Trojaner-Board - keine Chance über Google (in IE oder Firefox) die Links zu öffnen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - keine Chance über Google (in IE oder Firefox) die Links zu öffnen (https://www.trojaner-board.de/121366-keine-chance-google-ie-firefox-links-oeffnen.html)

keine Chance über Google (in IE oder Firefox) die Links zu öffnen

Hallo bin neu hier und hab ein riesiges Problem. Seit Tagen komm ich über die Google-Suche nicht mehr auf die verlinkten Seiten. Ob im Internetexplorer oder Firefox, es gibt keine Chance. Ich werde sofort auf andere Seiten geleitet und kann dies nicht stoppen. Langsam aber sicher brennen mir die Sicherungen durch. Was hab ich mir auf meinem Notebook bloß eingefangen? :headbang:

System: Windows Vista Basic 32Bit
Notebook: HP 6735s AMD Sempron

Für Hilfe wäre ich sehr dankbar.

Grüße

Dirk

so hier mal die Logfiles:

Nr1.

info.txtRSIT Logfile:

Code:

logfile of random's system information tool 1.09 2012-08-06 12:05:39
 

======Uninstall list======
 

32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}

Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe -maintain plugin

Adobe Reader X (10.1.3) - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-AA1000000001}

Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

Agere Systems HDA Modem-->C:\Windows\agrsmdel

BitComet 1.29-->C:\Program Files\BitComet\uninst.exe

Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"

Broadcom Wireless Utility-->"C:\Program Files\Broadcom\Broadcom 802.11\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11_App\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11"

Catalyst Control Center - Branding-->MsiExec.exe /I{021125D3-76FE-41CF-9022-ADB770265331}

Catalyst Control Center - Branding-->MsiExec.exe /I{30BF4E6C-D866-46F7-A4F6-81A45E97706E}

Catalyst Control Center - Branding-->MsiExec.exe /I{37AF26EB-ACCD-4F9C-A13E-81483F932203}

Catalyst Control Center - Branding-->MsiExec.exe /I{6346E85F-1CA6-4AA9-9718-A3E8BFCB572A}

Catalyst Control Center - Branding-->MsiExec.exe /I{C349C10C-1474-4000-9073-9299856C8A70}

Catalyst Control Center - Branding-->MsiExec.exe /I{F2C19209-8474-4BCB-89EC-AA0150C2B036}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}

Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}

Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}

Convert Image To PDF-->"C:\Program Files\Softinterface, Inc\Convert Image To PDF\unins000.exe"

DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall

Free FLV Converter V 7.4.0-->"C:\Program Files\Free FLV Converter\unins000.exe"

Free Studio version 5.3.5-->C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe

Free Video to DVD Converter version 5.0.6.221-->C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe

Free YouTube Download version 3.1.27.508-->C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe

Freemake Video Converter Version 3.0.2-->"C:\Program Files\Freemake\Freemake Video Converter\Uninstall\unins000.exe"

Google Earth Plug-in-->MsiExec.exe /X{33286280-8617-11E1-8FF6-B8AC6F97B88E}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}

HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot

HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}

HP Quick Launch Buttons-->"C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -runfromtemp -l0x0407  -removeonly uninst

HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}

HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}

HPDiagnosticAlert-->MsiExec.exe /I{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}

HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}

Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020F0}

Java(TM) 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}

LG Internet Kit-->C:\Program Files\LG Electronics\LG Internet Kit\uninstall.exe

LG USB Modem Drivers-->MsiExec.exe /X{3E8DE1A6-B365-4FF6-B917-2892A34990E8}

Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe

Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP

Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Antimalware Service DE-DE Language Pack-->MsiExec.exe /X{1280E900-35DA-4E08-A700-B79A5B2B8532}

Microsoft Security Client DE-DE Language Pack-->MsiExec.exe /I{50779A29-834E-4E36-BBEB-B7CABC67A825}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

Mozilla Firefox 14.0.1 (x86 de)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

OpenOffice.org 3.2-->MsiExec.exe /I{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}

Paint.NET v3.5.10-->MsiExec.exe /X{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}

PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"

QLBCASL-->MsiExec.exe /I{F1D7AC58-554A-4A58-B784-B61558B1449A}

REALTEK 11n USB Wireless LAN Driver and Utility-->C:\Program Files\InstallShield Installation Information\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}\Install.exe -uninst -l0x7 

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

StreamTransport version: 1.0.2.2171-->"C:\Program Files\StreamTransport\unins000.exe"

SUPER © Version 2010.bld.42 (Nov 7, 2010)-->C:\PROGRA~2\ERIGHT~1\SUPER\Setup.exe /remove /q0

Sweet Home 3D version 3.3-->"C:\Program Files\Sweet Home 3D\unins000.exe"

Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Trojan Remover 6.8.4-->"C:\Program Files\Trojan Remover\unins000.exe"

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client

VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}

Visual C++ 9.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{0138F525-6C8A-333F-A105-14AE030B9A54}

VLC media player 2.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Windows Mobile-Gerätecenter: Treiberupdate-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}

Windows Mobile-Gerätecenter-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}

WinRAR 4.00 beta 3 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
 

======Hosts File======
 

::1            localhost
 

======Security center information======
 

AS: Spybot - Search and Destroy (disabled) (outdated)

AS: Windows Defender
 

======System event log======
 

Computer Name: Anne-PC

Event Code: 4374

Message: Windows-Wartung hat erkannt, dass das Paket KB2641653(Security Update) nicht für dieses System geeignet ist.

Record Number: 206056

Source Name: Microsoft-Windows-Servicing

Time Written: 20120314132402.000000-000

Event Type: Warnung

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: Anne-PC

Event Code: 4374

Message: Windows-Wartung hat erkannt, dass das Paket KB2641653(Security Update) nicht für dieses System geeignet ist.

Record Number: 206055

Source Name: Microsoft-Windows-Servicing

Time Written: 20120314132402.000000-000

Event Type: Warnung

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: Anne-PC

Event Code: 4371

Message: Windows-Wartung hat begonnen, den Status des Pakets KB2641653(Security Update) von Nicht vorhanden(Absent) in Bereitgestellt(Staged) zu ändern.

Record Number: 206054

Source Name: Microsoft-Windows-Servicing

Time Written: 20120314132402.000000-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: Anne-PC

Event Code: 4371

Message: Windows-Wartung hat begonnen, den Status des Pakets KB2641653(Security Update) von Nicht vorhanden(Absent) in Bereitgestellt(Staged) zu ändern.

Record Number: 206053

Source Name: Microsoft-Windows-Servicing

Time Written: 20120314132402.000000-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: Anne-PC

Event Code: 4371

Message: Windows-Wartung hat begonnen, den Status des Pakets KB2641653(Security Update) von Nicht vorhanden(Absent) in Bereitgestellt(Staged) zu ändern.

Record Number: 206052

Source Name: Microsoft-Windows-Servicing

Time Written: 20120314132401.000000-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

=====Application event log=====
 

Computer Name: Anne-PC

Event Code: 10

Message: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Record Number: 5762

Source Name: Microsoft-Windows-WMI

Time Written: 20110119192836.000000-000

Event Type: Fehler

User: 
 

Computer Name: Anne-PC

Event Code: 1

Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 5761

Source Name: SecurityCenter

Time Written: 20110119192836.000000-000

Event Type: Informationen

User: 
 

Computer Name: Anne-PC

Event Code: 102

Message: Windows (2472) Windows: Das Datenbankmodul (6.00.6002.0000) hat eine neue Instanz gestartet (0).

Record Number: 5760

Source Name: ESENT

Time Written: 20110119192836.000000-000

Event Type: Informationen

User: 
 

Computer Name: Anne-PC

Event Code: 5617

Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.

Record Number: 5759

Source Name: Microsoft-Windows-WMI

Time Written: 20110119192835.000000-000

Event Type: Informationen

User: 
 

Computer Name: Anne-PC

Event Code: 0

Message: 

Record Number: 5758

Source Name: hpqddsvc

Time Written: 20110119192834.000000-000

Event Type: Informationen

User: 
 

=====Security event log=====
 

Computer Name: Anne-PC

Event Code: 4672

Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e7
 

Berechtigungen:                SeAssignPrimaryTokenPrivilege

                        SeTcbPrivilege

                        SeSecurityPrivilege

                        SeTakeOwnershipPrivilege

                        SeLoadDriverPrivilege

                        SeBackupPrivilege

                        SeRestorePrivilege

                        SeDebugPrivilege

                        SeAuditPrivilege

                        SeSystemEnvironmentPrivilege

                        SeImpersonatePrivilege

Record Number: 43808

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111121031337.698942-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Anne-PC

Event Code: 4624

Message: Ein Konto wurde erfolgreich angemeldet.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                ANNE-PC$

        Kontodomäne:                WORKGROUP

        Anmelde-ID:                0x3e7
 

Anmeldetyp:                        5
 

Neue Anmeldung:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Prozessinformationen:

        Prozess-ID:                0x260

        Prozessname:                C:\Windows\System32\services.exe
 

Netzwerkinformationen:

        Arbeitsstationsname:        

        Quellnetzwerkadresse:        -

        Quellport:                -
 

Detaillierte Authentifizierungsinformationen:

        Anmeldeprozess:                Advapi  

        Authentifizierungspaket:        Negotiate

        Übertragene Dienste:        -

        Paketname (nur NTLM):        -

        Schlüssellänge:                0
 

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
 

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
 

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
 

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
 

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
 

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.

         - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.

        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.

        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.

        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.

Record Number: 43807

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111121031337.698942-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Anne-PC

Event Code: 4648

Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                ANNE-PC$

        Kontodomäne:                WORKGROUP

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Konto, dessen Anmeldeinformationen verwendet wurden:

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Zielserver:

        Zielservername:        localhost

        Weitere Informationen:        localhost
 

Prozessinformationen:

        Prozess-ID:                0x260

        Prozessname:                C:\Windows\System32\services.exe
 

Netzwerkinformationen:

        Netzwerkadresse:        -

        Port:                        -
 

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.

Record Number: 43806

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111121031337.698942-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Anne-PC

Event Code: 4902

Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.
 

        Anzahl von Elementen:        0

        Richtlinienkennung:        0x18064

Record Number: 43805

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111121031337.090538-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Anne-PC

Event Code: 4624

Message: Ein Konto wurde erfolgreich angemeldet.
 

Antragsteller:

        Sicherheits-ID:                S-1-0-0

        Kontoname:                -

        Kontodomäne:                -

        Anmelde-ID:                0x0
 

Anmeldetyp:                        0
 

Neue Anmeldung:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Prozessinformationen:

        Prozess-ID:                0x4

        Prozessname:                
 

Netzwerkinformationen:

        Arbeitsstationsname:        -

        Quellnetzwerkadresse:        -

        Quellport:                -
 

Detaillierte Authentifizierungsinformationen:

        Anmeldeprozess:                -

        Authentifizierungspaket:        -

        Übertragene Dienste:        -

        Paketname (nur NTLM):        -

        Schlüssellänge:                0
 

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
 

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
 

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
 

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
 

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
 

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.

         - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.

        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.

        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.

        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.

Record Number: 43804

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111121031336.950137-000

Event Type: Überwachung erfolgreich

User: 
 

======Environment variables======
 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Broadcom\Broadcom 802.11\Driver;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Windows\system32\gs\gs7.05\bin

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=17

"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=0301

"NUMBER_OF_PROCESSORS"=1

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"DFSTRACINGON"=FALSE

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
 

-----------------EOF-----------------

--- --- ---

Zitat:

Zitat von b.toelpel (Beitrag 884850)

Code:

logfile of random's system information tool 1.09 2012-08-06 12:05:39
 

======Uninstall list======
 

32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}

Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe -maintain plugin

Adobe Reader X (10.1.3) - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-AA1000000001}

Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

Agere Systems HDA Modem-->C:\Windows\agrsmdel

BitComet 1.29-->C:\Program Files\BitComet\uninst.exe

Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"

Broadcom Wireless Utility-->"C:\Program Files\Broadcom\Broadcom 802.11\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11_App\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11"

Catalyst Control Center - Branding-->MsiExec.exe /I{021125D3-76FE-41CF-9022-ADB770265331}

Catalyst Control Center - Branding-->MsiExec.exe /I{30BF4E6C-D866-46F7-A4F6-81A45E97706E}

Catalyst Control Center - Branding-->MsiExec.exe /I{37AF26EB-ACCD-4F9C-A13E-81483F932203}

Catalyst Control Center - Branding-->MsiExec.exe /I{6346E85F-1CA6-4AA9-9718-A3E8BFCB572A}

Catalyst Control Center - Branding-->MsiExec.exe /I{C349C10C-1474-4000-9073-9299856C8A70}

Catalyst Control Center - Branding-->MsiExec.exe /I{F2C19209-8474-4BCB-89EC-AA0150C2B036}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}

Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}

Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}

Convert Image To PDF-->"C:\Program Files\Softinterface, Inc\Convert Image To PDF\unins000.exe"

DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall

Free FLV Converter V 7.4.0-->"C:\Program Files\Free FLV Converter\unins000.exe"

Free Studio version 5.3.5-->C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe

Free Video to DVD Converter version 5.0.6.221-->C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe

Free YouTube Download version 3.1.27.508-->C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe

Freemake Video Converter Version 3.0.2-->"C:\Program Files\Freemake\Freemake Video Converter\Uninstall\unins000.exe"

Google Earth Plug-in-->MsiExec.exe /X{33286280-8617-11E1-8FF6-B8AC6F97B88E}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}

HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot

HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}

HP Quick Launch Buttons-->"C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -runfromtemp -l0x0407  -removeonly uninst

HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}

HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}

HPDiagnosticAlert-->MsiExec.exe /I{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}

HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}

Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020F0}

Java(TM) 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}

LG Internet Kit-->C:\Program Files\LG Electronics\LG Internet Kit\uninstall.exe

LG USB Modem Drivers-->MsiExec.exe /X{3E8DE1A6-B365-4FF6-B917-2892A34990E8}

Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe

Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP

Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Antimalware Service DE-DE Language Pack-->MsiExec.exe /X{1280E900-35DA-4E08-A700-B79A5B2B8532}

Microsoft Security Client DE-DE Language Pack-->MsiExec.exe /I{50779A29-834E-4E36-BBEB-B7CABC67A825}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

Mozilla Firefox 14.0.1 (x86 de)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

OpenOffice.org 3.2-->MsiExec.exe /I{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}

Paint.NET v3.5.10-->MsiExec.exe /X{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}

PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"

QLBCASL-->MsiExec.exe /I{F1D7AC58-554A-4A58-B784-B61558B1449A}

REALTEK 11n USB Wireless LAN Driver and Utility-->C:\Program Files\InstallShield Installation Information\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}\Install.exe -uninst -l0x7 

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

StreamTransport version: 1.0.2.2171-->"C:\Program Files\StreamTransport\unins000.exe"

SUPER © Version 2010.bld.42 (Nov 7, 2010)-->C:\PROGRA~2\ERIGHT~1\SUPER\Setup.exe /remove /q0

Sweet Home 3D version 3.3-->"C:\Program Files\Sweet Home 3D\unins000.exe"

Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Trojan Remover 6.8.4-->"C:\Program Files\Trojan Remover\unins000.exe"

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client

VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}

Visual C++ 9.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{0138F525-6C8A-333F-A105-14AE030B9A54}

VLC media player 2.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Windows Mobile-Gerätecenter: Treiberupdate-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}

Windows Mobile-Gerätecenter-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}

WinRAR 4.00 beta 3 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
 

======Hosts File======
 

::1            localhost
 

======Security center information======
 

AS: Spybot - Search and Destroy (disabled) (outdated)

AS: Windows Defender
 

======System event log======
 

Computer Name: Anne-PC

Event Code: 4374

Message: Windows-Wartung hat erkannt, dass das Paket KB2641653(Security Update) nicht für dieses System geeignet ist.

Record Number: 206056

Source Name: Microsoft-Windows-Servicing

Time Written: 20120314132402.000000-000

Event Type: Warnung

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: Anne-PC

Event Code: 4374

Message: Windows-Wartung hat erkannt, dass das Paket KB2641653(Security Update) nicht für dieses System geeignet ist.

Record Number: 206055

Source Name: Microsoft-Windows-Servicing

Time Written: 20120314132402.000000-000

Event Type: Warnung

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: Anne-PC

Event Code: 4371

Message: Windows-Wartung hat begonnen, den Status des Pakets KB2641653(Security Update) von Nicht vorhanden(Absent) in Bereitgestellt(Staged) zu ändern.

Record Number: 206054

Source Name: Microsoft-Windows-Servicing

Time Written: 20120314132402.000000-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: Anne-PC

Event Code: 4371

Message: Windows-Wartung hat begonnen, den Status des Pakets KB2641653(Security Update) von Nicht vorhanden(Absent) in Bereitgestellt(Staged) zu ändern.

Record Number: 206053

Source Name: Microsoft-Windows-Servicing

Time Written: 20120314132402.000000-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: Anne-PC

Event Code: 4371

Message: Windows-Wartung hat begonnen, den Status des Pakets KB2641653(Security Update) von Nicht vorhanden(Absent) in Bereitgestellt(Staged) zu ändern.

Record Number: 206052

Source Name: Microsoft-Windows-Servicing

Time Written: 20120314132401.000000-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

=====Application event log=====
 

Computer Name: Anne-PC

Event Code: 10

Message: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Record Number: 5762

Source Name: Microsoft-Windows-WMI

Time Written: 20110119192836.000000-000

Event Type: Fehler

User: 
 

Computer Name: Anne-PC

Event Code: 1

Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 5761

Source Name: SecurityCenter

Time Written: 20110119192836.000000-000

Event Type: Informationen

User: 
 

Computer Name: Anne-PC

Event Code: 102

Message: Windows (2472) Windows: Das Datenbankmodul (6.00.6002.0000) hat eine neue Instanz gestartet (0).

Record Number: 5760

Source Name: ESENT

Time Written: 20110119192836.000000-000

Event Type: Informationen

User: 
 

Computer Name: Anne-PC

Event Code: 5617

Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.

Record Number: 5759

Source Name: Microsoft-Windows-WMI

Time Written: 20110119192835.000000-000

Event Type: Informationen

User: 
 

Computer Name: Anne-PC

Event Code: 0

Message: 

Record Number: 5758

Source Name: hpqddsvc

Time Written: 20110119192834.000000-000

Event Type: Informationen

User: 
 

=====Security event log=====
 

Computer Name: Anne-PC

Event Code: 4672

Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e7
 

Berechtigungen:                SeAssignPrimaryTokenPrivilege

                        SeTcbPrivilege

                        SeSecurityPrivilege

                        SeTakeOwnershipPrivilege

                        SeLoadDriverPrivilege

                        SeBackupPrivilege

                        SeRestorePrivilege

                        SeDebugPrivilege

                        SeAuditPrivilege

                        SeSystemEnvironmentPrivilege

                        SeImpersonatePrivilege

Record Number: 43808

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111121031337.698942-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Anne-PC

Event Code: 4624

Message: Ein Konto wurde erfolgreich angemeldet.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                ANNE-PC$

        Kontodomäne:                WORKGROUP

        Anmelde-ID:                0x3e7
 

Anmeldetyp:                        5
 

Neue Anmeldung:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Prozessinformationen:

        Prozess-ID:                0x260

        Prozessname:                C:\Windows\System32\services.exe
 

Netzwerkinformationen:

        Arbeitsstationsname:        

        Quellnetzwerkadresse:        -

        Quellport:                -
 

Detaillierte Authentifizierungsinformationen:

        Anmeldeprozess:                Advapi  

        Authentifizierungspaket:        Negotiate

        Übertragene Dienste:        -

        Paketname (nur NTLM):        -

        Schlüssellänge:                0
 

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
 

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
 

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
 

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
 

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
 

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.

         - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.

        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.

        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.

        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.

Record Number: 43807

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111121031337.698942-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Anne-PC

Event Code: 4648

Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                ANNE-PC$

        Kontodomäne:                WORKGROUP

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Konto, dessen Anmeldeinformationen verwendet wurden:

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Zielserver:

        Zielservername:        localhost

        Weitere Informationen:        localhost
 

Prozessinformationen:

        Prozess-ID:                0x260

        Prozessname:                C:\Windows\System32\services.exe
 

Netzwerkinformationen:

        Netzwerkadresse:        -

        Port:                        -
 

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.

Record Number: 43806

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111121031337.698942-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Anne-PC

Event Code: 4902

Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.
 

        Anzahl von Elementen:        0

        Richtlinienkennung:        0x18064

Record Number: 43805

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111121031337.090538-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Anne-PC

Event Code: 4624

Message: Ein Konto wurde erfolgreich angemeldet.
 

Antragsteller:

        Sicherheits-ID:                S-1-0-0

        Kontoname:                -

        Kontodomäne:                -

        Anmelde-ID:                0x0
 

Anmeldetyp:                        0
 

Neue Anmeldung:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Prozessinformationen:

        Prozess-ID:                0x4

        Prozessname:                
 

Netzwerkinformationen:

        Arbeitsstationsname:        -

        Quellnetzwerkadresse:        -

        Quellport:                -
 

Detaillierte Authentifizierungsinformationen:

        Anmeldeprozess:                -

        Authentifizierungspaket:        -

        Übertragene Dienste:        -

        Paketname (nur NTLM):        -

        Schlüssellänge:                0
 

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
 

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
 

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
 

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
 

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
 

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.

         - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.

        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.

        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.

        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.

Record Number: 43804

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111121031336.950137-000

Event Type: Überwachung erfolgreich

User: 
 

======Environment variables======
 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Broadcom\Broadcom 802.11\Driver;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Windows\system32\gs\gs7.05\bin

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=17

"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=0301

"NUMBER_OF_PROCESSORS"=1

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"DFSTRACINGON"=FALSE

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
 

-----------------EOF-----------------

--- --- ---

--- --- ---

Nr2.

RSIT Logfile:

Code:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Anne at 2012-08-06 12:05:25

Microsoft® Windows Vista™ Home Basic  Service Pack 2

System drive C: has 48 GB (32%) free of 153 GB

Total RAM: 2812 MB (52% free)
 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:05:37, on 06.08.2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

C:\Windows\System32\mobsync.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\system32\SearchFilterHost.exe

E:\RSIT.exe

C:\Program Files\trend micro\Anne.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe

O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Free YouTube Download - C:\Users\Anne\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe

O23 - Service: Realtek11nSU - Realtek - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
 

--

End of file - 8204 bytes
 

======Scheduled tasks folder======
 

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
 

=========Mozilla firefox=========
 

ProfilePath - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\q05e5wce.default
 

prefs.js - "browser.startup.homepage" -  "hxxp://www.google.de/"
 

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"fmconverter@gmail.com"=C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
 
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.3.300.270 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]

"Description"=DivX Plus Web Player

"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]

"Description"=DivX VOD Helper Plug-in

"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.3]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
 

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}
 

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll
 

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom-de.xml

bing.xml

eBay-de.xml

google.xml

leo_ende_de.xml

wikipedia-de.xml

yahoo-de.xml
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]

DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-03-12 325408]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-12 42272]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{99079a25-328f-4bd4-be04-00955acaa0a7}
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"=C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [2010-12-10 4367360]

"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]

"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-11 287800]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe  /MINIMIZED []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]

C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe start []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe -atboottime []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]

oobefldr.dll,ShowWelcomeCenter []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [2008-03-25 214360]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Anne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-05-20 1195008]
 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoToolbarCustomize"=0

"NoBandCustomize"=0
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=i420vfw.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"vidc.yv12"=DivX.dll

"vidc.DIVX"=DivX.dll
 

======File associations======
 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*
 

======List of files/folders created in the last 3 months======
 

2012-08-06 12:05:26 ----D---- C:\Program Files\trend micro

2012-08-06 12:05:25 ----D---- C:\rsit

2012-08-04 11:10:43 ----AD---- C:\ProgramData\TEMP

2012-08-04 11:08:33 ----A---- C:\Windows\system32\ztvunrar39.dll

2012-08-04 11:08:33 ----A---- C:\Windows\system32\ztvunrar36.dll

2012-08-04 11:08:33 ----A---- C:\Windows\system32\ztvunace26.dll

2012-08-04 11:08:33 ----A---- C:\Windows\system32\ztvcabinet.dll

2012-08-04 11:08:33 ----A---- C:\Windows\system32\ztv7z.dll

2012-08-04 11:08:33 ----A---- C:\Windows\system32\UNRAR3.dll

2012-08-04 11:08:33 ----A---- C:\Windows\system32\unacev2.dll

2012-08-04 11:08:32 ----D---- C:\Users\Anne\AppData\Roaming\Simply Super Software

2012-08-04 11:08:32 ----D---- C:\ProgramData\Simply Super Software

2012-08-04 11:08:32 ----D---- C:\Program Files\Trojan Remover

2012-08-04 09:16:06 ----D---- C:\Users\Anne\AppData\Roaming\Malwarebytes

2012-08-04 09:15:55 ----D---- C:\ProgramData\Malwarebytes

2012-08-04 09:00:25 ----D---- C:\ProgramData\Mozilla

2012-08-04 09:00:25 ----D---- C:\Program Files\Mozilla Maintenance Service

2012-08-04 09:00:23 ----D---- C:\Program Files\Mozilla Firefox

2012-08-03 13:25:10 ----SHD---- C:\Windows\system32\%APPDATA%

2012-07-23 18:32:07 ----D---- C:\Users\Anne\AppData\Roaming\vlc

2012-07-23 18:31:16 ----D---- C:\Program Files\VideoLAN

2012-07-16 20:16:40 ----A---- C:\Windows\system32\FlashPlayerApp.exe

2012-07-16 12:14:11 ----D---- C:\ProgramData\IBUpdaterService

2012-07-15 08:15:06 ----D---- C:\ProgramData\boost_interprocess

2012-07-14 19:02:27 ----D---- C:\Users\Anne\AppData\Roaming\Ashampoo

2012-07-14 19:02:10 ----D---- C:\ProgramData\ashampoo

2012-07-14 19:02:04 ----D---- C:\Program Files\Ashampoo

2012-07-14 18:47:17 ----D---- C:\Users\Anne\AppData\Roaming\Nero

2012-07-14 18:40:01 ----D---- C:\ProgramData\Nero

2012-07-14 18:38:38 ----A---- C:\Windows\system32\d3dx11_43.dll

2012-07-14 18:37:53 ----A---- C:\Windows\system32\D3DCompiler_42.dll

2012-07-14 18:37:11 ----A---- C:\Windows\system32\d3dx10_43.dll

2012-07-14 18:36:31 ----A---- C:\Windows\system32\D3DX9_42.dll

2012-07-14 18:36:03 ----A---- C:\Windows\system32\D3DX9_43.dll

2012-07-14 18:35:32 ----A---- C:\Windows\system32\D3DX9_40.dll

2012-07-14 18:35:04 ----A---- C:\Windows\system32\d3dcsx_43.dll

2012-07-14 18:34:34 ----A---- C:\Windows\system32\d3dx9_35.dll

2012-07-14 18:34:06 ----A---- C:\Windows\system32\D3DCompiler_43.dll

2012-07-14 18:33:35 ----A---- C:\Windows\system32\d3dx9_34.dll

2012-07-14 18:32:59 ----A---- C:\Windows\system32\d3dx9_30.dll

2012-07-14 17:43:01 ----D---- C:\ProgramData\Freemake

2012-07-14 17:42:45 ----D---- C:\Program Files\Freemake

2012-07-14 13:01:02 ----A---- C:\Windows\system32\TubeFinder.exe

2012-07-14 13:01:00 ----A---- C:\Windows\system32\VB6STKIT.DLL

2012-07-14 13:01:00 ----A---- C:\Windows\system32\VB6FR.DLL

2012-07-14 13:00:59 ----D---- C:\Users\Anne\AppData\Roaming\FreeFLVConverter

2012-07-14 13:00:59 ----D---- C:\Program Files\Free FLV Converter

2012-07-14 13:00:59 ----A---- C:\Windows\system32\PCCLPFR.DLL

2012-07-14 13:00:59 ----A---- C:\Windows\system32\MSCMCFR.DLL

2012-07-14 13:00:59 ----A---- C:\Windows\system32\CMDLGFR.DLL

2012-07-13 06:59:29 ----D---- C:\Program Files\StreamTransport

2012-07-11 22:26:41 ----A---- C:\Windows\system32\win32k.sys

2012-07-11 22:24:34 ----A---- C:\Windows\system32\mshtmled.dll

2012-07-11 22:24:33 ----A---- C:\Windows\system32\ieui.dll

2012-07-11 22:24:33 ----A---- C:\Windows\system32\iertutil.dll

2012-07-11 22:24:32 ----A---- C:\Windows\system32\wininet.dll

2012-07-11 22:24:32 ----A---- C:\Windows\system32\ieUnatt.exe

2012-07-11 22:24:31 ----A---- C:\Windows\system32\url.dll

2012-07-11 22:24:31 ----A---- C:\Windows\system32\jsproxy.dll

2012-07-11 22:24:31 ----A---- C:\Windows\system32\jscript9.dll

2012-07-11 22:24:31 ----A---- C:\Windows\system32\jscript.dll

2012-07-11 22:24:30 ----A---- C:\Windows\system32\urlmon.dll

2012-07-11 22:24:29 ----A---- C:\Windows\system32\mshtml.dll

2012-07-11 22:24:28 ----A---- C:\Windows\system32\ieframe.dll

2012-07-11 13:49:15 ----A---- C:\Windows\system32\shell32.dll

2012-07-11 13:49:10 ----A---- C:\Windows\system32\msxml6.dll

2012-07-11 13:49:10 ----A---- C:\Windows\system32\msxml3.dll

2012-07-11 13:49:08 ----A---- C:\Windows\system32\schannel.dll

2012-07-11 13:49:08 ----A---- C:\Windows\system32\ncrypt.dll

2012-07-11 13:49:08 ----A---- C:\Windows\system32\drivers\ksecdd.sys

2012-06-24 07:55:56 ----D---- C:\Program Files\Google

2012-06-22 09:20:48 ----A---- C:\Windows\system32\wups2.dll

2012-06-22 09:20:48 ----A---- C:\Windows\system32\wuauclt.exe

2012-06-22 09:20:47 ----A---- C:\Windows\system32\wucltux.dll

2012-06-22 09:20:47 ----A---- C:\Windows\system32\wuaueng.dll

2012-06-22 09:20:18 ----A---- C:\Windows\system32\wups.dll

2012-06-22 09:20:18 ----A---- C:\Windows\system32\wudriver.dll

2012-06-22 09:20:18 ----A---- C:\Windows\system32\wuapi.dll

2012-06-22 09:20:08 ----A---- C:\Windows\system32\wuwebv.dll

2012-06-22 09:20:08 ----A---- C:\Windows\system32\wuapp.exe

2012-06-13 08:13:09 ----A---- C:\Windows\system32\cryptsvc.dll

2012-06-13 08:13:09 ----A---- C:\Windows\system32\cryptnet.dll

2012-06-13 08:13:09 ----A---- C:\Windows\system32\crypt32.dll

2012-06-13 08:13:06 ----A---- C:\Windows\system32\drivers\rdpwd.sys

2012-05-27 18:50:00 ----D---- C:\Users\Anne\AppData\Roaming\OpenCandy

2012-05-27 18:49:09 ----A---- C:\Windows\system32\QtCore4.dll

2012-05-27 18:49:05 ----A---- C:\Windows\system32\Newtonsoft.Json.Net20.dll

2012-05-09 17:12:40 ----A---- C:\Windows\system32\drivers\tcpipreg.sys

2012-05-09 17:12:40 ----A---- C:\Windows\system32\drivers\tcpip.sys

2012-05-09 17:12:39 ----A---- C:\Windows\system32\drivers\partmgr.sys

2012-05-09 17:12:35 ----A---- C:\Windows\system32\DWrite.dll

2012-05-09 17:12:35 ----A---- C:\Windows\system32\d3d10warp.dll

2012-05-09 17:12:35 ----A---- C:\Windows\system32\d3d10_1core.dll

2012-05-09 17:12:35 ----A---- C:\Windows\system32\d3d10_1.dll

2012-05-09 17:12:35 ----A---- C:\Windows\system32\d2d1.dll

2012-05-09 17:12:32 ----A---- C:\Windows\system32\ntoskrnl.exe

2012-05-09 17:12:32 ----A---- C:\Windows\system32\ntkrnlpa.exe
 

======List of files/folders modified in the last 3 months======
 

2012-08-06 12:05:37 ----D---- C:\Windows\Prefetch

2012-08-06 12:05:26 ----D---- C:\Program Files

2012-08-06 12:05:12 ----D---- C:\Windows\Temp

2012-08-06 11:27:21 ----D---- C:\Windows\System32

2012-08-06 11:27:21 ----D---- C:\Windows\inf

2012-08-06 11:27:21 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-08-06 11:23:31 ----SHD---- C:\System Volume Information

2012-08-06 09:52:57 ----D---- C:\Users\Anne\AppData\Roaming\Mozilla

2012-08-05 12:13:59 ----D---- C:\Windows\system32\Tasks

2012-08-05 12:13:34 ----D---- C:\SWSetup

2012-08-05 12:11:26 ----D---- C:\Windows

2012-08-05 12:08:58 ----D---- C:\Windows\system32\catroot

2012-08-05 09:02:04 ----D---- C:\Windows\system32\drivers

2012-08-04 17:58:40 ----D---- C:\ProgramData\DivX

2012-08-04 17:58:36 ----D---- C:\Program Files\DivX

2012-08-04 17:51:33 ----D---- C:\Program Files\Common Files\DivX Shared

2012-08-04 17:42:03 ----SHD---- C:\Windows\Installer

2012-08-04 17:42:03 ----HD---- C:\Config.Msi

2012-08-04 11:18:44 ----D---- C:\Windows\system32\drivers\etc

2012-08-04 11:12:24 ----D---- C:\Windows\WindowsMobile

2012-08-04 11:10:43 ----HD---- C:\ProgramData

2012-08-04 10:42:10 ----D---- C:\Windows\Registration

2012-08-04 08:49:50 ----D---- C:\ProgramData\Spybot - Search & Destroy

2012-08-04 08:49:45 ----D---- C:\Windows\SoftwareDistribution

2012-08-04 08:49:45 ----D---- C:\Windows\Logs

2012-08-04 08:49:45 ----D---- C:\Windows\Debug

2012-08-02 20:39:09 ----D---- C:\Windows\system32\catroot2

2012-08-02 20:38:53 ----D---- C:\Users\Anne\AppData\Roaming\HpUpdate

2012-07-31 14:34:48 ----D---- C:\Users\Anne\AppData\Roaming\BitComet

2012-07-31 14:34:42 ----D---- C:\Downloads

2012-07-16 20:16:43 ----D---- C:\Windows\Tasks

2012-07-16 12:14:05 ----HD---- C:\Program Files\Uninstall Information

2012-07-15 12:14:14 ----D---- C:\Program Files\Common Files

2012-07-14 18:43:43 ----D---- C:\Windows\Cursors

2012-07-14 18:32:05 ----D---- C:\Windows\winsxs

2012-07-14 13:01:03 ----SD---- C:\ProgramData\Microsoft

2012-07-12 07:05:48 ----D---- C:\Windows\system32\migration

2012-07-12 07:05:47 ----D---- C:\Program Files\Internet Explorer

2012-07-11 22:25:10 ----A---- C:\Windows\system32\mrt.exe

2012-06-22 12:40:19 ----D---- C:\Windows\rescache

2012-06-22 12:23:44 ----D---- C:\Windows\system32\de-DE

2012-06-14 15:15:10 ----RSD---- C:\Windows\assembly

2012-06-14 15:15:10 ----D---- C:\Windows\Microsoft.NET

2012-05-31 12:25:14 ----N---- C:\Windows\system32\MpSigStub.exe

2012-05-27 18:50:02 ----D---- C:\Users\Anne\AppData\Roaming\DVDVideoSoft

2012-05-27 18:49:15 ----D---- C:\Users\Anne\AppData\Roaming\DVDVideoSoftIEHelpers

2012-05-27 18:49:09 ----D---- C:\Program Files\Common Files\DVDVideoSoft

2012-05-10 10:31:39 ----D---- C:\Program Files\Microsoft Silverlight

2012-05-10 08:44:27 ----D---- C:\Windows\system32\XPSViewer
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-28 14352]

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]

R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-09-11 3847680]

R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2010-12-10 18424]

R3 HBtnKey;HP Hotkey Device; C:\Windows\system32\DRIVERS\cpqbttn.sys [2011-07-26 15544]

R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]

R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]

R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]

R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2009-07-17 312832]

S3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]

S3 BCM43XX;Treiber für Broadcom 802.11-Netzwerkadapter; C:\Windows\system32\DRIVERS\bcmwl6.sys [2010-12-10 2661368]

S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]

S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]

S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]

S3 BTHUSB;USB-Treiber für Bluetooth-Sender; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]

S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]

S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]

S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-12-10 515584]

S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-03-27 1810992]

S3 Tq_91Assistant;Tq_91Assistant; \??\C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys []

S3 usb_rndisx;USB-RNDIS-Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys []

S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056]

S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864]

S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960]

S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]

S3 winusb;WinUsb-Treiber; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-09-11 692224]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 Freemake Improver;Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-06-27 96768]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 26168]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 Realtek11nSU;Realtek11nSU; C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2009-04-24 36864]

R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE [2010-12-10 26112]

R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Update-Dienst (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-24 116648]

S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]

S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]

S3 gupdatem;Google Update-Dienst (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-24 116648]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe [2012-07-14 113120]

S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
 

-----------------EOF-----------------

--- --- ---

hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.

Code:

activex

netsvcs

msconfig

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

/md5start

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

explorer.exe

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\*.dll /lockedfiles

%USERPROFILE%\*.*

%USERPROFILE%\Local Settings\Temp\*.exe

%USERPROFILE%\Local Settings\Temp\*.dll

%USERPROFILE%\Application Data\*.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Zitat:

Zitat von b.toelpel (Beitrag 884850)

Code:

logfile of random's system information tool 1.09 2012-08-06 12:05:39
 

======Uninstall list======
 

32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}

Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe -maintain plugin

Adobe Reader X (10.1.3) - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-AA1000000001}

Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

Agere Systems HDA Modem-->C:\Windows\agrsmdel

BitComet 1.29-->C:\Program Files\BitComet\uninst.exe

Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"

Broadcom Wireless Utility-->"C:\Program Files\Broadcom\Broadcom 802.11\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11_App\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11"

Catalyst Control Center - Branding-->MsiExec.exe /I{021125D3-76FE-41CF-9022-ADB770265331}

Catalyst Control Center - Branding-->MsiExec.exe /I{30BF4E6C-D866-46F7-A4F6-81A45E97706E}

Catalyst Control Center - Branding-->MsiExec.exe /I{37AF26EB-ACCD-4F9C-A13E-81483F932203}

Catalyst Control Center - Branding-->MsiExec.exe /I{6346E85F-1CA6-4AA9-9718-A3E8BFCB572A}

Catalyst Control Center - Branding-->MsiExec.exe /I{C349C10C-1474-4000-9073-9299856C8A70}

Catalyst Control Center - Branding-->MsiExec.exe /I{F2C19209-8474-4BCB-89EC-AA0150C2B036}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}

Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}

Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}

Convert Image To PDF-->"C:\Program Files\Softinterface, Inc\Convert Image To PDF\unins000.exe"

DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall

Free FLV Converter V 7.4.0-->"C:\Program Files\Free FLV Converter\unins000.exe"

Free Studio version 5.3.5-->C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe

Free Video to DVD Converter version 5.0.6.221-->C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe

Free YouTube Download version 3.1.27.508-->C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe

Freemake Video Converter Version 3.0.2-->"C:\Program Files\Freemake\Freemake Video Converter\Uninstall\unins000.exe"

Google Earth Plug-in-->MsiExec.exe /X{33286280-8617-11E1-8FF6-B8AC6F97B88E}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}

HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot

HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}

HP Quick Launch Buttons-->"C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -runfromtemp -l0x0407  -removeonly uninst

HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}

HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}

HPDiagnosticAlert-->MsiExec.exe /I{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}

HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}

Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020F0}

Java(TM) 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}

LG Internet Kit-->C:\Program Files\LG Electronics\LG Internet Kit\uninstall.exe

LG USB Modem Drivers-->MsiExec.exe /X{3E8DE1A6-B365-4FF6-B917-2892A34990E8}

Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe

Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP

Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Antimalware Service DE-DE Language Pack-->MsiExec.exe /X{1280E900-35DA-4E08-A700-B79A5B2B8532}

Microsoft Security Client DE-DE Language Pack-->MsiExec.exe /I{50779A29-834E-4E36-BBEB-B7CABC67A825}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

Mozilla Firefox 14.0.1 (x86 de)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

OpenOffice.org 3.2-->MsiExec.exe /I{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}

Paint.NET v3.5.10-->MsiExec.exe /X{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}

PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"

QLBCASL-->MsiExec.exe /I{F1D7AC58-554A-4A58-B784-B61558B1449A}

REALTEK 11n USB Wireless LAN Driver and Utility-->C:\Program Files\InstallShield Installation Information\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}\Install.exe -uninst -l0x7 

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

StreamTransport version: 1.0.2.2171-->"C:\Program Files\StreamTransport\unins000.exe"

SUPER © Version 2010.bld.42 (Nov 7, 2010)-->C:\PROGRA~2\ERIGHT~1\SUPER\Setup.exe /remove /q0

Sweet Home 3D version 3.3-->"C:\Program Files\Sweet Home 3D\unins000.exe"

Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Trojan Remover 6.8.4-->"C:\Program Files\Trojan Remover\unins000.exe"

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client

VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}

Visual C++ 9.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{0138F525-6C8A-333F-A105-14AE030B9A54}

VLC media player 2.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Windows Mobile-Gerätecenter: Treiberupdate-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}

Windows Mobile-Gerätecenter-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}

WinRAR 4.00 beta 3 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
 

======Hosts File======
 

::1            localhost
 

======Security center information======
 

AS: Spybot - Search and Destroy (disabled) (outdated)

AS: Windows Defender
 

======System event log======
 

Computer Name: Anne-PC

Event Code: 4374

Message: Windows-Wartung hat erkannt, dass das Paket KB2641653(Security Update) nicht für dieses System geeignet ist.

Record Number: 206056

Source Name: Microsoft-Windows-Servicing

Time Written: 20120314132402.000000-000

Event Type: Warnung

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: Anne-PC

Event Code: 4374

Message: Windows-Wartung hat erkannt, dass das Paket KB2641653(Security Update) nicht für dieses System geeignet ist.

Record Number: 206055

Source Name: Microsoft-Windows-Servicing

Time Written: 20120314132402.000000-000

Event Type: Warnung

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: Anne-PC

Event Code: 4371

Message: Windows-Wartung hat begonnen, den Status des Pakets KB2641653(Security Update) von Nicht vorhanden(Absent) in Bereitgestellt(Staged) zu ändern.

Record Number: 206054

Source Name: Microsoft-Windows-Servicing

Time Written: 20120314132402.000000-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: Anne-PC

Event Code: 4371

Message: Windows-Wartung hat begonnen, den Status des Pakets KB2641653(Security Update) von Nicht vorhanden(Absent) in Bereitgestellt(Staged) zu ändern.

Record Number: 206053

Source Name: Microsoft-Windows-Servicing

Time Written: 20120314132402.000000-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: Anne-PC

Event Code: 4371

Message: Windows-Wartung hat begonnen, den Status des Pakets KB2641653(Security Update) von Nicht vorhanden(Absent) in Bereitgestellt(Staged) zu ändern.

Record Number: 206052

Source Name: Microsoft-Windows-Servicing

Time Written: 20120314132401.000000-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

=====Application event log=====
 

Computer Name: Anne-PC

Event Code: 10

Message: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Record Number: 5762

Source Name: Microsoft-Windows-WMI

Time Written: 20110119192836.000000-000

Event Type: Fehler

User: 
 

Computer Name: Anne-PC

Event Code: 1

Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 5761

Source Name: SecurityCenter

Time Written: 20110119192836.000000-000

Event Type: Informationen

User: 
 

Computer Name: Anne-PC

Event Code: 102

Message: Windows (2472) Windows: Das Datenbankmodul (6.00.6002.0000) hat eine neue Instanz gestartet (0).

Record Number: 5760

Source Name: ESENT

Time Written: 20110119192836.000000-000

Event Type: Informationen

User: 
 

Computer Name: Anne-PC

Event Code: 5617

Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.

Record Number: 5759

Source Name: Microsoft-Windows-WMI

Time Written: 20110119192835.000000-000

Event Type: Informationen

User: 
 

Computer Name: Anne-PC

Event Code: 0

Message: 

Record Number: 5758

Source Name: hpqddsvc

Time Written: 20110119192834.000000-000

Event Type: Informationen

User: 
 

=====Security event log=====
 

Computer Name: Anne-PC

Event Code: 4672

Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e7
 

Berechtigungen:                SeAssignPrimaryTokenPrivilege

                        SeTcbPrivilege

                        SeSecurityPrivilege

                        SeTakeOwnershipPrivilege

                        SeLoadDriverPrivilege

                        SeBackupPrivilege

                        SeRestorePrivilege

                        SeDebugPrivilege

                        SeAuditPrivilege

                        SeSystemEnvironmentPrivilege

                        SeImpersonatePrivilege

Record Number: 43808

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111121031337.698942-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Anne-PC

Event Code: 4624

Message: Ein Konto wurde erfolgreich angemeldet.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                ANNE-PC$

        Kontodomäne:                WORKGROUP

        Anmelde-ID:                0x3e7
 

Anmeldetyp:                        5
 

Neue Anmeldung:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Prozessinformationen:

        Prozess-ID:                0x260

        Prozessname:                C:\Windows\System32\services.exe
 

Netzwerkinformationen:

        Arbeitsstationsname:        

        Quellnetzwerkadresse:        -

        Quellport:                -
 

Detaillierte Authentifizierungsinformationen:

        Anmeldeprozess:                Advapi  

        Authentifizierungspaket:        Negotiate

        Übertragene Dienste:        -

        Paketname (nur NTLM):        -

        Schlüssellänge:                0
 

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
 

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
 

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
 

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
 

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
 

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.

         - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.

        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.

        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.

        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.

Record Number: 43807

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111121031337.698942-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Anne-PC

Event Code: 4648

Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                ANNE-PC$

        Kontodomäne:                WORKGROUP

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Konto, dessen Anmeldeinformationen verwendet wurden:

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Zielserver:

        Zielservername:        localhost

        Weitere Informationen:        localhost
 

Prozessinformationen:

        Prozess-ID:                0x260

        Prozessname:                C:\Windows\System32\services.exe
 

Netzwerkinformationen:

        Netzwerkadresse:        -

        Port:                        -
 

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.

Record Number: 43806

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111121031337.698942-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Anne-PC

Event Code: 4902

Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.
 

        Anzahl von Elementen:        0

        Richtlinienkennung:        0x18064

Record Number: 43805

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111121031337.090538-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Anne-PC

Event Code: 4624

Message: Ein Konto wurde erfolgreich angemeldet.
 

Antragsteller:

        Sicherheits-ID:                S-1-0-0

        Kontoname:                -

        Kontodomäne:                -

        Anmelde-ID:                0x0
 

Anmeldetyp:                        0
 

Neue Anmeldung:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Prozessinformationen:

        Prozess-ID:                0x4

        Prozessname:                
 

Netzwerkinformationen:

        Arbeitsstationsname:        -

        Quellnetzwerkadresse:        -

        Quellport:                -
 

Detaillierte Authentifizierungsinformationen:

        Anmeldeprozess:                -

        Authentifizierungspaket:        -

        Übertragene Dienste:        -

        Paketname (nur NTLM):        -

        Schlüssellänge:                0
 

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
 

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
 

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
 

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
 

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
 

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.

         - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.

        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.

        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.

        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.

Record Number: 43804

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20111121031336.950137-000

Event Type: Überwachung erfolgreich

User: 
 

======Environment variables======
 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Broadcom\Broadcom 802.11\Driver;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Windows\system32\gs\gs7.05\bin

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=17

"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=0301

"NUMBER_OF_PROCESSORS"=1

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"DFSTRACINGON"=FALSE

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
 

-----------------EOF-----------------

--- --- ---

Nr2.

RSIT Logfile:

Code:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Anne at 2012-08-06 12:05:25

Microsoft® Windows Vista™ Home Basic  Service Pack 2

System drive C: has 48 GB (32%) free of 153 GB

Total RAM: 2812 MB (52% free)
 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:05:37, on 06.08.2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

C:\Windows\System32\mobsync.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\system32\SearchFilterHost.exe

E:\RSIT.exe

C:\Program Files\trend micro\Anne.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe

O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Free YouTube Download - C:\Users\Anne\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe

O23 - Service: Realtek11nSU - Realtek - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
 

--

End of file - 8204 bytes
 

======Scheduled tasks folder======
 

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
 

=========Mozilla firefox=========
 

ProfilePath - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\q05e5wce.default
 

prefs.js - "browser.startup.homepage" -  "hxxp://www.google.de/"
 

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"fmconverter@gmail.com"=C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
 
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.3.300.270 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]

"Description"=DivX Plus Web Player

"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]

"Description"=DivX VOD Helper Plug-in

"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.3]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
 

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}
 

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll
 

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom-de.xml

bing.xml

eBay-de.xml

google.xml

leo_ende_de.xml

wikipedia-de.xml

yahoo-de.xml
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]

DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-03-12 325408]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-12 42272]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{99079a25-328f-4bd4-be04-00955acaa0a7}
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"=C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [2010-12-10 4367360]

"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]

"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-11 287800]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe  /MINIMIZED []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]

C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe start []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe -atboottime []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]

oobefldr.dll,ShowWelcomeCenter []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [2008-03-25 214360]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Anne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-05-20 1195008]
 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoToolbarCustomize"=0

"NoBandCustomize"=0
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=i420vfw.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"vidc.yv12"=DivX.dll

"vidc.DIVX"=DivX.dll
 

======File associations======
 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*
 

======List of files/folders created in the last 3 months======
 

2012-08-06 12:05:26 ----D---- C:\Program Files\trend micro

2012-08-06 12:05:25 ----D---- C:\rsit

2012-08-04 11:10:43 ----AD---- C:\ProgramData\TEMP

2012-08-04 11:08:33 ----A---- C:\Windows\system32\ztvunrar39.dll

2012-08-04 11:08:33 ----A---- C:\Windows\system32\ztvunrar36.dll

2012-08-04 11:08:33 ----A---- C:\Windows\system32\ztvunace26.dll

2012-08-04 11:08:33 ----A---- C:\Windows\system32\ztvcabinet.dll

2012-08-04 11:08:33 ----A---- C:\Windows\system32\ztv7z.dll

2012-08-04 11:08:33 ----A---- C:\Windows\system32\UNRAR3.dll

2012-08-04 11:08:33 ----A---- C:\Windows\system32\unacev2.dll

2012-08-04 11:08:32 ----D---- C:\Users\Anne\AppData\Roaming\Simply Super Software

2012-08-04 11:08:32 ----D---- C:\ProgramData\Simply Super Software

2012-08-04 11:08:32 ----D---- C:\Program Files\Trojan Remover

2012-08-04 09:16:06 ----D---- C:\Users\Anne\AppData\Roaming\Malwarebytes

2012-08-04 09:15:55 ----D---- C:\ProgramData\Malwarebytes

2012-08-04 09:00:25 ----D---- C:\ProgramData\Mozilla

2012-08-04 09:00:25 ----D---- C:\Program Files\Mozilla Maintenance Service

2012-08-04 09:00:23 ----D---- C:\Program Files\Mozilla Firefox

2012-08-03 13:25:10 ----SHD---- C:\Windows\system32\%APPDATA%

2012-07-23 18:32:07 ----D---- C:\Users\Anne\AppData\Roaming\vlc

2012-07-23 18:31:16 ----D---- C:\Program Files\VideoLAN

2012-07-16 20:16:40 ----A---- C:\Windows\system32\FlashPlayerApp.exe

2012-07-16 12:14:11 ----D---- C:\ProgramData\IBUpdaterService

2012-07-15 08:15:06 ----D---- C:\ProgramData\boost_interprocess

2012-07-14 19:02:27 ----D---- C:\Users\Anne\AppData\Roaming\Ashampoo

2012-07-14 19:02:10 ----D---- C:\ProgramData\ashampoo

2012-07-14 19:02:04 ----D---- C:\Program Files\Ashampoo

2012-07-14 18:47:17 ----D---- C:\Users\Anne\AppData\Roaming\Nero

2012-07-14 18:40:01 ----D---- C:\ProgramData\Nero

2012-07-14 18:38:38 ----A---- C:\Windows\system32\d3dx11_43.dll

2012-07-14 18:37:53 ----A---- C:\Windows\system32\D3DCompiler_42.dll

2012-07-14 18:37:11 ----A---- C:\Windows\system32\d3dx10_43.dll

2012-07-14 18:36:31 ----A---- C:\Windows\system32\D3DX9_42.dll

2012-07-14 18:36:03 ----A---- C:\Windows\system32\D3DX9_43.dll

2012-07-14 18:35:32 ----A---- C:\Windows\system32\D3DX9_40.dll

2012-07-14 18:35:04 ----A---- C:\Windows\system32\d3dcsx_43.dll

2012-07-14 18:34:34 ----A---- C:\Windows\system32\d3dx9_35.dll

2012-07-14 18:34:06 ----A---- C:\Windows\system32\D3DCompiler_43.dll

2012-07-14 18:33:35 ----A---- C:\Windows\system32\d3dx9_34.dll

2012-07-14 18:32:59 ----A---- C:\Windows\system32\d3dx9_30.dll

2012-07-14 17:43:01 ----D---- C:\ProgramData\Freemake

2012-07-14 17:42:45 ----D---- C:\Program Files\Freemake

2012-07-14 13:01:02 ----A---- C:\Windows\system32\TubeFinder.exe

2012-07-14 13:01:00 ----A---- C:\Windows\system32\VB6STKIT.DLL

2012-07-14 13:01:00 ----A---- C:\Windows\system32\VB6FR.DLL

2012-07-14 13:00:59 ----D---- C:\Users\Anne\AppData\Roaming\FreeFLVConverter

2012-07-14 13:00:59 ----D---- C:\Program Files\Free FLV Converter

2012-07-14 13:00:59 ----A---- C:\Windows\system32\PCCLPFR.DLL

2012-07-14 13:00:59 ----A---- C:\Windows\system32\MSCMCFR.DLL

2012-07-14 13:00:59 ----A---- C:\Windows\system32\CMDLGFR.DLL

2012-07-13 06:59:29 ----D---- C:\Program Files\StreamTransport

2012-07-11 22:26:41 ----A---- C:\Windows\system32\win32k.sys

2012-07-11 22:24:34 ----A---- C:\Windows\system32\mshtmled.dll

2012-07-11 22:24:33 ----A---- C:\Windows\system32\ieui.dll

2012-07-11 22:24:33 ----A---- C:\Windows\system32\iertutil.dll

2012-07-11 22:24:32 ----A---- C:\Windows\system32\wininet.dll

2012-07-11 22:24:32 ----A---- C:\Windows\system32\ieUnatt.exe

2012-07-11 22:24:31 ----A---- C:\Windows\system32\url.dll

2012-07-11 22:24:31 ----A---- C:\Windows\system32\jsproxy.dll

2012-07-11 22:24:31 ----A---- C:\Windows\system32\jscript9.dll

2012-07-11 22:24:31 ----A---- C:\Windows\system32\jscript.dll

2012-07-11 22:24:30 ----A---- C:\Windows\system32\urlmon.dll

2012-07-11 22:24:29 ----A---- C:\Windows\system32\mshtml.dll

2012-07-11 22:24:28 ----A---- C:\Windows\system32\ieframe.dll

2012-07-11 13:49:15 ----A---- C:\Windows\system32\shell32.dll

2012-07-11 13:49:10 ----A---- C:\Windows\system32\msxml6.dll

2012-07-11 13:49:10 ----A---- C:\Windows\system32\msxml3.dll

2012-07-11 13:49:08 ----A---- C:\Windows\system32\schannel.dll

2012-07-11 13:49:08 ----A---- C:\Windows\system32\ncrypt.dll

2012-07-11 13:49:08 ----A---- C:\Windows\system32\drivers\ksecdd.sys

2012-06-24 07:55:56 ----D---- C:\Program Files\Google

2012-06-22 09:20:48 ----A---- C:\Windows\system32\wups2.dll

2012-06-22 09:20:48 ----A---- C:\Windows\system32\wuauclt.exe

2012-06-22 09:20:47 ----A---- C:\Windows\system32\wucltux.dll

2012-06-22 09:20:47 ----A---- C:\Windows\system32\wuaueng.dll

2012-06-22 09:20:18 ----A---- C:\Windows\system32\wups.dll

2012-06-22 09:20:18 ----A---- C:\Windows\system32\wudriver.dll

2012-06-22 09:20:18 ----A---- C:\Windows\system32\wuapi.dll

2012-06-22 09:20:08 ----A---- C:\Windows\system32\wuwebv.dll

2012-06-22 09:20:08 ----A---- C:\Windows\system32\wuapp.exe

2012-06-13 08:13:09 ----A---- C:\Windows\system32\cryptsvc.dll

2012-06-13 08:13:09 ----A---- C:\Windows\system32\cryptnet.dll

2012-06-13 08:13:09 ----A---- C:\Windows\system32\crypt32.dll

2012-06-13 08:13:06 ----A---- C:\Windows\system32\drivers\rdpwd.sys

2012-05-27 18:50:00 ----D---- C:\Users\Anne\AppData\Roaming\OpenCandy

2012-05-27 18:49:09 ----A---- C:\Windows\system32\QtCore4.dll

2012-05-27 18:49:05 ----A---- C:\Windows\system32\Newtonsoft.Json.Net20.dll

2012-05-09 17:12:40 ----A---- C:\Windows\system32\drivers\tcpipreg.sys

2012-05-09 17:12:40 ----A---- C:\Windows\system32\drivers\tcpip.sys

2012-05-09 17:12:39 ----A---- C:\Windows\system32\drivers\partmgr.sys

2012-05-09 17:12:35 ----A---- C:\Windows\system32\DWrite.dll

2012-05-09 17:12:35 ----A---- C:\Windows\system32\d3d10warp.dll

2012-05-09 17:12:35 ----A---- C:\Windows\system32\d3d10_1core.dll

2012-05-09 17:12:35 ----A---- C:\Windows\system32\d3d10_1.dll

2012-05-09 17:12:35 ----A---- C:\Windows\system32\d2d1.dll

2012-05-09 17:12:32 ----A---- C:\Windows\system32\ntoskrnl.exe

2012-05-09 17:12:32 ----A---- C:\Windows\system32\ntkrnlpa.exe
 

======List of files/folders modified in the last 3 months======
 

2012-08-06 12:05:37 ----D---- C:\Windows\Prefetch

2012-08-06 12:05:26 ----D---- C:\Program Files

2012-08-06 12:05:12 ----D---- C:\Windows\Temp

2012-08-06 11:27:21 ----D---- C:\Windows\System32

2012-08-06 11:27:21 ----D---- C:\Windows\inf

2012-08-06 11:27:21 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-08-06 11:23:31 ----SHD---- C:\System Volume Information

2012-08-06 09:52:57 ----D---- C:\Users\Anne\AppData\Roaming\Mozilla

2012-08-05 12:13:59 ----D---- C:\Windows\system32\Tasks

2012-08-05 12:13:34 ----D---- C:\SWSetup

2012-08-05 12:11:26 ----D---- C:\Windows

2012-08-05 12:08:58 ----D---- C:\Windows\system32\catroot

2012-08-05 09:02:04 ----D---- C:\Windows\system32\drivers

2012-08-04 17:58:40 ----D---- C:\ProgramData\DivX

2012-08-04 17:58:36 ----D---- C:\Program Files\DivX

2012-08-04 17:51:33 ----D---- C:\Program Files\Common Files\DivX Shared

2012-08-04 17:42:03 ----SHD---- C:\Windows\Installer

2012-08-04 17:42:03 ----HD---- C:\Config.Msi

2012-08-04 11:18:44 ----D---- C:\Windows\system32\drivers\etc

2012-08-04 11:12:24 ----D---- C:\Windows\WindowsMobile

2012-08-04 11:10:43 ----HD---- C:\ProgramData

2012-08-04 10:42:10 ----D---- C:\Windows\Registration

2012-08-04 08:49:50 ----D---- C:\ProgramData\Spybot - Search & Destroy

2012-08-04 08:49:45 ----D---- C:\Windows\SoftwareDistribution

2012-08-04 08:49:45 ----D---- C:\Windows\Logs

2012-08-04 08:49:45 ----D---- C:\Windows\Debug

2012-08-02 20:39:09 ----D---- C:\Windows\system32\catroot2

2012-08-02 20:38:53 ----D---- C:\Users\Anne\AppData\Roaming\HpUpdate

2012-07-31 14:34:48 ----D---- C:\Users\Anne\AppData\Roaming\BitComet

2012-07-31 14:34:42 ----D---- C:\Downloads

2012-07-16 20:16:43 ----D---- C:\Windows\Tasks

2012-07-16 12:14:05 ----HD---- C:\Program Files\Uninstall Information

2012-07-15 12:14:14 ----D---- C:\Program Files\Common Files

2012-07-14 18:43:43 ----D---- C:\Windows\Cursors

2012-07-14 18:32:05 ----D---- C:\Windows\winsxs

2012-07-14 13:01:03 ----SD---- C:\ProgramData\Microsoft

2012-07-12 07:05:48 ----D---- C:\Windows\system32\migration

2012-07-12 07:05:47 ----D---- C:\Program Files\Internet Explorer

2012-07-11 22:25:10 ----A---- C:\Windows\system32\mrt.exe

2012-06-22 12:40:19 ----D---- C:\Windows\rescache

2012-06-22 12:23:44 ----D---- C:\Windows\system32\de-DE

2012-06-14 15:15:10 ----RSD---- C:\Windows\assembly

2012-06-14 15:15:10 ----D---- C:\Windows\Microsoft.NET

2012-05-31 12:25:14 ----N---- C:\Windows\system32\MpSigStub.exe

2012-05-27 18:50:02 ----D---- C:\Users\Anne\AppData\Roaming\DVDVideoSoft

2012-05-27 18:49:15 ----D---- C:\Users\Anne\AppData\Roaming\DVDVideoSoftIEHelpers

2012-05-27 18:49:09 ----D---- C:\Program Files\Common Files\DVDVideoSoft

2012-05-10 10:31:39 ----D---- C:\Program Files\Microsoft Silverlight

2012-05-10 08:44:27 ----D---- C:\Windows\system32\XPSViewer
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-28 14352]

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]

R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-09-11 3847680]

R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2010-12-10 18424]

R3 HBtnKey;HP Hotkey Device; C:\Windows\system32\DRIVERS\cpqbttn.sys [2011-07-26 15544]

R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]

R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]

R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]

R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2009-07-17 312832]

S3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]

S3 BCM43XX;Treiber für Broadcom 802.11-Netzwerkadapter; C:\Windows\system32\DRIVERS\bcmwl6.sys [2010-12-10 2661368]

S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]

S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]

S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]

S3 BTHUSB;USB-Treiber für Bluetooth-Sender; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]

S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]

S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]

S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-12-10 515584]

S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-03-27 1810992]

S3 Tq_91Assistant;Tq_91Assistant; \??\C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys []

S3 usb_rndisx;USB-RNDIS-Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys []

S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056]

S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864]

S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960]

S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]

S3 winusb;WinUsb-Treiber; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-09-11 692224]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 Freemake Improver;Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-06-27 96768]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 26168]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 Realtek11nSU;Realtek11nSU; C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2009-04-24 36864]

R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE [2010-12-10 26112]

R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Update-Dienst (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-24 116648]

S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]

S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]

S3 gupdatem;Google Update-Dienst (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-24 116648]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe [2012-07-14 113120]

S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
 

-----------------EOF-----------------

--- --- ---

Hier HiJack-Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:23:46, on 06.08.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Windows\System32\mobsync.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
E:\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Free YouTube Download - C:\Users\Anne\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe
O23 - Service: Realtek11nSU - Realtek - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE

--
End of file - 7479 bytes

OTL Logfile:

Code:

OTL logfile created on: 06.08.2012 15:41:12 - Run 1

OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Anne\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,75 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,78% Memory free

5,70 Gb Paging File | 5,00 Gb Available in Paging File | 87,80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,04 Gb Total Space | 46,77 Gb Free Space | 31,38% Space Free | Partition Type: NTFS

Drive F: | 58,36 Mb Total Space | 58,36 Mb Free Space | 100,00% Space Free | Partition Type: FAT

 

Computer Name: ANNE-PC | User Name: Anne | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.08.06 15:39:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Downloads\OTL.exe

PRC - [2012.06.27 13:01:14 | 000,096,768 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010.12.10 21:55:12 | 004,367,360 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE

PRC - [2010.12.10 21:55:12 | 003,718,656 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE

PRC - [2010.12.10 21:55:12 | 000,026,112 | ---- | M] () -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE

PRC - [2009.11.11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

PRC - [2009.04.24 16:29:40 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.08.26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.06.14 14:10:18 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll

MOD - [2012.06.14 14:05:43 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll

MOD - [2012.06.14 14:05:32 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll

MOD - [2012.05.11 11:18:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll

MOD - [2012.05.11 11:18:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll

MOD - [2012.05.11 11:18:12 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll

MOD - [2012.05.11 11:01:48 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll

MOD - [2012.05.10 10:35:41 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll

MOD - [2012.05.10 10:35:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll

MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2010.12.10 22:08:28 | 001,687,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3175.37418__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll

MOD - [2010.12.10 22:08:28 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3175.37382__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll

MOD - [2010.12.10 22:08:28 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3175.37429__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll

MOD - [2010.12.10 22:08:28 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3175.37593__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll

MOD - [2010.12.10 22:08:28 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3175.37554__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll

MOD - [2010.12.10 22:08:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3175.37411__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll

MOD - [2010.12.10 22:08:28 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3175.37510__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll

MOD - [2010.12.10 22:08:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3175.37399__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll

MOD - [2010.12.10 22:08:27 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3175.37632__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll

MOD - [2010.12.10 22:08:26 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3175.37563__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll

MOD - [2010.12.10 22:08:26 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3175.37638__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll

MOD - [2010.12.10 22:08:26 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3175.37568__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll

MOD - [2010.12.10 22:08:26 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3175.37394__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll

MOD - [2010.12.10 22:08:26 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3175.37562__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll

MOD - [2010.12.10 22:08:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3175.37629__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll

MOD - [2010.12.10 22:08:25 | 000,806,912 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3175.37515__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll

MOD - [2010.12.10 22:08:25 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3175.37439__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll

MOD - [2010.12.10 22:08:25 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3175.37401__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll

MOD - [2010.12.10 22:08:25 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3175.37580__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll

MOD - [2010.12.10 22:08:25 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3175.37434__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll

MOD - [2010.12.10 22:08:25 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3175.37533__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll

MOD - [2010.12.10 22:08:25 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3175.37514__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll

MOD - [2010.12.10 22:08:25 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3175.37531__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll

MOD - [2010.12.10 22:08:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3175.37546__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll

MOD - [2010.12.10 22:08:24 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3175.37512__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll

MOD - [2010.12.10 22:08:24 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3175.37444__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll

MOD - [2010.12.10 22:08:24 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3175.37511__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll

MOD - [2010.12.10 22:08:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3175.37443__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll

MOD - [2010.12.10 22:08:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3175.37513__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll

MOD - [2010.12.10 22:08:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3175.37545__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll

MOD - [2010.12.10 22:08:23 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3175.37355__90ba9c70f846762e\LOG.Foundation.dll

MOD - [2010.12.10 22:08:23 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3175.37358__90ba9c70f846762e\NEWAEM.Foundation.dll

MOD - [2010.12.10 22:08:23 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3175.37366__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll

MOD - [2010.12.10 22:08:23 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3175.37358__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll

MOD - [2010.12.10 22:08:23 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll

MOD - [2010.12.10 22:08:23 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3175.37367__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll

MOD - [2010.12.10 22:08:23 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3175.37628__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll

MOD - [2010.12.10 22:08:23 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3175.37363__90ba9c70f846762e\MOM.Foundation.dll

MOD - [2010.12.10 22:08:23 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3175.37381__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll

MOD - [2010.12.10 22:08:23 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3175.37368__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll

MOD - [2010.12.10 22:08:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3175.37357__90ba9c70f846762e\CLI.Foundation.dll

MOD - [2010.12.10 22:08:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3175.37362__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll

MOD - [2010.12.10 22:08:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3175.37561__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll

MOD - [2010.12.10 22:08:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll

MOD - [2010.12.10 22:08:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3175.37630__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll

MOD - [2010.12.10 22:08:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3175.37619__90ba9c70f846762e\CLI.Foundation.XManifest.dll

MOD - [2010.12.10 22:08:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3175.37583__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll

MOD - [2010.12.10 22:08:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3175.37361__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll

MOD - [2010.12.10 22:08:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3175.37360__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll

MOD - [2010.12.10 22:08:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll

MOD - [2010.12.10 22:08:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll

MOD - [2010.12.10 22:08:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3175.37410__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll

MOD - [2010.12.10 22:08:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3175.37393__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll

MOD - [2010.12.10 22:08:22 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3175.37360__90ba9c70f846762e\CLI.Component.Client.Shared.dll

MOD - [2010.12.10 22:08:22 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3175.37378__90ba9c70f846762e\DEM.OS.I0602.dll

MOD - [2010.12.10 22:08:22 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3175.37380__90ba9c70f846762e\DEM.Graphics.dll

MOD - [2010.12.10 22:08:22 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3175.37365__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll

MOD - [2010.12.10 22:08:22 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3175.37379__90ba9c70f846762e\DEM.OS.dll

MOD - [2010.12.10 22:08:21 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3175.37593__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll

MOD - [2010.12.10 22:08:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3175.37513__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll

MOD - [2010.12.10 22:08:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3175.37511__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll

MOD - [2010.12.10 22:08:21 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3175.37416__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll

MOD - [2010.12.10 22:08:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3175.37553__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll

MOD - [2010.12.10 22:08:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3175.37397__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll

MOD - [2010.12.10 22:08:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3175.37398__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll

MOD - [2010.12.10 22:08:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3175.37398__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll

MOD - [2010.12.10 22:08:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3175.37415__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll

MOD - [2010.12.10 22:08:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3175.37531__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll

MOD - [2010.12.10 22:08:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3175.37380__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll

MOD - [2010.12.10 22:08:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3175.37359__90ba9c70f846762e\APM.Foundation.dll

MOD - [2010.12.10 22:08:20 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll

MOD - [2010.12.10 22:08:20 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3175.37374_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll

MOD - [2010.12.10 22:08:20 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3175.37369__90ba9c70f846762e\AEM.Server.Shared.dll

MOD - [2010.12.10 22:08:19 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3175.37620__90ba9c70f846762e\MOM.Implementation.dll

MOD - [2010.12.10 22:08:19 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3175.37655__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll

MOD - [2010.12.10 22:08:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3175.37364__90ba9c70f846762e\LOG.Foundation.Private.dll

MOD - [2010.12.10 22:08:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3175.37362__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll

MOD - [2010.12.10 22:08:19 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll

MOD - [2010.12.10 22:08:19 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll

MOD - [2010.12.10 22:08:19 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3175.37668__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll

MOD - [2010.12.10 22:08:19 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3175.37369__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll

MOD - [2010.12.10 22:08:19 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3175.37373__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll

MOD - [2010.12.10 22:08:18 | 000,995,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3175.37389__90ba9c70f846762e\CLI.Component.Dashboard.dll

MOD - [2010.12.10 22:08:18 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3175.37406__90ba9c70f846762e\CLI.Component.Wizard.dll

MOD - [2010.12.10 22:08:18 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3175.37378__90ba9c70f846762e\ATIDEMOS.dll

MOD - [2010.12.10 22:08:18 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3175.37615__90ba9c70f846762e\LOG.Foundation.Implementation.dll

MOD - [2010.12.10 22:08:18 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3175.37371__90ba9c70f846762e\APM.Server.dll

MOD - [2010.12.10 22:08:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3175.37374__90ba9c70f846762e\CLI.Component.SkinFactory.dll

MOD - [2010.12.10 22:08:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3175.37372__90ba9c70f846762e\CLI.Component.Runtime.dll

MOD - [2010.12.10 22:08:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3175.37367__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll

MOD - [2010.12.10 22:08:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3175.37365__90ba9c70f846762e\CLI.Foundation.Private.dll

MOD - [2010.12.10 22:08:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3175.37386__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll

MOD - [2010.12.10 22:08:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll

MOD - [2010.12.10 22:08:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3175.37618__90ba9c70f846762e\CCC.Implementation.dll

MOD - [2010.12.10 22:08:18 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3175.37405__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll

MOD - [2010.12.10 22:08:18 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3175.37386__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll

MOD - [2010.12.10 22:08:18 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3175.37423__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll

MOD - [2010.12.10 22:08:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3175.37370__90ba9c70f846762e\AEM.Server.dll

MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll

MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll

MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2008.09.11 01:00:50 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)

SRV - [2012.08.02 19:32:45 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe -- (MozillaMaintenance)

SRV - [2012.06.27 13:01:14 | 000,096,768 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)

SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010.12.28 10:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)

SRV - [2010.12.10 21:55:12 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)

SRV - [2009.04.24 16:29:40 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)

SRV - [2008.08.26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys -- (Tq_91Assistant)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2011.07.26 19:38:28 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2010.12.10 21:55:12 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)

DRV - [2010.12.10 13:24:23 | 000,515,584 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)

DRV - [2010.01.21 02:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2010.01.21 02:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2010.01.21 02:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

DRV - [2009.04.29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2009.03.27 07:48:22 | 001,810,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)

DRV - [2008.11.21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV - [2008.09.11 04:34:44 | 003,847,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008.07.29 05:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)

DRV - [2008.04.28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C B6 60 D4 9C 98 CB 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}

IE - HKCU\..\SearchScopes\{095AD168-B8C2-4D0F-AEB7-F9AC79476819}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&tt=290312_bexdll&babsrc=SP_ss&mntrId=5081ff99000000000000002186e77791

IE - HKCU\..\SearchScopes\{5A39ED50-DE6F-42F2-9270-55E9BE30ECB6}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}

IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}

IE - HKCU\..\SearchScopes\{A957EE3D-8E85-4B8E-A1F8-52A4D4D34DE7}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKCU\..\SearchScopes\{CD41EDC3-C1A0-4D56-898C-452C0647D95A}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

IE - HKCU\..\SearchScopes\{F40F9A85-58B3-4CC0-974A-12F6EF3D415C}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.07.14 17:43:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.04 17:56:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.06 09:52:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.04 17:56:39 | 000,000,000 | ---D | M]

 

[2012.04.01 14:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne\AppData\Roaming\mozilla\Extensions

[2011.09.06 20:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2012.08.06 09:52:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.08.04 11:18:44 | 000,000,975 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1            localhost

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.

O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0

O8 - Extra context menu item: Free YouTube Download - C:\Users\Anne\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - %SystemRoot%\system32\wshbth.dll File not found

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{623FF1EF-3514-45F1-A0CB-646352CD5ACC}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69860572-EE66-4CEE-B55E-9F2B00C1E40F}: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) -  File not found

O24 - Desktop WallPaper: C:\Users\Anne\Pictures\dessi.jpg

O24 - Desktop BackupWallPaper: C:\Users\Anne\Pictures\dessi.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{52f667b8-3142-11e1-934e-002186e77791}\Shell - "" = AutoRun

O33 - MountPoints2\{52f667b8-3142-11e1-934e-002186e77791}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: Sharedaccess -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: wuauserv -  File not found

NetSvcs: BITS -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)

MsConfig - StartUpFolder: C:^Users^Anne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: DivX Download Manager - hkey= - key= -  File not found

MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)

MsConfig - StartUpReg: hpWirelessAssistant - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)

MsConfig - StartUpReg: MSC - hkey= - key= -  File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= -  File not found

MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

MsConfig - StartUpReg: WindowsWelcomeCenter - hkey= - key= -  File not found

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.08.06 12:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2012.08.06 12:05:25 | 000,000,000 | ---D | C] -- C:\rsit

[2012.08.06 09:53:57 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\Macromedia

[2012.08.04 11:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012.08.04 11:08:38 | 000,000,000 | ---D | C] -- C:\Users\Anne\Documents\Simply Super Software

[2012.08.04 11:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover

[2012.08.04 11:08:33 | 000,598,528 | ---- | C] (Igor Pavlov) -- C:\Windows\System32\ztv7z.dll

[2012.08.04 11:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover

[2012.08.04 11:08:32 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Simply Super Software

[2012.08.04 11:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software

[2012.08.04 09:16:06 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Malwarebytes

[2012.08.04 09:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.08.04 09:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012.08.04 09:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012.08.04 09:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012.08.03 13:25:10 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

[2012.07.30 05:40:11 | 000,000,000 | ---D | C] -- C:\Users\Anne\Desktop\BriefeJETZT

[2012.07.23 18:32:07 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\vlc

[2012.07.23 18:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012.07.23 18:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

[2012.07.21 15:38:55 | 000,000,000 | ---D | C] -- C:\Users\Anne\Desktop\The Cure - 11.15.2011 Reflections, Royal Albert Hall

[2012.07.18 19:33:31 | 000,000,000 | ---D | C] -- C:\Users\Anne\Documents\Dokumentation für Annes Smartphone 3

[2012.07.16 12:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService

[2012.07.16 12:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter

[2012.07.15 08:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012.07.14 19:48:37 | 000,000,000 | ---D | C] -- C:\Users\Anne\Documents\default

[2012.07.14 19:02:27 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Ashampoo

[2012.07.14 19:02:10 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\ashampoo

[2012.07.14 19:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo

[2012.07.14 19:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo

[2012.07.14 19:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo

[2012.07.14 18:47:51 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\Nero_AG

[2012.07.14 18:47:17 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Nero

[2012.07.14 18:47:01 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\Nero

[2012.07.14 18:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero

[2012.07.14 17:43:03 | 000,000,000 | ---D | C] -- C:\Users\Anne\Documents\Freemake

[2012.07.14 17:43:02 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake

[2012.07.14 17:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake

[2012.07.14 17:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake

[2012.07.14 17:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake

[2012.07.14 13:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter

[2012.07.14 13:01:02 | 000,360,448 | ---- | C] (FLV.com) -- C:\Windows\System32\TubeFinder.exe

[2012.07.14 13:00:59 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\FreeFLVConverter

[2012.07.14 13:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter

[2012.07.13 08:04:19 | 000,000,000 | ---D | C] -- C:\Users\Anne\Documents\StreamTransport

[2012.07.13 06:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport

[2012.07.13 06:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTransport

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.08.06 15:34:55 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.08.06 15:34:28 | 000,004,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.08.06 15:34:28 | 000,004,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.08.06 15:34:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.08.06 15:34:13 | 2949,505,024 | -HS- | M] () -- C:\hiberfil.sys

[2012.08.06 12:38:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.08.06 12:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.08.06 12:16:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.08.06 12:07:04 | 000,644,386 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.08.06 12:07:04 | 000,600,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.08.06 12:07:04 | 000,131,638 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.08.06 12:07:04 | 000,108,822 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.08.06 12:04:56 | 000,026,624 | ---- | M] () -- C:\Users\Anne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.08.06 09:52:50 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.08.04 20:24:55 | 000,000,187 | ---- | M] () -- C:\Users\Anne\Desktop\meine Süße & ich 2006 nach dem Auftritt im Leipziger Mühlholzkeller.url

[2012.08.04 17:58:40 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk

[2012.08.04 17:58:38 | 000,001,393 | ---- | M] () -- C:\Users\Anne\Desktop\DivX Movies.lnk

[2012.08.04 17:56:29 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2012.08.04 11:18:44 | 000,000,975 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012.08.03 13:18:28 | 069,075,839 | ---- | M] () -- C:\Users\Anne\Desktop\1_640x460.mp4.flv

[2012.08.02 20:16:32 | 000,027,168 | ---- | M] () -- C:\Users\Anne\Einnahmen und Ausgaben.ods

[2012.08.02 19:47:03 | 060,252,496 | ---- | M] () -- C:\Users\Anne\Desktop\9635065.mp4.flv

[2012.07.30 20:40:37 | 000,602,851 | ---- | M] () -- C:\Users\Anne\rechnung6952866.pdf

[2012.07.30 20:38:40 | 001,017,550 | ---- | M] () -- C:\Users\Anne\rechnung6877199.pdf

[2012.07.29 12:28:40 | 000,000,195 | ---- | M] () -- C:\Users\Anne\Desktop\Toni Marcel.rtf

[2012.07.28 21:57:32 | 004,477,164 | ---- | M] () -- C:\Users\Anne\Desktop\Anthony Sport.rtf

[2012.07.24 23:00:27 | 024,218,379 | ---- | M] () -- C:\Users\Anne\Documents\404 Not Found.mp4.flv

[2012.07.23 18:31:51 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012.07.22 12:32:17 | 000,247,862 | ---- | M] () -- C:\Users\Anne\abholschein_9051122_4a4e883007bd90fa5c798ef5c1673d7b.pdf

[2012.07.18 19:33:31 | 000,000,695 | ---- | M] () -- C:\Users\Anne\Desktop\Dokumentation für Annes Smartphone 3.LNK

[2012.07.14 19:26:19 | 000,013,723 | ---- | M] () -- C:\Users\Anne\Documents\kurt schünemann 1.pdf

[2012.07.14 19:24:25 | 000,015,410 | ---- | M] () -- C:\Users\Anne\Documents\kurt schünemann.pdf

[2012.07.14 17:43:02 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk

[2012.07.14 16:39:18 | 375,159,452 | ---- | M] () -- C:\Users\Anne\Desktop\Hurricane 2012 The Cure  - Open Air - ZDFmediathek - ZDF Mediathek.avi

[2012.07.14 14:14:05 | 213,412,988 | ---- | M] () -- C:\Users\Anne\Desktop\Hurricane2012TheCureOpenAirZDFmediathekZDFMediathek.flv

[2012.07.14 14:14:05 | 000,001,694 | ---- | M] () -- C:\Users\Anne\Desktop\Hurricane2012TheCureOpenAirZDFmediathekZDFMediathek.html

[2012.07.14 13:01:03 | 000,000,874 | ---- | M] () -- C:\Users\Anne\Desktop\Free FLV Converter.lnk

[2012.07.13 08:00:25 | 696,985,881 | ---- | M] () -- C:\Users\Anne\Documents\Hurricane 2012 The Cure  - Open Air - ZDFmediathek - ZDF Mediathek.flv

[2012.07.13 07:07:49 | 002,206,449 | ---- | M] () -- C:\Users\Anne\Documents\Hurricane 2012 The Cure  - Open Air - ZDFmediathek - ZDF Mediathek_0.flv

[2012.07.13 06:59:30 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\ StreamTransport.lnk

[2012.07.12 07:08:24 | 000,253,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.07.11 13:40:11 | 000,526,491 | ---- | M] () -- C:\Users\Anne\Desktop\talkingtom_zvijx4s7.jar

[2012.07.11 13:30:56 | 000,020,783 | ---- | M] () -- C:\Users\Anne\Desktop\MobileHeart.com-Simple-Pool-2401-114.jar

 
 ========== Files Created - No Company Name ==========

 

[2012.08.06 09:52:50 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.08.06 09:52:50 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.08.05 08:47:48 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\U\80000032.@

[2012.08.04 20:24:55 | 000,000,187 | ---- | C] () -- C:\Users\Anne\Desktop\meine Süße & ich 2006 nach dem Auftritt im Leipziger Mühlholzkeller.url

[2012.08.04 17:56:29 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2012.08.04 17:50:51 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk

[2012.08.04 11:14:42 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\U\00000008.@

[2012.08.04 11:14:40 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\U\80000000.@

[2012.08.04 11:14:40 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\U\00000004.@

[2012.08.04 11:14:40 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\U\000000cb.@

[2012.08.04 11:08:33 | 000,178,176 | ---- | C] () -- C:\Windows\System32\ztvunrar39.dll

[2012.08.04 11:08:33 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll

[2012.08.04 11:08:33 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll

[2012.08.04 11:08:33 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll

[2012.08.04 11:08:33 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll

[2012.08.03 20:05:26 | 000,000,804 | ---- | C] () -- C:\Users\Anne\AppData\Local\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\L\00000004.@

[2012.08.03 13:18:59 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\L\00000004.@

[2012.08.03 13:16:58 | 069,075,839 | ---- | C] () -- C:\Users\Anne\Desktop\1_640x460.mp4.flv

[2012.08.02 19:41:40 | 060,252,496 | ---- | C] () -- C:\Users\Anne\Desktop\9635065.mp4.flv

[2012.07.30 20:40:36 | 000,602,851 | ---- | C] () -- C:\Users\Anne\rechnung6952866.pdf

[2012.07.30 20:38:39 | 001,017,550 | ---- | C] () -- C:\Users\Anne\rechnung6877199.pdf

[2012.07.29 12:28:37 | 000,000,195 | ---- | C] () -- C:\Users\Anne\Desktop\Toni Marcel.rtf

[2012.07.28 21:57:31 | 004,477,164 | ---- | C] () -- C:\Users\Anne\Desktop\Anthony Sport.rtf

[2012.07.24 23:00:10 | 024,218,379 | ---- | C] () -- C:\Users\Anne\Documents\404 Not Found.mp4.flv

[2012.07.23 18:31:51 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012.07.22 12:32:15 | 000,247,862 | ---- | C] () -- C:\Users\Anne\abholschein_9051122_4a4e883007bd90fa5c798ef5c1673d7b.pdf

[2012.07.18 19:33:31 | 000,000,695 | ---- | C] () -- C:\Users\Anne\Desktop\Dokumentation für Annes Smartphone 3.LNK

[2012.07.16 20:16:43 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.07.14 19:26:19 | 000,013,723 | ---- | C] () -- C:\Users\Anne\Documents\kurt schünemann 1.pdf

[2012.07.14 19:24:25 | 000,015,410 | ---- | C] () -- C:\Users\Anne\Documents\kurt schünemann.pdf

[2012.07.14 17:43:02 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk

[2012.07.14 15:07:02 | 375,159,452 | ---- | C] () -- C:\Users\Anne\Desktop\Hurricane 2012 The Cure  - Open Air - ZDFmediathek - ZDF Mediathek.avi

[2012.07.14 14:14:05 | 000,010,076 | ---- | C] () -- C:\Users\Anne\Desktop\Skin.swf

[2012.07.14 14:14:05 | 000,009,038 | ---- | C] () -- C:\Users\Anne\Desktop\FLVPlayer.swf

[2012.07.14 14:14:05 | 000,001,694 | ---- | C] () -- C:\Users\Anne\Desktop\Hurricane2012TheCureOpenAirZDFmediathekZDFMediathek.html

[2012.07.14 13:06:23 | 213,412,988 | ---- | C] () -- C:\Users\Anne\Desktop\Hurricane2012TheCureOpenAirZDFmediathekZDFMediathek.flv

[2012.07.14 13:01:03 | 000,000,874 | ---- | C] () -- C:\Users\Anne\Desktop\Free FLV Converter.lnk

[2012.07.14 13:01:00 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb

[2012.07.14 13:00:59 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx

[2012.07.14 13:00:59 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx

[2012.07.13 07:07:40 | 002,206,449 | ---- | C] () -- C:\Users\Anne\Documents\Hurricane 2012 The Cure  - Open Air - ZDFmediathek - ZDF Mediathek_0.flv

[2012.07.13 07:02:11 | 696,985,881 | ---- | C] () -- C:\Users\Anne\Documents\Hurricane 2012 The Cure  - Open Air - ZDFmediathek - ZDF Mediathek.flv

[2012.07.13 06:59:30 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\ StreamTransport.lnk

[2012.07.11 13:40:10 | 000,526,491 | ---- | C] () -- C:\Users\Anne\Desktop\talkingtom_zvijx4s7.jar

[2012.07.11 13:30:55 | 000,020,783 | ---- | C] () -- C:\Users\Anne\Desktop\MobileHeart.com-Simple-Pool-2401-114.jar

[2012.05.04 19:20:11 | 000,119,478 | ---- | C] () -- C:\Windows\hpqins00.dat

[2012.05.04 18:55:49 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat

[2012.04.18 05:26:07 | 000,014,786 | ---- | C] () -- C:\Users\Anne\Gerbert.odt

[2012.03.07 18:48:15 | 000,259,217 | ---- | C] () -- C:\Users\Anne\Handbuch Yamaha GSP100.pdf

[2012.03.03 19:52:47 | 000,001,958 | ---- | C] () -- C:\Users\Anne\Röhren Mytos.rtf

[2012.02.24 21:15:14 | 000,000,297 | ---- | C] () -- C:\Users\Anne\BErlin Combo.rtf

[2012.01.30 11:00:51 | 000,027,168 | ---- | C] () -- C:\Users\Anne\Einnahmen und Ausgaben.ods

[2012.01.11 15:37:31 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\@

[2012.01.11 15:37:31 | 000,002,048 | -HS- | C] () -- C:\Users\Anne\AppData\Local\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\@

[2012.01.03 11:58:27 | 000,009,207 | ---- | C] () -- C:\Users\Anne\Pfannkuchen.odt

[2011.11.28 15:46:40 | 000,000,896 | ---- | C] () -- C:\Users\Anne\Hit E-mail.rtf

[2011.11.24 20:35:07 | 000,067,793 | ---- | C] () -- C:\Users\Anne\ImgConverterTmp2

[2011.11.24 20:28:36 | 000,067,595 | ---- | C] () -- C:\Users\Anne\ImgConverterTmp1

[2011.11.24 20:26:37 | 000,204,848 | ---- | C] () -- C:\Windows\System32\gswin32c.exe

[2011.10.09 17:06:29 | 000,000,891 | ---- | C] () -- C:\Users\Anne\DPD TOUR.rtf

[2011.10.08 21:15:03 | 000,000,337 | ---- | C] () -- C:\Users\Anne\Laminat Garage Kauf.rtf

[2011.09.20 12:22:07 | 006,088,825 | ---- | C] () -- C:\Users\Anne\TomTom-ONEv3-de-DE.pdf

[2011.09.18 16:24:06 | 000,146,216 | ---- | C] () -- C:\Windows\hpoins18.dat.temp

[2011.09.18 16:24:06 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp

[2011.09.17 22:36:13 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2011.09.10 22:55:45 | 000,000,723 | ---- | C] () -- C:\Users\Anne\ebay bveschicken.rtf

[2011.09.07 20:48:30 | 000,003,576 | ---- | C] () -- C:\Users\Anne\USB Stick Formatieren.rtf

[2011.08.29 09:16:35 | 000,026,523 | ---- | C] () -- C:\Users\Anne\Hit Gas.odt

[2011.08.29 09:13:48 | 000,026,467 | ---- | C] () -- C:\Users\Anne\Hit Energie.odt

[2011.08.26 20:55:03 | 000,022,355 | ---- | C] () -- C:\Users\Anne\behringer.odt

[2011.08.22 13:56:02 | 000,006,191 | ---- | C] () -- C:\Users\Anne\Torte.rtf

[2011.08.10 08:50:12 | 000,030,838 | ---- | C] () -- C:\Users\Anne\Behringer Pedal Kauf.odt

[2011.08.06 09:22:46 | 000,000,281 | ---- | C] () -- C:\Users\Anne\laminat garage.rtf

[2011.08.01 07:49:59 | 001,571,518 | ---- | C] () -- C:\Users\Anne\Hauptantrag-Arbeitslosengeld-II.pdf

[2011.07.14 10:43:03 | 000,015,044 | ---- | C] () -- C:\Users\Anne\Dirk Schünemann gegen Janin Wiese.odt

[2011.01.12 05:39:15 | 166,059,192 | ---- | C] () -- C:\Users\Anne\OOo_3.2.1_Win_x86_install-wJRE_de.exe

[2011.01.04 21:30:26 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2010.12.14 11:35:34 | 000,026,624 | ---- | C] () -- C:\Users\Anne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.12.11 14:40:59 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage3.dll

[2010.12.11 14:40:59 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage.dll

[2010.12.11 14:40:59 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DVM.dll

[2010.12.11 14:40:59 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RegisterExe.exe

[2010.12.11 12:20:14 | 000,146,216 | ---- | C] () -- C:\Windows\hpoins18.dat

[2010.12.10 22:11:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010.12.10 20:23:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010.12.10 20:23:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010.12.10 18:20:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010.12.10 14:22:32 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll

[2010.12.10 13:07:55 | 000,001,356 | ---- | C] () -- C:\Users\Anne\AppData\Local\d3d9caps.dat

 
 ========== LOP Check ==========

 

[2012.07.14 19:10:49 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Ashampoo

[2012.07.31 14:34:48 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\BitComet

[2012.05.27 18:50:02 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\DVDVideoSoft

[2012.05.27 18:49:15 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.07.14 13:01:52 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\FreeFLVConverter

[2011.10.17 19:05:33 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Garmin

[2012.04.25 05:07:58 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Image Zone Express

[2011.09.16 18:53:30 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Jägermeister RadioPlayer

[2012.05.27 18:50:05 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\OpenCandy

[2011.01.12 05:53:53 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\OpenOffice.org

[2011.09.16 18:54:31 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\phonostar GmbH

[2010.12.12 11:37:00 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\PhotoScape

[2010.12.14 11:49:28 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Printer Info Cache

[2012.08.04 11:08:32 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Simply Super Software

[2010.12.11 14:41:06 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Softinterface, Inc

[2011.09.06 20:07:31 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\TomTom

[2011.08.20 15:23:46 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\XMedia Recode

[2012.08.06 12:38:29 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2011.12.10 11:07:07 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2010.12.10 20:56:22 | 000,000,000 | -HSD | M] -- C:\Boot

[2012.08.04 17:42:03 | 000,000,000 | -H-D | M] -- C:\Config.Msi

[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2010.12.10 01:19:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen

[2012.07.31 14:34:42 | 000,000,000 | ---D | M] -- C:\Downloads

[2011.02.06 13:47:37 | 000,000,000 | ---D | M] -- C:\Medion

[2008.01.21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012.08.06 12:05:26 | 000,000,000 | ---D | M] -- C:\Program Files

[2012.08.04 11:10:43 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2010.12.10 01:19:22 | 000,000,000 | R--D | M] -- C:\Programme

[2012.08.06 12:05:39 | 000,000,000 | ---D | M] -- C:\rsit

[2012.08.05 12:13:34 | 000,000,000 | ---D | M] -- C:\SWSetup

[2012.08.06 15:43:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2010.12.10 13:07:53 | 000,000,000 | R--D | M] -- C:\Users

[2012.08.05 12:11:26 | 000,000,000 | ---D | M] -- C:\Windows

[2010.12.10 12:33:29 | 000,000,000 | ---D | M] -- C:\Windows.old

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < MD5 for: AGP440.SYS  >

[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:AGP440.sys

[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows.old\Windows\system32\drivers\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\Windows.old\Windows\system32\dllcache\eventlog.dll

[2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\Windows.old\Windows\system32\eventlog.dll

 
 < MD5 for: EXPLORER.EXE  >

[2006.02.28 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\Windows.old\Windows\explorer.exe

[2006.02.28 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\Windows.old\Windows\system32\dllcache\explorer.exe

[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\Windows.old\Windows\system32\dllcache\netlogon.dll

[2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\Windows.old\Windows\system32\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\Windows.old\Windows\system32\dllcache\scecli.dll

[2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\Windows.old\Windows\system32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2006.02.28 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\Windows.old\Windows\system32\dllcache\user32.dll

[2006.02.28 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\Windows.old\Windows\system32\user32.dll

[2008.01.21 04:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\Windows.old\Windows\system32\dllcache\userinit.exe

[2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\Windows.old\Windows\system32\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2006.02.28 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\Windows.old\Windows\system32\dllcache\winlogon.exe

[2006.02.28 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\Windows.old\Windows\system32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\dllcache\ws2ifsl.sys

[2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\drivers\ws2ifsl.sys

[2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2008.09.11 01:01:02 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll

 
 < %USERPROFILE%\*.* >

[2012.07.22 12:32:17 | 000,247,862 | ---- | M] () -- C:\Users\Anne\abholschein_9051122_4a4e883007bd90fa5c798ef5c1673d7b.pdf

[2011.08.10 08:50:14 | 000,030,838 | ---- | M] () -- C:\Users\Anne\Behringer Pedal Kauf.odt

[2011.08.26 21:00:46 | 000,022,355 | ---- | M] () -- C:\Users\Anne\behringer.odt

[2012.03.02 20:35:55 | 000,000,297 | ---- | M] () -- C:\Users\Anne\BErlin Combo.rtf

[2011.06.26 14:46:06 | 000,013,312 | ---- | M] () -- C:\Users\Anne\BewerbungMusicEggert.doc

[2011.07.14 11:59:54 | 000,015,044 | ---- | M] () -- C:\Users\Anne\Dirk Schünemann gegen Janin Wiese.odt

[2011.10.09 17:06:29 | 000,000,891 | ---- | M] () -- C:\Users\Anne\DPD TOUR.rtf

[2011.09.10 22:55:45 | 000,000,723 | ---- | M] () -- C:\Users\Anne\ebay bveschicken.rtf

[2012.08.02 20:16:32 | 000,027,168 | ---- | M] () -- C:\Users\Anne\Einnahmen und Ausgaben.ods

[2012.04.18 05:26:08 | 000,014,786 | ---- | M] () -- C:\Users\Anne\Gerbert.odt

[2012.03.07 18:48:15 | 000,259,217 | ---- | M] () -- C:\Users\Anne\Handbuch Yamaha GSP100.pdf

[2011.07.27 09:46:44 | 001,571,518 | ---- | M] () -- C:\Users\Anne\Hauptantrag-Arbeitslosengeld-II.pdf

[2011.11.28 15:49:38 | 000,000,896 | ---- | M] () -- C:\Users\Anne\Hit E-mail.rtf

[2011.08.29 09:13:49 | 000,026,467 | ---- | M] () -- C:\Users\Anne\Hit Energie.odt

[2011.08.29 09:16:36 | 000,026,523 | ---- | M] () -- C:\Users\Anne\Hit Gas.odt

[2011.11.24 20:46:07 | 000,067,595 | ---- | M] () -- C:\Users\Anne\ImgConverterTmp1

[2011.11.24 20:46:01 | 000,067,793 | ---- | M] () -- C:\Users\Anne\ImgConverterTmp2

[2011.06.26 14:46:06 | 000,013,312 | ---- | M] () -- C:\Users\Anne\Kopie von BewerbungMusicEggert.doc

[2011.07.26 08:19:08 | 000,023,552 | ---- | M] () -- C:\Users\Anne\Kopie von LebenslaufMusik.doc

[2011.10.10 19:44:32 | 000,000,337 | ---- | M] () -- C:\Users\Anne\Laminat Garage Kauf.rtf

[2011.08.06 09:22:46 | 000,000,281 | ---- | M] () -- C:\Users\Anne\laminat garage.rtf

[2011.07.05 13:13:00 | 000,016,384 | ---- | M] () -- C:\Users\Anne\LebenslaufMusik.doc

[2012.08.06 15:41:15 | 007,602,176 | -HS- | M] () -- C:\Users\Anne\NTUSER.DAT

[2012.08.06 15:41:15 | 000,262,144 | -H-- | M] () -- C:\Users\Anne\ntuser.dat.LOG1

[2010.12.10 13:07:53 | 000,000,000 | -H-- | M] () -- C:\Users\Anne\ntuser.dat.LOG2

[2012.08.06 12:38:28 | 000,065,536 | -HS- | M] () -- C:\Users\Anne\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf

[2012.04.12 14:56:31 | 000,524,288 | -HS- | M] () -- C:\Users\Anne\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms

[2012.08.06 12:38:28 | 000,524,288 | -HS- | M] () -- C:\Users\Anne\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms

[2010.12.10 13:07:53 | 000,000,020 | -HS- | M] () -- C:\Users\Anne\ntuser.ini

[2011.01.12 05:39:42 | 166,059,192 | ---- | M] () -- C:\Users\Anne\OOo_3.2.1_Win_x86_install-wJRE_de.exe

[2012.01.03 11:58:28 | 000,009,207 | ---- | M] () -- C:\Users\Anne\Pfannkuchen.odt

[2012.07.30 20:38:40 | 001,017,550 | ---- | M] () -- C:\Users\Anne\rechnung6877199.pdf

[2012.07.30 20:40:37 | 000,602,851 | ---- | M] () -- C:\Users\Anne\rechnung6952866.pdf

[2012.03.03 19:52:47 | 000,001,958 | ---- | M] () -- C:\Users\Anne\Röhren Mytos.rtf

[2012.02.29 10:12:51 | 000,017,408 | ---- | M] () -- C:\Users\Anne\Tagebuch.doc

[2011.09.20 12:22:08 | 006,088,825 | ---- | M] () -- C:\Users\Anne\TomTom-ONEv3-de-DE.pdf

[2011.08.24 07:00:18 | 000,006,191 | ---- | M] () -- C:\Users\Anne\Torte.rtf

[2011.09.07 20:48:31 | 000,003,576 | ---- | M] () -- C:\Users\Anne\USB Stick Formatieren.rtf

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CB0AACC9
 

< End of report >

--- --- ---

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 06.08.2012 15:41:12 - Run 1

OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Anne\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,75 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,78% Memory free

5,70 Gb Paging File | 5,00 Gb Available in Paging File | 87,80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,04 Gb Total Space | 46,77 Gb Free Space | 31,38% Space Free | Partition Type: NTFS

Drive F: | 58,36 Mb Total Space | 58,36 Mb Free Space | 100,00% Space Free | Partition Type: FAT

 

Computer Name: ANNE-PC | User Name: Anne | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 
 ========== Firewall Settings ==========

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM

"{021125D3-76FE-41CF-9022-ADB770265331}" = Catalyst Control Center - Branding

"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan

"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack

"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan

"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A

"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding

"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help

"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons

"{37AF26EB-ACCD-4F9C-A13E-81483F932203}" = Catalyst Control Center - Branding

"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers

"{3F30A2F3-6743-87BE-E995-018AA3F6EF4C}" = Catalyst Control Center Graphics Light

"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext

"{45DDEAF5-8204-EF3A-50A2-157ABC5DDE0D}" = Skins

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C4971B2-6C4E-7A90-03D4-0AC2561FF5CF}" = Catalyst Control Center Graphics Full Existing

"{4FBDA165-41F3-81C1-3C22-E172B48CCEDE}" = CCC Help English

"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10

"{6346E85F-1CA6-4AA9-9718-A3E8BFCB572A}" = Catalyst Control Center - Branding

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant

"{9B8E89C0-3908-11A4-C913-7C3230E9DE8B}" = ccc-core-static

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK 11n USB Wireless LAN Driver and Utility

"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp

"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{AECB9B0E-0876-635A-614B-D2EB6F518A61}" = ccc-utility

"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm

"{C1D20F09-C598-E94B-498E-5303F0336083}" = Catalyst Control Center Localization German

"{C349C10C-1474-4000-9073-9299856C8A70}" = Catalyst Control Center - Branding

"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D1335714-ADC6-236F-3F5B-1282062FD963}" = Catalyst Control Center Core Implementation

"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update

"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2

"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport

"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate

"{E7115335-0F9F-9429-23AC-32EEEC5248B5}" = CCC Help German

"{E83B7334-C0B5-1838-360A-56F08D448B5E}" = Catalyst Control Center Graphics Full New

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EEC437EC-722B-2494-5571-D10DFB8F52F0}" = ATI Catalyst Install Manager

"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax

"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery

"{F0263908-AEAB-C689-0E29-EF681E5C1B36}" = Catalyst Control Center InstallProxy

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL

"{F2C19209-8474-4BCB-89EC-AA0150C2B036}" = Catalyst Control Center - Branding

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"BitComet" = BitComet 1.29

"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter

"Broadcom Wireless Utility" = Broadcom Wireless Utility

"CCleaner" = CCleaner

"Convert Image To PDF_is1" = Convert Image To PDF

"DivX Setup" = DivX-Setup

"Free FLV Converter_is1" = Free FLV Converter V 7.4.0

"Free Studio_is1" = Free Studio version 5.3.5

"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.6.221

"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508

"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.2

"HP Imaging Device Functions" = HP Imaging Device Functions 8.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0

"HPExtendedCapabilities" = HP Customer Participation Program 8.0

"HPOCR" = HP OCR Software 8.0

"LG Internet Kit" = LG Internet Kit

"Marvell Miniport Driver" = Marvell Miniport Driver

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"PhotoScape" = PhotoScape

"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)

"Sweet Home 3D_is1" = Sweet Home 3D version 3.3

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Trojan Remover_is1" = Trojan Remover 6.8.4

"VLC media player" = VLC media player 2.0.3

"WinRAR archiver" = WinRAR 4.00 beta 3 (32-bit)

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 03.06.2012 23:48:14 | Computer Name = Anne-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 04.06.2012 01:50:12 | Computer Name = Anne-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 04.06.2012 01:52:03 | Computer Name = Anne-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 04.06.2012 04:27:16 | Computer Name = Anne-PC | Source = EventSystem | ID = 4622

Description = 

 

Error - 04.06.2012 04:27:16 | Computer Name = Anne-PC | Source = EventSystem | ID = 4621

Description = 

 

Error - 04.06.2012 07:33:13 | Computer Name = Anne-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 04.06.2012 07:38:09 | Computer Name = Anne-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 04.06.2012 07:40:03 | Computer Name = Anne-PC | Source = Application Hang | ID = 1002

Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr 

mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet

 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 

über das Problem zu suchen.  Prozess-ID: f20  Anfangszeit: 01cd42469313149e  Zeitpunkt

 der Beendigung: 10

 

Error - 04.06.2012 23:30:45 | Computer Name = Anne-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 04.06.2012 23:38:23 | Computer Name = Anne-PC | Source = WinMgmt | ID = 10

Description = 

 

[ Broadcom Wireless LAN Events ]

Error - 19.06.2012 07:01:57 | Computer Name = Anne-PC | Source = WLAN-Tray | ID = 0

Description = 13:01:57, Tue, Jun 19, 12 Error - Unable to gain access to user store
 

 

Error - 27.07.2012 07:20:08 | Computer Name = Anne-PC | Source = WLAN-Tray | ID = 0

Description = 13:20:07, Fri, Jul 27, 12 Error - Unable to gain access to user store
 

 

[ System Events ]

Error - 06.08.2012 03:34:04 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 06.08.2012 03:34:08 | Computer Name = Anne-PC | Source = WMPNetworkSvc | ID = 866293

Description = 

 

Error - 06.08.2012 03:36:06 | Computer Name = Anne-PC | Source = WMPNetworkSvc | ID = 866293

Description = 

 

Error - 06.08.2012 09:36:00 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7023

Description = 

 

Error - 06.08.2012 09:36:00 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7003

Description = 

 

Error - 06.08.2012 09:36:00 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7003

Description = 

 

Error - 06.08.2012 09:36:00 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7003

Description = 

 

Error - 06.08.2012 09:36:18 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 06.08.2012 09:36:20 | Computer Name = Anne-PC | Source = WMPNetworkSvc | ID = 866293

Description = 

 

Error - 06.08.2012 09:38:19 | Computer Name = Anne-PC | Source = WMPNetworkSvc | ID = 866293

Description = 

 

 

< End of report >

--- --- ---

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Combofix Logfile:

Code:

ComboFix 12-08-05.02 - Anne 06.08.2012  16:55:49.1.1 - x86

Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.2812.2120 [GMT 2:00]

ausgeführt von:: c:\users\Anne\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Anne\OOo_3.2.1_Win_x86_install-wJRE_de.exe

c:\users\Anne\videos\hamsterfreeburningstudio.exe

c:\users\Anne\videos\SoftonicDownloader_fuer_hamster-free-video-converter.exe

c:\windows\assembly\GAC\Desktop.ini

c:\windows\Installer\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\@

c:\windows\Installer\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\L\00000004.@

c:\windows\Installer\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\L\201d3dde

c:\windows\Installer\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\U\00000004.@

c:\windows\Installer\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\U\00000008.@

c:\windows\Installer\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\U\000000cb.@

c:\windows\Installer\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\U\80000000.@

c:\windows\Installer\{ad18cb55-f7f3-8e08-97c4-32e84acbbde4}\U\80000032.@

c:\windows\security\Database\tmp.edb

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\drivers\npf.sys

.

Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert 

Kopie von - c:\32788r22fwjfw\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe wurde wiederhergestellt 

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-07-06 bis 2012-08-06  ))))))))))))))))))))))))))))))

.

.

2012-08-06 15:03 . 2012-08-06 15:09        --------        d-----w-        c:\users\Anne\AppData\Local\temp

2012-08-06 15:03 . 2012-08-06 15:03        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-08-06 10:05 . 2012-08-06 10:05        --------        d-----w-        c:\program files\trend micro

2012-08-06 10:05 . 2012-08-06 10:05        --------        d-----w-        C:\rsit

2012-08-06 07:53 . 2012-08-06 07:53        --------        d-----w-        c:\users\Anne\AppData\Local\Macromedia

2012-08-04 09:08 . 2010-10-24 04:06        598528        ----a-w-        c:\windows\system32\ztv7z.dll

2012-08-04 09:08 . 2010-10-24 04:06        178176        ----a-w-        c:\windows\system32\ztvunrar39.dll

2012-08-04 09:08 . 2006-06-19 10:01        69632        ----a-w-        c:\windows\system32\ztvcabinet.dll

2012-08-04 09:08 . 2006-05-25 12:52        162304        ----a-w-        c:\windows\system32\ztvunrar36.dll

2012-08-04 09:08 . 2005-08-25 22:50        77312        ----a-w-        c:\windows\system32\ztvunace26.dll

2012-08-04 09:08 . 2003-02-02 17:06        153088        ----a-w-        c:\windows\system32\UNRAR3.dll

2012-08-04 09:08 . 2002-03-05 22:00        75264        ----a-w-        c:\windows\system32\unacev2.dll

2012-08-04 09:08 . 2012-08-04 09:08        --------        d-----w-        c:\program files\Trojan Remover

2012-08-04 09:08 . 2012-08-04 09:08        --------        d-----w-        c:\users\Anne\AppData\Roaming\Simply Super Software

2012-08-04 09:08 . 2012-08-04 09:08        --------        d-----w-        c:\programdata\Simply Super Software

2012-08-04 07:16 . 2012-08-04 07:16        --------        d-----w-        c:\users\Anne\AppData\Roaming\Malwarebytes

2012-08-04 07:15 . 2012-08-04 07:15        --------        d-----w-        c:\programdata\Malwarebytes

2012-08-04 07:00 . 2012-08-06 07:52        --------        d-----w-        c:\program files\Mozilla Maintenance Service

2012-08-03 11:25 . 2012-08-03 11:25        --------        d-sh--w-        c:\windows\system32\%APPDATA%

2012-08-03 10:22 . 2012-06-29 08:44        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4F2227D-C47A-4DF9-8A28-7A639C885809}\mpengine.dll

2012-07-23 16:32 . 2012-08-06 09:42        --------        d-----w-        c:\users\Anne\AppData\Roaming\vlc

2012-07-23 16:31 . 2012-07-23 16:31        --------        d-----w-        c:\program files\VideoLAN

2012-07-16 18:16 . 2012-08-02 17:32        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-07-16 10:14 . 2012-07-16 10:14        --------        d-----w-        c:\programdata\IBUpdaterService

2012-07-16 10:14 . 2012-07-16 10:15        635360        ----a-w-        c:\program files\Uninstall Information\ib_uninst_519\uninstall.exe

2012-07-16 10:13 . 2012-07-16 10:15        635360        ----a-w-        c:\program files\Uninstall Information\ib_uninst_518\uninstall.exe

2012-07-16 10:13 . 2012-07-16 10:12        635360        ----a-w-        c:\program files\Uninstall Information\ib_uninst_455\uninstall.exe

2012-07-15 06:15 . 2012-07-15 06:15        --------        d-----w-        c:\programdata\boost_interprocess

2012-07-14 17:02 . 2012-07-14 17:10        --------        d-----w-        c:\users\Anne\AppData\Roaming\Ashampoo

2012-07-14 17:02 . 2012-07-14 17:11        --------        d-----w-        c:\users\Anne\AppData\Local\ashampoo

2012-07-14 17:02 . 2012-07-14 17:02        --------        d-----w-        c:\programdata\ashampoo

2012-07-14 17:02 . 2012-07-15 10:06        --------        d-----w-        c:\program files\Ashampoo

2012-07-14 16:47 . 2012-07-14 16:47        --------        d-----w-        c:\users\Anne\AppData\Roaming\Nero

2012-07-14 16:47 . 2012-07-14 16:57        --------        d-----w-        c:\users\Anne\AppData\Local\Nero

2012-07-14 16:40 . 2012-07-14 16:47        --------        d-----w-        c:\programdata\Nero

2012-07-14 16:38 . 2010-05-26 09:41        248672        ----a-w-        c:\windows\system32\d3dx11_43.dll

2012-07-14 16:37 . 2009-09-04 15:29        1974616        ----a-w-        c:\windows\system32\D3DCompiler_42.dll

2012-07-14 16:37 . 2010-05-26 09:41        470880        ----a-w-        c:\windows\system32\d3dx10_43.dll

2012-07-14 16:36 . 2009-09-04 15:29        1892184        ----a-w-        c:\windows\system32\D3DX9_42.dll

2012-07-14 16:36 . 2010-05-26 09:41        1998168        ----a-w-        c:\windows\system32\D3DX9_43.dll

2012-07-14 16:35 . 2008-10-15 04:22        4379984        ----a-w-        c:\windows\system32\D3DX9_40.dll

2012-07-14 16:35 . 2010-05-26 09:41        1868128        ----a-w-        c:\windows\system32\d3dcsx_43.dll

2012-07-14 16:34 . 2007-07-19 16:14        3727720        ----a-w-        c:\windows\system32\d3dx9_35.dll

2012-07-14 16:34 . 2010-05-26 09:41        2106216        ----a-w-        c:\windows\system32\D3DCompiler_43.dll

2012-07-14 16:33 . 2007-05-16 14:45        3497832        ----a-w-        c:\windows\system32\d3dx9_34.dll

2012-07-14 15:43 . 2012-07-14 15:43        --------        d-----w-        c:\programdata\Freemake

2012-07-14 15:42 . 2012-07-14 15:43        --------        d-----w-        c:\program files\Freemake

2012-07-14 11:01 . 2012-02-15 12:51        360448        ----a-w-        c:\windows\system32\TubeFinder.exe

2012-07-14 11:01 . 2011-09-28 07:18        119568        ----a-w-        c:\windows\system32\VB6FR.DLL

2012-07-14 11:01 . 2011-09-28 07:18        101888        ----a-w-        c:\windows\system32\VB6STKIT.DLL

2012-07-14 11:00 . 2012-07-14 11:01        --------        d-----w-        c:\users\Anne\AppData\Roaming\FreeFLVConverter

2012-07-14 11:00 . 2012-07-14 11:01        --------        d-----w-        c:\program files\Free FLV Converter

2012-07-14 11:00 . 2011-09-28 07:18        9728        ----a-w-        c:\windows\system32\PCCLPFR.DLL

2012-07-14 11:00 . 2011-09-28 07:18        84512        ----a-w-        c:\windows\system32\PICCLP32.OCX

2012-07-14 11:00 . 2011-09-28 07:18        364544        ----a-w-        c:\windows\system32\PropertyGrid.ocx

2012-07-14 11:00 . 2011-09-28 07:18        32768        ----a-w-        c:\windows\system32\CMDLGFR.DLL

2012-07-14 11:00 . 2011-09-28 07:18        24576        ----a-w-        c:\windows\system32\ControlSubX.ocx

2012-07-14 11:00 . 2011-09-28 07:18        141312        ----a-w-        c:\windows\system32\MSCMCFR.DLL

2012-07-13 04:59 . 2012-07-13 04:59        --------        d-----w-        c:\program files\StreamTransport

2012-07-13 04:59 . 2009-10-27 17:31        3982240        ----a-w-        c:\windows\system32\Flash10d.ocx

2012-07-11 20:26 . 2012-06-13 13:40        2047488        ----a-w-        c:\windows\system32\win32k.sys

2012-07-11 11:49 . 2012-06-05 16:47        708608        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 11:49 . 2012-06-05 16:47        1401856        ----a-w-        c:\windows\system32\msxml6.dll

2012-07-11 11:49 . 2012-06-05 16:47        1248768        ----a-w-        c:\windows\system32\msxml3.dll

2012-07-11 11:49 . 2012-06-04 15:26        440704        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-07-11 11:49 . 2012-06-02 00:04        278528        ----a-w-        c:\windows\system32\schannel.dll

2012-07-11 11:49 . 2012-06-02 00:03        204288        ----a-w-        c:\windows\system32\ncrypt.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 17:32 . 2011-08-05 18:54        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 22:19 . 2012-06-22 07:20        53784        ----a-w-        c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 07:20        45080        ----a-w-        c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 07:20        35864        ----a-w-        c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 07:20        577048        ----a-w-        c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-22 07:20        1933848        ----a-w-        c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-22 07:20        2422272        ----a-w-        c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-22 07:20        88576        ----a-w-        c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-22 07:20        171904        ----a-w-        c:\windows\system32\wuwebv.dll

2012-06-02 13:12 . 2012-06-22 07:20        33792        ----a-w-        c:\windows\system32\wuapp.exe

2012-05-31 10:25 . 2010-12-10 16:14        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-07-14 00:15 . 2012-08-06 07:52        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

2006-05-03 10:06        163328        --sh--r-        c:\windows\System32\flvDX.dll

2007-02-21 11:47        31232        --sh--r-        c:\windows\System32\msfDX.dll

2008-03-16 13:30        216064        --sh--r-        c:\windows\System32\nbDX.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2010-12-10 4367360]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Anne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

path=c:\users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08        1259376        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-10 20:52        49152        ----a-w-        c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

2008-04-15 12:51        488752        ----a-w-        c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-11 06:28        1233920        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 14:07        2260480        --sha-r-        c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]

2009-04-11 06:28        2153472        ----a-w-        c:\windows\System32\oobefldr.dll

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr

bthsvcs        REG_MULTI_SZ           BthServ

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 17:32]

.

2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-24 05:55]

.

2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-24 05:55]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

IE: Free YouTube Download - c:\users\Anne\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\users\Anne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.2.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

FF - ProfilePath - c:\users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\q05e5wce.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-10 - (no file)

WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)

HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe

MSConfigStartUp-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe

MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel

AddRemove-Convert Image To PDF_is1 - c:\program files\Softinterface

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-08-06 17:09

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Hpservice.exe

c:\program files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE

c:\program files\Broadcom\Broadcom 802.11\bcmwltry.exe

c:\program files\LSI SoftModem\agrsmsvc.exe

c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

c:\program files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe

c:\program files\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe

c:\program files\Spybot - Search & Destroy\SDWinSec.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\conime.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\servicing\TrustedInstaller.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-08-06  17:14:56 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-08-06 15:14

.

Vor Suchlauf: 12 Verzeichnis(se), 49.268.346.880 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 49.614.401.536 Bytes frei

.

- - End Of File - - 10F6614E41E582D55A2ED5A13BC2EB65

--- --- ---

sorry für die wartezeit!
du hast das zero access rootkit.
wenn du onlinebanking machst, lasse es sperren, alle passwörter am ende endern.
da dieses rootkit nicht 100 %ig sicher bereinigt werden kann:
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf nen externen datenträger: http://www.trojaner-board.de/82533-d...ted-magic.html
Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neu instalieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
recovery cd oder recovery partition.
falls dies ein fertig pc ist, nenne hersteller + typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.