Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ärger mit Antimaleware Doctor! (https://www.trojaner-board.de/87658-aerger-antimaleware-doctor.html)

tina_084 30.06.2010 06:09
Ärger mit Antimaleware Doctor!
 
Hallo Liebes Trojaner Board

Ich bin hier zum ersten mal in einem Forum unterwegs und kenne mich leider in solch dingen nicht aus. Ich wurde zum Opfer von Antimaleware Doctor und habe jetzt sämtliche Punkte wie Malwarebytes-Anti-Malware, CCleaner, RSIT - Randoms System Information Tool und OTL - Systemscan durchgeführt.

Beim ersten mal von Malwarebytes-Anti-Malware wurden noch Fehler gefunden die ich aber mit einem 2 Durchlauf beheben konnte.
Da ich mich mit diesen ganzen Fachausdrücken hier leider nicht auskenne schick ich jetzt diese ganzen Dinge die ich angesammelt habe einfach mal mit dazu.

Hier sind die 2 Reports von Malwarebytes-Anti-Maleware

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4259

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

30.06.2010 05:23:27
mbam-log-2010-06-30 (05-23-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 143493
Laufzeit: 42 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Users\tina\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qnb2eb90wx (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\halo2 (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Users\tina\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\tina\AppData\Local\Temp\emrcowxsan.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\tina\AppData\Local\Temp\xcwraenmso.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\tina\AppData\Local\Temp\Jgz.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Users\tina\AppData\Local\Temp\Jg2.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\tina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\tina\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\tina\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


Hier ist der 2te:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4259

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

30.06.2010 05:56:25
mbam-log-2010-06-30 (05-56-25).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 143169
Laufzeit: 16 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Dann habe ich diese Dinge noch:


info.txtRSIT Logfile:
Code:
logfile of random's system information tool 1.06 2010-06-30 06:16:31

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x7
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70900000002}
AIM-->C:\Program Files\AIM6\uninst.exe
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\Setup.exe" -l0x7
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avidemux 2.5-->C:\Program Files\Avidemux 2.5\uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Browser Defender 2.0.6.15-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{22543949-70E8-45D0-A938-F38143EB8BF8}
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x7
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
DeskScapes (Free)-->"C:\Program Files\Stardock\Object Desktop\DeskScapes\UninstHelper.exe" /autouninstall dksw
DivX Converter-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x7
Emdedded IR Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{A6D4234C-CB02-4048-AC3E-AD09404FA35A}
File Uploader-->MsiExec.exe /X{237CD223-1B9D-47E8-A76C-E478B83CCEA2}
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)-->C:\Program Files\MAGIX\Common\Database\uninstall.exe
Free Studio version 4.6-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
Free Video to iPod Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free Video to iPod Converter\unins000.exe"
Free Video to JPG Converter version 1.4-->"C:\Program Files\DVDVideoSoft\Free Video to JPG Converter\unins000.exe"
Free YouTube Download 2.2-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
Gimp 2.6.2 Debug-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
Hervorhebe-Funktion (Windows Live Toolbar)-->MsiExec.exe /X{00D0200F-3B4D-4A2F-869E-533ED835A943}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Eyetoy Webcam-->C:\Windows\CleanDev.exe C:\Windows\ov519.TXT
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.43-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe /X
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Photo Collage 2.06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D42CBBC-2089-44AB-8021-369DDB962816}\Setup.exe"
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly
Roll-->C:\Windows\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Security Update for Windows Media Encoder (KB979332)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={950E24CA-CA7E-4606-8F0D-DEDBC94F2A1E} /qb
Shape Collage-->C:\Program Files\Shape Collage\uninstall.exe
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins001.exe /LOG
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0407
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x7
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0007 uninstall -removeonly
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0407
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1031
Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Supervisorkennwort-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1031
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0407
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Uniblue RegistryBooster 2010-->"C:\Program Files\Uniblue\RegistryBooster\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Veoh Player-->C:\Program Files\InstallShield Installation Information\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}\setup.exe -runfromtemp -l0x0409
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Video Download Capture V2.2.9-->"C:\Program Files\Apowersoft\Video Download Capture\unins000.exe"
ViewNX-->MsiExec.exe /X{F007CBCE-D714-4C0B-8CE9-9B0D78116468}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Family Safety-->MsiExec.exe /X{994223F3-A99B-4DDD-9E1D-0190A17C6860}
Windows Live Fotogalerie-->MsiExec.exe /X{2BA722D1-48D1-406E-9123-8AE5431D63EF}
Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live Movie Maker-->MsiExec.exe /X{3EFEF049-23D4-4B46-8903-4592FEA51018}
Windows Live Sync-->MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC}
Windows Live Toolbar-->MsiExec.exe /X{70B7A167-0B88-445D-A3EA-97C73AA88CAC}
Windows Live Toolbar-Erweiterung (Windows Live Toolbar)-->MsiExec.exe /X{218761F6-CBF6-4973-B910-A33E6563A1EA}
Windows Live Writer-->MsiExec.exe /X{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: Norton Internet Security (outdated)
FW: Norton Internet Security (disabled)
AS: Windows-Defender
AS: Norton Internet Security (outdated)

======System event log======

Computer Name: tina-PC
Event Code: 43034
Message: Unknown EDID version
Record Number: 341635
Source Name: atikmdag
Time Written: 20100513163231.593264-000
Event Type: Fehler
User:

Computer Name: tina-PC
Event Code: 43034
Message: Unknown EDID version
Record Number: 341636
Source Name: atikmdag
Time Written: 20100513163231.593264-000
Event Type: Fehler
User:

Computer Name: tina-PC
Event Code: 43034
Message: Unknown EDID version
Record Number: 341637
Source Name: atikmdag
Time Written: 20100513163231.608864-000
Event Type: Fehler
User:

Computer Name: tina-PC
Event Code: 7036
Message: Dienst "\Device\NDMP5" befindet sich jetzt im Status "Intel(R) Wireless WiFi Link 4965AGN".
Record Number: 341638
Source Name: NETw4v32
Time Written: 20100513163232.139268-000
Event Type: Informationen
User:

Computer Name: tina-PC
Event Code: 6
Message: Der Dateisystemfilter "eeCtrl" (6.0, 2007-03-29T01:51:40.000Z) wurde erfolgreich geladen und im Filter-Manager registriert.
Record Number: 341639
Source Name: Microsoft-Windows-FilterManager
Time Written: 20100513163236.975299-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: tina-PC
Event Code: 5617
Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.
Record Number: 17224
Source Name: Microsoft-Windows-WMI
Time Written: 20100630033122.000000-000
Event Type: Informationen
User:

Computer Name: tina-PC
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 17225
Source Name: SecurityCenter
Time Written: 20100630033143.000000-000
Event Type: Informationen
User:

Computer Name: tina-PC
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 17226
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20100630033209.515410-000
Event Type: Informationen
User: tina-PC\tina

Computer Name: tina-PC
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 17227
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20100630033210.959410-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: tina-PC
Event Code: 4113
Message: AntiVir erkannte in der Datei C:\Users\tina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALT03BFT\070700Setup[1].exe verdächtigen Code mit der Bezeichnung 'TR/FakeAV.WZ'!
Record Number: 17228
Source Name: Avira AntiVir
Time Written: 20100630035950.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

=====Security event log=====

Computer Name: tina-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:        \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys       
Record Number: 30132
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100630041623.016410-000
Event Type: Überwachung gescheitert
User:

Computer Name: tina-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:        \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys       
Record Number: 30133
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100630041623.113410-000
Event Type: Überwachung gescheitert
User:

Computer Name: tina-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:        \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys       
Record Number: 30134
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100630041623.203410-000 begin_of_the_skype_highlighting**************03410-000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************03410-000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************03410-000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************03410-000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************03410-000******end_of_the_skype_highlighting
Event Type: Überwachung gescheitert
User:

Computer Name: tina-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:        \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys       
Record Number: 30135
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100630041623.292410-000
Event Type: Überwachung gescheitert
User:

Computer Name: tina-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:        \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys       
Record Number: 30136
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100630041623.381410-000
Event Type: Überwachung gescheitert
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------
--- --- ---

RSIT Logfile:
Code:
Logfile of random's system information tool 1.07 (written by random/random)
Run by tina at 2010-06-30 06:15:43
Microsoft® Windows Vista™ Home Premium  Service Pack 1
System drive C: has 23 GB (30%) free of 76 GB
Total RAM: 2046 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:16:24, on 30.06.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Users\tina\AppData\Local\Temp\Jg0.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\TODDSrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\tina\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Users\tina\Downloads\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\tina.exe
C:\Users\tina\AppData\Local\Temp\Jg0.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://googel.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\tina\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Free YouTube Download - C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 15423 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Klick-Wartung.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1385651174-3466209547-3797894211-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1385651174-3466209547-3797894211-1000UA.job
C:\Windows\tasks\Norton Security Scan for tina.job
C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2010-05-07 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-12 96936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-08 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-01-12 607888]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-09-26 352256]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2010-05-07 666816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352]
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-22 438272]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]
"IS CfgWiz"=C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe [2007-01-12 431752]
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-04-02 577536]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-06-13 4489216]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-29 411192]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-05-23 509496]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744]
"NDSTray.exe"=NDSTray.exe []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-08 894512]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-11-18 1243088]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"Nikon Transfer Monitor"=C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-09-30 485208]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"TOSCDSPD"=TOSCDSPD.EXE []
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-10-16 4347120]
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-09-26 3660848]
""= []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-05-13 26192168]
"Google Update"=C:\Users\tina\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 133104]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll [2009-02-25 103728]
Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll [2009-02-25 87368]
StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll [2009-02-25 591176]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f32a383-126d-11df-9d59-001b38aaa491}]
shell\AutoRun\command - D:\pccompanion\Startme.exe
shell\menu1\command - D:\pccompanion\Startme.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5b4b2d7-f260-11de-9020-001b38aaa491}]
shell\AutoRun\command - D:\Menu.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-06-30 06:15:44 ----D---- C:\Program Files\trend micro
2010-06-30 06:15:43 ----D---- C:\rsit
2010-06-30 05:27:40 ----D---- C:\Program Files\CCleaner
2010-06-30 04:31:57 ----D---- C:\Users\tina\AppData\Roaming\Malwarebytes
2010-06-30 04:31:26 ----D---- C:\ProgramData\Malwarebytes
2010-06-30 04:31:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-30 03:44:57 ----D---- C:\Users\tina\AppData\Roaming\77457351CEDACC397BF3AB444E9CE7AA
2010-06-26 12:04:56 ----D---- C:\Program Files\Microsoft.NET
2010-06-25 12:00:46 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-25 12:00:46 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-25 12:00:46 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-25 12:00:46 ----A---- C:\Windows\system32\mscoree.dll
2010-06-25 12:00:46 ----A---- C:\Windows\system32\dfshim.dll
2010-06-25 05:02:52 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-06-25 05:02:51 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-06-13 18:47:37 ----D---- C:\Program Files\Common Files\Skype
2010-06-13 18:42:36 ----D---- C:\Users\tina\AppData\Roaming\Uniblue
2010-06-13 18:26:05 ----D---- C:\Program Files\Uniblue
2010-06-13 18:21:34 ----D---- C:\Users\tina\AppData\Roaming\GrabPro
2010-06-13 18:21:34 ----D---- C:\downloads
2010-06-13 18:21:22 ----D---- C:\Users\tina\AppData\Roaming\OpenCandy
2010-06-13 18:21:17 ----D---- C:\Users\tina\AppData\Roaming\Orbit
2010-06-13 18:21:17 ----D---- C:\Program Files\Orbitdownloader
2010-06-13 15:35:37 ----D---- C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers
2010-06-11 19:18:57 ----SHD---- C:\found.000
2010-06-11 12:09:14 ----SHD---- C:\Config.Msi
2010-06-10 23:05:55 ----A---- C:\Windows\system32\mshtml.dll
2010-06-10 23:05:49 ----A---- C:\Windows\system32\ieframe.dll
2010-06-10 23:05:48 ----A---- C:\Windows\system32\iertutil.dll
2010-06-10 23:05:45 ----A---- C:\Windows\system32\urlmon.dll
2010-06-10 23:05:43 ----A---- C:\Windows\system32\wininet.dll
2010-06-10 23:05:41 ----A---- C:\Windows\system32\msfeeds.dll
2010-06-10 23:05:39 ----A---- C:\Windows\system32\occache.dll
2010-06-10 23:05:38 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-10 23:05:37 ----A---- C:\Windows\system32\mstime.dll
2010-06-10 23:05:29 ----A---- C:\Windows\system32\ieui.dll
2010-06-10 23:05:27 ----A---- C:\Windows\system32\iepeers.dll
2010-06-10 23:05:23 ----A---- C:\Windows\system32\ieUnatt.exe
2010-06-10 23:05:20 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-06-10 23:05:19 ----A---- C:\Windows\system32\iesysprep.dll
2010-06-10 23:05:16 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-10 23:05:14 ----A---- C:\Windows\system32\ie4uinit.exe
2010-06-10 23:05:12 ----A---- C:\Windows\system32\msfeedssync.exe
2010-06-10 23:05:11 ----A---- C:\Windows\system32\iesetup.dll
2010-06-10 23:05:10 ----A---- C:\Windows\system32\iernonce.dll
2010-06-10 14:33:16 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-10 14:28:48 ----A---- C:\Windows\system32\atmfd.dll
2010-06-10 14:28:45 ----A---- C:\Windows\system32\atmlib.dll
2010-06-10 14:23:21 ----A---- C:\Windows\system32\quartz.dll

======List of files/folders modified in the last 1 months======

2010-06-30 06:16:19 ----D---- C:\Program Files\Spyware Doctor
2010-06-30 06:16:17 ----D---- C:\Windows\Temp
2010-06-30 06:16:14 ----D---- C:\Windows\system32\Tasks
2010-06-30 06:16:13 ----D---- C:\Windows\Tasks
2010-06-30 06:15:44 ----RD---- C:\Program Files
2010-06-30 06:04:02 ----D---- C:\Windows\Debug
2010-06-30 06:04:02 ----D---- C:\Windows
2010-06-30 05:49:32 ----AD---- C:\ProgramData\TEMP
2010-06-30 05:30:30 ----SHD---- C:\Windows\Installer
2010-06-30 05:30:30 ----D---- C:\Windows\system32\drivers
2010-06-30 04:31:26 ----HD---- C:\ProgramData
2010-06-29 23:20:20 ----D---- C:\Windows\System32
2010-06-29 23:20:20 ----D---- C:\Windows\inf
2010-06-29 23:20:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-29 22:37:44 ----D---- C:\Windows\Prefetch
2010-06-29 12:13:46 ----SHD---- C:\System Volume Information
2010-06-29 11:46:20 ----D---- C:\Windows\system32\catroot
2010-06-29 02:11:52 ----D---- C:\Windows\system32\catroot2
2010-06-28 01:20:34 ----D---- C:\Program Files\Mozilla Firefox
2010-06-26 12:23:17 ----D---- C:\Windows\Microsoft.NET
2010-06-26 12:23:16 ----RSD---- C:\Windows\assembly
2010-06-26 12:14:02 ----D---- C:\Windows\system32\de-DE
2010-06-26 12:05:20 ----D---- C:\Windows\system32\en-US
2010-06-25 12:20:09 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-25 12:18:32 ----D---- C:\Windows\AppPatch
2010-06-25 12:02:31 ----D---- C:\Windows\winsxs
2010-06-25 04:44:17 ----SD---- C:\ProgramData\Microsoft
2010-06-14 02:06:41 ----D---- C:\Users\tina\AppData\Roaming\dvdcss
2010-06-14 00:14:11 ----D---- C:\Users\tina\AppData\Roaming\gtk-2.0
2010-06-13 23:42:17 ----D---- C:\Users\tina\AppData\Roaming\Skype
2010-06-13 18:47:37 ----D---- C:\Program Files\Common Files
2010-06-13 18:43:38 ----D---- C:\Users\tina\AppData\Roaming\skypePM
2010-06-13 15:42:17 ----D---- C:\Users\tina\AppData\Roaming\DivX
2010-06-13 15:35:27 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-06-11 19:13:18 ----D---- C:\Windows\system32\wbem
2010-06-11 19:13:15 ----D---- C:\Program Files\Windows Mail
2010-06-11 19:13:15 ----D---- C:\Program Files\Internet Explorer
2010-06-11 19:13:14 ----D---- C:\Windows\system32\migration
2010-06-11 12:03:25 ----HD---- C:\Windows\msdownld.tmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2009-05-28 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-28 75096]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2007-06-19 389432]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-01-11 25400]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-09 191544]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-21 2600960]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2009-05-28 52056]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-06-19 106808]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-06-12 1787816]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070619.036\NAVENG.SYS [2007-06-19 77688]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070619.036\NAVEX15.SYS [2007-06-19 852824]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-26 2216448]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-01-11 247608]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-04-16 115000]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-06-08 187448]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 athr;Atheros Extensible Drahtlos-LAN-Gerätetreiber; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-28 212280]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 ovt519;%USB\vid_054c&pid_0154.DeviceDesc%; C:\Windows\System32\Drivers\ov519vid.sys [2003-10-15 174530]
S3 RimUsb;BlackBerry-Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-04-16 22784]
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-01-03 417592]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-01-11 276792]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
S4 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-06-21 606208]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-10 554616]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-11-12 71096]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-08-28 604488]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-01 1043784]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-04-16 1174664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 fsssvc;Windows Live Family Safety-Dienst; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton Internet Security\isPwdSvc.exe [2007-01-14 80504]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-01-10 2918008]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-02-05 435016]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
--- --- ---



Ist jetzt alles in Ordnung und habe ich alles soweit richtig gemacht?
Ich bin in solch Dingen sehr ängstlich also bitte helft mir weiter!
Ist mein Laptop jetzt wieder in Ordnung oder muss ich mit weiteren Dingen rechnen?
Bitte schaut euch mal die Werte an, die OTL Werte habe ich auch noch leider ist der Text zu lang.

Vielen Dank schon einmal im Vorraus

tina_084 30.06.2010 06:43
Hier sind noch die OTL´s



OTL Logfile:
Code:
OTL logfile created on: 30.06.2010 06:29:16 - Run 1
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\tina\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 22,06 Gb Free Space | 29,73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 73,36 Gb Total Space | 73,27 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TINA-PC
Current User Name: tina
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\tina\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\tina\AppData\Local\Temp\Jg0.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\tina\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Programme\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\tina\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TOSHIBA Bluetooth Service) --  File not found
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070619.036\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070619.036\NAVENG.SYS (Symantec Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys (Symantec Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://googel.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://googel.de/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..keyword.URL: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.04.08 09:10:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.28 01:20:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.28 01:20:33 | 000,000,000 | ---D | M]
 
[2008.11.03 20:34:30 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\mozilla\Extensions
[2010.06.29 18:18:52 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\mxthdeqh.default\extensions
[2009.09.13 16:55:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\mxthdeqh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.13 15:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\mxthdeqh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.04.13 16:50:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\mxthdeqh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.13 18:56:55 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\mxthdeqh.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.04.02 23:24:21 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\mxthdeqh.default\extensions\moveplayer@movenetworks.com
[2008.11.03 20:34:57 | 000,000,000 | ---D | M] -- C:\Users\tina\AppData\Roaming\mozilla\Firefox\Profiles\mxthdeqh.default\extensions\toolbar_extras@de.yahoo.com
[2009.01.05 23:50:09 | 000,000,681 | ---- | M] () -- C:\Users\tina\AppData\Roaming\Mozilla\FireFox\Profiles\mxthdeqh.default\searchplugins\ask.xml
[2010.06.25 04:44:52 | 000,000,944 | ---- | M] () -- C:\Users\tina\AppData\Roaming\Mozilla\FireFox\Profiles\mxthdeqh.default\searchplugins\icqplugin.xml
[2009.02.15 14:14:12 | 000,001,632 | ---- | M] () -- C:\Users\tina\AppData\Roaming\Mozilla\FireFox\Profiles\mxthdeqh.default\searchplugins\live-search.xml
[2010.06.13 18:48:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.02.15 01:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.13 18:48:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008.11.03 20:34:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2010.03.18 00:31:06 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.18 00:31:06 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.18 00:31:06 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.18 00:31:06 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.18 00:31:06 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [TOSCDSPD]  File not found
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} -  File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll -  File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Programme\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Programme\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Programme\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\tina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\tina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0f32a383-126d-11df-9d59-001b38aaa491}\Shell\AutoRun\command - "" = D:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{0f32a383-126d-11df-9d59-001b38aaa491}\Shell\menu1\command - "" = D:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{e5b4b2d7-f260-11de-9020-001b38aaa491}\Shell\AutoRun\command - "" = D:\Menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.30 06:15:44 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.06.30 06:15:43 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.30 05:27:40 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.06.30 04:31:57 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\Malwarebytes
[2010.06.30 04:31:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.30 04:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.30 04:31:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.30 04:31:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.30 03:44:57 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\77457351CEDACC397BF3AB444E9CE7AA
[2010.06.26 12:04:56 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.06.26 00:10:28 | 000,000,000 | ---D | C] -- C:\Users\tina\Desktop\Filmcher
[2010.06.25 12:00:46 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.25 12:00:46 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.25 12:00:46 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.25 05:02:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.06.25 05:02:51 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.06.13 18:47:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.06.13 18:42:36 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\Uniblue
[2010.06.13 18:26:05 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2010.06.13 18:21:34 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\GrabPro
[2010.06.13 18:21:34 | 000,000,000 | ---D | C] -- C:\downloads
[2010.06.13 18:21:31 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Local\OpenCandy
[2010.06.13 18:21:22 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\OpenCandy
[2010.06.13 18:21:17 | 000,000,000 | ---D | C] -- C:\Programme\Orbitdownloader
[2010.06.13 18:21:17 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\Orbit
[2010.06.13 15:35:37 | 000,000,000 | ---D | C] -- C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.11 19:18:57 | 000,000,000 | -HSD | C] -- C:\found.000
[2010.06.11 12:09:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.10 23:05:41 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.10 23:05:38 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.10 23:05:37 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.10 23:05:34 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.06.10 23:05:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.06.10 23:05:27 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.10 23:05:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.10 23:05:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.06.10 23:05:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.06.10 23:05:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.10 23:05:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.06.10 23:05:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.06.10 23:05:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.06.10 23:05:10 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.06.10 23:05:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.10 14:33:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.10 14:28:48 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.10 14:28:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.10 14:23:21 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.06.10 14:20:09 | 002,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.30 06:35:36 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.06.30 06:35:32 | 004,194,304 | ---- | M] () -- C:\Users\tina\NTUSER.DAT
[2010.06.30 06:21:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1385651174-3466209547-3797894211-1000UA.job
[2010.06.30 06:03:33 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.06.30 05:31:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.30 05:31:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.30 05:30:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.30 05:30:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.30 05:29:13 | 000,524,288 | -HS- | M] () -- C:\Users\tina\NTUSER.DAT{cc25eced-0eaa-11de-803e-001b38aaa491}.TMContainer00000000000000000001.regtrans-ms
[2010.06.30 05:29:13 | 000,065,536 | -HS- | M] () -- C:\Users\tina\NTUSER.DAT{cc25eced-0eaa-11de-803e-001b38aaa491}.TM.blf
[2010.06.30 05:29:09 | 002,950,029 | -H-- | M] () -- C:\Users\tina\AppData\Local\IconCache.db
[2010.06.30 05:27:42 | 000,000,809 | ---- | M] () -- C:\Users\tina\Desktop\CCleaner.lnk
[2010.06.30 05:21:02 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1385651174-3466209547-3797894211-1000Core.job
[2010.06.30 04:31:35 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.29 23:22:31 | 000,002,042 | ---- | M] () -- C:\Users\tina\Desktop\Google Chrome.lnk
[2010.06.29 23:21:47 | 000,037,888 | ---- | M] () -- C:\Users\tina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.29 23:21:07 | 000,163,808 | ---- | M] () -- C:\Users\tina\Desktop\IMG00344-20100629-1345.jpg
[2010.06.29 23:20:20 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.29 23:20:20 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.29 23:20:20 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.29 23:20:20 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.29 23:20:20 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.28 22:28:46 | 000,000,556 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for tina.job
[2010.06.25 04:30:03 | 000,001,356 | ---- | M] () -- C:\Users\tina\AppData\Local\d3d9caps.dat
[2010.06.14 00:15:32 | 000,003,361 | ---- | M] () -- C:\Users\tina\.recently-used.xbel
[2010.06.13 18:26:09 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010.06.13 18:21:32 | 000,000,853 | ---- | M] () -- C:\Users\tina\Desktop\Orbit.lnk
[2010.06.13 15:35:27 | 000,001,037 | ---- | M] () -- C:\Users\tina\Desktop\DVDVideoSoft Free Studio.lnk
[2010.06.11 19:26:13 | 000,253,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.30 05:27:42 | 000,000,809 | ---- | C] () -- C:\Users\tina\Desktop\CCleaner.lnk
[2010.06.30 04:31:35 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.30 03:45:46 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.06.29 23:20:31 | 000,163,808 | ---- | C] () -- C:\Users\tina\Desktop\IMG00344-20100629-1345.jpg
[2010.06.14 00:15:32 | 000,003,361 | ---- | C] () -- C:\Users\tina\.recently-used.xbel
[2010.06.13 19:30:37 | 735,070,208 | ---- | C] () -- C:\Users\tina\Documents\s0incx482h8pj.avi
[2010.06.13 18:26:09 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010.06.13 18:21:32 | 000,000,853 | ---- | C] () -- C:\Users\tina\Desktop\Orbit.lnk
[2010.02.05 19:50:09 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010.02.05 19:50:09 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.02.05 17:13:21 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.11.05 00:22:16 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008.11.05 00:22:16 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007.07.12 10:54:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.07.12 10:45:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.07.12 10:45:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.07.12 10:45:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.07.12 10:45:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.07.12 10:45:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.07.12 10:45:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.07.12 10:26:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007.04.16 08:35:21 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.04.16 08:02:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.04.16 07:26:26 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.04.16 07:26:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.04.16 07:26:26 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.04.16 07:26:26 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.04.16 07:23:35 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.04.16 06:38:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.11.23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
--- --- ---




OTL Logfile:
Code:
OTL Extras logfile created on: 30.06.2010 06:29:16 - Run 1
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\tina\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 22,06 Gb Free Space | 29,73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 73,36 Gb Total Space | 73,27 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TINA-PC
Current User Name: tina
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0703E83B-A382-4FD5-BEF4-0279D6CB353D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2BC7FA48-69DF-4B7E-9566-28FDF6592B44}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E15C971-5E7B-4AB7-8A80-8EBD358E22F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58CE0D29-40E5-42EE-9302-2032A441F246}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{61C5CF5C-49C4-4701-A913-3DB1FAC23E53}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6E48653B-1F8F-4FA2-A3C1-06794492983A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{77DD2917-2E79-4B16-8EC9-7B30AEC81A62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{94D12056-B782-4965-9967-8CC082EFD767}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCADCD43-B683-49B7-AC93-4340178E205B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F4063DD6-A794-447E-BE24-81D9A9216DB1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C68674-E096-4D4F-BD18-EA6BD8975FBD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{19AB907F-9A75-4619-B4F3-C7B5D4EEB7B4}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2D2B6491-6C0A-4712-AB07-1FAAE667E7B2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{43535977-42B4-4947-BDCB-ED75DC572746}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6A7FC144-E9A6-4B90-88A5-8CEE0630C15A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{998189EE-9759-49CE-87C9-1A8643B26848}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B37C479E-704A-4C98-A0D4-571D6A2B8D0A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{DD54AC42-97C5-433B-8F26-9A54F2EAFEC3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E9A7B6D4-CB0C-4A30-A0D1-87A69BE8D82C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"TCP Query User{46FEA9F7-8385-4C5D-864D-F3A4CEB57AD5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B07EF5B5-585C-497A-9EE7-AFE65024583A}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{B60BB155-8A60-42DA-B6C8-49B51DEA3C26}C:\program files\hasbro interactive\rollercoaster tycoon\rct.icd" = protocol=6 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon\rct.icd |
"TCP Query User{BBF07853-C291-4F64-8078-48B2F91FA7F8}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{F1165E53-1BC1-42CE-A1B0-AB6CC80BEBDE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{FAE63C13-4D90-4E76-A0A9-F6F97986AAFC}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{0BB68CFC-11E2-40D8-9FE5-07E7699766B4}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{1B84D2E3-4218-41E4-BE5F-E3B2201BA3F4}C:\program files\hasbro interactive\rollercoaster tycoon\rct.icd" = protocol=17 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon\rct.icd |
"UDP Query User{51C44DB3-ED57-4D12-A4D1-1E22F1E9AB67}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{64AAEE2C-52F1-4950-BA2D-88EC51B0E3FD}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{A7DD4D36-6967-4CC7-B03F-A61C770A9BD4}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{ED2DF50D-1C3F-48AA-A43A-D7D77E5734A5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00004EE8-1E8B-BB10-6588-07DF0D120F6B}" = CCC Help Korean
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{02E107FC-1861-FC4A-E80F-07DA9DC5808C}" = Catalyst Control Center Graphics Previews Vista
"{03C55715-3545-2DF8-8C64-2BB877955150}" = Catalyst Control Center Localization Chinese Traditional
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0755396F-D048-8CDD-6AC3-C7C83A6869B5}" = CCC Help Czech
"{08B7B1F9-A8EB-7632-FFC3-04AB5328143B}" = CCC Help Chinese Standard
"{09F52B2B-8B36-130C-5EBD-6E5FFC5FA0B7}" = CCC Help English
"{0E1C53DA-DF86-845A-7BEB-14C4A8E0B150}" = Catalyst Control Center Localization Korean
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15B924BC-AEB2-7E31-F414-1FC7B385846A}" = CCC Help Greek
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20CFE038-F4CE-0716-DCA0-04BBD67FE5EA}" = CCC Help Turkish
"{2126F5BB-AB90-083F-7AA8-A29D73819DAA}" = CCC Help French
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 15
"{26E6EA50-532C-8CF3-5EB4-8C8D306EAB58}" = Catalyst Control Center Localization Polish
"{27CD3616-D3B0-834C-89A3-4FC5CEE7374D}" = Catalyst Control Center Graphics Full Existing
"{28912B61-0265-3C33-7EC7-14345AC76E3D}" = CCC Help Hungarian
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D06C1FE-8454-5663-D0E9-1C130FD96446}" = Catalyst Control Center Localization Norwegian
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{30F9E15A-EE25-6D32-62CE-2E6BEAED3766}" = CCC Help Italian
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{342A19C7-3335-C02F-F1DD-3A0B49C3D047}" = Catalyst Control Center Localization Greek
"{34EF4F67-A3CE-DAB6-FA06-7C4C59A0D462}" = Catalyst Control Center Localization Swedish
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture V2.2.9
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3CE22BE4-E2D3-F0E8-1C52-1B5A5F97B876}" = Catalyst Control Center Localization Turkish
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{400F4990-B111-109A-6B08-E80CB42651AA}" = Catalyst Control Center Localization Danish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{44479884-EB6D-38DA-1D3E-835625E40F7E}" = Catalyst Control Center Graphics Previews Common
"{480CA9F1-17E2-0B15-9684-511C0A083F92}" = Catalyst Control Center Localization Thai
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F31172C-2692-BB28-8F5B-86474CEC5D33}" = Catalyst Control Center Localization Chinese Standard
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54AAFB71-6DCB-32EB-8F91-DA7643497ED4}" = Catalyst Control Center Localization Spanish
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5D1CB0EC-0CA2-B4FD-2A10-2503A3CF7E46}" = Catalyst Control Center Localization Italian
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EFE618D-0100-6DE7-9894-5FD057103871}" = Catalyst Control Center Core Implementation
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63D10FBD-5667-DAD9-0B31-CED873B3F7EF}" = Catalyst Control Center Graphics Light
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7936153F-8D09-BC11-6DC4-1D4DEAB9D680}" = CCC Help Thai
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{816B8A02-76F0-AE47-E28F-0AD114CC261E}" = CCC Help Polish
"{82AB4F83-BBBA-8F04-EE34-11F74E39A4B6}" = Catalyst Control Center Localization German
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{86158699-F584-0DC9-119D-C5A6591090FB}" = CCC Help Chinese Traditional
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D42CBBC-2089-44AB-8021-369DDB962816}" = Photo Collage 2.06
"{920E3F1A-0B73-807D-EE0E-E6D89D4E5DDE}" = Catalyst Control Center Localization Dutch
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{985AF15E-776F-3CDD-EB92-2DAFF02697FB}" = Skins
"{98CE747E-4948-10B0-BBF0-5981A11114D1}" = Catalyst Control Center Localization Hungarian
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{99F54171-AE4A-579B-1544-5870478FC8F7}" = Catalyst Control Center Graphics Full New
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1BAD23B-748C-50FD-CCA9-956C3F54D138}" = CCC Help German
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{ABD82299-8034-4B44-4FDB-3F8971C20575}" = CCC Help Finnish
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{ACE07E37-A416-9A6B-D352-C776FFA49493}" = CCC Help Spanish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2AEC44B-F926-773D-D028-77CADEF8D9D3}" = CCC Help Norwegian
"{B537ACDB-7C56-83B6-034C-A5AF6400F789}" = CCC Help Swedish
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B8AB4511-EECC-9299-45B3-F25F4774F6F2}" = CCC Help Russian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD75C1A0-F0ED-B54A-B49C-3244B47BA803}" = ccc-utility
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6317675-96CC-D2AE-40F2-698F3DED64B4}" = CCC Help Portuguese
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7FAEA9E-A14C-D8C9-EEE9-8D43F9E09565}" = Catalyst Control Center Localization Czech
"{CC35C434-FFC8-BDD8-44F0-ED0972484C56}" = CCC Help Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D646CA8B-5227-1598-5E9C-132B2D89A38D}" = Catalyst Control Center Localization Japanese
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D8E302CB-8517-3E9B-C6C9-E90A21C6EFC5}" = CCC Help Danish
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BB634D-B374-A329-EE5D-22C279F92A7F}" = ccc-core-static
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C1426C-6670-4068-6398-EB490D45979F}" = Catalyst Control Center Localization Portuguese
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8B5B814-A3BF-F83F-09ED-AED9EE88211A}" = Catalyst Control Center Localization French
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F927176F-F8F0-FACF-A57E-4F95714B6F00}" = Catalyst Control Center Localization Russian
"{FA7BB878-FC13-7548-13D3-18A53381014D}" = CCC Help Japanese
"{FB56EE4D-7CBC-6FDC-E336-52BD269E4CF6}" = Catalyst Control Center Localization Finnish
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.5" = Avidemux 2.5
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"DeskScapes (Free)" = DeskScapes (Free)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Studio_is1" = Free Studio version 4.6
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.1
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 1.4
"Free YouTube Download_is1" = Free YouTube Download 2.2
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}" = Veoh Player
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Logitech Eyetoy Webcam" = Logitech Eyetoy Webcam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mp3tag" = Mp3tag v2.43
"NSS" = Norton Security Scan
"Orbit_is1" = Orbit Downloader
"PhotoScape" = PhotoScape
"RealPlayer 6.0" = RealPlayer
"RollerCoaster Tycoon Setup" = Roll
"ShapeCollage" = Shape Collage
"Spyware Doctor" = Spyware Doctor 7.0
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.02.2010 15:09:52 | Computer Name = tina-PC | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6001.18164 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 1418  Anfangszeit: 01caa695b139c505  Zeitpunkt
 der Beendigung: 41
 
Error - 05.02.2010 15:16:24 | Computer Name = tina-PC | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6001.18164 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 10b8  Anfangszeit: 01caa696cb6d6c05  Zeitpunkt
 der Beendigung: 63
 
Error - 05.02.2010 15:38:47 | Computer Name = tina-PC | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6001.18164 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 1054  Anfangszeit: 01caa697b51abdd5  Zeitpunkt
 der Beendigung: 56
 
Error - 05.02.2010 15:47:06 | Computer Name = tina-PC | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.0.6001.18164 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 13dc  Anfangszeit: 01caa69ad5f75745  Zeitpunkt
 der Beendigung: 67
 
Error - 06.02.2010 09:49:48 | Computer Name = tina-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\tina\Downloads\iTunes80164Setup.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.02.2010 15:11:20 | Computer Name = tina-PC | Source = Perflib | ID = 1010
Description =
 
Error - 06.02.2010 15:11:21 | Computer Name = tina-PC | Source = Perflib | ID = 1008
Description =
 
Error - 13.02.2010 19:48:06 | Computer Name = tina-PC | Source = Google Update | ID = 20
Description =
 
Error - 13.02.2010 20:48:06 | Computer Name = tina-PC | Source = Google Update | ID = 20
Description =
 
Error - 15.02.2010 00:48:14 | Computer Name = tina-PC | Source = Google Update | ID = 20
Description =
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---


Leider gehn nach dem Neustart immer noch 1-2 Popups auf.
Ist das ein schlimmes Zeichen? :headbang:

kira 30.06.2010 07:37
Hallo und Herzlich Willkommen! :)

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:

1.
- zwei gleichzeitig installierte und aktivierte Antivirenprogramme: AntiVir PersonalEdition Classic & Symantec/Norton
Beide Scanner haben nämlich nur ein Ziel, dein System sinnvoll gegen Schädlingen zu prüfen/schützen. Damit sie behindern sich gegenseitig und eine Doppelbelastung ist im System, die Folge kann ein Crash sein, oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Mehr AV Programme bedeutet nicht mehr Sicherheit!
Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen!!
- Norton Antivirus ZU deinstallieren (falls Du dich für Avira entscheidest) gehe auf der Symantec-Webseite und suche nach den speziellen Deinstallations-Tools, mit denen die letzten Reste (auch) entfernt werden sollten:► Norton Removal Tool (für alle Produkte ab 2003 bis 2008) von hier herunterladen
oder hier: ►Norton Removal Tool für alle Produkte ab 2003 bis 2010 / wintotal.de

2.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool ccleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

5.
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird Gmer beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

6.
Lade und installiere das Tool RootRepeal herunter
  • setze einen Hacken bei: "Drivers"-> "Scan"-> Save Report"...
  • "Stealth Objects" -> "Scan"-> Save Report"...
  • "Hidden Services" -> "Scan"-> Save Report"...
  • speichere das Logfile als "RootRepeal.txt" auf dem Desktop und Kopiere den Inhalt hier in den Thread

7.
→ besuche die Seite von virustotal und die Datei/en aus Codebox bitte prüfen lassen - inklusive Dateigröße und Name, MD5 und SHA1 auch mitkopieren:
Tipps für die Suche nach Dateien
Code:
C:\Users\tina\AppData\Local\Temp\Jg0.exe
→ Klicke auf "Durchsuchen"
→ Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
→ "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist
das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)

** Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!:
Code:
Datei <hier kommt die Dateiname> empfangen 2009.xx.xx xx:xx:xx (CET)
Antivirus        Version        letzte aktualisierung        Ergebnis
a-squared        4.0.0.73        2009.01.28        -
AhnLab-V3        5.0.0.2        2009.01.28        -
AntiVir        7.9.0.60        2009.01.28        -
Authentium        5.1.0.4        2009.01.27        -

...über 40 Virenscannern...also Geduld!!
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein log schreibst du:[code]
hier kommt dein logfile rein
→ dahinter:[/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow

tina_084 30.06.2010 07:53
ok ich werde mein bestes geben und mich jetzt direkt an die arbeit machen.bei fragen melde ich mich wieder.da ich wirklich keine ahnung von solchen dingen habe.trotzdem vielen dank schon mal

tina_084 30.06.2010 12:15
hallo bei schritt 5 komme ich nicht weiter.da hängt sich mein laptop auf und er beendet den vorgang nicht.kann ich mit schritt 6 und 7 schon mal weiter machen oder kann ich schritt 5 auch im abgesichterten modus versuchen?

kira 30.06.2010 15:51
nein, versuche mit Gmer nicht, sondern mache mit Punkt 6. weiter:)

tina_084 30.06.2010 16:57
ohje ich hoffe das ist alles richtig so.ich habe echt mein bestes gegeben


Code:

       
Code:

       

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.0.6001]
 
 
C:

  30.06.2010 09:18     C:\downloads --------- 4096  
       C:\pagefile.sys ---------   
  30.06.2010 08:55     C:\Program Files --------- 24576  
  30.06.2010 07:16     C:\Windows --------- 32768  
  30.06.2010 06:16     C:\rsit --------- 0  
  30.06.2010 04:37     C:\rkill.log --------- 622  
  30.06.2010 04:31     C:\ProgramData --------- 12288  
  29.06.2010 12:13     C:\System Volume Information --------- 24576  
  26.06.2010 12:15     C:\Config.Msi --------- 0  
  11.06.2010 19:18     C:\found.000 --------- 0  
  21.06.2009 01:16     C:\$Recycle.Bin --------- 4096  
  21.06.2009 01:15     C:\Users --------- 4096  
  12.03.2009 15:55     C:\Boot --------- 4096  
  16.02.2009 14:48     C:\PerfLogs --------- 0  
  16.11.2008 17:45     C:\DVDVideoSoft --------- 0  
  04.11.2008 01:43     C:\IPH.PH --------- 854  
  14.10.2008 18:27     C:\Toshiba --------- 4096  
  14.10.2008 16:35     C:\Programme --------- 0  
  14.10.2008 16:35     C:\Dokumente und Einstellungen --------- 0  
  19.01.2008 09:45     C:\bootmgr --------- 333203  
  13.07.2007 00:41     C:\SWSTAMP.TXT --------- 388  
  24.04.2007 06:48     C:\_wdsuef.dmp --------- 22948  
  16.04.2007 07:19     C:\RHDSetup.log --------- 420  
  16.04.2007 07:05     C:\Intel --------- 0  
  13.04.2007 12:12     C:\BOOTSECT.BAK --------- 8192  
  02.11.2006 15:02     C:\Documents and Settings --------- 0  
  18.09.2006 23:43     C:\config.sys --------- 10  
  18.09.2006 23:43     C:\autoexec.bat --------- 24  
----------------------------------------

 
C:\Windows

  30.06.2010 09:03     C:\Windows\WindowsUpdate.log --------- 1277870  
  30.06.2010 08:58     C:\Windows\ntbtlog.txt --------- 31050  
  30.06.2010 08:55     C:\Windows\bootstat.dat --------- 67584  
  30.06.2010 08:55     C:\Windows\PFRO.log --------- 30100  
  22.01.2010 01:21     C:\Windows\RegISSImport.xml --------- 879  
  22.01.2010 01:21     C:\Windows\SGDetectionTool.dll --------- 149456  
  22.01.2010 01:21     C:\Windows\RegSDImport.xml --------- 882  
  22.01.2010 01:21     C:\Windows\PCTBDRes.dll --------- 165840  
  22.01.2010 01:21     C:\Windows\PCTBDCore.dll --------- 1652688  
  22.01.2010 01:21     C:\Windows\BDTSupport.dll --------- 767952  
  10.11.2009 11:28     C:\Windows\PCTBDCore.dll.old --------- 1640400  
  10.11.2009 11:26     C:\Windows\BDTSupport.dll.old --------- 767952  
  28.10.2009 02:36     C:\Windows\UDB.zip --------- 1152444  
  28.08.2009 10:28     C:\Windows\system.ini --------- 219  
  10.07.2009 13:10     C:\Windows\WLXPGSS.SCR --------- 307568  
  16.02.2009 15:02     C:\Windows\WindowsShell.Manifest --------- 749  
  26.11.2008 13:08     C:\Windows\IDB.zip --------- 131  
  29.10.2008 08:29     C:\Windows\explorer.exe --------- 2927104  
  19.01.2008 09:33     C:\Windows\regedit.exe --------- 134656  
  19.01.2008 09:33     C:\Windows\notepad.exe --------- 151040  
  19.01.2008 09:33     C:\Windows\HelpPane.exe --------- 498176  
  19.01.2008 09:33     C:\Windows\fveupdate.exe --------- 13312  
  19.01.2008 09:33     C:\Windows\bfsvc.exe --------- 58880  
  13.07.2007 00:41     C:\Windows\csup.txt --------- 11  
  12.07.2007 21:33     C:\Windows\DIFxAPI.dll --------- 319456  
  13.06.2007 07:11     C:\Windows\RtHDVCpl.exe --------- 4489216  
  28.05.2007 14:39     C:\Windows\SkyTel.exe --------- 1826816  
  03.05.2007 07:52     C:\Windows\atiogl.xml --------- 11557  
  16.04.2007 08:36     C:\Windows\mgxoschk.ini --------- 6642  
  16.04.2007 08:02     C:\Windows\NDSTray.INI --------- 0  
  16.04.2007 07:17     C:\Windows\HideWin.exe --------- 315392  
  05.03.2007 10:23     C:\Windows\RTKVADDA.EXE --------- 269096  
  16.01.2007 04:39     C:\Windows\RtlUpd.exe --------- 1191936  
  12.01.2007 10:54     C:\Windows\RtlExUpd.dll --------- 520192  
  09.01.2007 15:22     C:\Windows\agrsmdel.exe --------- 50752  
  03.11.2006 14:30     C:\Windows\oemlogo.bmp --------- 43254  
  02.11.2006 15:04     C:\Windows\win.ini --------- 144  
  02.11.2006 14:35     C:\Windows\WMSysPr9.prx --------- 316640  
  02.11.2006 14:34     C:\Windows\twunk_16.exe --------- 49680  
  02.11.2006 14:34     C:\Windows\twain_32.dll --------- 50688  
  02.11.2006 14:34     C:\Windows\twunk_32.exe --------- 31232  
  02.11.2006 14:34     C:\Windows\twain.dll --------- 94784  
  02.11.2006 11:45     C:\Windows\winhlp32.exe --------- 9216  
  02.11.2006 11:45     C:\Windows\hh.exe --------- 14848  
  02.11.2006 09:46     C:\Windows\mib.bin --------- 43131  
  19.09.2006 13:41     C:\Windows\HomePremium.xml --------- 8328  
  18.09.2006 23:43     C:\Windows\_default.pif --------- 707  
  18.09.2006 23:43     C:\Windows\winhelp.exe --------- 256192  
  18.09.2006 23:30     C:\Windows\msdfmap.ini --------- 1405  
  30.06.2005 20:37     C:\Windows\OV519.txt --------- 371  
  15.10.2003 18:52     C:\Windows\sel3110.exe --------- 200704  
  15.10.2003 18:52     C:\Windows\vidcap32.exe --------- 307200  
  15.10.2003 18:52     C:\Windows\ov519dib.dll --------- 61440  
  15.10.2003 18:52     C:\Windows\ov519cap.exe --------- 135168  
  15.10.2003 18:52     C:\Windows\CleanDev.exe --------- 40960  
  15.10.2003 18:52     C:\Windows\amcap.exe --------- 32528  
  29.03.1999 11:08     C:\Windows\UniFish3.exe --------- 45568  
----------------------------------------

 
C:\Windows\System

 02.11.2006 14:34      C:\Windows\System\mciseq.drv --------- 25264
 02.11.2006 14:34      C:\Windows\System\mciwave.drv --------- 28160
 02.11.2006 14:34      C:\Windows\System\avifile.dll --------- 109456
 02.11.2006 14:34      C:\Windows\System\avicap.dll --------- 69584
 02.11.2006 14:34      C:\Windows\System\mciavi.drv --------- 73376
 02.11.2006 14:34      C:\Windows\System\msvideo.dll --------- 126912
 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064
 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704
 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816
 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048
 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992
 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152
 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032
 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176
 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744
 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000
 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120
 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360
 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008
 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944
 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936
 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532
 28.07.1995 14:00      C:\Windows\System\DVA.386 --------- 9785
 21.09.1994 00:00      C:\Windows\System\Wing32.dll --------- 12800
 21.09.1994 00:00      C:\Windows\System\WingPal.wnd --------- 5024
 21.09.1994 00:00      C:\Windows\System\WingDib.drv --------- 6736
 21.09.1994 00:00      C:\Windows\System\Wing.dll --------- 92208
 24.08.1994 00:00      C:\Windows\System\WingDe.dll --------- 188960
----------------------------------------

 
C:\Windows\System32

 30.06.2010 09:19     C:\Windows\system32\Tasks --------- 4096 
 30.06.2010 09:04     C:\Windows\system32\drivers --------- 61440 
 30.06.2010 08:56     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3568 
 30.06.2010 08:56     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3568 
 29.06.2010 23:20     C:\Windows\system32\perfh009.dat --------- 595996 
 29.06.2010 23:20     C:\Windows\system32\perfc009.dat --------- 104070 
 29.06.2010 23:20     C:\Windows\system32\perfh007.dat --------- 628742 
 29.06.2010 23:20     C:\Windows\system32\perfc007.dat --------- 126260 
 29.06.2010 23:20     C:\Windows\system32\PerfStringBackup.INI --------- 1445116 
 29.06.2010 11:46     C:\Windows\system32\catroot --------- 4096 
 29.06.2010 02:11     C:\Windows\system32\catroot2 --------- 8192 
 26.06.2010 12:14     C:\Windows\system32\de-DE --------- 262144 
 26.06.2010 12:05     C:\Windows\system32\en-US --------- 8192 
 11.06.2010 19:26     C:\Windows\system32\FNTCACHE.DAT --------- 253496 
 11.06.2010 19:13     C:\Windows\system32\wbem --------- 61440 
 11.06.2010 19:13     C:\Windows\system32\migration --------- 0 
 28.05.2010 21:37     C:\Windows\system32\mrt.exe --------- 32472008 
 26.05.2010 18:16     C:\Windows\system32\atmlib.dll --------- 34304 
 26.05.2010 16:25     C:\Windows\system32\atmfd.dll --------- 289792 
 21.05.2010 14:14     C:\Windows\system32\MpSigStub.exe --------- 221568 
 04.05.2010 07:59     C:\Windows\system32\wininet.dll --------- 916480 
 04.05.2010 07:59     C:\Windows\system32\urlmon.dll --------- 1209344 
 04.05.2010 07:58     C:\Windows\system32\occache.dll --------- 206848 
 04.05.2010 07:56     C:\Windows\system32\mstime.dll --------- 611840 
 04.05.2010 07:56     C:\Windows\system32\mshtml.dll --------- 5950976 
 04.05.2010 07:56     C:\Windows\system32\msfeedsbs.dll --------- 55296 
 04.05.2010 07:56     C:\Windows\system32\msfeeds.dll --------- 599040 
 04.05.2010 07:55     C:\Windows\system32\jsproxy.dll --------- 25600 
 04.05.2010 07:55     C:\Windows\system32\inetcpl.cpl --------- 1469440 
 04.05.2010 07:55     C:\Windows\system32\ieui.dll --------- 164352 
 04.05.2010 07:55     C:\Windows\system32\iesysprep.dll --------- 109056 
 04.05.2010 07:55     C:\Windows\system32\iesetup.dll --------- 71680 
 04.05.2010 07:55     C:\Windows\system32\iertutil.dll --------- 1985536 
 04.05.2010 07:55     C:\Windows\system32\iernonce.dll --------- 55808 
 04.05.2010 07:55     C:\Windows\system32\iepeers.dll --------- 184320 
 04.05.2010 07:55     C:\Windows\system32\ieframe.dll --------- 11076096 
 04.05.2010 07:55     C:\Windows\system32\iedkcs32.dll --------- 387584 
 04.05.2010 06:31     C:\Windows\system32\ieUnatt.exe --------- 133632 
 04.05.2010 06:30     C:\Windows\system32\ie4uinit.exe --------- 173056 
 04.05.2010 06:30     C:\Windows\system32\msfeedssync.exe --------- 13312 
 04.05.2010 06:30     C:\Windows\system32\mshtml.tlb --------- 1638912 
 01.05.2010 15:53     C:\Windows\system32\win32k.sys --------- 2036224 
 27.04.2010 00:04     C:\Windows\system32\DivXControlPanelApplet.cpl --------- 353592 
 23.04.2010 15:55     C:\Windows\system32\tzres.dll --------- 2048 
 16.04.2010 18:10     C:\Windows\system32\quartz.dll --------- 1314816 
 16.04.2010 18:05     C:\Windows\system32\Apphlpdm.dll --------- 28672 
 16.04.2010 16:17     C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384 
 05.04.2010 18:07     C:\Windows\system32\asycfilt.dll --------- 67072 
 02.04.2010 19:34     C:\Windows\system32\declrds.ax --------- 45568 
 18.03.2010 13:16     C:\Windows\system32\msvcr100_clr0400.dll --------- 771424 
 08.03.2010 19:59     C:\Windows\system32\dpl100.dll --------- 94208 
 05.03.2010 16:01     C:\Windows\system32\vbscript.dll --------- 420352 
 28.02.2010 14:27     C:\Windows\system32\EventProviders --------- 0 
 21.02.2010 01:39     C:\Windows\system32\nshhttp.dll --------- 24064 
 21.02.2010 01:37     C:\Windows\system32\httpapi.dll --------- 31232 
 19.02.2010 21:27     C:\Windows\system32\DivX.dll --------- 720384 
 19.02.2010 21:27     C:\Windows\system32\divx_xx11.dll --------- 839680 
 19.02.2010 21:27     C:\Windows\system32\divx_xx0c.dll --------- 856064 
 19.02.2010 21:27     C:\Windows\system32\divx_xx0a.dll --------- 847872 
 19.02.2010 21:27     C:\Windows\system32\divx_xx07.dll --------- 856064 
 19.02.2010 21:27     C:\Windows\system32\divx_xx16.dll --------- 843776 
 18.02.2010 16:49     C:\Windows\system32\ntoskrnl.exe --------- 3545992 
 18.02.2010 16:49     C:\Windows\system32\ntkrnlpa.exe --------- 3598216 
 18.02.2010 16:11     C:\Windows\system32\iphlpsvc.dll --------- 190464 
 12.02.2010 12:48     C:\Windows\system32\browserchoice.exe --------- 293376 
 01.02.2010 14:03     C:\Windows\system32\TURegOpt.exe --------- 30536 
 01.02.2010 13:57     C:\Windows\system32\authuitu.dll --------- 21320 
 01.02.2010 13:57     C:\Windows\system32\uxtuneup.dll --------- 30024 
 29.01.2010 18:21     C:\Windows\system32\inetcomm.dll --------- 738304 
 25.01.2010 14:48     C:\Windows\system32\secproc_ssp_isv.dll --------- 151040 
 25.01.2010 14:48     C:\Windows\system32\secproc_ssp.dll --------- 151040 
 25.01.2010 14:48     C:\Windows\system32\secproc_isv.dll --------- 472576 
 25.01.2010 14:48     C:\Windows\system32\secproc.dll --------- 472064 
 25.01.2010 14:45     C:\Windows\system32\msdrm.dll --------- 329216 
 25.01.2010 10:35     C:\Windows\system32\RMActivate_ssp_isv.exe --------- 346624 
 25.01.2010 10:35     C:\Windows\system32\RMActivate_isv.exe --------- 523776 
 25.01.2010 10:34     C:\Windows\system32\RMActivate_ssp.exe --------- 347136 
 25.01.2010 10:34     C:\Windows\system32\RMActivate.exe --------- 511488 
 21.01.2010 17:59     C:\Windows\system32\l3codeca.acm --------- 62464 
 15.01.2010 02:04     C:\Windows\system32\cabview.dll --------- 98304 
 02.01.2010 05:22     C:\Windows\system32\ieuinit.inf --------- 57667 
 28.12.2009 14:35     C:\Windows\system32\tsbyuv.dll --------- 11776 
 28.12.2009 14:32     C:\Windows\system32\msyuv.dll --------- 22528 
 28.12.2009 14:32     C:\Windows\system32\msvidc32.dll --------- 31744 
 28.12.2009 14:32     C:\Windows\system32\msvfw32.dll --------- 123904 
 28.12.2009 14:32     C:\Windows\system32\msrle32.dll --------- 13312 
 28.12.2009 14:31     C:\Windows\system32\mciavi32.dll --------- 82944 
 28.12.2009 14:31     C:\Windows\system32\iyuv_32.dll --------- 50176 
 28.12.2009 14:28     C:\Windows\system32\avifil32.dll --------- 91136 
 28.12.2009 14:28     C:\Windows\system32\avicap32.dll --------- 65024 
 23.12.2009 14:43     C:\Windows\system32\wintrust.dll --------- 171520 
 15.12.2009 23:41     C:\Windows\system32\WDI --------- 4096 
 04.12.2009 09:19     C:\Windows\system32\jscript.dll --------- 726528 
 08.11.2009 10:55     C:\Windows\system32\netfxperf.dll --------- 49472 
 08.11.2009 10:55     C:\Windows\system32\mscoree.dll --------- 297808 
 08.11.2009 10:55     C:\Windows\system32\PresentationHost.exe --------- 295264 
 08.11.2009 10:55     C:\Windows\system32\PresentationHostProxy.dll --------- 99176 
 08.11.2009 10:55     C:\Windows\system32\dfshim.dll --------- 1130824 
 23.10.2009 19:42     C:\Windows\system32\timedate.cpl --------- 714240 
 19.10.2009 16:27     C:\Windows\system32\t2embed.dll --------- 156672 
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 30.06.2010 09:19     C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job --------- 282 
 30.06.2010 09:02     C:\Windows\Tasks\1-Klick-Wartung.job --------- 522 
 30.06.2010 08:56     C:\Windows\Tasks\SA.DAT --------- 6 
 30.06.2010 08:54     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32542 
 30.06.2010 07:21     C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1385651174-3466209547-3797894211-1000UA.job --------- 1114 
 30.06.2010 05:21     C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1385651174-3466209547-3797894211-1000Core.job --------- 1062 
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\tina\AppData\Local\Temp

 30.06.2010 09:18     C:\Users\tina\AppData\Local\Temp\Rar$DI00.723 --------- 0 
 30.06.2010 09:18     C:\Users\tina\AppData\Local\Temp\etilqs_dHFdO0S0pEgCJH7U4ZpV --------- 0 
 30.06.2010 09:05     C:\Users\tina\AppData\Local\Temp\Low --------- 4096 
 30.06.2010 09:04     C:\Users\tina\AppData\Local\Temp\{397E31AA-0D78-4649-A01C-339D73A2ED35}_NSS.exe --------- 634952 
 30.06.2010 09:00     C:\Users\tina\AppData\Local\Temp\IpAdrSet.log --------- 12011 
 30.06.2010 08:59     C:\Users\tina\AppData\Local\Temp\div1248.tmp --------- 0 
 30.06.2010 08:59     C:\Users\tina\AppData\Local\Temp\~DF8025.tmp --------- 16384 
 30.06.2010 08:58     C:\Users\tina\AppData\Local\Temp\WPDNSE --------- 0 
 30.06.2010 08:53     C:\Users\tina\AppData\Local\Temp\SymNRT 6-30-2010 8h48m54s.log --------- 20500904 
 30.06.2010 07:51     C:\Users\tina\AppData\Local\Temp\Cache --------- 0 
 30.06.2010 07:28     C:\Users\tina\AppData\Local\Temp\MessengerCache --------- 0 
 30.06.2010 07:19     C:\Users\tina\AppData\Local\Temp\symlcsv1.exe --------- 31864 
 30.06.2010 07:19     C:\Users\tina\AppData\Local\Temp\~DF67A9.tmp --------- 16384 
 30.06.2010 07:19     C:\Users\tina\AppData\Local\Temp\divDCC7.tmp --------- 0 
 30.06.2010 05:33     C:\Users\tina\AppData\Local\Temp\divD58.tmp --------- 0 
 30.06.2010 05:33     C:\Users\tina\AppData\Local\Temp\~DFA8D2.tmp --------- 16384 
 30.06.2010 05:27     C:\Users\tina\AppData\Local\Temp\nss4C74.tmp --------- 0 
 30.06.2010 04:37     C:\Users\tina\AppData\Local\Temp\AFB5.tmp --------- 0 
 30.06.2010 04:30     C:\Users\tina\AppData\Local\Temp\is-LG2SF.tmp --------- 0 
 30.06.2010 04:29     C:\Users\tina\AppData\Local\Temp\is-EM4IK.tmp --------- 0 
 30.06.2010 04:29     C:\Users\tina\AppData\Local\Temp\is-VDD51.tmp --------- 0 
 30.06.2010 04:28     C:\Users\tina\AppData\Local\Temp\EB10.tmp --------- 0 
 30.06.2010 04:28     C:\Users\tina\AppData\Local\Temp\4B96.tmp --------- 0 
 30.06.2010 03:53     C:\Users\tina\AppData\Local\Temp\mod2798.tmp --------- 7050 
 30.06.2010 03:53     C:\Users\tina\AppData\Local\Temp\mod6315.tmp --------- 0 
 30.06.2010 03:52     C:\Users\tina\AppData\Local\Temp\mod953B.tmp --------- 139817 
 30.06.2010 03:52     C:\Users\tina\AppData\Local\Temp\mod9402.tmp --------- 947 
 30.06.2010 03:51     C:\Users\tina\AppData\Local\Temp\mod2545.tmp --------- 5 
 30.06.2010 03:46     C:\Users\tina\AppData\Local\Temp\Jg1.exe --------- 172032 
 30.06.2010 03:45     C:\Users\tina\AppData\Local\Temp\Jg0.exe --------- 170496 
 30.06.2010 03:42     C:\Users\tina\AppData\Local\Temp\au-descriptor-1.6.0_20-b74.xml --------- 8841 
 30.06.2010 03:39     C:\Users\tina\AppData\Local\Temp\~DFEEBD.tmp --------- 147456 
 30.06.2010 03:36     C:\Users\tina\AppData\Local\Temp\jar_cache3560.tmp --------- 1174 
 30.06.2010 03:36     C:\Users\tina\AppData\Local\Temp\jar_cache3559.tmp --------- 8434 
 29.06.2010 23:22     C:\Users\tina\AppData\Local\Temp\CR_403B.tmp --------- 0 
 29.06.2010 23:22     C:\Users\tina\AppData\Local\Temp\chrome_installer.log --------- 591 
 29.06.2010 22:38     C:\Users\tina\AppData\Local\Temp\~DFA079.tmp --------- 16384 
 29.06.2010 22:38     C:\Users\tina\AppData\Local\Temp\divCEB.tmp --------- 0 
 29.06.2010 18:48     C:\Users\tina\AppData\Local\Temp\~DF7EC7.tmp --------- 147456 
 16.11.2009 17:36     C:\Users\tina\AppData\Local\Temp\IcqUpdater.exe --------- 89848 
----------------------------------------

 
C:\Program Files

 30.06.2010 09:19     C:\Program Files\Spyware Doctor --------- 49152 
 30.06.2010 09:04     C:\Program Files\NortonInstaller --------- 0 
 30.06.2010 09:04     C:\Program Files\Norton Security Scan --------- 0 
 30.06.2010 06:16     C:\Program Files\trend micro --------- 0 
 30.06.2010 05:27     C:\Program Files\CCleaner --------- 0 
 30.06.2010 04:31     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096 
 28.06.2010 01:20     C:\Program Files\Mozilla Firefox --------- 32768 
 26.06.2010 12:04     C:\Program Files\Microsoft.NET --------- 0 
 25.06.2010 12:20     C:\Program Files\Microsoft Silverlight --------- 4096 
 13.06.2010 18:47     C:\Program Files\Common Files --------- 8192 
 13.06.2010 18:26     C:\Program Files\Uniblue --------- 0 
 13.06.2010 18:21     C:\Program Files\Orbitdownloader --------- 4096 
 11.06.2010 19:13     C:\Program Files\Windows Mail --------- 4096 
 11.06.2010 19:13     C:\Program Files\Internet Explorer --------- 4096 
 23.05.2010 15:43     C:\Program Files\DivX --------- 8192 
 05.05.2010 17:53     C:\Program Files\AIM6 --------- 8192 
 20.03.2010 19:09     C:\Program Files\PhotoScape --------- 4096 
 13.03.2010 13:19     C:\Program Files\Movie Maker --------- 4096 
 28.02.2010 12:24     C:\Program Files\TuneUp Utilities 2009 --------- 49152 
 28.02.2010 12:02     C:\Program Files\TuneUp Utilities 2010 --------- 49152 
 05.02.2010 17:13     C:\Program Files\CDBurnerXP --------- 16384 
 02.02.2010 17:16     C:\Program Files\Hasbro Interactive --------- 0 
 01.01.2010 23:59     C:\Program Files\ICQ6.5 --------- 16384 
 10.12.2009 18:23     C:\Program Files\Nikon --------- 0 
 10.12.2009 18:03     C:\Program Files\ArcSoft --------- 0 
 10.12.2009 18:03     C:\Program Files\InstallShield Installation Information --------- 8192 
 18.11.2009 21:18     C:\Program Files\DVDVideoSoft --------- 4096 
 11.11.2009 13:42     C:\Program Files\Skype --------- 0 
 06.11.2009 10:37     C:\Program Files\Windows Sidebar --------- 4096 
 03.11.2009 13:14     C:\Program Files\Shape Collage --------- 0 
 02.11.2009 19:06     C:\Program Files\iFoxSoft --------- 0 
 28.10.2009 04:19     C:\Program Files\Windows Media Player --------- 4096 
 15.09.2009 23:16     C:\Program Files\Windows Live --------- 4096 
 15.09.2009 23:15     C:\Program Files\Microsoft Sync Framework --------- 0 
 15.09.2009 23:11     C:\Program Files\Microsoft --------- 0 
 15.09.2009 23:10     C:\Program Files\Windows Live SkyDrive --------- 0 
 06.09.2009 20:18     C:\Program Files\Apowersoft --------- 0 
 28.08.2009 10:01     C:\Program Files\Java --------- 4096 
 12.08.2009 00:02     C:\Program Files\Avidemux 2.5 --------- 12288 
 18.07.2009 21:49     C:\Program Files\Yahoo --------- 0 
 20.06.2009 20:43     C:\Program Files\Mp3tag --------- 4096 
 26.04.2009 21:59     C:\Program Files\QuickTime --------- 4096 
 30.03.2009 18:24     C:\Program Files\MAGIX --------- 4096 
 30.03.2009 18:21     C:\Program Files\Google --------- 0 
 30.03.2009 16:35     C:\Program Files\Graboid --------- 0 
 15.03.2009 14:51     C:\Program Files\Stardock --------- 0 
 12.03.2009 18:20     C:\Program Files\VideoLAN --------- 0 
 20.02.2009 16:38     C:\Program Files\Avira --------- 0 
 16.02.2009 23:30     C:\Program Files\Microsoft Office --------- 0 
 16.02.2009 19:35     C:\Program Files\WinRAR --------- 4096 
 16.02.2009 15:02     C:\Program Files\desktop.ini --------- 174 
 16.02.2009 14:52     C:\Program Files\Windows Calendar --------- 0 
 16.02.2009 14:52     C:\Program Files\Windows Collaboration --------- 4096 
 16.02.2009 14:52     C:\Program Files\Windows Journal --------- 4096 
 16.02.2009 14:52     C:\Program Files\Windows Photo Gallery --------- 4096 
 16.02.2009 14:52     C:\Program Files\Windows Defender --------- 4096 
 15.02.2009 14:09     C:\Program Files\Windows Live Toolbar --------- 0 
 15.02.2009 13:39     C:\Program Files\ICQ6Toolbar --------- 0 
 15.02.2009 00:27     C:\Program Files\ICQ6 --------- 0 
 14.02.2009 20:54     C:\Program Files\MSECache --------- 0 
 25.01.2009 23:26     C:\Program Files\Real --------- 0 
 17.11.2008 15:18     C:\Program Files\Audacity --------- 4096 
 04.11.2008 01:42     C:\Program Files\Viewpoint --------- 0 
 03.11.2008 23:19     C:\Program Files\Gimp-2.0 --------- 0 
 03.11.2008 23:08     C:\Program Files\Paint.NET --------- 12288 
 03.11.2008 23:04     C:\Program Files\Veoh Networks --------- 0 
 03.11.2008 21:26     C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0 
 03.11.2008 21:11     C:\Program Files\Microsoft SQL Server Compact Edition --------- 0 
 14.10.2008 16:39     C:\Program Files\Intel --------- 0 
 14.10.2008 16:35     C:\Program Files\Windows NT --------- 4096 
 14.10.2008 16:35     C:\Program Files\Gemeinsame Dateien --------- 0 
 14.10.2008 16:31     C:\Program Files\TOSHIBA --------- 4096 
 14.10.2008 16:30     C:\Program Files\Synaptics --------- 0 
 14.10.2008 16:04     C:\Program Files\ATI Technologies --------- 0 
 14.10.2008 16:02     C:\Program Files\ATI --------- 0 
 12.07.2007 21:39     C:\Program Files\Realtek --------- 0 
 12.07.2007 21:02     C:\Program Files\MSXML 4.0 --------- 0 
 12.07.2007 10:45     C:\Program Files\InterVideo --------- 0 
 12.07.2007 10:41     C:\Program Files\Ulead Systems --------- 0 
 16.04.2007 08:34     C:\Program Files\IDM --------- 0 
 16.04.2007 08:30     C:\Program Files\Adobe --------- 0 
 16.04.2007 08:11     C:\Program Files\Windows Media-Komponenten --------- 0 
 16.04.2007 07:35     C:\Program Files\My Company Name --------- 0 
 16.04.2007 07:26     C:\Program Files\ltmoh --------- 0 
 02.11.2006 15:01     C:\Program Files\Uninstall Information --------- 0 
 02.11.2006 14:37     C:\Program Files\Microsoft Games --------- 4096 
 02.11.2006 14:37     C:\Program Files\MSBuild --------- 0 
 02.11.2006 14:37     C:\Program Files\Reference Assemblies --------- 0 
----------------------------------------

 
C:\ProgramData\..

tina   
Gast   
desktop.ini   
Public   
Default   
Default User   
All Users   
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0         1.012 K
smss.exe                       512 Services                   0           564 K
csrss.exe                      580 Services                   0         5.392 K
wininit.exe                    620 Services                   0         3.708 K
csrss.exe                      632 Console                    1        10.960 K
services.exe                   664 Services                   0         6.600 K
lsass.exe                      680 Services                   0         7.532 K
lsm.exe                        688 Services                   0         4.188 K
winlogon.exe                   724 Console                    1         6.352 K
svchost.exe                    884 Services                   0         6.436 K
PresentationFontCache.exe      928 Services                   0         7.136 K
svchost.exe                    976 Services                   0         6.000 K
svchost.exe                   1012 Services                   0        28.368 K
Ati2evxx.exe                  1092 Services                   0         4.068 K
svchost.exe                   1120 Services                   0        11.032 K
svchost.exe                   1156 Services                   0        74.500 K
svchost.exe                   1192 Services                   0        49.352 K
audiodg.exe                   1284 Services                   0        11.464 K
svchost.exe                   1308 Services                   0         4.792 K
SLsvc.exe                     1332 Services                   0         3.616 K
svchost.exe                   1388 Services                   0        10.152 K
Ati2evxx.exe                  1476 Console                    1         5.664 K
svchost.exe                   1624 Services                   0        13.020 K
spoolsv.exe                   1832 Services                   0        10.508 K
sched.exe                     1860 Services                   0         1.032 K
svchost.exe                   1872 Services                   0        11.008 K
agrsmsvc.exe                  2024 Services                   0         2.344 K
avguard.exe                    200 Services                   0        17.624 K
BDTUpdateService.exe           332 Services                   0         2.248 K
CFSvcs.exe                     396 Services                   0         2.892 K
NMSAccessU.exe                 616 Services                   0         2.776 K
pctsAuxs.exe                  1692 Services                   0         1.192 K
pctsSvc.exe                   2060 Services                   0        24.808 K
SeaPort.exe                   2116 Services                   0         7.908 K
svchost.exe                   2168 Services                   0         5.260 K
TODDSrv.exe                   2236 Services                   0         3.336 K
TosCoSrv.exe                  2272 Services                   0         4.136 K
TUProgSt.exe                  2344 Services                   0         4.044 K
TuneUpUtilitiesService32.     2364 Services                   0         8.300 K
ULCDRSvr.exe                  2392 Services                   0         2.312 K
svchost.exe                   2424 Services                   0         2.904 K
taskeng.exe                   2556 Services                   0         5.508 K
pctsTray.exe                  3996 Console                    1         1.264 K
taskeng.exe                   4044 Console                    1        12.108 K
TuneUpUtilitiesApp32.exe      4084 Console                    1         7.576 K
dwm.exe                       1724 Console                    1        45.948 K
explorer.exe                  2340 Console                    1        76.804 K
Jg0.exe                       1776 Console                    1        40.272 K
MSASCui.exe                   3460 Console                    1        10.068 K
KeNotify.exe                  2968 Console                    1         5.640 K
RtHDVCpl.exe                  4032 Console                    1         5.492 K
TPwrMain.exe                  2764 Console                    1         4.284 K
SmoothView.exe                1732 Console                    1         3.284 K
TCrdMain.exe                  3068 Console                    1        37.112 K
NDSTray.exe                   2596 Console                    1         5.432 K
SynTPEnh.exe                  2164 Console                    1         8.564 K
SynToshiba.exe                1404 Console                    1         4.872 K
avgnt.exe                     2896 Console                    1         2.960 K
NkMonitor.exe                 1000 Console                    1         4.584 K
MOM.exe                       3504 Console                    1         4.212 K
DivXUpdate.exe                2056 Console                    1         9.576 K
sidebar.exe                   3772 Console                    1        17.284 K
TOSCDSPD.exe                  3360 Console                    1         3.160 K
VeohClient.exe                3928 Console                    1        14.208 K
ehtray.exe                    3924 Console                    1         1.536 K
ehmsas.exe                    3352 Console                    1         4.688 K
CFSwMgr.exe                   4468 Console                    1         6.272 K
GoogleCrashHandler.exe        4668 Console                    1         1.108 K
CCC.exe                       4816 Console                    1        13.756 K
sidebar.exe                   4952 Console                    1        50.584 K
Ymsgr_tray.exe                5536 Console                    1         8.232 K
chrome.exe                    4340 Console                    1        51.104 K
chrome.exe                    5416 Console                    1        37.336 K
wuauclt.exe                   5092 Console                    1         6.208 K
orbitdm.exe                   4420 Console                    1         1.060 K
orbitnet.exe                  2436 Console                    1         1.280 K
WinRAR.exe                    5768 Console                    1        15.616 K
cmd.exe                       4892 Console                    1         6.904 K
conime.exe                     312 Console                    1         4.368 K
Jg0.exe                       3828 Console                    1         6.624 K
dllhost.exe                   5324 Console                    1         4.928 K
tasklist.exe                  4752 Console                    1         5.392 K
WmiPrvSE.exe                  5636 Services                   0         6.660 K

 
***** Ende des Scans 30.06.2010 um  9:20:00,01 ***











Code:
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        03.11.2008                10.0.12.36
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        28.08.2009                10.0.32.18
Adobe Reader 7.0.9 - Deutsch        Adobe Systems Incorporated        15.04.2007        78,2MB        7.0.9
AIM                03.11.2008               
ArcSoft Panorama Maker 4        ArcSoft        09.12.2009        14,7MB       
ATI Catalyst Install Manager        ATI Technologies, Inc.        02.11.2008        13,8MB        3.0.641.0
Audacity 1.2.6                16.11.2008        8,43MB       
Avidemux 2.5                11.08.2009        32,5MB        2.5.0.4944
Avira AntiVir Personal - Free Antivirus        Avira GmbH        19.02.2009        63,2MB       
Bluetooth Stack for Windows by Toshiba                15.04.2007        54,7MB        v5.10.06(T)
Browser Defender 2.0.6.15        Threat Expert Ltd.        04.02.2010        3,57MB        2.0.6.15
Catalyst Control Center - Branding        ATI        13.10.2008        0,41MB        1.00.0000
CCleaner        Piriform        29.06.2010        2,85MB        2.33
CD/DVD Drive Acoustic Silencer        TOSHIBA        13.10.2008        0,45MB        2.00.02
CDBurnerXP        CDBurnerXP        04.02.2010        15,8MB        4.2.7.1893
DeskScapes (Free)        Stardock Corporation        12.03.2009        10,3MB       
DivX Converter        DivX, Inc.        22.05.2010        37,1MB        7.0.0
DivX Plus DirectShow Filters        DivX, Inc.        22.05.2010        1,22MB       
DivX-Setup        DivX, Inc.        22.05.2010        2,12MB        1.0.1.5
DVD MovieFactory for TOSHIBA        Ulead Systems, Inc.        13.10.2008        251,6MB        5.3
Emdedded IR Driver        Compal Electronics, Inc.        11.07.2007        0,89MB        0.0.0.6C
File Uploader        Nikon        09.12.2009        1,54MB        1.1.1
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)        MAGIX AG        15.04.2007        6,65MB        2.0.0.1
Free Studio version 4.6        DVDVideoSoft Limited.        12.06.2010        65,4MB       
Free Video to iPod Converter version 3.1        DVDVideoSoft Limited.        26.05.2009        2,29MB       
Free Video to JPG Converter version 1.4        DVD Video Soft Limited.        04.01.2009        2,33MB       
Free YouTube Download 2.2        DVDVideoSoft Limited.        26.05.2009        2,34MB       
Gimp 2.6.2 Debug                02.11.2008        83,3MB       
Google Chrome        Google Inc.        25.02.2010        84,2MB        5.0.375.86
ICQ6.5        ICQ        14.02.2009        44,5MB        6.5
Java(TM) 6 Update 15        Sun Microsystems, Inc.        05.07.2009        94,9MB        6.0.150
Java(TM) SE Runtime Environment 6        Sun Microsystems, Inc.        15.04.2007        114,6MB        1.6.0.0
Logitech Eyetoy Webcam                09.03.2010               
Malwarebytes' Anti-Malware        Malwarebytes Corporation        29.06.2010        3,90MB       
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        09.08.2009        37,0MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        08.08.2009        37,0MB       
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        25.06.2010        120,3MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        25.06.2010        24,5MB        4.0.30319
Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        24.06.2010        179,1MB        12.0.6425.1000
Microsoft Silverlight        Microsoft Corporation        24.06.2010        29,0MB        4.0.50524.0
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        02.11.2008        1,74MB        3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86)        Microsoft Corporation        14.09.2009        0,61MB        1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)        Microsoft Corporation        14.09.2009        1,45MB        1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        29.07.2009        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        02.11.2008        0,41MB        8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        06.02.2010        0,19MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        04.02.2010        0,58MB        9.0.30729
Move Networks Media Player for Internet Explorer                01.04.2009        1,09MB       
Mozilla Firefox (3.6.6)        Mozilla        27.06.2010        32,3MB        3.6.6 (de)
Mp3tag v2.43        Florian Heidenreich        19.06.2009        5,50MB        v2.43
MSXML 4.0 SP2 (KB927978)        Microsoft Corporation        11.07.2007        1,25MB        4.20.9841.0
MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        02.11.2008        1,28MB        4.20.9848.0
MSXML 4.0 SP2 (KB941833)        Microsoft Corporation        03.11.2008        1,28MB        4.20.9849.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        12.11.2008        1,29MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        24.11.2009        1,34MB        4.20.9876.0
Nikon Message Center        Nikon        09.12.2009        0,20MB        0.92.000
Nikon Transfer        Nikon        09.12.2009        46,7MB        1.3.0
Orbit Downloader        www.orbitdownloader.com        12.06.2010        8,76MB       
Paint.NET v3.36        dotPDN LLC        02.11.2008        3,97MB        3.36.0
Photo Collage 2.06                01.11.2009        29,5MB       
PhotoScape                19.03.2010        25,9MB       
Picture Control Utility        Nikon        09.12.2009        18,8MB        1.1.3
QuickTime        Apple Inc.        25.04.2009        74,4MB        7.60.92.0
RealPlayer        RealNetworks        07.04.2009        46,0MB       
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista        Realtek        11.07.2007        0,66MB        1.00.0000
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        11.07.2007        14,8MB        6.0.1.5433
Roll                01.02.2010        44,1MB       
Shape Collage        Vincent Cheung        02.11.2009        0,57MB       
Skype Toolbars        Skype Technologies S.A.        12.06.2010        5,25MB        1.0.4051
Skype™ 4.2        Skype Technologies S.A.        12.06.2010        31,1MB        4.2.169
Spyware Doctor 7.0        PC Tools        04.02.2010        94,9MB        7.0
Synaptics Pointing Device Driver        Synaptics        13.10.2008        13,4MB        10.0.1.0
Texas Instruments PCIxx21/x515/xx12 drivers.        Ihr Firmenname        15.04.2007        0,94MB        2.00.0001
TOSHIBA Assist                13.10.2008        1,21MB        2.01.02
TOSHIBA ConfigFree        TOSHIBA        11.07.2007        39,6MB        7.00.29
TOSHIBA Disc Creator        TOSHIBA Corporation        11.07.2007        9,68MB        2.0.0.8
TOSHIBA Extended Tiles for Windows Mobility Center        Toshiba        15.04.2007        1,28MB        1.01.00
TOSHIBA Flash Cards Support Utility        TOSHIBA        15.04.2007                1.48.0.3C
TOSHIBA Hardware Setup        TOSHIBA        11.07.2007                1.48.0.11C
Toshiba Online Product Information        TOSHIBA        15.04.2007        4,78MB        1.00.0009
TOSHIBA SD Memory Utilities        TOSHIBA        15.04.2007        1,61MB        1.8.1.1
TOSHIBA Software Modem        Agere Systems        15.04.2007                2.1.77 (SM2177ALD03)
TOSHIBA Supervisorkennwort        TOSHIBA        15.04.2007                1.48.0.8C
TOSHIBA Value Added Package        TOSHIBA Corporation        11.07.2007        48,00KB        1.0.24
TuneUp Utilities        TuneUp Software        04.02.2010        61,1MB        9.0.3100.16
TuneUp Utilities 2009        TuneUp Software        27.08.2009        47,0MB        8.0.3300.1
Uniblue RegistryBooster 2010        Uniblue Systems Ltd        12.06.2010        16,4MB       
Uninstall 1.0.0.1                12.06.2010        17,3MB       
Veoh Player        Veoh Networks, Inc.        02.11.2008        6,47MB        3.2.0
VeohTV BETA        Veoh Networks, Inc.        08.11.2008        13,6MB        3.9.8
Video Download Capture V2.2.9        Apowersoft        05.09.2009        45,6MB        2.2.9
ViewNX        Nikon        09.12.2009        29,6MB        1.2.0
Viewpoint Media Player                03.11.2008        7,30MB       
VLC media player 0.9.9        VideoLAN Team        09.06.2009        63,6MB        0.9.9
Windows Live Anmelde-Assistent        Microsoft Corporation        14.09.2009        1,93MB        5.000.818.5
Windows Live Essentials        Microsoft Corporation        14.09.2009        158,4MB        14.0.8089.0726
Windows Live Sync        Microsoft Corporation        14.09.2009        2,79MB        14.0.8089.726
Windows Live-Uploadtool        Microsoft Corporation        14.09.2009        0,22MB        14.0.8014.1029
Windows Media Encoder 9-Reihe                15.04.2007        13,7MB       
WinRAR                15.02.2009        3,73MB       
Yahoo! Messenger        Yahoo! Inc.        02.11.2008        26,9MB




Code:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:                2010/06/30 17:33
Program Version:                Version 1.3.5.0
Windows Version:                Windows Vista SP1
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x8D83C000        Size: 57344        File Visible: -        Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x80692000        Size: 286720        File Visible: -        Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x83A14000        Size: 3903488        File Visible: -        Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8FA38000        Size: 294912        File Visible: -        Signed: -
Status: -

Name: AGRSM.sys
Image Path: C:\Windows\system32\DRIVERS\AGRSM.sys
Address: 0x8DA9C000        Size: 1161888        File Visible: -        Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x807E6000        Size: 32768        File Visible: -        Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x805D2000        Size: 122880        File Visible: -        Signed: -
Status: -

Name: atikmdag.sys
Image Path: C:\Windows\system32\DRIVERS\atikmdag.sys
Address: 0x8CE0B000        Size: 7176192        File Visible: -        Signed: -
Status: -

Name: avgio.sys
Image Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
Address: 0x8FB5D000        Size: 6144        File Visible: -        Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
Address: 0x9CA71000        Size: 81920        File Visible: -        Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\Windows\system32\DRIVERS\avipbb.sys
Address: 0x8FB4C000        Size: 69632        File Visible: -        Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x8075E000        Size: 40960        File Visible: -        Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8DBBF000        Size: 28672        File Visible: -        Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x8047C000        Size: 32768        File Visible: -        Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x8259D000        Size: 102400        File Visible: -        Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x99B00000        Size: 57344        File Visible: -        Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x9CB7A000        Size: 90112        File Visible: -        Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8D910000        Size: 98304        File Visible: -        Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x804C5000        Size: 917504        File Visible: -        Signed: -
Status: -

Name: circlass.sys
Image Path: C:\Windows\system32\DRIVERS\circlass.sys
Address: 0x80FEB000        Size: 57344        File Visible: -        Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x895A3000        Size: 135168        File Visible: -        Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80484000        Size: 266240        File Visible: -        Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x8D8B0000        Size: 14208        File Visible: -        Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x8075B000        Size: 10496        File Visible: -        Signed: -
Status: -

Name: CplIR.SYS
Image Path: C:\Windows\system32\DRIVERS\CplIR.SYS
Address: 0x895CD000        Size: 36864        File Visible: -        Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8FB5F000        Size: 53248        File Visible: -        Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x895C4000        Size: 36864        File Visible: -        Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8FB35000        Size: 94208        File Visible: -        Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x89592000        Size: 69632        File Visible: -        Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8DA77000        Size: 151552        File Visible: -        Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8FB6C000        Size: 45056        File Visible: No        Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x8FB77000        Size: 40960        File Visible: No        Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8FB81000        Size: 40960        File Visible: -        Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8D4E3000        Size: 651264        File Visible: -        Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8956B000        Size: 159744        File Visible: -        Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x805F0000        Size: 65536        File Visible: -        Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x806E1000        Size: 204800        File Visible: -        Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8F9F2000        Size: 36864        File Visible: -        Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x80F32000        Size: 110592        File Visible: -        Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x83DCD000        Size: 208896        File Visible: -        Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8D58F000        Size: 73728        File Visible: -        Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8DBCF000        Size: 28672        File Visible: -        Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x82513000        Size: 446464        File Visible: -        Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8D8B4000        Size: 77824        File Visible: -        Signed: -
Status: -

Name: intelide.sys
Image Path: C:\Windows\system32\drivers\intelide.sys
Address: 0x807C1000        Size: 28672        File Visible: -        Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x80F61000        Size: 61440        File Visible: -        Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8D8C7000        Size: 45056        File Visible: -        Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80403000        Size: 32768        File Visible: -        Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x80FC1000        Size: 172032        File Visible: -        Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x80C46000        Size: 462848        File Visible: -        Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x824BC000        Size: 65536        File Visible: -        Signed: -
Status: -

Name: LPCFilter.sys
Image Path: C:\Windows\system32\DRIVERS\LPCFilter.sys
Address: 0x80742000        Size: 40960        File Visible: -        Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8FB8B000        Size: 110592        File Visible: -        Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x8040B000        Size: 393216        File Visible: -        Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8F9E5000        Size: 53248        File Visible: -        Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8DA23000        Size: 61440        File Visible: -        Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8D901000        Size: 45056        File Visible: -        Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x807D6000        Size: 65536        File Visible: -        Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x825B6000        Size: 86016        File Visible: -        Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x825CB000        Size: 126976        File Visible: -        Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x8FBAE000        Size: 233472        File Visible: -        Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x8FBE7000        Size: 98304        File Visible: -        Signed: -
Status: -

Name: msahci.sys
Image Path: C:\Windows\system32\drivers\msahci.sys
Address: 0x807EE000        Size: 40960        File Visible: -        Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8DBE6000        Size: 45056        File Visible: -        Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x80713000        Size: 32768        File Visible: -        Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8D928000        Size: 188416        File Visible: -        Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x80DC2000        Size: 176128        File Visible: -        Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8CE00000        Size: 40960        File Visible: -        Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8955C000        Size: 61440        File Visible: -        Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x80CB7000        Size: 1093632        File Visible: -        Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8D9B9000        Size: 45056        File Visible: -        Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x824F6000        Size: 40960        File Visible: -        Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8D9C4000        Size: 143360        File Visible: -        Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8DA66000        Size: 69632        File Visible: -        Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8FAC8000        Size: 57344        File Visible: -        Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8FA80000        Size: 204800        File Visible: -        Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x80E0F000        Size: 237568        File Visible: -        Signed: -
Status: -

Name: NETw4v32.sys
Image Path: C:\Windows\system32\DRIVERS\NETw4v32.sys
Address: 0x8D605000        Size: 2256896        File Visible: -        Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8DBF1000        Size: 57344        File Visible: -        Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8FB2B000        Size: 40960        File Visible: -        Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x89407000        Size: 1110016        File Visible: -        Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x83A14000        Size: 3903488        File Visible: -        Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8DBB8000        Size: 28672        File Visible: -        Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x824CC000        Size: 172032        File Visible: -        Signed: -
Status: -

Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x8D82C000        Size: 61952        File Visible: -        Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8FAB2000        Size: 90112        File Visible: -        Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x8074C000        Size: 61440        File Visible: -        Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x8071B000        Size: 159744        File Visible: -        Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x807C8000        Size: 57344        File Visible: -        Signed: -
Status: -

Name: pcmcia.sys
Image Path: C:\Windows\system32\DRIVERS\pcmcia.sys
Address: 0x805A5000        Size: 184320        File Visible: -        Signed: -
Status: -

Name: PCTCore.sys
Image Path: C:\Windows\system32\drivers\PCTCore.sys
Address: 0x80C0F000        Size: 225280        File Visible: -        Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0x9CA85000        Size: 909312        File Visible: -        Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x83A14000        Size: 3903488        File Visible: -        Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8F9B8000        Size: 184320        File Visible: -        Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8046B000        Size: 69632        File Visible: -        Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8DBC6000        Size: 36864        File Visible: -        Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8D9A2000        Size: 94208        File Visible: -        Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8D9E7000        Size: 61440        File Visible: -        Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x80F88000        Size: 81920        File Visible: -        Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x80F9C000        Size: 86016        File Visible: -        Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x83A14000        Size: 3903488        File Visible: -        Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8FAEF000        Size: 245760        File Visible: -        Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8DBD6000        Size: 32768        File Visible: -        Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8DBDE000        Size: 32768        File Visible: -        Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9CB90000        Size: 49152        File Visible: No        Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x82500000        Size: 77824        File Visible: -        Signed: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8F805000        Size: 1780864        File Visible: -        Signed: -
Status: -

Name: Rtlh86.sys
Image Path: C:\Windows\system32\DRIVERS\Rtlh86.sys
Address: 0x80F70000        Size: 98304        File Visible: -        Signed: -
Status: -

Name: sdbus.sys
Image Path: C:\Windows\system32\DRIVERS\sdbus.sys
Address: 0x8D896000        Size: 106496        File Visible: -        Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9CB63000        Size: 40960        File Visible: -        Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8FA24000        Size: 81920        File Visible: -        Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x89554000        Size: 32768        File Visible: -        Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x8240D000        Size: 716800        File Visible: -        Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x9CA0B000        Size: 319488        File Visible: -        Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x895D6000        Size: 159744        File Visible: -        Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x82580000        Size: 118784        File Visible: -        Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\Windows\system32\DRIVERS\ssmdrv.sys
Address: 0x8FAE9000        Size: 21248        File Visible: -        Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8D956000        Size: 266240        File Visible: -        Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8D9F6000        Size: 4992        File Visible: -        Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\Windows\system32\DRIVERS\SynTP.sys
Address: 0x8D8D2000        Size: 180480        File Visible: -        Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x80E49000        Size: 954368        File Visible: -        Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x9CB6D000        Size: 49152        File Visible: -        Signed: -
Status: -

Name: tdcmdpst.sys
Image Path: C:\Windows\system32\DRIVERS\tdcmdpst.sys
Address: 0x8D90C000        Size: 16128        File Visible: -        Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8D997000        Size: 45056        File Visible: -        Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8FA0E000        Size: 90112        File Visible: -        Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x80FB1000        Size: 65536        File Visible: -        Signed: -
Status: -

Name: tifm21.sys
Image Path: C:\Windows\system32\drivers\tifm21.sys
Address: 0x8D84A000        Size: 311296        File Visible: -        Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x99AE0000        Size: 36864        File Visible: -        Signed: -
Status: -

Name: TuneUpUtilitiesDriver32.sys
Image Path: C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
Address: 0x9CB79000        Size: 3328        File Visible: -        Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x80F58000        Size: 36864        File Visible: -        Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x80F4D000        Size: 45056        File Visible: -        Signed: -
Status: -

Name: TVALZ_O.SYS
Image Path: C:\Windows\system32\DRIVERS\TVALZ_O.SYS
Address: 0x8954F000        Size: 16768        File Visible: -        Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x80E00000        Size: 53248        File Visible: -        Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8D8FF000        Size: 8192        File Visible: -        Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8D5EA000        Size: 61440        File Visible: -        Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8DA32000        Size: 212992        File Visible: -        Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8D5AC000        Size: 253952        File Visible: -        Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8D5A1000        Size: 45056        File Visible: -        Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x80DED000        Size: 49152        File Visible: -        Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8DA02000        Size: 135168        File Visible: -        Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x80768000        Size: 61440        File Visible: -        Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x80777000        Size: 303104        File Visible: -        Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x89516000        Size: 233472        File Visible: -        Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8FAD6000        Size: 77824        File Visible: -        Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8D582000        Size: 53248        File Visible: -        Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80609000        Size: 507904        File Visible: -        Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x80685000        Size: 53248        File Visible: -        Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x998C0000        Size: 2105344        File Visible: -        Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x998C0000        Size: 2105344        File Visible: -        Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x806D8000        Size: 36864        File Visible: -        Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x83A14000        Size: 3903488        File Visible: -        Signed: -
Status: -







ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:                2010/06/30 17:32
Program Version:                Version 1.3.5.0
Windows Version:                Windows Vista SP1
==================================================

Stealth Objects
-------------------
Object: Hidden Module [Name: msgsres.dll]
Process: msnmsgr.exe (PID: 3976)        Address: 0x658a0000        Size: 11403264

Object: Hidden Module [Name: msgslang.14.0.8089.0726.dll]
Process: msnmsgr.exe (PID: 3976)        Address: 0x69990000        Size: 372736

Object: Hidden Module [Name: msgrvsta.thm]
Process: msnmsgr.exe (PID: 3976)        Address: 0x69c00000        Size: 20480

Object: Hidden Module [Name: de.dll]
Process: chrome.exe (PID: 4148)        Address: 0x66950000        Size: 163840

Object: Hidden Module [Name: de.dll]
Process: chrome.exe (PID: 5140)        Address: 0x66950000        Size: 163840






ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:                2010/06/30 17:38
Program Version:                Version 1.3.5.0
Windows Version:                Windows Vista SP1
==================================================

Hidden Services
-------------------

Code:
Antivirus        Version        letzte aktualisierung        Ergebnis
a-squared        5.0.0.31        2010.06.30        -
AhnLab-V3        2010.06.30.07        2010.06.30        -
AntiVir        8.2.4.2        2010.06.30        -
Antiy-AVL        2.0.3.7        2010.06.30        -
Authentium        5.2.0.5        2010.06.30        -
Avast        4.8.1351.0        2010.06.30        -
Avast5        5.0.332.0        2010.06.30        -
AVG        9.0.0.836        2010.06.30        Cryptic.AKR
BitDefender        7.2        2010.06.30        -
CAT-QuickHeal        11.00        2010.06.30        -
ClamAV        0.96.0.3-git        2010.06.30        -
Comodo        5267        2010.06.30        -
DrWeb        5.0.2.03300        2010.06.30        -
eSafe        7.0.17.0        2010.06.30        -
eTrust-Vet        36.1.7676        2010.06.30        Win32/Renos.D!generic
F-Prot        4.6.1.107        2010.06.29        -
F-Secure        9.0.15370.0        2010.06.30        Suspicious:W32/Malware!Gemini
Fortinet        4.1.133.0        2010.06.30        -
GData        21        2010.06.30        -
Ikarus        T3.1.1.84.0        2010.06.30        -
Jiangmin        13.0.900        2010.06.30        -
Kaspersky        7.0.0.125        2010.06.30        Packed.Win32.Katusha.n
McAfee        5.400.0.1158        2010.06.30        -
McAfee-GW-Edition        2010.1        2010.06.30        -
Microsoft        1.5902        2010.06.30        -
NOD32        5240        2010.06.30        a variant of Win32/Kryptik.FEP
Norman        6.05.10        2010.06.30        -
nProtect        2010-06-30.01        2010.06.30        -
Panda        10.0.2.7        2010.06.30        Suspicious file
PCTools        7.0.3.5        2010.06.30        -
Prevx        3.0        2010.06.30        High Risk Cloaked Malware
Rising        22.54.02.04        2010.06.30        -
Sophos        4.54.0        2010.06.30        -
Sunbelt        6526        2010.06.30        VirTool.Win32.Obfuscator.hg!b (v)
Symantec        20101.1.0.89        2010.06.30        -
TheHacker        6.5.2.0.305        2010.06.30        -
TrendMicro        9.120.0.1004        2010.06.30        -
TrendMicro-HouseCall        9.120.0.1004        2010.06.30        -
VBA32        3.12.12.5        2010.06.30        -
ViRobot        2010.6.29.3912        2010.06.30        -
VirusBuster        5.0.27.0        2010.06.30        -
weitere Informationen
File size: 170496 bytes
MD5...: 103e9816992a8a6a29b8f73e321264f3
SHA1..: efa9b40748b3bc223177c54204cc0a594a9a685e
SHA256: 8d6ee4b515f9d0b73b24c758a7d33fe2dee25627ad21e3b5f0d4b0a14c3b4eb1
ssdeep: 3072:xHoY2NR62PASXoCjD3kUlvED/6IhNgp9LTJcLV5Wz:xHxn2XDYD/BhCp9Bc
V5
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x38db
timedatestamp.....: 0x4ad14511 (Sun Oct 11 02:38:09 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x78dd 0x7a00 3.59 85c69642e577ba65316ae28b3c44a549
DATA 0x9000 0x1b21a 0x400 2.30 2dbc7b1171806fba0794df073320c652
.data 0x25000 0x2102b 0x21200 7.21 3ad3834c62d7f857e30b7f7b8b3859e3
.tls 0x47000 0xbe 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rdata 0x48000 0x20c 0x400 0.70 c1acea70ba510aff4bd8f9e48a1591bd

( 12 imports )
> msvcrt.dll: log10, memcmp, malloc, memcpy
> OLE32.dll: CoTaskMemFree, CoCreateFreeThreadedMarshaler, CoRevokeClassObject, CoCreateGuid, CLSIDFromProgID, CLSIDFromString, CoUninitialize
> COMDLG32.dll: GetFileTitleA
> shlwapi.dll: SHQueryInfoKeyA, SHQueryValueExA
> VERSION.dll: VerInstallFileA, GetFileVersionInfoA, VerFindFileA
> OLEAUT32.dll: SafeArrayUnaccessData, OleLoadPicture, SysFreeString, SysReAllocStringLen, SysStringLen
> GDI32.dll: SetTextColor, GetBitmapBits, CreateCompatibleDC, LineTo, RestoreDC, GetDIBits, SelectObject, GetPaletteEntries
> comctl32.dll: ImageList_Draw, ImageList_DrawEx, ImageList_Create, ImageList_Remove, ImageList_GetBkColor, ImageList_DragShowNolock, ImageList_Destroy, ImageList_Add
> SHELL32.dll: SHGetDiskFreeSpaceA, DragQueryFileA, SHGetSpecialFolderLocation, Shell_NotifyIconA, SHFileOperationA
> kernel32.dll: VirtualAlloc, GetProcAddress, LoadResource, ExitProcess, GetVersion, LoadLibraryExA, lstrcatA, ExitThread, GetModuleHandleA, CompareStringA, GetVersionExA, InitializeCriticalSection
> USER32.dll: DefFrameProcA, GetDlgItem, SetRect, EqualRect, GetKeyboardType, SetScrollInfo, SetFocus, SetCursor, EmptyClipboard, FindWindowA, CharLowerA, BeginPaint, DefMDIChildProcA, PostMessageA, LoadStringA, InsertMenuA, GetScrollPos, GetCursorPos, RemovePropA, GetSysColorBrush, DestroyMenu, ReleaseCapture, DrawIconEx, CreateWindowExA, GetSubMenu, DestroyCursor, GetCursor, GetClassNameA, GetKeyboardState, IsZoomed, LoadIconA, IsWindowVisible, GetKeyboardLayout, WindowFromPoint, EnableMenuItem, RegisterClassA, DefWindowProcA, SetWindowTextA, CharToOemA, UpdateWindow, SetWindowPos, GetKeyboardLayoutList, DestroyIcon, CheckMenuItem, SetClassLongA, SetScrollPos, DrawFrameControl, DrawIcon, OffsetRect, SetMenu, EnumThreadWindows, MsgWaitForMultipleObjects, GetMenuStringA, RegisterClipboardFormatA, InvalidateRect, GetClassLongA, CharNextA, GetWindow, PostQuitMessage, TrackPopupMenu, GetMessagePos, RemoveMenu, GetWindowRect, DrawTextA, GetDCEx, IntersectRect, GetWindowLongW, GetWindowDC, GetFocus, InflateRect, MapWindowPoints, EnumWindows, ShowWindow, GetScrollInfo, ActivateKeyboardLayout, SetMenuItemInfoA, GetSysColor, MapVirtualKeyA, IsWindow, SetWindowLongW, DrawMenuBar, CharLowerBuffA, SetWindowsHookExA, ShowScrollBar, FillRect, GetWindowLongA, CallNextHookEx, CharUpperBuffA, RedrawWindow, SystemParametersInfoA, CreateMenu, CharNextW, TranslateMDISysAccel, IsDialogMessageA, FrameRect, OemToCharA, LoadKeyboardLayoutA, GetIconInfo, PtInRect, KillTimer, SetWindowPlacement, ScrollWindow, WaitMessage, CloseClipboard, UnhookWindowsHookEx, ReleaseDC, DestroyWindow, EndPaint, SetActiveWindow, GetWindowThreadProcessId
> advapi32.dll: RegCreateKeyExA, GetUserNameA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
<a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=4893B17C00BCD07B9A83021784B00B0054FD004C' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=4893B17C00BCD07B9A83021784B00B0054FD004C</a>

kira 01.07.2010 06:19
Punkt 7.:-> http://www.trojaner-board.de/87658-a...tml#post537703
sehe die Dateiname nicht, was ob Du die richtige Datei prüfen lassen:
Zitat:
das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)
also bitte nochmal aber richtig:)

tina_084 01.07.2010 07:06
Code:

Datei Jg0.exe empfangen 2010.07.01 05:56:38 (UTC)
Status: Beendet
Ergebnis: 11/40 (27.5%)
  Filter
Drucken der Ergebnisse 
Antivirus        Version        letzte aktualisierung        Ergebnis
a-squared        5.0.0.31        2010.07.01        Packed.Win32.Katusha!IK
AhnLab-V3        2010.07.01.00        2010.07.01        -
AntiVir        8.2.4.2        2010.06.30        -
Antiy-AVL        2.0.3.7        2010.06.30        -
Authentium        5.2.0.5        2010.07.01        -
Avast        4.8.1351.0        2010.06.30        -
Avast5        5.0.332.0        2010.06.30        -
AVG        9.0.0.836        2010.07.01        Cryptic.AKR
BitDefender        7.2        2010.07.01        -
CAT-QuickHeal        11.00        2010.06.30        -
ClamAV        0.96.0.3-git        2010.07.01        -
Comodo        5272        2010.07.01        -
DrWeb        5.0.2.03300        2010.07.01        -
eSafe        7.0.17.0        2010.06.30        -
eTrust-Vet        36.1.7677        2010.06.30        Win32/Renos.D!generic
F-Prot        4.6.1.107        2010.06.30        -
F-Secure        9.0.15370.0        2010.07.01        Suspicious:W32/Malware!Gemini
Fortinet        4.1.133.0        2010.06.30        -
GData        21        2010.07.01        -
Ikarus        T3.1.1.84.0        2010.07.01        Packed.Win32.Katusha
Jiangmin        13.0.900        2010.07.01        -
Kaspersky        7.0.0.125        2010.07.01        Packed.Win32.Katusha.n
McAfee        5.400.0.1158        2010.07.01        -
McAfee-GW-Edition        2010.1        2010.06.30        Artemis!103E9816992A
Microsoft        1.5902        2010.07.01        -
NOD32        5241        2010.06.30        a variant of Win32/Kryptik.FEP
Norman        6.05.10        2010.06.30        -
nProtect        2010-06-30.01        2010.06.30        -
Panda        10.0.2.7        2010.06.30        Trj/CI.A
PCTools        7.0.3.5        2010.07.01        -
Rising        22.54.03.01        2010.07.01        -
Sophos        4.54.0        2010.07.01        Mal/FakeAV-CX
Sunbelt        6529        2010.07.01        VirTool.Win32.Obfuscator.hg!b (v)
Symantec        20101.1.0.89        2010.07.01        -
TheHacker        6.5.2.0.305        2010.06.30        -
TrendMicro        9.120.0.1004        2010.07.01        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.01        -
VBA32        3.12.12.5        2010.06.30        -
ViRobot        2010.6.29.3912        2010.07.01        -
VirusBuster        5.0.27.0        2010.06.30        -
weitere Informationen
File size: 170496 bytes
MD5...: 103e9816992a8a6a29b8f73e321264f3
SHA1..: efa9b40748b3bc223177c54204cc0a594a9a685e
SHA256: 8d6ee4b515f9d0b73b24c758a7d33fe2dee25627ad21e3b5f0d4b0a14c3b4eb1
ssdeep: 3072:xHoY2NR62PASXoCjD3kUlvED/6IhNgp9LTJcLV5Wz:xHxn2XDYD/BhCp9Bc
V5
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x38db
timedatestamp.....: 0x4ad14511 (Sun Oct 11 02:38:09 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x78dd 0x7a00 3.59 85c69642e577ba65316ae28b3c44a549
DATA 0x9000 0x1b21a 0x400 2.30 2dbc7b1171806fba0794df073320c652
.data 0x25000 0x2102b 0x21200 7.21 3ad3834c62d7f857e30b7f7b8b3859e3
.tls 0x47000 0xbe 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rdata 0x48000 0x20c 0x400 0.70 c1acea70ba510aff4bd8f9e48a1591bd

( 12 imports )
> msvcrt.dll: log10, memcmp, malloc, memcpy
> OLE32.dll: CoTaskMemFree, CoCreateFreeThreadedMarshaler, CoRevokeClassObject, CoCreateGuid, CLSIDFromProgID, CLSIDFromString, CoUninitialize
> COMDLG32.dll: GetFileTitleA
> shlwapi.dll: SHQueryInfoKeyA, SHQueryValueExA
> VERSION.dll: VerInstallFileA, GetFileVersionInfoA, VerFindFileA
> OLEAUT32.dll: SafeArrayUnaccessData, OleLoadPicture, SysFreeString, SysReAllocStringLen, SysStringLen
> GDI32.dll: SetTextColor, GetBitmapBits, CreateCompatibleDC, LineTo, RestoreDC, GetDIBits, SelectObject, GetPaletteEntries
> comctl32.dll: ImageList_Draw, ImageList_DrawEx, ImageList_Create, ImageList_Remove, ImageList_GetBkColor, ImageList_DragShowNolock, ImageList_Destroy, ImageList_Add
> SHELL32.dll: SHGetDiskFreeSpaceA, DragQueryFileA, SHGetSpecialFolderLocation, Shell_NotifyIconA, SHFileOperationA
> kernel32.dll: VirtualAlloc, GetProcAddress, LoadResource, ExitProcess, GetVersion, LoadLibraryExA, lstrcatA, ExitThread, GetModuleHandleA, CompareStringA, GetVersionExA, InitializeCriticalSection
> USER32.dll: DefFrameProcA, GetDlgItem, SetRect, EqualRect, GetKeyboardType, SetScrollInfo, SetFocus, SetCursor, EmptyClipboard, FindWindowA, CharLowerA, BeginPaint, DefMDIChildProcA, PostMessageA, LoadStringA, InsertMenuA, GetScrollPos, GetCursorPos, RemovePropA, GetSysColorBrush, DestroyMenu, ReleaseCapture, DrawIconEx, CreateWindowExA, GetSubMenu, DestroyCursor, GetCursor, GetClassNameA, GetKeyboardState, IsZoomed, LoadIconA, IsWindowVisible, GetKeyboardLayout, WindowFromPoint, EnableMenuItem, RegisterClassA, DefWindowProcA, SetWindowTextA, CharToOemA, UpdateWindow, SetWindowPos, GetKeyboardLayoutList, DestroyIcon, CheckMenuItem, SetClassLongA, SetScrollPos, DrawFrameControl, DrawIcon, OffsetRect, SetMenu, EnumThreadWindows, MsgWaitForMultipleObjects, GetMenuStringA, RegisterClipboardFormatA, InvalidateRect, GetClassLongA, CharNextA, GetWindow, PostQuitMessage, TrackPopupMenu, GetMessagePos, RemoveMenu, GetWindowRect, DrawTextA, GetDCEx, IntersectRect, GetWindowLongW, GetWindowDC, GetFocus, InflateRect, MapWindowPoints, EnumWindows, ShowWindow, GetScrollInfo, ActivateKeyboardLayout, SetMenuItemInfoA, GetSysColor, MapVirtualKeyA, IsWindow, SetWindowLongW, DrawMenuBar, CharLowerBuffA, SetWindowsHookExA, ShowScrollBar, FillRect, GetWindowLongA, CallNextHookEx, CharUpperBuffA, RedrawWindow, SystemParametersInfoA, CreateMenu, CharNextW, TranslateMDISysAccel, IsDialogMessageA, FrameRect, OemToCharA, LoadKeyboardLayoutA, GetIconInfo, PtInRect, KillTimer, SetWindowPlacement, ScrollWindow, WaitMessage, CloseClipboard, UnhookWindowsHookEx, ReleaseDC, DestroyWindow, EndPaint, SetActiveWindow, GetWindowThreadProcessId
> advapi32.dll: RegCreateKeyExA, GetUserNameA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

kira 01.07.2010 21:27
da die Datei noch Relativ unbekannt ist, lass uns sie noch schnell hochladen, damit sie zu den AV-Programm Herstellern weitergeleitet werden kann bzw zur weitere Analyse:

Datei Upload
C:\Users\tina\AppData\Local\Temp\Jg0.exe
  • Gib im Kommentarfeld Folgendes an:
  • "Unknown file"
  • diese Information:
Code:
Datei Jg0.exe empfangen 2010.07.01 05:56:38 (UTC)
Status: Beendet
Ergebnis: 11/40 (27.5%)
  Filter
Drucken der Ergebnisse 
Antivirus        Version        letzte aktualisierung        Ergebnis
a-squared        5.0.0.31        2010.07.01        Packed.Win32.Katusha!IK
AhnLab-V3        2010.07.01.00        2010.07.01        -
AntiVir        8.2.4.2        2010.06.30        -
Antiy-AVL        2.0.3.7        2010.06.30        -
Authentium        5.2.0.5        2010.07.01        -
Avast        4.8.1351.0        2010.06.30        -
Avast5        5.0.332.0        2010.06.30        -
AVG        9.0.0.836        2010.07.01        Cryptic.AKR
BitDefender        7.2        2010.07.01        -
CAT-QuickHeal        11.00        2010.06.30        -
ClamAV        0.96.0.3-git        2010.07.01        -
Comodo        5272        2010.07.01        -
DrWeb        5.0.2.03300        2010.07.01        -
eSafe        7.0.17.0        2010.06.30        -
eTrust-Vet        36.1.7677        2010.06.30        Win32/Renos.D!generic
F-Prot        4.6.1.107        2010.06.30        -
F-Secure        9.0.15370.0        2010.07.01        Suspicious:W32/Malware!Gemini
Fortinet        4.1.133.0        2010.06.30        -
GData        21        2010.07.01        -
Ikarus        T3.1.1.84.0        2010.07.01        Packed.Win32.Katusha
Jiangmin        13.0.900        2010.07.01        -
Kaspersky        7.0.0.125        2010.07.01        Packed.Win32.Katusha.n
McAfee        5.400.0.1158        2010.07.01        -
McAfee-GW-Edition        2010.1        2010.06.30        Artemis!103E9816992A
Microsoft        1.5902        2010.07.01        -
NOD32        5241        2010.06.30        a variant of Win32/Kryptik.FEP
Norman        6.05.10        2010.06.30        -
nProtect        2010-06-30.01        2010.06.30        -
Panda        10.0.2.7        2010.06.30        Trj/CI.A
PCTools        7.0.3.5        2010.07.01        -
Rising        22.54.03.01        2010.07.01        -
Sophos        4.54.0        2010.07.01        Mal/FakeAV-CX
Sunbelt        6529        2010.07.01        VirTool.Win32.Obfuscator.hg!b (v)
Symantec        20101.1.0.89        2010.07.01        -
TheHacker        6.5.2.0.305        2010.06.30        -
TrendMicro        9.120.0.1004        2010.07.01        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.01        -
VBA32        3.12.12.5        2010.06.30        -
ViRobot        2010.6.29.3912        2010.07.01        -
VirusBuster        5.0.27.0        2010.06.30        -
weitere Informationen
File size: 170496 bytes
MD5...: 103e9816992a8a6a29b8f73e321264f3
SHA1..: efa9b40748b3bc223177c54204cc0a594a9a685e
SHA256: 8d6ee4b515f9d0b73b24c758a7d33fe2dee25627ad21e3b5f0d4b0a14c3b4eb1
ssdeep: 3072:xHoY2NR62PASXoCjD3kUlvED/6IhNgp9LTJcLV5Wz:xHxn2XDYD/BhCp9Bc
V5
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x38db
timedatestamp.....: 0x4ad14511 (Sun Oct 11 02:38:09 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x78dd 0x7a00 3.59 85c69642e577ba65316ae28b3c44a549
DATA 0x9000 0x1b21a 0x400 2.30 2dbc7b1171806fba0794df073320c652
.data 0x25000 0x2102b 0x21200 7.21 3ad3834c62d7f857e30b7f7b8b3859e3
.tls 0x47000 0xbe 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rdata 0x48000 0x20c 0x400 0.70 c1acea70ba510aff4bd8f9e48a1591bd

( 12 imports )
> msvcrt.dll: log10, memcmp, malloc, memcpy
> OLE32.dll: CoTaskMemFree, CoCreateFreeThreadedMarshaler, CoRevokeClassObject, CoCreateGuid, CLSIDFromProgID, CLSIDFromString, CoUninitialize
> COMDLG32.dll: GetFileTitleA
> shlwapi.dll: SHQueryInfoKeyA, SHQueryValueExA
> VERSION.dll: VerInstallFileA, GetFileVersionInfoA, VerFindFileA
> OLEAUT32.dll: SafeArrayUnaccessData, OleLoadPicture, SysFreeString, SysReAllocStringLen, SysStringLen
> GDI32.dll: SetTextColor, GetBitmapBits, CreateCompatibleDC, LineTo, RestoreDC, GetDIBits, SelectObject, GetPaletteEntries
> comctl32.dll: ImageList_Draw, ImageList_DrawEx, ImageList_Create, ImageList_Remove, ImageList_GetBkColor, ImageList_DragShowNolock, ImageList_Destroy, ImageList_Add
> SHELL32.dll: SHGetDiskFreeSpaceA, DragQueryFileA, SHGetSpecialFolderLocation, Shell_NotifyIconA, SHFileOperationA
> kernel32.dll: VirtualAlloc, GetProcAddress, LoadResource, ExitProcess, GetVersion, LoadLibraryExA, lstrcatA, ExitThread, GetModuleHandleA, CompareStringA, GetVersionExA, InitializeCriticalSection
> USER32.dll: DefFrameProcA, GetDlgItem, SetRect, EqualRect, GetKeyboardType, SetScrollInfo, SetFocus, SetCursor, EmptyClipboard, FindWindowA, CharLowerA, BeginPaint, DefMDIChildProcA, PostMessageA, LoadStringA, InsertMenuA, GetScrollPos, GetCursorPos, RemovePropA, GetSysColorBrush, DestroyMenu, ReleaseCapture, DrawIconEx, CreateWindowExA, GetSubMenu, DestroyCursor, GetCursor, GetClassNameA, GetKeyboardState, IsZoomed, LoadIconA, IsWindowVisible, GetKeyboardLayout, WindowFromPoint, EnableMenuItem, RegisterClassA, DefWindowProcA, SetWindowTextA, CharToOemA, UpdateWindow, SetWindowPos, GetKeyboardLayoutList, DestroyIcon, CheckMenuItem, SetClassLongA, SetScrollPos, DrawFrameControl, DrawIcon, OffsetRect, SetMenu, EnumThreadWindows, MsgWaitForMultipleObjects, GetMenuStringA, RegisterClipboardFormatA, InvalidateRect, GetClassLongA, CharNextA, GetWindow, PostQuitMessage, TrackPopupMenu, GetMessagePos, RemoveMenu, GetWindowRect, DrawTextA, GetDCEx, IntersectRect, GetWindowLongW, GetWindowDC, GetFocus, InflateRect, MapWindowPoints, EnumWindows, ShowWindow, GetScrollInfo, ActivateKeyboardLayout, SetMenuItemInfoA, GetSysColor, MapVirtualKeyA, IsWindow, SetWindowLongW, DrawMenuBar, CharLowerBuffA, SetWindowsHookExA, ShowScrollBar, FillRect, GetWindowLongA, CallNextHookEx, CharUpperBuffA, RedrawWindow, SystemParametersInfoA, CreateMenu, CharNextW, TranslateMDISysAccel, IsDialogMessageA, FrameRect, OemToCharA, LoadKeyboardLayoutA, GetIconInfo, PtInRect, KillTimer, SetWindowPlacement, ScrollWindow, WaitMessage, CloseClipboard, UnhookWindowsHookEx, ReleaseDC, DestroyWindow, EndPaint, SetActiveWindow, GetWindowThreadProcessId
> advapi32.dll: RegCreateKeyExA, GetUserNameA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
  • Drücke nun auf den Button "Send File"
  • **Damit wir mit dem nächsten Schritt fortfahren können, teile uns mit, ob es dir gelungen ist, die Datei/en hochzuladen.
    .

kira 08.07.2010 06:48
Fehlende Rückmeldung - Thread geschlossen! Handlungsempfehlungen und ggf. weitere Maßnahmen hier:-> Anleitung: Neuaufsetzen des Systems + Absicherung


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27