11.exe

[2011.04.09 15:23:53 | 000,167,936 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll

[2011.04.09 15:23:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.07.27 16:39:19 | 013,540,959 | ---- | M] () -- C:\Users\Rapho\Desktop\Justin Vito & CJ Stone feat. Emine Bahar - On & On (Orginal Mix).mp3

[2011.07.27 15:23:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.07.27 15:23:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.07.27 15:23:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.07.26 20:37:46 | 011,725,897 | ---- | M] () -- C:\Users\Rapho\Desktop\sash_ft_jeanpearl_mirrormirror_ClubExtended.mp3

[2011.07.26 20:10:17 | 000,322,022 | ---- | M] () -- C:\Users\Rapho\AppData\Local\census.cache

[2011.07.26 20:09:34 | 000,221,743 | ---- | M] () -- C:\Users\Rapho\AppData\Local\ars.cache

[2011.07.26 19:53:14 | 000,000,036 | ---- | M] () -- C:\Users\Rapho\AppData\Local\housecall.guid.cache

[2011.07.26 19:46:21 | 000,025,181 | ---- | M] () -- C:\Windows\System32\PROCDB.INI

[2011.07.26 19:45:43 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI

[2011.07.26 19:45:18 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys

[2011.07.26 19:45:16 | 192,014,980 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.07.26 19:42:50 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll

[2011.07.26 19:42:21 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe

[2011.07.26 19:35:51 | 000,001,948 | ---- | M] () -- C:\Users\Rapho\Desktop\HiJackThis.lnk

[2011.07.26 19:02:14 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe

[2011.07.23 18:12:30 | 013,165,864 | ---- | M] () -- C:\Users\Rapho\Desktop\Set-Fire-to-the-Rain-A-Stupid-Hole-Bootleg.mp3

[2011.07.23 14:25:00 | 000,042,083 | ---- | M] () -- C:\Users\Rapho\Desktop\IMG_0513.jpg

[2011.07.22 19:04:24 | 013,030,003 | ---- | M] () -- C:\Users\Rapho\Desktop\ricobernasconi_and_beenieman_ft_akon_Girls_ClubMix.mp3

[2011.07.22 18:30:15 | 013,203,330 | ---- | M] () -- C:\Users\Rapho\Desktop\saknoel_LocaPeople_MaxFarenthideRemix.mp3

[2011.07.22 18:30:14 | 013,541,877 | ---- | M] () -- C:\Users\Rapho\Desktop\saknoel_LocaPeople_RicoBernasconiRemix.mp3

[2011.07.22 18:30:05 | 013,602,481 | ---- | M] () -- C:\Users\Rapho\Desktop\saknoel_LocaPeople_ExtendedMix_ExplicitVersion.mp3

[2011.07.22 17:33:41 | 013,639,594 | ---- | M] () -- C:\Users\Rapho\Desktop\taylordayne_flooronfire_TheThinRedMenClubMix.mp3

[2011.07.22 17:33:03 | 009,744,970 | ---- | M] () -- C:\Users\Rapho\Desktop\leonalewis-collide-cln.mp3

[2011.07.22 17:26:30 | 003,523,810 | ---- | M] () -- C:\Users\Rapho\Desktop\Seeed-Molotov.mp3

[2011.07.22 17:26:03 | 014,687,745 | ---- | M] () -- C:\Users\Rapho\Desktop\denizkoyu_tung_OriginalMix.mp3

[2011.07.22 17:23:13 | 000,720,173 | ---- | M] () -- C:\Users\Rapho\Desktop\110721_song_sommer.mp3

[2011.07.22 17:23:01 | 018,978,781 | ---- | M] () -- C:\Users\Rapho\Desktop\arnocost_lise_OriginalMix.mp3

[2011.07.22 17:17:04 | 016,986,626 | ---- | M] () -- C:\Users\Rapho\Desktop\jaykay_ft_florida_smokey_and_gitfresh_WhatTheGirlsLike_DimaroRemix.mp3

[2011.07.22 17:16:47 | 012,429,249 | ---- | M] () -- C:\Users\Rapho\Desktop\jaykay_ft_florida_smokey_and_gitfresh_WhatTheGirlsLike_DavidMayRemixExtended.mp3

[2011.07.22 17:16:30 | 011,224,390 | ---- | M] () -- C:\Users\Rapho\Desktop\jaykay_ft_florida_smokey_and_gitfresh_WhatTheGirlsLike_KylianMashRemix.mp3

[2011.07.22 16:17:35 | 017,041,161 | ---- | M] () -- C:\Users\Rapho\Desktop\scotty_sundown_SeanFinnRemix.mp3

[2011.07.22 16:17:17 | 015,101,815 | ---- | M] () -- C:\Users\Rapho\Desktop\scotty_sundown_ClubMix.mp3

[2011.07.22 13:27:55 | 021,073,936 | ---- | M] () -- C:\Users\Rapho\Documents\vlc-1.1.11-win32.exe

[2011.07.21 19:06:28 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.07.21 19:06:28 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.07.21 19:06:28 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.07.21 19:06:27 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.07.21 18:58:45 | 015,236,702 | ---- | M] () -- C:\Users\Rapho\Desktop\taylordayne_flooronfire_JoeMartonExtendedVersion.mp3

[2011.07.21 15:40:12 | 001,148,795 | ---- | M] () -- C:\Users\Rapho\Desktop\Perso.jpg

[2011.07.21 15:06:44 | 000,340,539 | ---- | M] () -- C:\Users\Rapho\Desktop\IMG_0513.PNG

[2011.07.21 15:06:33 | 000,337,927 | ---- | M] () -- C:\Users\Rapho\Desktop\IMG_0512.PNG

[2011.07.21 15:06:03 | 000,355,689 | ---- | M] () -- C:\Users\Rapho\Desktop\IMG_0511.PNG

[2011.07.21 14:18:27 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2011.07.21 14:13:09 | 000,001,674 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.07.21 13:52:24 | 000,001,356 | ---- | M] () -- C:\Users\Rapho\AppData\Local\d3d9caps.dat

[2011.07.19 15:58:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011.07.18 19:18:44 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\No23 Recorder.lnk

[2011.07.18 18:51:06 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk

[2011.07.15 20:37:54 | 059,434,010 | ---- | M] () -- C:\Users\Rapho\Desktop\monogamie.mp3

[2011.07.14 14:19:03 | 003,611,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.07.13 19:35:52 | 000,002,061 | ---- | M] () -- C:\Users\Rapho\Documents\Firefox Sync Key.html

[2011.07.13 19:34:30 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011.07.12 22:40:33 | 002,206,823 | ---- | M] () -- C:\Users\Rapho\Desktop\MTiIVzC8NsMF.128.mp3

[2011.07.12 22:38:13 | 004,832,861 | ---- | M] () -- C:\Users\Rapho\Desktop\EnERrJnhXFDu.128.mp3

[2011.07.12 22:36:36 | 005,038,497 | ---- | M] () -- C:\Users\Rapho\Desktop\nmRfKRu2NYrw.128.mp3

[2011.07.12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll

[2011.07.12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe

[2011.07.12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll

[2011.07.12 11:20:54 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll

[2011.07.07 19:11:34 | 000,000,917 | ---- | M] () -- C:\Users\Rapho\Desktop\EVEREST Home Edition.lnk

[2011.07.07 19:02:11 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.07.01 18:52:58 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.07.01 18:52:58 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.06.30 11:54:02 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe

[2011.06.30 11:46:46 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[2011.06.30 11:46:40 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll

 
 ========== Files Created - No Company Name ==========

 

[2011.07.27 16:39:02 | 013,540,959 | ---- | C] () -- C:\Users\Rapho\Desktop\Justin Vito & CJ Stone feat. Emine Bahar - On & On (Orginal Mix).mp3

[2011.07.26 20:37:33 | 011,725,897 | ---- | C] () -- C:\Users\Rapho\Desktop\sash_ft_jeanpearl_mirrormirror_ClubExtended.mp3

[2011.07.26 20:10:17 | 000,322,022 | ---- | C] () -- C:\Users\Rapho\AppData\Local\census.cache

[2011.07.26 20:09:34 | 000,221,743 | ---- | C] () -- C:\Users\Rapho\AppData\Local\ars.cache

[2011.07.26 19:53:14 | 000,000,036 | ---- | C] () -- C:\Users\Rapho\AppData\Local\housecall.guid.cache

[2011.07.26 19:42:50 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll

[2011.07.26 19:42:20 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe

[2011.07.26 19:35:51 | 000,001,948 | ---- | C] () -- C:\Users\Rapho\Desktop\HiJackThis.lnk

[2011.07.23 18:12:13 | 013,165,864 | ---- | C] () -- C:\Users\Rapho\Desktop\Set-Fire-to-the-Rain-A-Stupid-Hole-Bootleg.mp3

[2011.07.23 14:24:54 | 000,042,083 | ---- | C] () -- C:\Users\Rapho\Desktop\IMG_0513.jpg

[2011.07.22 18:29:53 | 013,541,877 | ---- | C] () -- C:\Users\Rapho\Desktop\saknoel_LocaPeople_RicoBernasconiRemix.mp3

[2011.07.22 18:29:49 | 013,203,330 | ---- | C] () -- C:\Users\Rapho\Desktop\saknoel_LocaPeople_MaxFarenthideRemix.mp3

[2011.07.22 18:29:44 | 013,602,481 | ---- | C] () -- C:\Users\Rapho\Desktop\saknoel_LocaPeople_ExtendedMix_ExplicitVersion.mp3

[2011.07.22 18:22:27 | 013,030,003 | ---- | C] () -- C:\Users\Rapho\Desktop\ricobernasconi_and_beenieman_ft_akon_Girls_ClubMix.mp3

[2011.07.22 16:52:57 | 014,687,745 | ---- | C] () -- C:\Users\Rapho\Desktop\denizkoyu_tung_OriginalMix.mp3

[2011.07.22 16:16:24 | 017,041,161 | ---- | C] () -- C:\Users\Rapho\Desktop\scotty_sundown_SeanFinnRemix.mp3

[2011.07.22 16:16:13 | 015,101,815 | ---- | C] () -- C:\Users\Rapho\Desktop\scotty_sundown_ClubMix.mp3

[2011.07.22 14:14:07 | 000,720,173 | ---- | C] () -- C:\Users\Rapho\Desktop\110721_song_sommer.mp3

[2011.07.22 13:27:25 | 021,073,936 | ---- | C] () -- C:\Users\Rapho\Documents\vlc-1.1.11-win32.exe

[2011.07.22 12:46:17 | 009,744,970 | ---- | C] () -- C:\Users\Rapho\Desktop\leonalewis-collide-cln.mp3

[2011.07.22 11:34:46 | 016,986,626 | ---- | C] () -- C:\Users\Rapho\Desktop\jaykay_ft_florida_smokey_and_gitfresh_WhatTheGirlsLike_DimaroRemix.mp3

[2011.07.22 11:33:55 | 011,224,390 | ---- | C] () -- C:\Users\Rapho\Desktop\jaykay_ft_florida_smokey_and_gitfresh_WhatTheGirlsLike_KylianMashRemix.mp3

[2011.07.22 11:33:43 | 012,429,249 | ---- | C] () -- C:\Users\Rapho\Desktop\jaykay_ft_florida_smokey_and_gitfresh_WhatTheGirlsLike_DavidMayRemixExtended.mp3

[2011.07.21 20:08:40 | 018,978,781 | ---- | C] () -- C:\Users\Rapho\Desktop\arnocost_lise_OriginalMix.mp3

[2011.07.21 19:35:59 | 192,014,980 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011.07.21 19:16:19 | 000,337,927 | ---- | C] () -- C:\Users\Rapho\Desktop\IMG_0512.PNG

[2011.07.21 19:16:15 | 000,355,689 | ---- | C] () -- C:\Users\Rapho\Desktop\IMG_0511.PNG

[2011.07.21 19:16:13 | 000,340,539 | ---- | C] () -- C:\Users\Rapho\Desktop\IMG_0513.PNG

[2011.07.21 19:04:34 | 001,148,795 | ---- | C] () -- C:\Users\Rapho\Desktop\Perso.jpg

[2011.07.21 18:58:22 | 013,639,594 | ---- | C] () -- C:\Users\Rapho\Desktop\taylordayne_flooronfire_TheThinRedMenClubMix.mp3

[2011.07.21 18:58:16 | 015,236,702 | ---- | C] () -- C:\Users\Rapho\Desktop\taylordayne_flooronfire_JoeMartonExtendedVersion.mp3

[2011.07.21 14:18:27 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk

[2011.07.21 14:13:09 | 000,001,674 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.07.18 19:18:44 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\No23 Recorder.lnk

[2011.07.18 18:51:06 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\simfy.lnk

[2011.07.15 20:30:44 | 059,434,010 | ---- | C] () -- C:\Users\Rapho\Desktop\monogamie.mp3

[2011.07.13 19:35:51 | 000,002,061 | ---- | C] () -- C:\Users\Rapho\Documents\Firefox Sync Key.html

[2011.07.12 22:40:31 | 002,206,823 | ---- | C] () -- C:\Users\Rapho\Desktop\MTiIVzC8NsMF.128.mp3

[2011.07.12 22:38:09 | 004,832,861 | ---- | C] () -- C:\Users\Rapho\Desktop\EnERrJnhXFDu.128.mp3

[2011.07.12 22:36:29 | 005,038,497 | ---- | C] () -- C:\Users\Rapho\Desktop\nmRfKRu2NYrw.128.mp3

[2011.07.08 20:07:38 | 003,523,810 | ---- | C] () -- C:\Users\Rapho\Desktop\Seeed-Molotov.mp3

[2011.07.07 19:11:34 | 000,000,917 | ---- | C] () -- C:\Users\Rapho\Desktop\EVEREST Home Edition.lnk

[2011.05.30 19:50:10 | 000,003,584 | ---- | C] () -- C:\Users\Rapho\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.05.16 22:32:34 | 000,000,136 | ---- | C] () -- C:\ProgramData\~32694008r

[2011.05.16 22:32:34 | 000,000,112 | ---- | C] () -- C:\ProgramData\~32694008

[2011.05.16 22:32:18 | 000,000,384 | ---- | C] () -- C:\ProgramData\32694008

[2011.05.10 19:15:34 | 002,681,344 | ---- | C] () -- C:\Windows\System32\dvmsg.dll

[2011.04.11 13:54:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2011.04.11 13:54:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2011.04.11 13:53:35 | 000,643,072 | ---- | C] () -- C:\Windows\System32\autochk.exe

[2011.04.11 12:04:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2011.04.10 01:06:41 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2011.04.10 01:06:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2011.04.10 01:06:41 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2011.04.10 01:06:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2011.04.09 18:46:52 | 000,001,356 | ---- | C] () -- C:\Users\Rapho\AppData\Local\d3d9caps.dat

[2011.04.09 15:39:25 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll

[2011.04.09 15:32:11 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2011.04.09 15:32:11 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2011.04.09 15:32:11 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll

[2011.04.09 15:30:05 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat

[2011.04.09 15:28:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2011.04.09 15:23:53 | 009,598,080 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2011.04.09 15:23:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2011.04.09 15:20:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2007.08.16 12:28:38 | 000,025,181 | ---- | C] () -- C:\Windows\System32\PROCDB.INI

[2007.08.16 12:28:27 | 000,000,380 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI

[2007.03.29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006.12.05 07:26:43 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:44:53 | 003,611,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 

< End of report >

--- --- ---

VON HJT-Scanlist

Code:

 

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

                        º                                    º 

                                    hjtscanlist v2.0              

                        º                                    º 

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
 

Microsoft Windows [Version 6.0.6002]

 

 

C:
 

  27.07.2011 15:58     C:\installer_service_log.txt --------- 637407   

  26.07.2011 22:36     C:\System Volume Information --------- 32768   

       C:\hiberfil.sys ---------    

       C:\pagefile.sys ---------    

  26.07.2011 19:45     C:\Windows --------- 49152   

  26.07.2011 19:35     C:\Program Files --------- 24576   

  25.07.2011 18:31     C:\Washer2.rar --------- 0   

  18.07.2011 19:24     C:\$Recycle.Bin --------- 0   

  18.07.2011 19:18     C:\ProgramData --------- 12288   

  17.05.2011 19:30     C:\rkill.log --------- 5079   

  14.04.2011 00:00     C:\Boot --------- 0   

  13.04.2011 03:05     C:\f95823599bd0fa9d83d7 --------- 0   

  12.04.2011 13:36     C:\293014b7f5066e81c6aa --------- 0   

  10.04.2011 00:59     C:\syslevel.lgl --------- 59   

  10.04.2011 00:59     C:\DRIVERS --------- 0   

  09.04.2011 19:03     C:\SWTOOLS --------- 8192   

  09.04.2011 18:48     C:\SWSHARE --------- 0   

  09.04.2011 18:46     C:\Users --------- 4096   

  09.04.2011 18:21     C:\Programme --------- 0   

  09.04.2011 18:21     C:\Dokumente und Einstellungen --------- 0   

  09.04.2011 15:40     C:\MyWorks --------- 0   

  09.04.2011 15:37     C:\Icons --------- 0   

  09.04.2011 15:30     C:\RHDSetup.log --------- 420   

  09.04.2011 15:28     C:\Intel --------- 0   

  09.04.2011 15:28     C:\setup.log --------- 86   

  15.10.2010 15:48     C:\Recycle.Bin --------- 0   

  11.04.2009 08:36     C:\bootmgr --------- 333257   

  06.02.2008 18:51     C:\BOOTSECT.BAK --------- 8192   

  21.01.2008 04:43     C:\PerfLogs --------- 0   

  02.11.2006 14:59     C:\Documents and Settings --------- 0   

  18.09.2006 23:43     C:\config.sys --------- 10   

  18.09.2006 23:43     C:\autoexec.bat --------- 24   

----------------------------------------
 

 

C:\Windows
 

  27.07.2011 15:23     C:\Windows\bootstat.dat --------- 67584   

  26.07.2011 22:37     C:\Windows\WindowsUpdate.log --------- 1655112   

  26.07.2011 19:45     C:\Windows\MEMORY.DMP --------- 192014980   

  22.07.2011 13:51     C:\Windows\wmsetup.log --------- 1007   

  19.07.2011 15:58     C:\Windows\bthservsdp.dat --------- 12   

  10.04.2011 01:12     C:\Windows\KB948881.LOG.bootstrap.perf --------- 65536   

  10.04.2011 01:12     C:\Windows\KB948881.LOG.bootstrap.dpx --------- 65536   

  10.04.2011 01:12     C:\Windows\KB948881.LOG.bootstrap --------- 196608   

  10.04.2011 01:12     C:\Windows\KB948881.LOG.perf --------- 196608   

  10.04.2011 01:12     C:\Windows\KB948881.LOG.dpx --------- 196608   

  10.04.2011 01:12     C:\Windows\KB948590.LOG.bootstrap.perf --------- 65536   

  10.04.2011 01:12     C:\Windows\KB948590.LOG.bootstrap.dpx --------- 65536   

  10.04.2011 01:12     C:\Windows\KB948590.LOG.bootstrap --------- 196608   

  10.04.2011 01:12     C:\Windows\KB948590.LOG.perf --------- 196608   

  10.04.2011 01:12     C:\Windows\KB948590.LOG.dpx --------- 196608   

  10.04.2011 01:11     C:\Windows\KB947864.LOG.bootstrap.perf --------- 65536   

  10.04.2011 01:11     C:\Windows\KB947864.LOG.bootstrap.dpx --------- 65536   

  10.04.2011 01:11     C:\Windows\KB947864.LOG.bootstrap --------- 196608   

  10.04.2011 01:11     C:\Windows\KB947864.LOG.perf --------- 196608   

  10.04.2011 01:11     C:\Windows\KB947864.LOG.dpx --------- 196608   

  10.04.2011 01:10     C:\Windows\KB941693.LOG.bootstrap.perf --------- 65536   

  10.04.2011 01:10     C:\Windows\KB941693.LOG.bootstrap.dpx --------- 65536   

  10.04.2011 01:10     C:\Windows\KB941693.LOG.bootstrap --------- 196608   

  10.04.2011 01:10     C:\Windows\KB941693.LOG.perf --------- 196608   

  10.04.2011 01:10     C:\Windows\KB941693.LOG.dpx --------- 196608   

  10.04.2011 01:10     C:\Windows\KB938371.LOG.bootstrap.perf --------- 65536   

  10.04.2011 01:10     C:\Windows\KB938371.LOG.bootstrap.dpx --------- 65536   

  10.04.2011 01:10     C:\Windows\KB938371.LOG.bootstrap --------- 196608   

  10.04.2011 01:10     C:\Windows\KB938371.LOG.perf --------- 196608   

  10.04.2011 01:10     C:\Windows\KB938371.LOG.dpx --------- 196608   

  10.04.2011 01:08     C:\Windows\KB937286de-de.LOG.bootstrap.perf --------- 65536   

  10.04.2011 01:08     C:\Windows\KB937286de-de.LOG.bootstrap.dpx --------- 65536   

  10.04.2011 01:08     C:\Windows\KB937286de-de.LOG.bootstrap --------- 196608   

  10.04.2011 01:08     C:\Windows\KB937286de-de.LOG.perf --------- 196608   

  10.04.2011 01:08     C:\Windows\KB937286de-de.LOG.dpx --------- 196608   

  10.04.2011 01:07     C:\Windows\KB905866.LOG.bootstrap.perf --------- 65536   

  10.04.2011 01:07     C:\Windows\KB905866.LOG.bootstrap.dpx --------- 65536   

  10.04.2011 01:07     C:\Windows\KB905866.LOG.bootstrap --------- 196608   

  10.04.2011 01:07     C:\Windows\KB905866.LOG.perf --------- 196608   

  10.04.2011 01:07     C:\Windows\KB905866.LOG.dpx --------- 196608   

  10.04.2011 01:07     C:\Windows\GRLP.LOG.bootstrap.perf --------- 65536   

  10.04.2011 01:07     C:\Windows\GRLP.LOG.bootstrap.dpx --------- 65536   

  10.04.2011 01:07     C:\Windows\GRLP.LOG.bootstrap --------- 196608   

  10.04.2011 01:07     C:\Windows\GRLP.LOG.perf --------- 196608   

  10.04.2011 01:07     C:\Windows\GRLP.LOG.dpx --------- 131072   

  09.04.2011 15:46     C:\Windows\ocsetup_install_OEMHelpCustomization.etl --------- 26083328   

  09.04.2011 15:46     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf --------- 196608   

  09.04.2011 15:46     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx --------- 65536   

  09.04.2011 15:30     C:\Windows\DIFxAPI.dll --------- 319456   

  09.04.2011 15:30     C:\Windows\HideWin.exe --------- 315392   

  09.04.2011 15:23     C:\Windows\win.ini --------- 202   

  09.12.2009 10:41     C:\Windows\RXSUnins.exe --------- 1844488   

  09.12.2009 10:41     C:\Windows\RXCUnins.exe --------- 1844488   

  11.04.2009 08:27     C:\Windows\explorer.exe --------- 2926592   

  21.01.2008 04:57     C:\Windows\WindowsShell.Manifest --------- 749   

  21.01.2008 04:34     C:\Windows\regedit.exe --------- 134656   

  21.01.2008 04:34     C:\Windows\bfsvc.exe --------- 58880   

  21.01.2008 04:34     C:\Windows\fveupdate.exe --------- 13312   

  21.01.2008 04:33     C:\Windows\HelpPane.exe --------- 498176   

  21.01.2008 04:33     C:\Windows\notepad.exe --------- 151040   

  29.03.2007 13:11     C:\Windows\BtwIEProxy.exe --------- 285488   

  23.03.2007 13:04     C:\Windows\RtHDVCpl.exe --------- 4423680   

  16.03.2007 09:06     C:\Windows\SkyTel.exe --------- 1822720   

  16.01.2007 04:39     C:\Windows\RtlUpd.exe --------- 1191936   

  12.01.2007 10:54     C:\Windows\RtlExUpd.dll --------- 520192   

  28.12.2006 19:48     C:\Windows\vsnp2uvc.exe --------- 569344   

  02.11.2006 14:34     C:\Windows\WMSysPr9.prx --------- 316640   

  02.11.2006 14:33     C:\Windows\twunk_16.exe --------- 49680   

  02.11.2006 14:33     C:\Windows\twain_32.dll --------- 50688   

  02.11.2006 14:33     C:\Windows\twunk_32.exe --------- 31232   

  02.11.2006 14:33     C:\Windows\twain.dll --------- 94784   

  02.11.2006 11:45     C:\Windows\winhlp32.exe --------- 9216   

  02.11.2006 11:45     C:\Windows\hh.exe --------- 14848   

  02.11.2006 09:46     C:\Windows\mib.bin --------- 43131   

  26.10.2006 06:08     C:\Windows\agrsmdel.exe --------- 50752   

  19.09.2006 13:41     C:\Windows\HomeBasic.xml --------- 8286   

  18.09.2006 23:46     C:\Windows\system.ini --------- 219   

  18.09.2006 23:43     C:\Windows\_default.pif --------- 707   

  18.09.2006 23:43     C:\Windows\winhelp.exe --------- 256192   

  18.09.2006 23:30     C:\Windows\msdfmap.ini --------- 1405   

  19.05.2006 11:53     C:\Windows\snp2uvc.src --------- 13022   

  19.05.2006 11:39     C:\Windows\snp2uvc.ini --------- 15497   

  11.12.2002 20:11     C:\Windows\WMPrfDEU.prx --------- 33820   

----------------------------------------
 

 

C:\Windows\System
 

 02.11.2006 14:33      C:\Windows\System\mciseq.drv --------- 25264 

 02.11.2006 14:33      C:\Windows\System\mciwave.drv --------- 28160 

 02.11.2006 14:33      C:\Windows\System\avifile.dll --------- 109456 

 02.11.2006 14:33      C:\Windows\System\mciavi.drv --------- 73376 

 02.11.2006 14:33      C:\Windows\System\avicap.dll --------- 69584 

 02.11.2006 14:33      C:\Windows\System\msvideo.dll --------- 126912 

 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064 

 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704 

 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816 

 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048 

 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 

 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152 

 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032 

 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176 

 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744 

 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000 

 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120 

 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360 

 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008 

 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944 

 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936 

 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532 

----------------------------------------
 

 

C:\Windows\System32
 

 27.07.2011 15:23     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3616  

 27.07.2011 15:23     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3616  

 26.07.2011 20:20     C:\Windows\system32\drivers --------- 65536  

 26.07.2011 19:46     C:\Windows\system32\PROCDB.INI --------- 25181  

 26.07.2011 19:45     C:\Windows\system32\IPSCtrl.INI --------- 380  

 26.07.2011 19:42     C:\Windows\system32\rpcnetp.dll --------- 17408  

 26.07.2011 19:42     C:\Windows\system32\rpcnetp.exe --------- 17408  

 26.07.2011 19:02     C:\Windows\system32\agremove.exe --------- 44544  

 22.07.2011 13:50     C:\Windows\system32\Tasks --------- 0  

 21.07.2011 19:06     C:\Windows\system32\perfh009.dat --------- 595996  

 21.07.2011 19:06     C:\Windows\system32\perfc009.dat --------- 104070  

 21.07.2011 19:06     C:\Windows\system32\perfh007.dat --------- 628742  

 21.07.2011 19:06     C:\Windows\system32\perfc007.dat --------- 126454  

 21.07.2011 19:06     C:\Windows\system32\PerfStringBackup.INI --------- 1445310  

 14.07.2011 14:19     C:\Windows\system32\catroot --------- 4096  

 14.07.2011 14:19     C:\Windows\system32\FNTCACHE.DAT --------- 3611600  

 14.07.2011 14:15     C:\Windows\system32\catroot2 --------- 4096  

 14.07.2011 03:02     C:\Windows\system32\mrt.exe --------- 49089992  

 13.07.2011 19:34     C:\Windows\system32\FlashPlayerCPLApp.cpl --------- 404640  

 12.07.2011 11:20     C:\Windows\system32\jdns_sd.dll --------- 50536  

 12.07.2011 11:20     C:\Windows\system32\dnssd.dll --------- 73064  

 12.07.2011 11:20     C:\Windows\system32\dnssdX.dll --------- 178536  

 12.07.2011 11:20     C:\Windows\system32\dns-sd.exe --------- 83816  

 01.07.2011 18:20     C:\Windows\system32\LogFiles --------- 0  

 30.06.2011 11:54     C:\Windows\system32\TURegOpt.exe --------- 31552  

 30.06.2011 11:46     C:\Windows\system32\authuitu.dll --------- 21312  

 30.06.2011 11:46     C:\Windows\system32\uxtuneup.dll --------- 29504  

 16.06.2011 18:31     C:\Windows\system32\WDI --------- 4096  

 15.06.2011 15:42     C:\Windows\system32\gdiplus.dll --------- 1700352  

 14.06.2011 15:29     C:\Windows\system32\jupdate-1.6.0_26-b03.log --------- 3886  

 02.06.2011 15:34     C:\Windows\system32\win32k.sys --------- 2043392  

 24.05.2011 19:14     C:\Windows\system32\MpSigStub.exe --------- 222080  

 22.05.2011 23:40     C:\Windows\system32\de-DE --------- 196608  

 22.05.2011 23:40     C:\Windows\system32\migration --------- 0  

 22.05.2011 23:40     C:\Windows\system32\wbem --------- 61440  

 22.05.2011 23:40     C:\Windows\system32\en-US --------- 221184  

 21.05.2011 18:09     C:\Windows\system32\icrav03.rat --------- 8798  

 21.05.2011 18:09     C:\Windows\system32\ticrf.rat --------- 1988  

 21.05.2011 18:09     C:\Windows\system32\msls31.dll --------- 161792  

 21.05.2011 18:09     C:\Windows\system32\wininet.dll --------- 1126912  

 21.05.2011 18:09     C:\Windows\system32\jsproxy.dll --------- 65024  

 21.05.2011 18:09     C:\Windows\system32\msrating.dll --------- 162304  

 21.05.2011 18:09     C:\Windows\system32\RegisterIEPKEYs.exe --------- 74752  

 21.05.2011 18:09     C:\Windows\system32\SetIEInstalledDate.exe --------- 76800  

 21.05.2011 18:09     C:\Windows\system32\mshtmler.dll --------- 48640  

 21.05.2011 18:09     C:\Windows\system32\iesysprep.dll --------- 86528  

 21.05.2011 18:09     C:\Windows\system32\tdc.ocx --------- 63488  

 21.05.2011 18:09     C:\Windows\system32\html.iec --------- 367104  

 21.05.2011 18:09     C:\Windows\system32\dxtrans.dll --------- 223232  

 21.05.2011 18:09     C:\Windows\system32\dxtmsft.dll --------- 353792  

 21.05.2011 18:09     C:\Windows\system32\ieapfltr.dat --------- 3695416  

 21.05.2011 18:09     C:\Windows\system32\ieapfltr.dll --------- 434176  

 21.05.2011 18:09     C:\Windows\system32\icardie.dll --------- 66048  

 21.05.2011 18:09     C:\Windows\system32\ie4uinit.exe --------- 74240  

 21.05.2011 18:09     C:\Windows\system32\iernonce.dll --------- 31744  

 21.05.2011 18:09     C:\Windows\system32\ieuinit.inf --------- 72822  

 21.05.2011 18:09     C:\Windows\system32\iesetup.dll --------- 74752  

 21.05.2011 18:09     C:\Windows\system32\url.dll --------- 231936  

 21.05.2011 18:09     C:\Windows\system32\iedkcs32.dll --------- 353584  

 21.05.2011 18:09     C:\Windows\system32\inetcpl.cpl --------- 1427456  

 21.05.2011 18:09     C:\Windows\system32\webcheck.dll --------- 203776  

 21.05.2011 18:09     C:\Windows\system32\licmgr10.dll --------- 23552  

 21.05.2011 18:09     C:\Windows\system32\inseng.dll --------- 78848  

 21.05.2011 18:09     C:\Windows\system32\wextract.exe --------- 152064  

 21.05.2011 18:09     C:\Windows\system32\iexpress.exe --------- 150528  

 21.05.2011 18:09     C:\Windows\system32\msfeeds.dll --------- 580608  

 21.05.2011 18:09     C:\Windows\system32\vbscript.dll --------- 420864  

 21.05.2011 18:09     C:\Windows\system32\ieUnatt.exe --------- 142848  

 21.05.2011 18:09     C:\Windows\system32\occache.dll --------- 123392  

 21.05.2011 18:09     C:\Windows\system32\pngfilt.dll --------- 54272  

 21.05.2011 18:09     C:\Windows\system32\mshta.exe --------- 11776  

 21.05.2011 18:09     C:\Windows\system32\admparse.dll --------- 101888  

 21.05.2011 18:09     C:\Windows\system32\ieaksie.dll --------- 227840  

 21.05.2011 18:09     C:\Windows\system32\ieakui.dll --------- 163840  

 21.05.2011 18:09     C:\Windows\system32\imgutil.dll --------- 35840  

 21.05.2011 18:09     C:\Windows\system32\advpack.dll --------- 114176  

 21.05.2011 18:09     C:\Windows\system32\iepeers.dll --------- 118784  

 21.05.2011 18:09     C:\Windows\system32\msfeedsbs.dll --------- 41472  

 21.05.2011 18:09     C:\Windows\system32\msfeedssync.exe --------- 10752  

 21.05.2011 18:09     C:\Windows\system32\IEAdvpack.dll --------- 110592  

 21.05.2011 18:09     C:\Windows\system32\ieakeng.dll --------- 130560  

 12.05.2011 21:16     C:\Windows\system32\NDF --------- 0  

 10.05.2011 08:06     C:\Windows\system32\usbaaplrc.dll --------- 4517664  

 04.05.2011 04:52     C:\Windows\system32\javaws.exe --------- 157472  

 04.05.2011 04:52     C:\Windows\system32\javaw.exe --------- 145184  

 04.05.2011 04:52     C:\Windows\system32\java.exe --------- 145184  

 04.05.2011 04:52     C:\Windows\system32\deployJava1.dll --------- 472808  

 02.05.2011 19:16     C:\Windows\system32\inetcomm.dll --------- 739328  

 29.04.2011 17:59     C:\Windows\system32\schannel.dll --------- 276992  

 23.04.2011 01:36     C:\Windows\system32\mshtml.dll --------- 12269056  

 23.04.2011 01:35     C:\Windows\system32\jscript9.dll --------- 1797632  

 23.04.2011 01:32     C:\Windows\system32\ieframe.dll --------- 9703936  

 23.04.2011 01:30     C:\Windows\system32\urlmon.dll --------- 1102336  

 23.04.2011 01:26     C:\Windows\system32\jscript.dll --------- 716800  

 23.04.2011 01:26     C:\Windows\system32\iertutil.dll --------- 1785344  

 23.04.2011 01:26     C:\Windows\system32\mshtmled.dll --------- 72704  

 23.04.2011 01:25     C:\Windows\system32\mshtml.tlb --------- 2382848  

 23.04.2011 01:24     C:\Windows\system32\ieui.dll --------- 176640  

 20.04.2011 17:55     C:\Windows\system32\winsrv.dll --------- 375808  

 20.04.2011 17:50     C:\Windows\system32\csrsrv.dll --------- 49152  

----------------------------------------
 

 

C:\Windows\Prefetch
 

----------------------------------------
 

 

C:\Windows\Tasks
 

 26.07.2011 19:45     C:\Windows\Tasks\SA.DAT --------- 6  

 19.07.2011 15:58     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32614  

 08.06.2011 13:24     C:\Windows\Tasks\At1.job --------- 508  

----------------------------------------
 

 

C:\Windows\Temp
 

----------------------------------------
 

 

C:\Users\Rapho\AppData\Local\Temp
 

 27.07.2011 17:06     C:\Users\Rapho\AppData\Local\Temp\~DF4527.tmp --------- 16384  

 27.07.2011 17:06     C:\Users\Rapho\AppData\Local\Temp\~DF3492.tmp --------- 16384  

 27.07.2011 16:57     C:\Users\Rapho\AppData\Local\Temp\plugtmp-4 --------- 0  

 27.07.2011 16:54     C:\Users\Rapho\AppData\Local\Temp\~DFC7F8.tmp --------- 16384  

 27.07.2011 15:59     C:\Users\Rapho\AppData\Local\Temp\etilqs_46uTYJ4Z51K926ATndSg-journal --------- 0  

 27.07.2011 15:59     C:\Users\Rapho\AppData\Local\Temp\etilqs_46uTYJ4Z51K926ATndSg --------- 1024  

 27.07.2011 15:59     C:\Users\Rapho\AppData\Local\Temp\wmplog01.sqm --------- 1646  

 26.07.2011 21:56     C:\Users\Rapho\AppData\Local\Temp\xprt4c68.ico --------- 4286  

 26.07.2011 21:56     C:\Users\Rapho\AppData\Local\Temp\xprt6bed.ico --------- 4286  

 26.07.2011 21:19     C:\Users\Rapho\AppData\Local\Temp\hsperfdata_Rapho --------- 0  

 26.07.2011 21:19     C:\Users\Rapho\AppData\Local\Temp\jusched.log --------- 4547  

 26.07.2011 20:10     C:\Users\Rapho\AppData\Local\Temp\HouseCall --------- 0  

 26.07.2011 19:54     C:\Users\Rapho\AppData\Local\Temp\HCLauncher.log --------- 8820  

 26.07.2011 19:54     C:\Users\Rapho\AppData\Local\Temp\HCBackup --------- 0  

 26.07.2011 19:47     C:\Users\Rapho\AppData\Local\Temp\WPDNSE --------- 0  

 26.07.2011 19:40     C:\Users\Rapho\AppData\Local\Temp\2aJhAPQf.exe.part --------- 1572864  

 26.07.2011 19:40     C:\Users\Rapho\AppData\Local\Temp\plugtmp-3 --------- 0  

 26.07.2011 19:39     C:\Users\Rapho\AppData\Local\Temp\fla36F5.tmp --------- 2134070  

 26.07.2011 19:37     C:\Users\Rapho\AppData\Local\Temp\~DF243D.tmp --------- 114688  

 25.07.2011 23:23     C:\Users\Rapho\AppData\Local\Temp\wmplog00.sqm --------- 1702  

 25.07.2011 18:44     C:\Users\Rapho\AppData\Local\Temp\plugtmp-2 --------- 0  

 25.07.2011 17:12     C:\Users\Rapho\AppData\Local\Temp\tmpcda44975 --------- 0  

 24.07.2011 19:52     C:\Users\Rapho\AppData\Local\Temp\svk1e.tmp --------- 0  

 23.07.2011 18:19     C:\Users\Rapho\AppData\Local\Temp\MPSampleSubmit --------- 0  

 23.07.2011 15:34     C:\Users\Rapho\AppData\Local\Temp\fla5C56.tmp --------- 3113771  

 23.07.2011 15:34     C:\Users\Rapho\AppData\Local\Temp\~DF9504.tmp --------- 0  

 23.07.2011 15:33     C:\Users\Rapho\AppData\Local\Temp\~DF7346.tmp --------- 16384  

 23.07.2011 15:30     C:\Users\Rapho\AppData\Local\Temp\fla3AC0.tmp --------- 12884138  

 23.07.2011 15:23     C:\Users\Rapho\AppData\Local\Temp\fla1BC7.tmp --------- 22726335  

 23.07.2011 14:05     C:\Users\Rapho\AppData\Local\Temp\flaAF40.tmp --------- 2050617  

 23.07.2011 12:05     C:\Users\Rapho\AppData\Local\Temp\plugtmp-1 --------- 0  

 22.07.2011 19:51     C:\Users\Rapho\AppData\Local\Temp\~DF1E07.tmp --------- 0  

 22.07.2011 19:49     C:\Users\Rapho\AppData\Local\Temp\~DF21A3.tmp --------- 0  

 22.07.2011 19:41     C:\Users\Rapho\AppData\Local\Temp\~DF6A18.tmp --------- 0  

 22.07.2011 19:04     C:\Users\Rapho\AppData\Local\Temp\tmp3B83.tmp --------- 0  

 22.07.2011 13:50     C:\Users\Rapho\AppData\Local\Temp\{2c4004ca-0ca2-4b16-96f1-a9fecebc305f} --------- 0  

 21.07.2011 20:15     C:\Users\Rapho\AppData\Local\Temp\BTN%Copy%1 --------- 0  

 21.07.2011 19:43     C:\Users\Rapho\AppData\Local\Temp\etilqs_DP2ECaEnvtXeqJ2vB8W7-journal --------- 0  

 21.07.2011 19:43     C:\Users\Rapho\AppData\Local\Temp\etilqs_DP2ECaEnvtXeqJ2vB8W7 --------- 1024  

 21.07.2011 19:34     C:\Users\Rapho\AppData\Local\Temp\xprt3040.ico --------- 4286  

 21.07.2011 19:34     C:\Users\Rapho\AppData\Local\Temp\xprt5ae8.ico --------- 4286  

 21.07.2011 19:33     C:\Users\Rapho\AppData\Local\Temp\xprt113d.ico --------- 4286  

 21.07.2011 19:33     C:\Users\Rapho\AppData\Local\Temp\xprt79f3.ico --------- 4286  

 21.07.2011 19:33     C:\Users\Rapho\AppData\Local\Temp\xprt501b.ico --------- 4286  

 21.07.2011 19:33     C:\Users\Rapho\AppData\Local\Temp\xprt7a70.ico --------- 4286  

 21.07.2011 19:32     C:\Users\Rapho\AppData\Local\Temp\xprt2575.ico --------- 4286  

 21.07.2011 19:32     C:\Users\Rapho\AppData\Local\Temp\xprt0fc5.ico --------- 4286  

 21.07.2011 19:32     C:\Users\Rapho\AppData\Local\Temp\xprt35af.ico --------- 4286  

 21.07.2011 19:32     C:\Users\Rapho\AppData\Local\Temp\xprt5257.ico --------- 4286  

 21.07.2011 19:32     C:\Users\Rapho\AppData\Local\Temp\xprt44d9.ico --------- 4286  

 21.07.2011 19:32     C:\Users\Rapho\AppData\Local\Temp\xprt080d.ico --------- 4286  

 21.07.2011 19:30     C:\Users\Rapho\AppData\Local\Temp\xprt0e11.ico --------- 4286  

 21.07.2011 19:28     C:\Users\Rapho\AppData\Local\Temp\xprt539a.ico --------- 4286  

 21.07.2011 19:27     C:\Users\Rapho\AppData\Local\Temp\~DFFDB2.tmp --------- 0  

 21.07.2011 19:15     C:\Users\Rapho\AppData\Local\Temp\xprt4f42.ico --------- 4286  

 21.07.2011 18:34     C:\Users\Rapho\AppData\Local\Temp\plugtmp --------- 0  

 21.07.2011 14:17     C:\Users\Rapho\AppData\Local\Temp\etilqs_UQxD8kl9vDfqNKC7BFKI-journal --------- 0  

 21.07.2011 14:17     C:\Users\Rapho\AppData\Local\Temp\etilqs_UQxD8kl9vDfqNKC7BFKI --------- 1024  

 21.07.2011 14:17     C:\Users\Rapho\AppData\Local\Temp\SetupAdmin16A0.log --------- 85  

 21.07.2011 14:07     C:\Users\Rapho\AppData\Local\Temp\QTInstallCode.log --------- 1875  

 21.07.2011 14:03     C:\Users\Rapho\AppData\Local\Temp\SetupAdmin1FF4.log --------- 85  

 21.07.2011 13:22     C:\Users\Rapho\AppData\Local\Temp\CC9379.tmp --------- 20570  

 21.07.2011 13:21     C:\Users\Rapho\AppData\Local\Temp\Low --------- 0  

 20.07.2011 23:44     C:\Users\Rapho\AppData\Local\Temp\~DF1667.tmp --------- 0  

 20.07.2011 23:42     C:\Users\Rapho\AppData\Local\Temp\~DFD876.tmp --------- 0  

----------------------------------------
 

 

C:\Program Files
 

 26.07.2011 19:35     C:\Program Files\Trend Micro --------- 0  

 21.07.2011 14:18     C:\Program Files\Safari --------- 4096  

 21.07.2011 14:13     C:\Program Files\iTunes --------- 8192  

 21.07.2011 14:11     C:\Program Files\iPod --------- 0  

 21.07.2011 14:03     C:\Program Files\Bonjour --------- 4096  

 21.07.2011 13:53     C:\Program Files\Apple Software Update --------- 0  

 20.07.2011 22:45     C:\Program Files\No23 Recorder --------- 0  

 18.07.2011 18:51     C:\Program Files\simfy --------- 4096  

 09.07.2011 17:17     C:\Program Files\Tobit Radio.fx --------- 4096  

 07.07.2011 19:11     C:\Program Files\Lavalys --------- 0  

 07.07.2011 19:02     C:\Program Files\CCleaner --------- 0  

 07.07.2011 19:00     C:\Program Files\TuneUp Utilities 2011 --------- 65536  

 01.07.2011 15:15     C:\Program Files\Lenovo --------- 4096  

 30.06.2011 18:44     C:\Program Files\ICQ7.5 --------- 16384  

 24.06.2011 18:21     C:\Program Files\Adobe --------- 4096  

 24.06.2011 18:14     C:\Program Files\Common Files --------- 4096  

 23.06.2011 13:27     C:\Program Files\Mozilla Firefox --------- 32768  

 19.06.2011 14:58     C:\Program Files\Spybot - Search & Destroy --------- 8192  

 17.06.2011 03:26     C:\Program Files\Microsoft Silverlight --------- 4096  

 17.06.2011 03:24     C:\Program Files\Internet Explorer --------- 4096  

 17.06.2011 03:02     C:\Program Files\Windows Mail --------- 4096  

 15.06.2011 15:51     C:\Program Files\ASIO4ALL v2 --------- 0  

 15.06.2011 15:51     C:\Program Files\VstPlugins --------- 0  

 15.06.2011 15:51     C:\Program Files\Image-Line --------- 4096  

 15.06.2011 15:50     C:\Program Files\Outsim --------- 0  

 14.06.2011 15:29     C:\Program Files\Java --------- 4096  

 04.06.2011 05:13     C:\Program Files\FileZilla FTP Client --------- 4096  

 02.06.2011 15:26     C:\Program Files\InstallShield Installation Information --------- 12288  

 31.05.2011 22:39     C:\Program Files\Windows Live Toolbar --------- 0  

 31.05.2011 22:37     C:\Program Files\DVDVideoSoft --------- 0  

 24.05.2011 14:49     C:\Program Files\Free M4a to MP3 Converter --------- 0  

 18.05.2011 17:16     C:\Program Files\GoldWave --------- 0  

 17.05.2011 22:11     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  

 13.05.2011 20:29     C:\Program Files\VideoLAN --------- 0  

 04.05.2011 21:32     C:\Program Files\Mindjet --------- 0  

 23.04.2011 03:01     C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0  

 17.04.2011 20:56     C:\Program Files\PokerStars.NET --------- 8192  

 16.04.2011 03:40     C:\Program Files\Windows Portable Devices --------- 0  

 14.04.2011 03:02     C:\Program Files\Microsoft.NET --------- 0  

 13.04.2011 23:53     C:\Program Files\Windows Calendar --------- 0  

 13.04.2011 23:53     C:\Program Files\Movie Maker --------- 0  

 13.04.2011 23:53     C:\Program Files\Windows Sidebar --------- 4096  

 13.04.2011 23:53     C:\Program Files\Windows Media Player --------- 4096  

 13.04.2011 23:53     C:\Program Files\Windows Collaboration --------- 4096  

 13.04.2011 23:53     C:\Program Files\Windows Photo Gallery --------- 4096  

 13.04.2011 23:53     C:\Program Files\Windows Defender --------- 4096  

 11.04.2011 10:31     C:\Program Files\MSXML 4.0 --------- 0  

 10.04.2011 15:18     C:\Program Files\QuickTime --------- 4096  

 09.04.2011 21:12     C:\Program Files\Audacity --------- 0  

 09.04.2011 20:14     C:\Program Files\Native Instruments --------- 0  

 09.04.2011 19:49     C:\Program Files\M-Audio --------- 0  

 09.04.2011 19:07     C:\Program Files\OpenOffice.org 3 --------- 4096  

 09.04.2011 19:02     C:\Program Files\Avira --------- 0  

 09.04.2011 19:01     C:\Program Files\WinRAR --------- 4096  

 09.04.2011 18:21     C:\Program Files\Gemeinsame Dateien --------- 0  

 09.04.2011 18:21     C:\Program Files\Windows NT --------- 4096  

 09.04.2011 15:52     C:\Program Files\Google --------- 0  

 09.04.2011 15:52     C:\Program Files\ThinkPad --------- 0  

 09.04.2011 15:52     C:\Program Files\PCDR5 --------- 0  

 09.04.2011 15:48     C:\Program Files\Pure Networks --------- 0  

 09.04.2011 15:47     C:\Program Files\ThinkVantage --------- 0  

 09.04.2011 15:42     C:\Program Files\Lenovo Multimedia Center --------- 4096  

 09.04.2011 15:42     C:\Program Files\CyberLink --------- 0  

 09.04.2011 15:39     C:\Program Files\Lenovo Registration --------- 0  

 09.04.2011 15:39     C:\Program Files\Diskeeper Corporation --------- 0  

 09.04.2011 15:31     C:\Program Files\Broadcom --------- 0  

 09.04.2011 15:30     C:\Program Files\Realtek --------- 0  

 09.04.2011 15:29     C:\Program Files\Intel --------- 0  

 09.04.2011 15:27     C:\Program Files\Synaptics --------- 0  

 21.01.2008 04:57     C:\Program Files\desktop.ini --------- 174  

 02.11.2006 14:58     C:\Program Files\Uninstall Information --------- 0  

 02.11.2006 14:35     C:\Program Files\Microsoft Games --------- 4096  

 02.11.2006 14:35     C:\Program Files\Reference Assemblies --------- 0  

 02.11.2006 14:35     C:\Program Files\MSBuild --------- 0  

----------------------------------------
 

 

C:\ProgramData\.. 
 

Rapho    

Default    

desktop.ini    

Default User    

All Users    

Public    

----------------------------------------
 

 

C:\Windows\system32\drivers\etc\hosts
 

127.0.0.1       localhost

::1             localhost
 

----------------------------------------
 

 
 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung

========================= ======== ================ =========== ===============

System Idle Process              0 Services                   0            12 K

System                           4 Services                   0        14.528 K

smss.exe                       572 Services                   0           524 K

csrss.exe                      640 Services                   0         3.876 K

csrss.exe                      696 Console                    1         8.444 K

wininit.exe                    704 Services                   0         3.076 K

services.exe                   748 Services                   0         6.824 K

lsass.exe                      784 Services                   0         2.232 K

lsm.exe                        792 Services                   0         3.148 K

winlogon.exe                   880 Console                    1         4.356 K

svchost.exe                    980 Services                   0         5.628 K

svchost.exe                   1048 Services                   0         5.620 K

svchost.exe                   1088 Services                   0        26.600 K

svchost.exe                   1196 Services                   0        11.072 K

svchost.exe                   1276 Services                   0        79.308 K

svchost.exe                   1296 Services                   0        58.920 K

audiodg.exe                   1356 Services                   0        16.148 K

svchost.exe                   1380 Services                   0         3.600 K

SLsvc.exe                     1408 Services                   0         3.632 K

svchost.exe                   1456 Services                   0        10.860 K

svchost.exe                   1640 Services                   0        12.324 K

spoolsv.exe                   1832 Services                   0         6.476 K

taskeng.exe                   1840 Services                   0         4.320 K

sched.exe                     1864 Services                   0           772 K

svchost.exe                   1892 Services                   0        12.848 K

IPSSVC.EXE                     388 Services                   0         2.684 K

AcPrfMgrSvc.exe                432 Services                   0         4.948 K

agrsmsvc.exe                   516 Services                   0         2.008 K

avguard.exe                    600 Services                   0        22.124 K

AppleMobileDeviceService.      612 Services                   0         6.296 K

avshadow.exe                   656 Services                   0         3.036 K

mDNSResponder.exe             1032 Services                   0         3.304 K

svchost.exe                   1344 Services                   0         3.120 K

DkService.exe                 1512 Services                   0        11.956 K

FnF5svc.exe                   1636 Services                   0         1.316 K

IAANTmon.exe                   220 Services                   0         4.156 K

MAUSBXPInst.exe               2068 Services                   0         3.300 K

PMSveH.exe                    2196 Services                   0         1.888 K

svchost.exe                   2240 Services                   0         4.632 K

rfx-server.exe                2260 Services                   0        12.764 K

RichVideo.exe                 2304 Services                   0         3.084 K

svchost.exe                   2324 Services                   0         4.332 K

tvt_reg_monitor_svc.exe       2356 Services                   0         2.776 K

TPHKSVC.exe                   2368 Services                   0         2.576 K

tvttcsd.exe                   2428 Services                   0         2.144 K

TuneUpUtilitiesService32.     2448 Services                   0        13.204 K

tvtsched.exe                  2464 Services                   0         3.792 K

svchost.exe                   2520 Services                   0         2.640 K

SearchIndexer.exe             2544 Services                   0        26.176 K

AcSvc.exe                     2612 Services                   0         6.820 K

nmsrvc.exe                    2680 Services                   0         5.328 K

SUService.exe                 2780 Services                   0         5.932 K

taskeng.exe                   3860 Console                    1         9.984 K

dwm.exe                       3888 Console                    1        58.104 K

SDWinSec.exe                  3896 Services                   0         7.024 K

TuneUpUtilitiesApp32.exe      3928 Console                    1         7.960 K

explorer.exe                  3972 Console                    1        34.512 K

DkIcon.exe                     788 Console                    1         4.524 K

WmiPrvSE.exe                  3132 Services                   0         8.736 K

SvcGuiHlpr.exe                3536 Services                   0         4.444 K

MSASCui.exe                   3844 Console                    1         9.404 K

tpfnf7sp.exe                  4012 Console                    1         4.876 K

SynTPEnh.exe                  3228 Console                    1         6.060 K

PMHandler.exe                 4248 Console                    1         4.960 K

TpWAudAp.exe                  4460 Console                    1         4.116 K

IAAnotif.exe                  4468 Console                    1         5.232 K

RtHDVCpl.exe                  4512 Console                    1         6.128 K

hkcmd.exe                     4564 Console                    1         5.188 K

igfxsrvc.exe                  4572 Console                    1         4.640 K

igfxpers.exe                  4688 Console                    1         4.992 K

LPMGR.EXE                     4772 Console                    1         6.200 K

AwaySch.EXE                   4812 Console                    1         4.752 K

PDVDServ.exe                  4836 Console                    1         4.716 K

wmpnscfg.exe                  4856 Console                    1         5.252 K

nmapp.exe                     4892 Console                    1        16.220 K

ACTray.exe                    4900 Console                    1         5.092 K

ACWLIcon.exe                  4916 Console                    1         5.288 K

cssauth.exe                   4924 Console                    1         5.696 K

avgnt.exe                     4956 Console                    1         2.164 K

M-AudioTaskBarIcon.exe        4964 Console                    1         5.012 K

MCPLaunch.exe                 4984 Console                    1         2.476 K

jusched.exe                   4996 Console                    1         2.940 K

scheduler_proxy.exe           5032 Console                    1         3.024 K

iTunesHelper.exe              5040 Console                    1         7.848 K

TeaTimer.exe                  5048 Console                    1        50.696 K

ICQ.exe                       5272 Console                    1        90.368 K

rfx-tray.exe                  5292 Console                    1         7.980 K

BTTray.exe                    5316 Console                    1         8.492 K

firefox.exe                   6048 Console                    1       446.176 K

svchost.exe                   1120 Services                   0         6.856 K

wmpnetwk.exe                   956 Services                   0        13.184 K

tvtpwm_tray.exe               2792 Console                    1        13.224 K

BTStackServer.exe             5736 Console                    1         8.636 K

iPodService.exe               4848 Services                   0         3.964 K

plugin-container.exe          5664 Console                    1        42.656 K

rfx-client.exe                5492 Console                    1        52.800 K

WUDFHost.exe                  8000 Services                   0         2.888 K

iTunes.exe                    4244 Console                    1        37.484 K

mobsync.exe                   7924 Console                    1         6.156 K

AppleMobileDeviceHelper.e     6820 Console                    1         5.048 K

distnoted.exe                 7544 Console                    1         3.272 K

iexplore.exe                  7356 Console                    1        30.844 K

iexplore.exe                  1424 Console                    1        43.660 K

explorer.exe                  6884 Console                    1        41.672 K

OTL.exe                       5704 Console                    1        26.964 K

notepad.exe                   6272 Console                    1         4.840 K

notepad.exe                   7320 Console                    1         7.104 K

SearchProtocolHost.exe        6240 Services                   0         8.328 K

SearchFilterHost.exe          6416 Services                   0         5.128 K

cmd.exe                       7292 Console                    1         3.000 K

conime.exe                    5104 Console                    1        11.476 K

dllhost.exe                    944 Console                    1        11.356 K

tasklist.exe                  7052 Console                    1         4.708 K
 

 

***** Ende des Scans 27.07.2011 um 17:12:22,59 ***

Meine Programme:

Code:

Access Help                08.04.2011        1,64MB        2.00

Adobe AIR        Adobe Systems Incorporated        17.07.2011        30,1MB        2.7.0.19530

Adobe Community Help        Adobe Systems Incorporated.        23.06.2011        5,70MB        3.4.980

Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        12.07.2011                10.3.181.34

Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        18.06.2011                10.3.181.26

Adobe Reader 8 - Deutsch        Adobe Systems Incorporated        08.04.2011        90,9MB        8.0.0

Agere Systems HDA Modem        Agere Systems        08.04.2011                

Anzeige am Bildschirm                08.04.2011                5.03

Apple Application Support        Apple Inc.        20.07.2011        60,2MB        2.0.1

Apple Mobile Device Support        Apple Inc.        17.06.2011        22,1MB        3.4.1.2

Apple Software Update        Apple Inc.        20.07.2011        2,38MB        2.1.3.127

ASIO4ALL        Michael Tippach        14.06.2011        0,52MB        2.10

Audacity 1.2.6                08.04.2011        8,43MB        

Avira AntiVir Personal - Free Antivirus        Avira GmbH        30.06.2011        114,1MB        10.2.0.696

Bonjour        Apple Inc.        20.07.2011        1,06MB        3.0.0.2

Broadcom Gigabit Integrated Controller        Broadcom Corporation        08.04.2011        0,74MB        10.15.06

CCleaner        Piriform        06.07.2011        3,60MB        3.08

Client Security Solution        Lenovo Group Limited        08.04.2011        100,4MB        8.0.0311.00

Diskeeper Home        Diskeeper Corporation        09.04.2011        12,1MB        9.0.545

Ergänzung zu Lenovo Care                08.04.2011        1,88MB        2.00

EVEREST Home Edition v2.20        Lavalys Inc        06.07.2011        6,58MB        2.20

FileZilla Client 3.5.0                30.05.2011        17,6MB        3.5.0

Free M4a to MP3 Converter 6.2        ManiacTools.com        23.05.2011        3,84MB        

Free YouTube to MP3 Converter version 3.9.35.324        DVDVideoSoft Limited.        23.04.2011        3,72MB        

GoldWave v5.58                17.05.2011        7,77MB        

Help Center                08.04.2011        2,05MB        2.00c

HiJackThis        Trend Micro        25.07.2011        0,36MB        1.0.0

ICQ7.5        ICQ        22.04.2011        50,3MB        7.5

IL Download Manager        Image-Line        14.06.2011        4,91MB        

Integrated Camera        Sonix        08.04.2011        3,61MB        5.8.8.012

Intel(R) Graphics Media Accelerator Driver                08.04.2011                

Intel(R) Matrix Storage Manager                08.04.2011        3,77MB        

iTunes        Apple Inc.        20.07.2011        141,9MB        10.4.0.80

Java(TM) 6 Update 2        Sun Microsystems, Inc.        08.04.2011        168,1MB        1.6.0.20

Java(TM) 6 Update 22        Oracle        08.04.2011        97,1MB        6.0.220

Java(TM) 6 Update 26        Oracle        08.04.2011        94,8MB        6.0.260

Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900        Lenovo.        09.04.2011        40,8MB        6.0.1.4900

Lenovo Care                08.04.2011        1,93MB        2.10

Lenovo Care System Update        Lenovo        01.07.2011        27,4MB        3.14.0034

Lenovo Multimedia Center                08.04.2011        3,23MB        

Lenovo Registration        Lenovo - Leader Technologies        08.04.2011        0,81MB        

Lenovo System Interface Driver                08.04.2011        4,00KB        1.00

M-Audio Xponent Driver 6.0.1 (x86)        M-Audio        08.04.2011        3,52MB        6.0.1

Maintenance Manager                08.04.2011        6,57MB        3.0.5.0

Malwarebytes' Anti-Malware        Malwarebytes Corporation        16.05.2011        4,82MB        

Message Center                08.04.2011        2,02MB        2.01b

Message Center Plus        Lenovo Group Limited        11.06.2011        1,70MB        2.0.0012.00

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        11.04.2011        37,0MB        

Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        10.04.2011        27,8MB        

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        13.04.2011        120,3MB        4.0.30319

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        13.04.2011        24,5MB        4.0.30319

Microsoft Silverlight        Microsoft Corporation        17.06.2011        40,3MB        4.0.60531.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        05.05.2011        0,25MB        8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        a17.06.2011        0,29MB        8.0.61001

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        30.04.2011        0,58MB        9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        04.05.2011        0,23MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        09.04.2011        0,58MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        16.06.2011        0,58MB        9.0.30729.6161

Mindjet MindManager 9        Mindjet        04.05.2011        100,6MB        9.0.246

Mozilla Firefox 5.0 (x86 de)        Mozilla        22.06.2011        32,3MB        5.0

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        11.04.2011        1,28MB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        11.04.2011        1,34MB        4.20.9876.0

Native Instruments Traktor        Native Instruments        08.04.2011        64,8MB        

Network Magic        Pure Networks        09.04.2011        28,1MB        4.1.7082.0

No23 Recorder        No23        17.07.2011        3,18MB        2.1.0.3

OpenOffice.org 3.3        OpenOffice.org        09.04.2011        413MB        3.3.9567

PC-Doctor 5 für Windows        PC-Doctor, Inc.        08.04.2011        144,6MB        5.00.4565.08

PDF-XChange 3        Tracker Software        03.05.2011        15,5MB        

PM Driver        Lenovo        08.04.2011        0,37MB        0.63.1.6

PokerStars.net        PokerStars.net        16.04.2011        62,2MB        

Präsentationsdirektor                08.04.2011        1,93MB        3.04

QuickTime        Apple Inc.        10.04.2011        73,7MB        7.69.80.9

Radio.fx        Tobit.Software        08.07.2011        1.968MB        

Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        08.04.2011        14,2MB        6.0.1.5391

Registry patch for Windows Vista USB S3 PM Enablement                08.04.2011        4,00KB        1.00

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33                08.04.2011        1,67MB        3.33.01

Safari        Apple Inc.        20.07.2011        43,4MB        5.34.50.0

simfy        simfy GmbH        17.07.2011        3,14MB        1.4.9

Spybot - Search & Destroy        Safer Networking Limited        18.06.2011        63,7MB        1.6.2

Synaptics Pointing Device Driver        Synaptics        08.04.2011        12,8MB        9.0.3.0

ThinkVantage Access Connections                08.04.2011        2,68MB        4.42

TuneUp Utilities 2011        TuneUp Software        06.07.2011        64,5MB        10.0.4300.9

Uninstall 1.0.0.1                23.04.2011        29,7MB        

VLC media player 1.1.9        VideoLAN        12.05.2011        80,1MB        1.1.9

Windows Media Player Firefox Plugin        Microsoft Corp        05.06.2011        0,29MB        1.0.0.8

WinRAR 4.00 (32-Bit)        win.rar GmbH        08.04.2011        4,04MB        4.00.0

Xponent        M-Audio        01.06.2011        2,18MB        5.10.00.5112v2

Und der Log vom Malware-Programm:

Code:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org
 

Datenbank Version: 7296
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421
 

27.07.2011 17:37:32

mbam-log-2011-07-27 (17-37-32).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 163156

Laufzeit: 14 Minute(n), 16 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 2

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 1

Infizierte Dateien: 2
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4Y3Y0C3AZF7XXHYWMAFFXA (Trojan.SpyEyes) -> Value: 4Y3Y0C3AZF7XXHYWMAFFXA -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{A528D4C2-8D70-CF99-9E74-C495DA3E6BA0} (Trojan.ZbotR.Gen) -> Value: {A528D4C2-8D70-CF99-9E74-C495DA3E6BA0} -> Quarantined and deleted successfully.
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
 

Infizierte Dateien:

c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

c:\Recycle.Bin\dde2f571a4d0c65 (Trojan.Spyeyes) -> Quarantined and deleted successfully.

zu Punkt 1. - übersprungen warum? Du hast ja 32Bit System

zu Punkt 2. - ich meinte bitte "Komplett Scan durchführen", nicht Quick-Scan!!!
also MBAM updaten und erneut einen Scan durchführen, Protokoll posten!

zu Punkt 3. - Extras.txt von OTL fehlt, bitte nachreichen!

Schonmal zu 2:

Code:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org
 

Datenbank Version: 7296
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421
 

29.07.2011 17:49:29

mbam-log-2011-07-29 (17-49-29).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Durchsuchte Objekte: 316466

Laufzeit: 1 Stunde(n), 27 Minute(n), 51 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

und die EXTRAS.txt
OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 27.07.2011 16:56:34 - Run 1

OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Rapho\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,42 Gb Available Physical Memory | 21,33% Memory free

4,21 Gb Paging File | 1,40 Gb Available in Paging File | 33,18% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 143,95 Gb Total Space | 48,04 Gb Free Space | 33,37% Space Free | Partition Type: NTFS

 

Computer Name: RAPHO-PC | User Name: Rapho | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1D9E4C1E-E761-4385-80D1-B51DF939FFD5}" = lport=139 | protocol=6 | dir=in | app=system | 

"{242194F3-CA12-4FE2-BC80-B8B66CCCF350}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{38C2E15A-997D-4F20-8214-F8E5210018C0}" = lport=445 | protocol=6 | dir=in | app=system | 

"{399AE03E-EED5-4351-B3DD-DAECE9C02FEE}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{3E5FA714-0EAC-45FA-A1A1-13177A182074}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{51A168E2-A2E9-4078-B70C-D41CABAB659A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{761385AF-BAD8-4C36-974C-5B5802CFDE52}" = rport=137 | protocol=17 | dir=out | app=system | 

"{877E0AAD-A9E3-434E-B2D8-8733ACE61EB1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{913F7A6D-E9DD-4CD0-BC84-4FD3E1DAAC53}" = rport=445 | protocol=6 | dir=out | app=system | 

"{B4A3A8B9-A1E8-4EA8-97A1-79E0228CE811}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{B5D9E229-33AA-40B8-BBA0-D5DB76ADB41E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D52A2267-5406-495F-91F7-BE62A035B7AF}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{D53AFB55-095C-4940-89BC-930E82FA5D80}" = rport=139 | protocol=6 | dir=out | app=system | 

"{D5EB17CB-A667-43BF-BF3F-EFC607259404}" = lport=137 | protocol=17 | dir=in | app=system | 

"{E810E2A1-7DA1-4934-BB48-BD545655B6D6}" = rport=138 | protocol=17 | dir=out | app=system | 

"{EDCBF1BC-9EE8-4936-B52A-A339D1D48CB4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{F8B58541-25D9-46AE-8BF6-D6CC91CA24AA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{F99374A4-EA6A-4C07-AE32-1DA1E0ABD640}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{FCDEE1B8-F460-416D-9E80-C36ACB611D0B}" = lport=138 | protocol=17 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0789E2C9-C433-418A-800E-5BA66DC11096}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{0D96D3C3-8A74-4CED-AF8C-FC2E23A10AFA}" = dir=in | app=c:\program files\lenovo multimedia center\powerdirector express\pdx.exe | 

"{1A0A5B74-61EE-4743-965C-E21D3F4BE66F}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{3BE7ACBC-53A6-442E-AF6C-D9504237DF11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{528FD07A-318F-4EDD-9741-DB2B218C23B4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{535FC8E8-500C-48A6-B53F-91FA15DD2FE5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{5C42E2BF-F0B4-443A-BDD4-76CD8211454C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{6151902F-83F6-4D5C-BBAF-6B98C2D013D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{68656724-2BF0-4ED5-9CB5-5E387693CDEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{7022C311-83EB-4595-9D83-8750CCEE4F43}" = protocol=6 | dir=out | app=system | 

"{795D2918-1CD7-4102-BDC5-4BDEE8459E76}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{7C541091-81E4-4F49-996E-22651DB84FD8}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | 

"{7EA2D9C5-D54F-4D7D-8BAC-7F6DA22EC8A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{80A9F8FA-4B13-481F-9D1E-B07038B30531}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{8D7C9D09-E37C-4F75-9761-058FA26CDAF2}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{A7D62927-8BA5-43C0-9A7B-A2E51A04C7F1}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{AEA74DE2-C45A-40E7-B819-B0E753792790}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | 

"{B6BA0155-0D16-4681-ADBD-549D8BB4F37F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{B94CFCF1-6766-48B5-A22D-327E1F72085A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{BEEBEF2A-77D2-4B71-841C-3137FD181134}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{BF99B6CA-2496-4A52-A009-77280BE2C165}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{C0F411D0-36F8-4C58-B14F-7B86B9EE3F37}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{C8806126-FF94-4090-8E4E-108AA64AB516}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{CABC47A6-CEE3-46A5-BEB0-5D6F73BDD099}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{CF205327-0DF6-4107-A478-FE68CC83BCA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D7567DAF-7962-471B-89BC-E3B7AD776E9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D8404B62-C8AF-4E58-9717-F570DAB54FDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{E1B24D1B-3F6B-4CD9-B9BD-978BC87D7B2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{E8FD4B6A-01C8-48DB-AD32-9D6182283F30}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{F4747D9C-8304-4F4D-9913-1E771F5A2EC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{F94A45FB-1F41-4700-9F4D-779BBA0EE4DA}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | 

"{F9AADB00-D9A0-4F0C-99A3-BFCC895FA0AA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{FCC91798-CA66-4AEF-9FBF-CCA6132A094D}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | 

"TCP Query User{1699ECD7-9FDC-4E0E-A6E5-8E0644AB2F9F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"TCP Query User{27ACF68D-7FFB-42ED-8432-E6939D8A987F}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 

"TCP Query User{43A76B9E-5E26-4788-946C-A754F46A335F}C:\users\rapho\appdata\local\xenocode\sandbox\adobe after effects cs3\8.0x247\2010.02.14t17.17\native\stubexe\8.0.1135\@programfiles@\bonjour\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\users\rapho\appdata\local\xenocode\sandbox\adobe after effects cs3\8.0x247\2010.02.14t17.17\native\stubexe\8.0.1135\@programfiles@\bonjour\mdnsresponder.exe | 

"TCP Query User{87B022A5-1106-4B05-ADE9-454CD95AA02F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"TCP Query User{944572FB-EF4C-4C4B-BAD3-89778814F412}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 

"TCP Query User{9ED59534-7785-4A09-A847-536AD86B23EA}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 

"UDP Query User{0DD36079-7355-49B9-B701-F531511F59B9}C:\users\rapho\appdata\local\xenocode\sandbox\adobe after effects cs3\8.0x247\2010.02.14t17.17\native\stubexe\8.0.1135\@programfiles@\bonjour\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\users\rapho\appdata\local\xenocode\sandbox\adobe after effects cs3\8.0x247\2010.02.14t17.17\native\stubexe\8.0.1135\@programfiles@\bonjour\mdnsresponder.exe | 

"UDP Query User{1B2B28CC-77D1-4DC4-BF42-33576C6DB470}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 

"UDP Query User{21004A17-ED18-4D08-B6D9-D08BA359F179}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 

"UDP Query User{4AFB86D5-3DD8-4D72-B25F-ED5646F6E187}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 

"UDP Query User{4DD39CDD-2C81-46BE-8E42-6EAF301A4F56}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{BB27A5F9-C3AB-46EF-B9BE-80A38303DCD5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution

"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message

"{1772DBCE-B61D-4A4D-B881-F717EBE74998}" = Xponent

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Lenovo Multimedia Center

"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011

"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26

"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{35AC562E-F11A-060C-CD06-70FB80113769}" = simfy

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33

"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)

"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver

"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Ergänzung zu Lenovo Care

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support

"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari

"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home

"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections

"{800C6CC9-8EEB-4A6A-ABD4-C05EAE279606}" = Network Magic

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager

"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch

"{B1F625EB-9691-4889-A864-DA085739F3F0}" = Power Ux Customization

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help

"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DB44F479-789A-4D76-A31E-663C5658F576}" = Mindjet MindManager 9

"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers

"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FCB739A2-D7C9-4F69-B992-21196057803E}" = M-Audio Xponent Driver 6.0.1 (x86)

"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"ASIO4ALL" = ASIO4ALL

"Audacity_is1" = Audacity 1.2.6

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AwayTask" = Maintenance Manager

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"FileZilla Client" = FileZilla Client 3.5.0

"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324

"GoldWave v5.58" = GoldWave v5.58

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"IL Download Manager" = IL Download Manager

"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver

"Lenovo Registration" = Lenovo Registration

"LENOVO.SMIIF" = Lenovo System Interface Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)

"Native Instruments Traktor" = Native Instruments Traktor

"No23 Recorder" = No23 Recorder

"OnScreenDisplay" = Anzeige am Bildschirm

"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows

"PDF-XChange 3_is1" = PDF-XChange 3

"PokerStars.net" = PokerStars.net

"Simfy" = simfy

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Tobit Radio.fx Server" = Radio.fx

"TuneUp Utilities 2011" = TuneUp Utilities 2011

"Uninstall_is1" = Uninstall 1.0.0.1

"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement

"VLC media player" = VLC media player 1.1.9

"WinRAR archiver" = WinRAR 4.00 (32-Bit)

 
 ========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

--- --- ---

Und zu 1:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit quick scan 2011-07-30 14:45:06

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.08.0

Running: n48vj8s9.exe; Driver: C:\Users\Rapho\AppData\Local\Temp\fwdorpog.sys
 
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
 

---- Threads - GMER 1.0.15 ----
 

Thread          System [4:284]                           86531E7A

Thread          System [4:288]                           86534008
 

---- EOF - GMER 1.0.15 ----

Ich hoffe ihr könnt mir helfen :)

1.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.

Downloade die MBR.exe von Gmer und
kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
Start => ausführen => cmd (da reinschreiben) => OK
es öffnet sich eine Eingabeaufforderung.

Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
Nach dem Prompt (>_) folgenden

aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

Code:

mbr.exe -t > C:\mbr.log & C:\mbr.log

(Enter drücken)
Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
Bitte kopiere den Inhalt hier in Deinen Thread.

2.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

:OTL

O4 - HKLM..\Run: [AdobeCS5.5ServiceManager]  File not found

O4 - HKCU..\Run: [{A528D4C2-8D70-CF99-9E74-C495DA3E6BA0}]  File not found

O4 - HKCU..\Run: [4Y3Y0C3AZF7XXHYWMAFFXA]  File not found

O4 - HKCU..\Run: [AdobeBridge]  File not found

[2011.05.16 22:32:34 | 000,000,136 | ---- | C] () -- C:\ProgramData\~32694008r

[2011.05.16 22:32:34 | 000,000,112 | ---- | C] () -- C:\ProgramData\~32694008

[2011.05.16 22:32:18 | 000,000,384 | ---- | C] () -- C:\ProgramData\32694008
 

:Files

C:\Windows\Tasks\At1.job

:Commands

[purity]

[emptytemp]

und füge es hier ein: http://image.hijackthis.eu/upload/hjt1-021.jpg
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

3.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

4.
Musikdateien speicherst Du auf dem Desktop?
- Folgende Einträge/Namen sagen Dir etwas?:

Zitat:

[2011.07.12 22:40:33 | 002,206,823 | ---- | M] () -- C:\Users\Rapho\Desktop\MTiIVzC8NsMF.128.mp3
[2011.07.12 22:38:13 | 004,832,861 | ---- | M] () -- C:\Users\Rapho\Desktop\EnERrJnhXFDu.128.mp3
[2011.07.12 22:36:36 | 005,038,497 | ---- | M] () -- C:\Users\Rapho\Desktop\nmRfKRu2NYrw.128.mp3

Zitat:

[2011.07.16 13:44:07 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Ovvy
[2011.07.16 13:44:07 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Aguhi
[2011.07.01 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Ugab
[2011.07.01 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Ucef
[2011.06.30 13:57:57 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Veavna
[2011.06.30 13:57:57 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Acurpo

Zu 1:

Code:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net

Windows 6.0.6002 Disk: WDC_WD16 rev.08.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 
 

device: opened successfully

user: MBR read successfully
 

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8652D1ED]<< 

1 nt!IofCallDriver[0x8208811B] -> \Device\Harddisk0\DR0[0x85E3B828]

3 CLASSPNP[0x885A38B3] -> nt!IofCallDriver[0x8208811B] -> [0x84E04118]

5 acpi[0x82E556BC] -> nt!IofCallDriver[0x8208811B] -> \Device\Ide\IAAStorageDevice-0[0x8530A030]

\Driver\iaStor[0x84E04030] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8652D1ED

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\iaStor -> 0x8652d1ed

user & kernel MBR OK 

Warning: possible MBR rootkit infection !

Zu 2:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{A528D4C2-8D70-CF99-9E74-C495DA3E6BA0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A528D4C2-8D70-CF99-9E74-C495DA3E6BA0}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\4Y3Y0C3AZF7XXHYWMAFFXA not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.

C:\ProgramData\~32694008r moved successfully.

C:\ProgramData\~32694008 moved successfully.

C:\ProgramData\32694008 moved successfully.

========== FILES ==========

C:\Windows\Tasks\At1.job moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Rapho

->Temp folder emptied: 483218 bytes

->Temporary Internet Files folder emptied: 52294496 bytes

->Java cache emptied: 1131829 bytes

->FireFox cache emptied: 317507507 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 77854 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 165470 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 355,00 mb

 

 

OTL by OldTimer - Version 3.2.26.1 log created on 07312011_135848
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Zu 3:
Extras:
OTL Logfile:

Code:

OTL Extras logfile created on: 31.07.2011 14:12:09 - Run 3

OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Rapho\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,74 Gb Available Physical Memory | 37,23% Memory free

4,21 Gb Paging File | 2,68 Gb Available in Paging File | 63,66% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 143,95 Gb Total Space | 48,27 Gb Free Space | 33,53% Space Free | Partition Type: NTFS

 

Computer Name: RAPHO-PC | User Name: Rapho | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1D9E4C1E-E761-4385-80D1-B51DF939FFD5}" = lport=139 | protocol=6 | dir=in | app=system | 

"{242194F3-CA12-4FE2-BC80-B8B66CCCF350}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{38C2E15A-997D-4F20-8214-F8E5210018C0}" = lport=445 | protocol=6 | dir=in | app=system | 

"{399AE03E-EED5-4351-B3DD-DAECE9C02FEE}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{3E5FA714-0EAC-45FA-A1A1-13177A182074}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{51A168E2-A2E9-4078-B70C-D41CABAB659A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{761385AF-BAD8-4C36-974C-5B5802CFDE52}" = rport=137 | protocol=17 | dir=out | app=system | 

"{877E0AAD-A9E3-434E-B2D8-8733ACE61EB1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{913F7A6D-E9DD-4CD0-BC84-4FD3E1DAAC53}" = rport=445 | protocol=6 | dir=out | app=system | 

"{B4A3A8B9-A1E8-4EA8-97A1-79E0228CE811}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{B5D9E229-33AA-40B8-BBA0-D5DB76ADB41E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D52A2267-5406-495F-91F7-BE62A035B7AF}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{D53AFB55-095C-4940-89BC-930E82FA5D80}" = rport=139 | protocol=6 | dir=out | app=system | 

"{D5EB17CB-A667-43BF-BF3F-EFC607259404}" = lport=137 | protocol=17 | dir=in | app=system | 

"{E810E2A1-7DA1-4934-BB48-BD545655B6D6}" = rport=138 | protocol=17 | dir=out | app=system | 

"{EDCBF1BC-9EE8-4936-B52A-A339D1D48CB4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{F8B58541-25D9-46AE-8BF6-D6CC91CA24AA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{F99374A4-EA6A-4C07-AE32-1DA1E0ABD640}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{FCDEE1B8-F460-416D-9E80-C36ACB611D0B}" = lport=138 | protocol=17 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0789E2C9-C433-418A-800E-5BA66DC11096}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{0D96D3C3-8A74-4CED-AF8C-FC2E23A10AFA}" = dir=in | app=c:\program files\lenovo multimedia center\powerdirector express\pdx.exe | 

"{1A0A5B74-61EE-4743-965C-E21D3F4BE66F}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{3BE7ACBC-53A6-442E-AF6C-D9504237DF11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{528FD07A-318F-4EDD-9741-DB2B218C23B4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{535FC8E8-500C-48A6-B53F-91FA15DD2FE5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{5C42E2BF-F0B4-443A-BDD4-76CD8211454C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{6151902F-83F6-4D5C-BBAF-6B98C2D013D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{68656724-2BF0-4ED5-9CB5-5E387693CDEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{7022C311-83EB-4595-9D83-8750CCEE4F43}" = protocol=6 | dir=out | app=system | 

"{795D2918-1CD7-4102-BDC5-4BDEE8459E76}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{7C541091-81E4-4F49-996E-22651DB84FD8}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | 

"{7EA2D9C5-D54F-4D7D-8BAC-7F6DA22EC8A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{80A9F8FA-4B13-481F-9D1E-B07038B30531}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{8D7C9D09-E37C-4F75-9761-058FA26CDAF2}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{A7D62927-8BA5-43C0-9A7B-A2E51A04C7F1}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{AEA74DE2-C45A-40E7-B819-B0E753792790}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | 

"{B6BA0155-0D16-4681-ADBD-549D8BB4F37F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{B94CFCF1-6766-48B5-A22D-327E1F72085A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{BEEBEF2A-77D2-4B71-841C-3137FD181134}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{BF99B6CA-2496-4A52-A009-77280BE2C165}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{C0F411D0-36F8-4C58-B14F-7B86B9EE3F37}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{C8806126-FF94-4090-8E4E-108AA64AB516}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{CABC47A6-CEE3-46A5-BEB0-5D6F73BDD099}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{CF205327-0DF6-4107-A478-FE68CC83BCA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D7567DAF-7962-471B-89BC-E3B7AD776E9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D8404B62-C8AF-4E58-9717-F570DAB54FDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{E1B24D1B-3F6B-4CD9-B9BD-978BC87D7B2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{E8FD4B6A-01C8-48DB-AD32-9D6182283F30}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 

"{F4747D9C-8304-4F4D-9913-1E771F5A2EC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{F94A45FB-1F41-4700-9F4D-779BBA0EE4DA}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | 

"{F9AADB00-D9A0-4F0C-99A3-BFCC895FA0AA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{FCC91798-CA66-4AEF-9FBF-CCA6132A094D}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | 

"TCP Query User{1699ECD7-9FDC-4E0E-A6E5-8E0644AB2F9F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"TCP Query User{27ACF68D-7FFB-42ED-8432-E6939D8A987F}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 

"TCP Query User{43A76B9E-5E26-4788-946C-A754F46A335F}C:\users\rapho\appdata\local\xenocode\sandbox\adobe after effects cs3\8.0x247\2010.02.14t17.17\native\stubexe\8.0.1135\@programfiles@\bonjour\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\users\rapho\appdata\local\xenocode\sandbox\adobe after effects cs3\8.0x247\2010.02.14t17.17\native\stubexe\8.0.1135\@programfiles@\bonjour\mdnsresponder.exe | 

"TCP Query User{87B022A5-1106-4B05-ADE9-454CD95AA02F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"TCP Query User{944572FB-EF4C-4C4B-BAD3-89778814F412}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 

"TCP Query User{9ED59534-7785-4A09-A847-536AD86B23EA}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 

"UDP Query User{0DD36079-7355-49B9-B701-F531511F59B9}C:\users\rapho\appdata\local\xenocode\sandbox\adobe after effects cs3\8.0x247\2010.02.14t17.17\native\stubexe\8.0.1135\@programfiles@\bonjour\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\users\rapho\appdata\local\xenocode\sandbox\adobe after effects cs3\8.0x247\2010.02.14t17.17\native\stubexe\8.0.1135\@programfiles@\bonjour\mdnsresponder.exe | 

"UDP Query User{1B2B28CC-77D1-4DC4-BF42-33576C6DB470}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 

"UDP Query User{21004A17-ED18-4D08-B6D9-D08BA359F179}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 

"UDP Query User{4AFB86D5-3DD8-4D72-B25F-ED5646F6E187}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 

"UDP Query User{4DD39CDD-2C81-46BE-8E42-6EAF301A4F56}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{BB27A5F9-C3AB-46EF-B9BE-80A38303DCD5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution

"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message

"{1772DBCE-B61D-4A4D-B881-F717EBE74998}" = Xponent

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Lenovo Multimedia Center

"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26

"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{35AC562E-F11A-060C-CD06-70FB80113769}" = simfy

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33

"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver

"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Ergänzung zu Lenovo Care

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support

"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari

"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home

"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections

"{800C6CC9-8EEB-4A6A-ABD4-C05EAE279606}" = Network Magic

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch

"{B1F625EB-9691-4889-A864-DA085739F3F0}" = Power Ux Customization

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help

"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DB44F479-789A-4D76-A31E-663C5658F576}" = Mindjet MindManager 9

"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers

"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FCB739A2-D7C9-4F69-B992-21196057803E}" = M-Audio Xponent Driver 6.0.1 (x86)

"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"ASIO4ALL" = ASIO4ALL

"Audacity_is1" = Audacity 1.2.6

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AwayTask" = Maintenance Manager

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"FileZilla Client" = FileZilla Client 3.5.0

"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324

"GoldWave v5.58" = GoldWave v5.58

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"IL Download Manager" = IL Download Manager

"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver

"Lenovo Registration" = Lenovo Registration

"LENOVO.SMIIF" = Lenovo System Interface Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)

"Native Instruments Traktor" = Native Instruments Traktor

"No23 Recorder" = No23 Recorder

"OnScreenDisplay" = Anzeige am Bildschirm

"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows

"PDF-XChange 3_is1" = PDF-XChange 3

"PokerStars.net" = PokerStars.net

"Simfy" = simfy

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Tobit Radio.fx Server" = Radio.fx

"Uninstall_is1" = Uninstall 1.0.0.1

"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement

"VLC media player" = VLC media player 1.1.9

"WinRAR archiver" = WinRAR 4.00 (32-Bit)

 
 ========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

--- --- ---

OTL.txt
OTL Logfile:

Code:

OTL logfile created on: 31.07.2011 14:12:09 - Run 3

OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Rapho\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,74 Gb Available Physical Memory | 37,23% Memory free

4,21 Gb Paging File | 2,68 Gb Available in Paging File | 63,66% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 143,95 Gb Total Space | 48,27 Gb Free Space | 33,53% Space Free | Partition Type: NTFS

 

Computer Name: RAPHO-PC | User Name: Rapho | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.07.31 14:02:39 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe

PRC - [2011.07.30 14:06:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rapho\Desktop\OTL(1).exe

PRC - [2011.07.01 18:52:54 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.06.24 16:19:11 | 003,627,352 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe

PRC - [2011.06.23 13:27:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2011.05.21 18:09:35 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe

PRC - [2011.04.27 20:27:18 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2011.04.18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe

PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.10.02 12:45:36 | 000,643,592 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe

PRC - [2009.05.27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.21 04:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2007.11.29 20:04:00 | 000,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe

PRC - [2007.09.11 10:54:48 | 000,163,840 | ---- | M] (Avid Technology, Inc.) -- C:\Programme\M-Audio\Xponent\MAUSBXPInst.exe

PRC - [2007.08.09 11:11:06 | 000,927,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe

PRC - [2007.08.09 10:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2007.07.05 15:49:18 | 000,128,296 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

PRC - [2007.07.05 15:49:06 | 000,124,200 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe

PRC - [2007.07.05 15:48:58 | 000,419,112 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe

PRC - [2007.07.05 15:48:54 | 000,206,120 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe

PRC - [2007.07.05 15:48:50 | 000,091,432 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2007.06.05 17:11:28 | 000,034,352 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\PM Driver\PMHandler.exe

PRC - [2007.04.26 19:10:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\LenovoCare\LPMGR.EXE

PRC - [2007.04.09 03:24:32 | 000,054,832 | ---- | M] (Lenovo.) -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe

PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BTTray.exe

PRC - [2007.03.29 13:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BTStackServer.exe

PRC - [2007.03.23 13:04:54 | 004,423,680 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007.03.16 05:26:22 | 000,057,344 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\PM Driver\PMSveH.exe

PRC - [2007.03.14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Programme\Pure Networks\Network Magic\nmsrvc.exe

PRC - [2007.03.14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Programme\Pure Networks\Network Magic\nmapp.exe

PRC - [2007.03.02 07:07:28 | 000,055,936 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2007.02.12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007.02.12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2007.01.30 05:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE

PRC - [2006.11.23 15:10:42 | 000,056,928 | ---- | M] (Cyberlink Corp.) -- C:\Programme\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe

PRC - [2006.11.15 16:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe

PRC - [2006.11.15 16:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe

PRC - [2006.11.07 12:51:20 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE

PRC - [2006.10.05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2006.09.06 09:38:44 | 000,054,824 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.07.30 14:06:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rapho\Desktop\OTL(1).exe

MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

MOD - [2010.07.30 13:01:38 | 000,107,856 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mindjet\MindManager 9\msscript.ocx

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.07.31 14:03:26 | 000,017,408 | ---- | M] () [Unknown | Running] -- C:\Windows\System32\rpcnetp.dll -- (rpcnetp)

SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.07.01 18:52:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.06.24 16:19:11 | 003,627,352 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)

SRV - [2011.04.27 20:27:18 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.04.18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.09.11 10:54:48 | 000,163,840 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Programme\M-Audio\Xponent\MAUSBXPInst.exe -- (MAudioXponentService)

SRV - [2007.08.09 10:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2007.07.05 15:48:54 | 000,206,120 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2007.07.05 15:48:50 | 000,091,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2007.04.09 03:24:32 | 000,054,832 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)

SRV - [2007.03.16 05:26:22 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)

SRV - [2007.03.14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)

SRV - [2007.03.14 15:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)

SRV - [2007.03.02 07:07:28 | 000,055,936 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2007.02.12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2007.01.30 05:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)

SRV - [2006.11.15 16:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2006.10.05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011.07.01 18:52:58 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.07.01 18:52:58 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.06.11 13:49:12 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)

DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.10.02 12:45:28 | 000,042,248 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioXponent_DFU.sys -- (MADFUXPONENT)

DRV - [2009.10.02 12:45:24 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioXponent.sys -- (MAUSBXPONENT)

DRV - [2008.01.21 04:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2008.01.21 04:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)

DRV - [2007.05.22 15:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)

DRV - [2007.03.21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006.12.19 02:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)

DRV - [2006.11.09 14:34:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)

DRV - [2006.11.08 09:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006.11.06 10:23:24 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)

DRV - [2006.08.30 12:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/3000notebook [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/3000notebook [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.23 13:27:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.14 15:29:13 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2011.04.09 15:53:18 | 000,000,000 | ---D | M]

 

[2011.04.09 18:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rapho\AppData\Roaming\mozilla\Extensions

[2011.07.31 14:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rapho\AppData\Roaming\mozilla\Firefox\Profiles\6wmvbu2m.default\extensions

[2011.06.22 19:43:50 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Rapho\AppData\Roaming\mozilla\Firefox\Profiles\6wmvbu2m.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}

[2011.07.06 18:52:42 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\Rapho\AppData\Roaming\mozilla\Firefox\Profiles\6wmvbu2m.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack

[2011.06.14 15:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.04.09 19:06:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.04.09 18:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.14 15:29:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

File not found (No name found) -- 

[2011.04.09 18:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.14 15:29:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\RAPHO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6WMVBU2M.DEFAULT\EXTENSIONS\{1F91CDE0-C040-11DA-A94D-0800200C9A66}.XPI

[2011.04.12 13:30:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.06.23 13:27:13 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)

O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)

O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)

O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)

O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()

O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)

O4 - HKLM..\Run: [PMHandler] C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rapho\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Programme\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Rapho\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Rapho\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) -  File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.07.31 13:58:48 | 000,000,000 | ---D | C] -- C:\_OTL

[2011.07.30 15:36:56 | 000,000,000 | ---D | C] -- C:\Users\Rapho\Desktop\SciLor's Grooveshark.com Downloader

[2011.07.30 14:36:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.07.30 14:06:51 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Rapho\Desktop\OTL(1).exe

[2011.07.26 19:35:51 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2011.07.26 19:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011.07.21 14:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.07.21 14:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011.07.21 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011.07.21 13:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2011.07.18 19:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon

[2011.07.18 19:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\No23 Recorder

[2011.07.18 19:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23 Recorder

[2011.07.18 18:51:12 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Simfy

[2011.07.18 18:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy

[2011.07.18 18:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\simfy

[2011.07.16 13:44:07 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Ovvy

[2011.07.16 13:44:07 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Aguhi

[2011.07.13 22:23:33 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.07.13 22:23:30 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2011.07.13 22:23:30 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2011.07.12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll

[2011.07.12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe

[2011.07.12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll

[2011.07.12 11:20:54 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll

[2011.07.09 17:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software

[2011.07.09 17:17:33 | 001,844,488 | ---- | C] (Tobit.Software) -- C:\Windows\RXSUnins.exe

[2011.07.09 17:17:33 | 001,844,488 | ---- | C] (Tobit.Software) -- C:\Windows\RXCUnins.exe

[2011.07.07 19:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys

[2011.07.07 19:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys

[2011.07.01 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Ugab

[2011.07.01 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\Rapho\AppData\Roaming\Ucef

[2011.04.09 15:23:53 | 000,167,936 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll

[2011.04.09 15:23:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.07.31 14:04:12 | 000,025,181 | ---- | M] () -- C:\Windows\System32\PROCDB.INI

[2011.07.31 14:03:26 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll

[2011.07.31 14:02:59 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI

[2011.07.31 14:02:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.07.31 14:02:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.07.31 14:02:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.07.31 14:02:42 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys

[2011.07.31 14:02:39 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe

[2011.07.31 14:01:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011.07.31 13:50:46 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe

[2011.07.30 15:50:53 | 008,390,239 | ---- | M] () -- C:\Users\Rapho\Desktop\01 - Pitbull feat. Rapho - Took my love.mp3

[2011.07.30 15:04:39 | 006,151,650 | ---- | M] () -- C:\Users\Rapho\Desktop\01 - Tim Bendzko - Nur noch kurz die Welt retten.mp3

[2011.07.30 14:58:28 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe

[2011.07.30 14:31:32 | 000,302,592 | ---- | M] () -- C:\Users\Rapho\Desktop\n48vj8s9.exe

[2011.07.30 14:06:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rapho\Desktop\OTL(1).exe

[2011.07.29 01:12:12 | 195,127,952 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.07.26 20:10:17 | 000,322,022 | ---- | M] () -- C:\Users\Rapho\AppData\Local\census.cache

[2011.07.26 20:09:34 | 000,221,743 | ---- | M] () -- C:\Users\Rapho\AppData\Local\ars.cache

[2011.07.26 19:53:14 | 000,000,036 | ---- | M] () -- C:\Users\Rapho\AppData\Local\housecall.guid.cache

[2011.07.26 19:35:51 | 000,001,948 | ---- | M] () -- C:\Users\Rapho\Desktop\HiJackThis.lnk

[2011.07.23 18:12:30 | 013,165,864 | ---- | M] () -- C:\Users\Rapho\Desktop\Set-Fire-to-the-Rain-A-Stupid-Hole-Bootleg.mp3

[2011.07.22 17:26:30 | 003,523,810 | ---- | M] () -- C:\Users\Rapho\Desktop\Seeed-Molotov.mp3

[2011.07.22 13:27:55 | 021,073,936 | ---- | M] () -- C:\Users\Rapho\Documents\vlc-1.1.11-win32.exe

[2011.07.21 19:06:28 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.07.21 19:06:28 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.07.21 19:06:28 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.07.21 19:06:27 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.07.21 14:18:27 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2011.07.21 14:13:09 | 000,001,674 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.07.21 13:52:24 | 000,001,356 | ---- | M] () -- C:\Users\Rapho\AppData\Local\d3d9caps.dat

[2011.07.18 19:18:44 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\No23 Recorder.lnk

[2011.07.18 18:51:06 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk

[2011.07.14 14:19:03 | 003,611,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.07.13 19:35:52 | 000,002,061 | ---- | M] () -- C:\Users\Rapho\Documents\Firefox Sync Key.html

[2011.07.13 19:34:30 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011.07.12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll

[2011.07.12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe

[2011.07.12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll

[2011.07.12 11:20:54 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll

[2011.07.07 19:11:34 | 000,000,917 | ---- | M] () -- C:\Users\Rapho\Desktop\EVEREST Home Edition.lnk

[2011.07.07 19:02:11 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.07.01 18:52:58 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.07.01 18:52:58 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

 
 ========== Files Created - No Company Name ==========

 

[2011.07.31 14:03:26 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll

[2011.07.31 14:02:39 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe

[2011.07.31 13:50:29 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe

[2011.07.30 15:46:23 | 008,390,239 | ---- | C] () -- C:\Users\Rapho\Desktop\01 - Pitbull feat. Rapho - Took my love.mp3

[2011.07.30 15:01:25 | 006,151,650 | ---- | C] () -- C:\Users\Rapho\Desktop\01 - Tim Bendzko - Nur noch kurz die Welt retten.mp3

[2011.07.30 14:31:25 | 000,302,592 | ---- | C] () -- C:\Users\Rapho\Desktop\n48vj8s9.exe

[2011.07.29 01:12:12 | 195,127,952 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011.07.27 17:11:45 | 000,030,259 | ---- | C] () -- C:\Users\Rapho\Desktop\hjtscanlist.bat

[2011.07.26 20:10:17 | 000,322,022 | ---- | C] () -- C:\Users\Rapho\AppData\Local\census.cache

[2011.07.26 20:09:34 | 000,221,743 | ---- | C] () -- C:\Users\Rapho\AppData\Local\ars.cache

[2011.07.26 19:53:14 | 000,000,036 | ---- | C] () -- C:\Users\Rapho\AppData\Local\housecall.guid.cache

[2011.07.26 19:35:51 | 000,001,948 | ---- | C] () -- C:\Users\Rapho\Desktop\HiJackThis.lnk

[2011.07.23 18:12:13 | 013,165,864 | ---- | C] () -- C:\Users\Rapho\Desktop\Set-Fire-to-the-Rain-A-Stupid-Hole-Bootleg.mp3

[2011.07.22 13:27:25 | 021,073,936 | ---- | C] () -- C:\Users\Rapho\Documents\vlc-1.1.11-win32.exe

[2011.07.21 14:18:27 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk

[2011.07.21 14:13:09 | 000,001,674 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.07.18 19:18:44 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\No23 Recorder.lnk

[2011.07.18 18:51:06 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\simfy.lnk

[2011.07.13 19:35:51 | 000,002,061 | ---- | C] () -- C:\Users\Rapho\Documents\Firefox Sync Key.html

[2011.07.08 20:07:38 | 003,523,810 | ---- | C] () -- C:\Users\Rapho\Desktop\Seeed-Molotov.mp3

[2011.07.07 19:11:34 | 000,000,917 | ---- | C] () -- C:\Users\Rapho\Desktop\EVEREST Home Edition.lnk

[2011.05.30 19:50:10 | 000,003,584 | ---- | C] () -- C:\Users\Rapho\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.05.10 19:15:34 | 002,681,344 | ---- | C] () -- C:\Windows\System32\dvmsg.dll

[2011.04.11 13:54:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2011.04.11 13:54:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2011.04.11 13:53:35 | 000,643,072 | ---- | C] () -- C:\Windows\System32\autochk.exe

[2011.04.11 12:04:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2011.04.10 01:06:41 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2011.04.10 01:06:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2011.04.10 01:06:41 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2011.04.10 01:06:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2011.04.09 18:46:52 | 000,001,356 | ---- | C] () -- C:\Users\Rapho\AppData\Local\d3d9caps.dat

[2011.04.09 15:39:25 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll

[2011.04.09 15:32:11 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2011.04.09 15:32:11 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2011.04.09 15:32:11 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll

[2011.04.09 15:30:05 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat

[2011.04.09 15:28:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2011.04.09 15:23:53 | 009,598,080 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2011.04.09 15:23:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2011.04.09 15:20:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2007.08.16 12:28:38 | 000,025,181 | ---- | C] () -- C:\Windows\System32\PROCDB.INI

[2007.08.16 12:28:27 | 000,000,380 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI

[2007.03.29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006.12.05 07:26:43 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:44:53 | 003,611,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

 
 ========== LOP Check ==========

 

[2011.07.26 18:57:45 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Acurpo

[2011.07.19 14:49:16 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Aguhi

[2011.06.11 13:49:10 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Downloaded Installations

[2011.04.24 22:17:51 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.07.21 13:22:41 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\FileZilla

[2011.07.31 13:43:41 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\ICQ

[2011.06.15 16:39:33 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Image-Line

[2011.04.09 18:48:32 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Lenovo

[2011.04.09 19:10:23 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\OpenOffice.org

[2011.07.19 14:30:56 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Ovvy

[2011.06.11 13:54:38 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\PCDr

[2011.07.18 18:51:12 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Simfy

[2011.06.17 15:59:03 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\SynthMaker

[2011.07.09 17:18:11 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Tobit

[2011.04.11 13:27:44 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\TuneUp Software

[2011.07.01 19:37:30 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Ucef

[2011.07.01 19:37:30 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Ugab

[2011.07.26 19:57:34 | 000,000,000 | ---D | M] -- C:\Users\Rapho\AppData\Roaming\Veavna

[2011.07.31 14:01:26 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

[/code]

Und zu 4:
Die Musik sagt mir was ,aber die AppDatas sagen mir nichts

Der Prüfung ergeben, dass das bösartige MBR-Rootkit hat sich im MBR festgesetzt...
Der Master Boot Record (MBR) der ersten Festplatte wird beim Start des Rechners geladen, noch vor dem Betriebssystem. Code, der Dort residiert, kann im Prinzip das Betriebssystem kontrollieren.

wenn Du statt Format C:\ für Systemreinigung entscheidest, dann so geht`s weiter:

TDSSKiller von Kaspersky

Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
deaktiviere vorübergehend dein AntiVirus-Programm
Starte die TDSSKiller.exe durch Doppelklick.
Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
Bestätige das ggfs. mit Y(es).
Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.

Hier findest Du eine ausführlichere Anleitung.

Code:

2011/07/31 18:55:48.0595 1952        TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11

2011/07/31 18:55:48.0655 1952        ================================================================================

2011/07/31 18:55:48.0655 1952        SystemInfo:

2011/07/31 18:55:48.0655 1952        

2011/07/31 18:55:48.0655 1952        OS Version: 6.0.6002 ServicePack: 2.0

2011/07/31 18:55:48.0655 1952        Product type: Workstation

2011/07/31 18:55:48.0656 1952        ComputerName: RAPHO-PC

2011/07/31 18:55:48.0656 1952        UserName: Rapho

2011/07/31 18:55:48.0656 1952        Windows directory: C:\Windows

2011/07/31 18:55:48.0656 1952        System windows directory: C:\Windows

2011/07/31 18:55:48.0656 1952        Processor architecture: Intel x86

2011/07/31 18:55:48.0656 1952        Number of processors: 2

2011/07/31 18:55:48.0656 1952        Page size: 0x1000

2011/07/31 18:55:48.0656 1952        Boot type: Normal boot

2011/07/31 18:55:48.0656 1952        ================================================================================

2011/07/31 18:55:49.0388 1952        Initialize success

2011/07/31 18:55:57.0098 5596        ================================================================================

2011/07/31 18:55:57.0098 5596        Scan started

2011/07/31 18:55:57.0098 5596        Mode: Manual; 

2011/07/31 18:55:57.0098 5596        ================================================================================

2011/07/31 18:55:59.0253 5596        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2011/07/31 18:55:59.0427 5596        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2011/07/31 18:55:59.0531 5596        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2011/07/31 18:55:59.0625 5596        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2011/07/31 18:55:59.0696 5596        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2011/07/31 18:55:59.0853 5596        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

2011/07/31 18:56:00.0021 5596        AgereSoftModem  (a19871ae65a769c65034b4dc44c29023) C:\Windows\system32\DRIVERS\AGRSM.sys

2011/07/31 18:56:00.0180 5596        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2011/07/31 18:56:00.0251 5596        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/07/31 18:56:00.0286 5596        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2011/07/31 18:56:00.0337 5596        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2011/07/31 18:56:00.0368 5596        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2011/07/31 18:56:00.0398 5596        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2011/07/31 18:56:00.0445 5596        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

2011/07/31 18:56:00.0536 5596        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2011/07/31 18:56:00.0575 5596        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2011/07/31 18:56:00.0630 5596        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/31 18:56:00.0687 5596        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2011/07/31 18:56:00.0768 5596        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/07/31 18:56:00.0811 5596        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

2011/07/31 18:56:00.0899 5596        b57nd60x        (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/07/31 18:56:00.0978 5596        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/07/31 18:56:01.0034 5596        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2011/07/31 18:56:01.0127 5596        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/31 18:56:01.0172 5596        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/07/31 18:56:01.0202 5596        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/07/31 18:56:01.0259 5596        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/07/31 18:56:01.0297 5596        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/07/31 18:56:01.0329 5596        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/07/31 18:56:01.0362 5596        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/07/31 18:56:01.0406 5596        BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/07/31 18:56:01.0434 5596        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/07/31 18:56:01.0506 5596        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

2011/07/31 18:56:01.0612 5596        BTHPORT         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys

2011/07/31 18:56:01.0689 5596        BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys

2011/07/31 18:56:01.0776 5596        btwaudio        (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys

2011/07/31 18:56:01.0848 5596        btwavdt         (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys

2011/07/31 18:56:01.0902 5596        btwrchid        (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys

2011/07/31 18:56:01.0963 5596        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/31 18:56:02.0040 5596        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/31 18:56:02.0119 5596        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

2011/07/31 18:56:02.0183 5596        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2011/07/31 18:56:02.0277 5596        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/31 18:56:02.0304 5596        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2011/07/31 18:56:02.0337 5596        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/31 18:56:02.0377 5596        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2011/07/31 18:56:02.0408 5596        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2011/07/31 18:56:02.0530 5596        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

2011/07/31 18:56:02.0643 5596        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2011/07/31 18:56:02.0770 5596        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/07/31 18:56:02.0845 5596        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/31 18:56:02.0933 5596        e1express       (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

2011/07/31 18:56:02.0983 5596        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/07/31 18:56:03.0073 5596        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2011/07/31 18:56:03.0162 5596        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2011/07/31 18:56:03.0215 5596        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

2011/07/31 18:56:03.0322 5596        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2011/07/31 18:56:03.0380 5596        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2011/07/31 18:56:03.0427 5596        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/31 18:56:03.0508 5596        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/07/31 18:56:03.0537 5596        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/07/31 18:56:03.0567 5596        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/31 18:56:03.0626 5596        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2011/07/31 18:56:03.0728 5596        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/31 18:56:03.0754 5596        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2011/07/31 18:56:03.0841 5596        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/07/31 18:56:03.0909 5596        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/07/31 18:56:03.0982 5596        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/07/31 18:56:04.0012 5596        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/07/31 18:56:04.0056 5596        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/07/31 18:56:04.0146 5596        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/31 18:56:04.0181 5596        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

2011/07/31 18:56:04.0248 5596        HTTP            (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys

2011/07/31 18:56:04.0305 5596        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2011/07/31 18:56:04.0352 5596        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/07/31 18:56:04.0429 5596        iaStor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys

2011/07/31 18:56:04.0471 5596        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2011/07/31 18:56:04.0637 5596        igfx            (a03b37dbc601c35de9591b6aa1a20c22) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/07/31 18:56:04.0741 5596        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/07/31 18:56:04.0883 5596        IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys

2011/07/31 18:56:05.0152 5596        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2011/07/31 18:56:05.0225 5596        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/31 18:56:05.0314 5596        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

2011/07/31 18:56:05.0353 5596        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/07/31 18:56:05.0411 5596        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/07/31 18:56:05.0441 5596        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2011/07/31 18:56:05.0503 5596        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/07/31 18:56:05.0526 5596        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/07/31 18:56:05.0590 5596        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/07/31 18:56:05.0621 5596        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/07/31 18:56:05.0673 5596        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/07/31 18:56:05.0740 5596        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/31 18:56:05.0867 5596        lenovo.smi      (63de2c8974f5d528fbc3d6978fd8ad6a) C:\Windows\system32\DRIVERS\smiif32.sys

2011/07/31 18:56:05.0912 5596        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/31 18:56:06.0008 5596        LPCFilter       (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys

2011/07/31 18:56:06.0058 5596        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2011/07/31 18:56:06.0091 5596        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2011/07/31 18:56:06.0136 5596        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2011/07/31 18:56:06.0185 5596        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/07/31 18:56:06.0258 5596        MADFUXPONENT    (697de5e62fb4672de48111d6997d6e09) C:\Windows\system32\DRIVERS\MAudioXponent_DFU.sys

2011/07/31 18:56:06.0344 5596        MAUSBXPONENT    (9629d9e6b66989742f705a849aa193cb) C:\Windows\system32\DRIVERS\MAudioXponent.sys

2011/07/31 18:56:06.0472 5596        MBAMSwissArmy   (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys

2011/07/31 18:56:06.0541 5596        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2011/07/31 18:56:06.0611 5596        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2011/07/31 18:56:06.0675 5596        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/07/31 18:56:06.0730 5596        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/31 18:56:06.0760 5596        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/31 18:56:06.0791 5596        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/31 18:56:06.0864 5596        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/07/31 18:56:06.0897 5596        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

2011/07/31 18:56:06.0959 5596        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/31 18:56:07.0030 5596        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/07/31 18:56:07.0087 5596        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2011/07/31 18:56:07.0150 5596        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/31 18:56:07.0216 5596        mrxsmb10        (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/31 18:56:07.0269 5596        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/31 18:56:07.0356 5596        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

2011/07/31 18:56:07.0394 5596        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

2011/07/31 18:56:07.0458 5596        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/07/31 18:56:07.0519 5596        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/07/31 18:56:07.0595 5596        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/31 18:56:07.0638 5596        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/31 18:56:07.0692 5596        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/07/31 18:56:07.0759 5596        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2011/07/31 18:56:07.0823 5596        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/07/31 18:56:07.0845 5596        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/07/31 18:56:07.0891 5596        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2011/07/31 18:56:07.0954 5596        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/31 18:56:08.0051 5596        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2011/07/31 18:56:08.0118 5596        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/31 18:56:08.0158 5596        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/31 18:56:08.0196 5596        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/31 18:56:08.0230 5596        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/07/31 18:56:08.0298 5596        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/31 18:56:08.0358 5596        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/31 18:56:08.0539 5596        NETw3v32        (ea30bd026a7d1b745a37516880c4ac1b) C:\Windows\system32\DRIVERS\NETw3v32.sys

2011/07/31 18:56:08.0635 5596        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/07/31 18:56:08.0719 5596        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2011/07/31 18:56:08.0755 5596        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/31 18:56:08.0847 5596        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2011/07/31 18:56:08.0926 5596        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/07/31 18:56:08.0963 5596        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/07/31 18:56:08.0993 5596        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2011/07/31 18:56:09.0026 5596        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2011/07/31 18:56:09.0065 5596        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2011/07/31 18:56:09.0196 5596        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/07/31 18:56:09.0244 5596        Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys

2011/07/31 18:56:09.0322 5596        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2011/07/31 18:56:09.0352 5596        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys

2011/07/31 18:56:09.0421 5596        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2011/07/31 18:56:09.0491 5596        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

2011/07/31 18:56:09.0523 5596        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/07/31 18:56:09.0634 5596        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/07/31 18:56:09.0820 5596        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/31 18:56:09.0878 5596        PROCDD          (c9ca089787aa4ca892f2173a8e15c1b0) C:\Windows\system32\DRIVERS\PROCDD.SYS

2011/07/31 18:56:09.0905 5596        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

2011/07/31 18:56:10.0010 5596        psadd           (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys

2011/07/31 18:56:10.0078 5596        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/31 18:56:10.0172 5596        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2011/07/31 18:56:10.0231 5596        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/07/31 18:56:10.0303 5596        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/31 18:56:10.0358 5596        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/31 18:56:10.0397 5596        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/31 18:56:10.0470 5596        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/31 18:56:10.0516 5596        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/31 18:56:10.0589 5596        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/31 18:56:10.0644 5596        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/31 18:56:10.0698 5596        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

2011/07/31 18:56:10.0741 5596        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/31 18:56:10.0809 5596        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2011/07/31 18:56:10.0882 5596        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/07/31 18:56:10.0993 5596        rimmptsk        (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys

2011/07/31 18:56:11.0041 5596        rimsptsk        (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys

2011/07/31 18:56:11.0082 5596        rismxdp         (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys

2011/07/31 18:56:11.0172 5596        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/31 18:56:11.0219 5596        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/07/31 18:56:11.0333 5596        sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

2011/07/31 18:56:11.0373 5596        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/07/31 18:56:11.0415 5596        Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/31 18:56:11.0457 5596        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

2011/07/31 18:56:11.0487 5596        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/07/31 18:56:11.0544 5596        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

2011/07/31 18:56:11.0575 5596        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/31 18:56:11.0605 5596        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/31 18:56:11.0634 5596        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/07/31 18:56:11.0679 5596        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2011/07/31 18:56:11.0734 5596        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2011/07/31 18:56:11.0762 5596        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2011/07/31 18:56:11.0840 5596        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2011/07/31 18:56:11.0916 5596        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/07/31 18:56:11.0982 5596        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

2011/07/31 18:56:12.0067 5596        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/31 18:56:12.0132 5596        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/31 18:56:12.0204 5596        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/07/31 18:56:12.0307 5596        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/07/31 18:56:12.0372 5596        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/07/31 18:56:12.0404 5596        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/07/31 18:56:12.0451 5596        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/07/31 18:56:12.0534 5596        SynTP           (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys

2011/07/31 18:56:12.0668 5596        Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2011/07/31 18:56:12.0759 5596        Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/31 18:56:12.0815 5596        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/31 18:56:12.0861 5596        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/07/31 18:56:12.0888 5596        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/07/31 18:56:12.0936 5596        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/31 18:56:12.0996 5596        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2011/07/31 18:56:13.0116 5596        TPM             (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys

2011/07/31 18:56:13.0194 5596        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/31 18:56:13.0221 5596        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/07/31 18:56:13.0251 5596        tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/31 18:56:13.0332 5596        TVTI2C          (8ab24d4b7da715c2c80455137910e792) C:\Windows\system32\DRIVERS\Tvti2c.sys

2011/07/31 18:56:13.0384 5596        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2011/07/31 18:56:13.0449 5596        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/31 18:56:13.0522 5596        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/31 18:56:13.0606 5596        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2011/07/31 18:56:13.0653 5596        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/07/31 18:56:13.0688 5596        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/07/31 18:56:13.0731 5596        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/31 18:56:13.0801 5596        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

2011/07/31 18:56:13.0882 5596        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

2011/07/31 18:56:13.0916 5596        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/31 18:56:13.0949 5596        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/07/31 18:56:14.0021 5596        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/31 18:56:14.0061 5596        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/31 18:56:14.0107 5596        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/07/31 18:56:14.0143 5596        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

2011/07/31 18:56:14.0180 5596        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/31 18:56:14.0210 5596        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/31 18:56:14.0288 5596        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/31 18:56:14.0331 5596        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/07/31 18:56:14.0377 5596        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2011/07/31 18:56:14.0409 5596        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2011/07/31 18:56:14.0443 5596        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2011/07/31 18:56:14.0479 5596        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/07/31 18:56:14.0546 5596        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2011/07/31 18:56:14.0643 5596        volsnap         (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys

2011/07/31 18:56:14.0678 5596        Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093

2011/07/31 18:56:14.0688 5596        volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)

2011/07/31 18:56:14.0745 5596        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2011/07/31 18:56:14.0802 5596        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/07/31 18:56:14.0848 5596        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/31 18:56:14.0872 5596        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/31 18:56:14.0914 5596        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2011/07/31 18:56:14.0974 5596        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/31 18:56:15.0211 5596        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/07/31 18:56:15.0289 5596        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/07/31 18:56:15.0352 5596        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/31 18:56:15.0457 5596        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/31 18:56:15.0569 5596        MBR (0x1B8)     (08acaa2c3cdddaca484b76c636b4edc2) \Device\Harddisk0\DR0

2011/07/31 18:56:15.0612 5596        Boot (0x1200)   (8f9861fbbd526a1b2db78b1a983f03b9) \Device\Harddisk0\DR0\Partition0

2011/07/31 18:56:15.0620 5596        ================================================================================

2011/07/31 18:56:15.0620 5596        Scan finished

2011/07/31 18:56:15.0620 5596        ================================================================================

2011/07/31 18:56:15.0638 4692        Detected object count: 1

2011/07/31 18:56:15.0638 4692        Actual detected object count: 1

2011/07/31 18:56:25.0019 4692        volsnap         (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys

2011/07/31 18:56:25.0022 4692        Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093

2011/07/31 18:56:28.0698 4692        Backup copy found, using it..

2011/07/31 18:56:28.0732 4692        C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot

2011/07/31 18:56:28.0732 4692        Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure 

2011/07/31 18:56:32.0940 4312        Deinitialize success