Trojaner gefunden

#1 Hallo zusammen,

habe mir wohl was eingefangen. Hab gemäß der Anleitung die Bereinigung durchgeführt und dann Malwarbytes ausgeführt.

Zitat

Hier die Log-Datei:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4103

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

15.05.2010 15:08:51
mbam-log-2010-05-15 (15-08-51).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 138168
Laufzeit: 7 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\User\Favorites\Free - Stream (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wwwzuc32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

#2 hier die anschließende log.txt von RSIT:

Zitat

Logfile of random's system information tool 1.07 (written by random/random)
Run by Stefan at 2010-05-15 15:30:04
Microsoft® Windows Vista™ Home Premium
System drive C: has 18 GB (19%) free of 95 GB
Total RAM: 3070 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:30:08, on 15.05.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\microsoft shared\Works Shared\WkUFind.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\pdf24\pdf24.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\Program Files\WinSuite\strtfx.exe
C:\Program Files\WinSuite\sndml.exe
C:\Program Files\ActiveFax\Terminal\TSClientB.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\FRITZ!DSL\StCenter.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Stefan\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [strtfx] "C:\Program Files\WinSuite\strtfx.exe"
O4 - HKLM\..\Run: [sndml] "C:\Program Files\WinSuite\sndml.exe"
O4 - HKLM\..\Run: [ActiveFax Terminal Server] C:\Program Files\ActiveFax\Terminal\TSClientB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [FaxStart] "C:\Program Files\WinSuite\Fax.exe" /pt systemstart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [FRITZ!protect] FwebProt.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [FRITZ!protect] FwebProt.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CAPIControl.lnk = ?
O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ?
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ActiveFax-Server-Dienst (ActiveFaxServiceNT) - ActFax Communication - C:\Program Files\ActiveFax\Server\ActSrvNT.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Freenet background service_2 (freenet_2) - Unknown owner - C:\Freenet\bin\wrapper-windows-x86-32.exe (file missing)
O23 - Service: Freenet background service_4 (freenet_4) - Unknown owner - E:\Freenet\bin\wrapper-windows-x86-32.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: RelayFax Server Engine (RelayFax) - Alt-N Technologies, Ltd. - C:\PROGRA~1\RelayFax\App\RFEngine.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10496 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-04-16 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-24 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-25 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
softonic-de3 Toolbar - C:\Program Files\softonic-de3\tbsoft.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll [2010-01-08 1109504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-24 263280]
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - softonic-de3 Toolbar - C:\Program Files\softonic-de3\tbsoft.dll [2010-03-17 2355224]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-07-12 1006264]
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352]
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-22 438272]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744]
"NDSTray.exe"=NDSTray.exe []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-07-27 204800]
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe [2001-10-09 24576]
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe [2001-10-04 331830]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-10-04 28738]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"PDFPrint"=C:\Program Files\pdf24\pdf24.exe [2010-02-22 207504]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2010-01-08 974848]
"strtfx"=C:\Program Files\WinSuite\strtfx.exe [2003-10-10 24576]
"sndml"=C:\Program Files\WinSuite\sndml.exe [2005-11-03 32768]
"ActiveFax Terminal Server"=C:\Program Files\ActiveFax\Terminal\TSClientB.exe [2010-05-09 419008]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"FaxStart"=C:\Program Files\WinSuite\Fax.exe [2004-05-18 647168]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
CAPIControl.lnk - C:\Windows\Installer\{0B2FF6D9-359D-4481-8A0D-43A674B665C9}\Ta33usb.exe
Erinnerungen in Microsoft Works-Kalender.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
FRITZ!DSL Startcenter.lnk - C:\Windows\Installer\{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}\Icon2457326B4.exe
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-05-15 15:30:04 ----D---- C:\rsit
2010-05-15 14:51:30 ----D---- C:\Users\User\AppData\Roaming\Malwarebytes
2010-05-15 14:51:12 ----D---- C:\ProgramData\Malwarebytes
2010-05-15 14:51:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-15 14:42:31 ----D---- C:\Program Files\CCleaner
2010-05-09 23:52:22 ----D---- C:\RELAYFAX
2010-05-09 23:51:21 ----A---- C:\Windows\FAXCPP1.INI
2010-05-09 23:51:21 ----A---- C:\Windows\FAXCPP.INI
2010-05-09 23:51:12 ----A---- C:\Windows\RFOIni.ini
2010-05-09 23:51:04 ----A---- C:\Windows\RFRIni.ini
2010-05-09 23:51:02 ----A---- C:\Windows\system32\TIFF32.dll
2010-05-09 23:46:52 ----D---- C:\Users\User\AppData\Roaming\RelayFax
2010-05-09 23:46:01 ----A---- C:\Windows\system32\imgman32.dll
2010-05-09 23:45:59 ----A---- C:\Windows\system32\Bwcc32.dll
2010-05-09 23:45:57 ----A---- C:\Windows\RFPIni.ini
2010-05-09 23:45:56 ----A---- C:\Windows\system32\BuMResNT.dll
2010-05-09 23:45:56 ----A---- C:\Windows\system32\BuMAppNT.exe
2010-05-09 23:45:55 ----A---- C:\Windows\system32\JPEG32.dll
2010-05-09 23:45:55 ----A---- C:\Windows\system32\BuMRmvNT.dll
2010-05-09 23:45:55 ----A---- C:\Windows\system32\BuMMonNT.dll
2010-05-09 23:45:55 ----A---- C:\Windows\system32\BiImgUser.dll
2010-05-09 23:45:39 ----D---- C:\Program Files\RelayFax
2010-05-09 23:18:53 ----A---- C:\Windows\system32\ActiveFax.Cmd
2010-05-09 23:18:52 ----A---- C:\Windows\system32\ActMonRe.dll
2010-05-09 23:18:52 ----A---- C:\Windows\system32\ActMonNT.dll
2010-05-09 23:18:51 ----D---- C:\Program Files\ActiveFax
2010-05-09 23:18:51 ----A---- C:\Windows\UIActFax.exe
2010-05-09 23:18:51 ----A---- C:\Windows\UIActFax.dll
2010-05-09 20:13:05 ----D---- C:\Users\User\AppData\Roaming\PersonalFax
2010-05-09 20:12:15 ----A---- C:\Windows\PFUn.EXE
2010-05-09 20:12:07 ----D---- C:\Program Files\PersonalFax
2010-05-09 20:11:20 ----A---- C:\Windows\IsUn0407.exe
2010-05-09 19:57:52 ----D---- C:\Users\User\AppData\Roaming\FRITZ!
2010-05-09 19:56:33 ----D---- C:\Program Files\FRITZ!DSL
2010-05-09 19:56:33 ----D---- C:\Program Files\Common Files\AVM
2010-05-09 19:55:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-05-09 18:00:49 ----D---- C:\Users\User\AppData\Roaming\winsuite
2010-05-09 17:57:58 ----A---- C:\_auditt.txt
2010-05-09 17:57:09 ----N---- C:\Windows\system32\WSFAXMON.DLL
2010-05-09 17:57:09 ----A---- C:\Windows\system32\CORFAX.dll
2010-05-09 17:01:14 ----D---- C:\Program Files\WinSuite
2010-05-09 16:54:49 ----A---- C:\Windows\WINPHONE.INI
2010-05-09 16:54:45 ----D---- C:\Program Files\DeTeWe
2010-05-01 15:50:36 ----D---- C:\Program Files\Application Updater
2010-05-01 15:50:35 ----D---- C:\Program Files\pdfforge Toolbar
2010-05-01 15:50:17 ----A---- C:\Windows\system32\pdfcmnnt.dll
2010-05-01 15:50:15 ----D---- C:\Program Files\PDFCreator
2010-05-01 15:50:15 ----A---- C:\Windows\system32\VB6DE.DLL
2010-05-01 15:50:15 ----A---- C:\Windows\system32\MSMPIDE.DLL
2010-05-01 15:50:15 ----A---- C:\Windows\system32\MSCMCDE.DLL
2010-05-01 14:08:58 ----D---- C:\Program Files\Scribus 1.3.3.13
2010-05-01 14:08:55 ----D---- C:\Program Files\Conduit
2010-05-01 14:08:54 ----D---- C:\Program Files\softonic-de3
2010-04-30 15:56:12 ----D---- C:\Users\User\AppData\Roaming\Opera
2010-04-29 11:23:15 ----D---- C:\ProgramData\Adobe Systems
2010-04-29 11:14:01 ----D---- C:\Program Files\Common Files\Adobe Systems Shared

======List of files/folders modified in the last 1 months======

2010-05-15 15:30:06 ----D---- C:\Program Files\trend micro
2010-05-15 15:30:01 ----D---- C:\Windows\temp
2010-05-15 15:13:46 ----D---- C:\Windows\inf
2010-05-15 15:11:49 ----RD---- C:\Users
2010-05-15 15:10:41 ----D---- C:\Windows\system32\drivers
2010-05-15 15:09:30 ----D---- C:\Windows\OEMDrv
2010-05-15 14:51:12 ----RD---- C:\Program Files
2010-05-15 14:51:12 ----D---- C:\ProgramData
2010-05-15 14:15:24 ----D---- C:\Users\User\AppData\Roaming\FileZilla
2010-05-14 12:52:50 ----D---- C:\ProgramData\Adobe
2010-05-14 12:51:54 ----SHD---- C:\Windows\Installer
2010-05-14 12:51:10 ----D---- C:\Program Files\Common Files\Adobe
2010-05-14 12:50:31 ----D---- C:\Program Files\Adobe
2010-05-14 12:50:22 ----D---- C:\Windows\System32
2010-05-14 12:50:19 ----SHD---- C:\System Volume Information
2010-05-14 08:59:52 ----D---- C:\Users\User\AppData\Roaming\vlc
2010-05-13 21:10:07 ----D---- C:\Users\User\AppData\Roaming\ICQ
2010-05-09 23:52:22 ----A---- C:\Windows\win.ini
2010-05-09 23:51:21 ----D---- C:\Windows
2010-05-09 20:49:17 ----D---- C:\Windows\system
2010-05-09 20:13:55 ----D---- C:\Windows\ModemLogs
2010-05-09 19:56:33 ----D---- C:\Program Files\Common Files
2010-05-09 17:57:09 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-09 03:41:43 ----D---- C:\Windows\Minidump
2010-05-08 13:06:27 ----D---- C:\Windows\Prefetch
2010-05-06 10:36:38 ----N---- C:\Windows\system32\MpSigStub.exe
2010-05-01 15:53:41 ----D---- C:\Users\User\AppData\Roaming\Adobe
2010-05-01 15:50:42 ----D---- C:\Windows\winsxs
2010-05-01 10:12:37 ----D---- C:\Windows\system32\catroot2
2010-04-30 16:19:14 ----D---- C:\Program Files\Mozilla Firefox
2010-04-30 16:19:05 ----D---- C:\Program Files\IrfanView
2010-04-30 16:00:20 ----D---- C:\Users\User\AppData\Roaming\gtk-2.0
2010-04-28 11:03:02 ----SD---- C:\Users\User\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 CAPI20;Eumex 504PC USB; C:\Windows\system32\drivers\CAPI20.sys [2004-05-17 969124]
R2 DETEWECP;DeTeWe CapiPort; C:\Windows\System32\drivers\detewecp.sys [2001-09-18 38480]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-11-02 3170304]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-11-27 14208]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-05 1953944]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-26 2216448]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-10-15 82432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-07-27 188336]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
S2 gnuftqknioen;gnuftqknioen; \??\C:\Windows\system32\drivers\hrbmvwhahv.sys []
S3 61883;61883-Einheitsgerät; C:\Windows\system32\DRIVERS\61883.sys [2006-11-02 45696]
S3 athr;Atheros Extensible Drahtlos-LAN-Gerätetreiber; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
S3 Avc;AVC-Gerät; C:\Windows\system32\DRIVERS\avc.sys [2006-11-02 40448]
S3 CW100;CW100 Device; C:\Windows\system32\DRIVERS\CW100.sys [2002-05-24 24092]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-11-08 101760]
S3 iComp;Python2 USB WDM Encoder; C:\Windows\system32\DRIVERS\p2usbwdm.sys [2005-08-24 1622144]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2006-11-02 52608]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2006-11-02 8192]
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
S3 ulisa;DeTeWe ISDN-Adapter (USB); C:\Windows\System32\Drivers\ulisa.sys [2004-05-14 122716]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 CplIR;Embedded IR Driver; C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
S4 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-11-02 626688]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 IGDCTRL;AVM IGD CTRL Service; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 73528]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-09-19 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
S2 freenet_2;Freenet background service_2; C:\Freenet\bin\wrapper-windows-x86-32.exe -s C:\Freenet\wrapper.conf []
S2 freenet_4;Freenet background service_4; E:\Freenet\bin\wrapper-windows-x86-32.exe -s E:\Freenet\wrapper.conf []
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
S3 ActiveFaxServiceNT;ActiveFax-Server-Dienst; C:\Program Files\ActiveFax\Server\ActSrvNT.exe [2010-05-09 1508544]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-04-29 72704]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-05 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 RelayFax;RelayFax Server Engine; C:\PROGRA~1\RelayFax\App\RFEngine.exe [2010-03-26 1265732]

-----------------EOF-----------------

#3 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

>Doppelklick auf die OTL.exe
-->Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
>Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
>Unter Extra Registry, wähle bitte Use SafeList
>Klicke nun auf Run Scan links oben
>Wenn der Scan beendet wurde werden 2 Logfiles erstellt
>Poste die Logfiles in Code-Tags hier in den Thread.


Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

• alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
• nichts am Rechner getan werden,
• nach jedem Scan der Rechner neu gestartet werden.
• Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
• Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
• Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
• Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

#4 hier die info.txt von Rsit:

Zitat

info.txt logfile of random's system information tool 1.06 2010-05-15 15:30:09

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x7
ActiveFax-->C:\Windows\UIActFax.exe
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 9.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
Any Video Converter Professional 3.0.3-->"C:\Program Files\AnvSoft\Any Video Converter Professional\unins000.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Auto Gordian Knot 2.55-->C:\Program Files\AutoGK\uninst.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVM FRITZ!DSL-->MsiExec.exe /X{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}
AVS TV Box 1.5.1-->"C:\Program Files\AVS4YOU\AVSTVBox\unins000.exe"
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Catalyst Control Center - Branding-->MsiExec.exe /I{BC1ADEAD-99F1-4707-B31B-CDB222D5BB68}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x7
CD/DVD Label Printer LPCW-100-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B4DAD2F-38F5-4F2A-87BF-924B175A38F3}\Setup.exe" -uninst anything
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Das Fussball Studio 7.5.1-->"C:\Program Files\Das Fussball Studio\uninst\unins000.exe"
Desktop SMS-->MsiExec.exe /I{5980B928-1C95-4B3E-957B-B02D8147FF9E}
DolbyFiles-->MsiExec.exe /X{b1adf008-e898-4fe2-8a1f-690d9a06acaf}
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x7
DVDx 2-->"C:\Program Files\DVDx\unins000.exe"
EA SPORTS online 2006-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
Emdedded IR Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{A6D4234C-CB02-4048-AC3E-AD09404FA35A}
Eraser 5.8.7-->"C:\Program Files\Eraser\unins000.exe"
FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909}
FileZilla Client 3.2.4.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)-->C:\Program Files\MAGIX\Common\Database\uninstall.exe
Free Audio CD Burner version 1.2-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free FLV Converter V 6.7.4-->"C:\Program Files\Free FLV Converter\unins000.exe"
Free M4a to MP3 Converter 6.1-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe"
Free Video to Mp3 Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
Free YouTube to MP3 Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
FreeStar Free Video Converter 9.0.1-->C:\Program Files\freestar\fvc\uninst.exe
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GPL Ghostscript 8.70-->c:\program files\gs\uninstgs.exe "c:\program files\gs\gs8.70\uninstal.txt"
Grabster AV 400-->MsiExec.exe /I{1E61538A-D482-4252-BBB7-D892FD52FC50}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IBP 11.5-->"C:\Program Files\IBP 11\unins000.exe"
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
InfoRapid Suchen & Ersetzen-->C:\PROGRA~1\seRapid\UNWISE.EXE C:\PROGRA~1\seRapid\INSTALL.LOG
Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Kate's Video Converter 2.8.0-->"C:\Program Files\Kate's Video Converter\unins000.exe"
MAGIX Digital Foto Maker SE 4.1.0.835 (D)-->C:\Program Files\MAGIX\DigitalFotoMaker2007_SE\instslct.exe
MAGIX Foto Suite 1.12.0.89 (D)-->C:\Program Files\MAGIX\Foto_Suite\instslct.exe
MAGIX Online Druck Service 2.3.2.0 (D)-->C:\Program Files\MAGIX\Online_Druck_Service\instslct.exe
MAGIX video deLuxe 2003 2004 PLUS-->C:\MAGIX\video_deLuxe_2003_2004_PLUS\unwise.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Security Scan-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Menu Templates - Starter Kit-->MsiExec.exe /X{b78120a0-cf84-4366-a393-4d0a59bc546c}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Microsoft Word 2002-->MsiExec.exe /I{911B0407-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002-Setup-Start-->C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe F:\
Microsoft Works 6.0-->MsiExec.exe /I{ED5EDCD0-5745-4B13-8061-58C9833FD06D}
Movie Templates - Starter Kit-->MsiExec.exe /X{e498385e-1c51-459a-b45f-1721e37aa1a0}
Mozilla Firefox (3.5.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.24)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
myphotobook 3.1-->C:\Program Files\myphotobook\uninst.exe
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-2085-KK25-2LEE-0UHL-8MPA-6H4U-EHAL"
Nero BurnRights-->MsiExec.exe /X{7829db6f-a066-4e40-8912-cb07887c20bb}
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero CoverDesigner-->MsiExec.exe /X{62ac81f6-bdd3-4110-9d36-3e9eaab40999}
Nero Disc Copy Gadget-->MsiExec.exe /X{f1861f30-3419-44db-b2a1-c274825698b3}
Nero DiscSpeed-->MsiExec.exe /X{869200db-287a-4dc0-b02b-2b6787fbcd4c}
Nero DriveSpeed-->MsiExec.exe /X{33cf58f5-48d8-4575-83d6-96f574e4d83a}
Nero InfoTool-->MsiExec.exe /X{fbcdfd61-7dcf-4e71-9226-873ba0053139}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Live-->MsiExec.exe /X{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}
Nero PhotoSnap-->MsiExec.exe /X{9e82b934-9a25-445b-b8df-8012808074ac}
Nero Recode-->MsiExec.exe /X{359cfc0a-beb1-440d-95ba-cf63a86da34f}
Nero Rescue Agent-->MsiExec.exe /X{368ba326-73ad-4351-84ed-3c0a7a52cc53}
Nero ShowTime-->MsiExec.exe /X{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
Nero Vision-->MsiExec.exe /X{43e39830-1826-415d-8bae-86845787b54b}
Nero WaveEditor-->MsiExec.exe /X{a209525b-3377-43f4-b886-32f6b6e7356f}
NeroBurningROM-->MsiExec.exe /X{d025a639-b9c9-417d-8531-208859000af8}
NeroExpress-->MsiExec.exe /X{595a3116-40bb-4e0f-a2e8-d7951da56270}
NeroLiveGadget-->MsiExec.exe /X{9e9fdde6-2c26-492a-85a0-05646b3f2795}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PDF24 Creator-->"C:\Program Files\pdf24\unins001.exe"
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
pdfforge Toolbar v1.1.2-->MsiExec.exe /X{5791B7D3-8B34-4218-9750-6A8E45D0AD32}
Perfect Ace 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3735A109-7039-446B-BB91-19925EE32BE1} /l1031
PersonalFax 1.50-->C:\Windows\PFUn.EXE /UnInst:"C:\Windows\PersonalFax_Uninstall.in"
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RelayFax Printer Driver + SMTP Client-->C:\PROGRA~1\RelayFax\App\UNWISE.EXE C:\PROGRA~1\RelayFax\App\INSTALL.LOG
RelayFax PRO-->C:\PROGRA~1\RelayFax\App\UNWISE.EXE C:\PROGRA~1\RelayFax\App\SRVINSTALL.LOG
Scribus 1.3.3.13-->C:\Program Files\Scribus 1.3.3.13\uninst.exe
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
softonic-de3 Toolbar-->C:\PROGRA~1\SOFTON~1\UNWISE.EXE /U C:\PROGRA~1\SOFTON~1\INSTALL.LOG
SoundTrax-->MsiExec.exe /X{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}
SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SuperMailer 4.90-->C:\Windows\SMUn.EXE /UnInst:"C:\Windows\SuperMailer_Uninstall.in"
Surf & E-Mail-Stick-->C:\Program Files\Surf & E-Mail-Stick\uninst.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TA 33 USB-->MsiExec.exe /I{0B2FF6D9-359D-4481-8A0D-43A674B665C9}
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0407
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x7
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0007 uninstall
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0007 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0407
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1031
Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Supervisorkennwort-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1031
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0407
Ulead DVD PowerTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A04BF5DC-6DD3-4B6D-BABD-B1BC5DB23CF0}\setup.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Videoload Manager 2.0.2171-->C:\Program Files\Videoload Manager\fluxDVDCustomClientUninst.exe
Virtua Tennis(TM) 2009-->"C:\Program Files\InstallShield Installation Information\{9B63540D-D942-4C38-B42E-A48AE0145970}\setup.exe" -runfromtemp -l0x0007 -removeonly
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Warcraft II BNE-->C:\Windows\W2BNEUnin.exe C:\Windows\W2BNEUnin.dat
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
WinSuite-->"C:\Program Files\WinSuite\uninstall.exe"
XMedia Recode 2.1.2.9-->C:\Program Files\XMedia Recode\uninst.exe
XviD MPEG4 Video Codec (remove only)-->"C:\Program Files\XviD\xvid-uninstall.exe"

======Security center information======

AV: AntiVir Desktop
AS: AntiVir Desktop
AS: Windows-Defender

======System event log======

Computer Name: User
Event Code: 102
Message: Der Dienst hat das Veröffentlichen aufgrund eines Stromversorgungsereignisses vorübergehend beendet.
Record Number: 232174
Source Name: Microsoft-Windows-ResourcePublication
Time Written: 20100515131450.728191-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

Computer Name: User
Event Code: 7036
Message: Dienst "Geschützter Speicher" befindet sich jetzt im Status "Ausgeführt".
Record Number: 232175
Source Name: Service Control Manager
Time Written: 20100515131512.000000-000
Event Type: Informationen
User:

Computer Name: User
Event Code: 10029
Message: DCOM hat den Dienst TrustedInstaller mit den Argumenten "" gestartet, um den Server auszuführen:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Record Number: 232176
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100515132626.000000-000
Event Type: Informationen
User:

Computer Name: User
Event Code: 7036
Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Ausgeführt".
Record Number: 232177
Source Name: Service Control Manager
Time Written: 20100515132626.000000-000
Event Type: Informationen
User:

Computer Name: User
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 232178
Source Name: Service Control Manager
Time Written: 20100515132827.000000-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: User
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 41478
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20100515131157.022791-000
Event Type: Informationen
User: User\User

Computer Name: User
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 41479
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20100515131157.521991-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: User
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 41480
Source Name: SecurityCenter
Time Written: 20100515131411.000000-000
Event Type: Informationen
User:

Computer Name: User
Event Code: 102
Message: WinMail (1112) WindowsMail0: The database engine (6.00.6000.0000) started a new instance (0).
Record Number: 41481
Source Name: ESENT
Time Written: 20100515131511.000000-000
Event Type: Informationen
User:

Computer Name: User
Event Code: 103
Message: WinMail (1112) WindowsMail0: The database engine stopped the instance (0).
Record Number: 41482
Source Name: ESENT
Time Written: 20100515132943.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: User
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.

Fehlercode: 2
Record Number: 50645
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100515131157.241191-000
Event Type: Überwachung gescheitert
User:

Computer Name: User
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Windows\System32\drivers\mbamswissarmy.sys
Record Number: 50646
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100515131920.583191-000
Event Type: Überwachung gescheitert
User:

Computer Name: User
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: User$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x2c8
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Netzwerkadresse: -
Port: -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 50647
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100515132624.605391-000
Event Type: Überwachung erfolgreich
User:

Computer Name: User
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: User$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Anmeldetyp: 5

Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x2c8
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 50648
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100515132624.605391-000
Event Type: Überwachung erfolgreich
User:

Computer Name: User
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7

Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 50649
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100515132624.605391-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\M PEG;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Adobe\AGL
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------

#5 Hier gehts weiter:
http://board.protecus.de/t39648.htm#340268

#6 Hier die Extras.txt aus OTL:

Zitat

OTL Extras logfile created on: 15.05.2010 20:07:32 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,77 Gb Total Space | 16,70 Gb Free Space | 18,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 92,07 Gb Total Space | 17,17 Gb Free Space | 18,64% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 233,76 Gb Total Space | 41,31 Gb Free Space | 17,67% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: User
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4224013243-733336848-3315584339-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{213B6063-EEA0-4DAB-8C07-6E3840784CEE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21DA054B-CC80-4EFD-99E7-A9E8E6294179}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{372DB673-6FA9-49EA-ABD4-C942FA58B360}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4369CFD6-A117-442E-8ACD-E5A7BA65F5AE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4574583F-ACB9-4F3D-B1E8-4E6E5FCE039B}" = rport=445 | protocol=6 | dir=out | app=system |
"{4BA64640-78E6-47C7-B1B6-446278D2AF3E}" = rport=139 | protocol=6 | dir=out | app=system |
"{58257C49-AA02-4317-8DC5-E2155446DC30}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5845BC1C-131A-4065-9B4F-6E94F5225732}" = rport=2869 | protocol=6 | dir=out | app=system |
"{62069C4B-78AE-4404-9119-EA07DA209606}" = lport=137 | protocol=17 | dir=in | app=system |
"{6C36B477-F876-4A13-8895-A4F3F6754577}" = lport=2869 | protocol=6 | dir=in | app=system |
"{79E6A86C-2395-40BB-ADC6-2F725AF4E517}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C593CB2-C1D9-4D1C-9E25-D5CFC0427755}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8EC6317B-D948-405E-9F0D-E710EF524B68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9546F2D1-C145-4BB9-A18F-2B5D335125EF}" = lport=139 | protocol=6 | dir=in | app=system |
"{9FABA555-78D9-4FD7-90D1-9106F9376E03}" = rport=137 | protocol=17 | dir=out | app=system |
"{B49F64E3-3C6D-494C-AD13-BA89FCE0C032}" = rport=138 | protocol=17 | dir=out | app=system |
"{BC4644C6-1406-4667-9B91-5F95E812659E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C1E293CD-3B87-4201-8E4E-8DD1288BAE2B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CA994807-51F8-47CA-BA85-12814A860691}" = lport=138 | protocol=17 | dir=in | app=system |
"{DE63AF88-3167-46E5-AAF5-D6EB716FC9D0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EC244E30-B314-4B80-B20E-01714C2DCC1C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FDA3F475-36DF-4763-B979-58E8386ECABA}" = lport=445 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26BF1D5F-52F3-4324-A54E-8BEED22613FA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3181E702-8A78-4D66-A8EE-E86DCB8D59E2}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{38368D17-4461-4034-91BC-6A41D6DB0497}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{38F94ECA-E91F-44AE-888A-5FFB3019BD4A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{529D87AD-23F5-4FAD-93CA-6233308F37A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5B58EC70-5E24-4416-A491-9FD96B55A3D4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{680470B7-A401-41B6-BD9D-58904EDF1DA1}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{7143DB35-244B-43CB-98C8-45D4FB6FCA0E}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{7396C061-4C9E-4270-8302-ACB9DC8B244A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{845E82F2-E9B0-4F3F-B641-1CAC904B0D3C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{995FC087-1D11-4BA7-9954-5D348857E461}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BF8B29BB-EACC-48E1-A181-729007375529}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D5A1057D-5298-41C1-8232-46F028911389}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{DE44483D-E6F4-4E56-9017-CC0838804374}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E5074246-1541-4800-B0F3-EFC1E7C8F699}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E5A95C7D-C07F-41BE-890A-CE784C2BA8A3}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{F66F6AD2-F70F-4DAF-A5BA-5560A871FBCB}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{FCE8C68C-E26D-459F-8BF6-5EBC49BDA270}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"TCP Query User{06FEF7F7-68C0-41FB-8D54-82687C77AD8D}C:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=6 | dir=in | app=c:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"TCP Query User{0A7D8949-670B-4F77-924D-41C7042C48F3}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{236E4B37-5D26-4064-BFE6-0EB697F05991}C:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=6 | dir=in | app=c:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"TCP Query User{38D23013-620F-488C-84B8-2099AA880EA9}C:\users\User\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\User\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe |
"TCP Query User{4F79B3F1-2E02-4680-B901-81BF758F989F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{62DEB3E5-C603-4760-BD4D-E466BB6F3202}C:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=6 | dir=in | app=c:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"TCP Query User{9184F94E-94E6-472D-9BAD-C2181F0FBAA9}E:\program files\ea sports\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=e:\program files\ea sports\fifa 10\fifa10.exe |
"TCP Query User{B76F7F90-4C5D-4478-A5D5-9C4486D4F300}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{C90B67C5-B5D2-4726-9CEA-8163FD138EBF}C:\users\User\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe" = protocol=6 | dir=in | app=c:\users\User\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe |
"TCP Query User{CBA3E1FE-E9D2-42A7-BDA5-27CDDBBFE435}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D305DED3-7531-4A8F-9894-91866BF6B75C}C:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=6 | dir=in | app=c:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"TCP Query User{D4D3A80C-7390-48BA-9798-88FECC33A0CB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3360E5B3-EE72-4B20-92C8-A14C4E2C5579}E:\program files\ea sports\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=e:\program files\ea sports\fifa 10\fifa10.exe |
"UDP Query User{4D2C1353-3239-4894-8E69-FC297582F7ED}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{54A35FCB-F92B-4173-93FE-E2C5902A0A04}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{8B5A7DC0-56CB-4D06-B88C-F49FB2CD3057}C:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=17 | dir=in | app=c:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"UDP Query User{9C1D0029-BD85-45DE-AC82-F45238EE5F91}C:\users\User\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe" = protocol=17 | dir=in | app=c:\users\User\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe |
"UDP Query User{A3E16757-D387-4723-8AE1-BCBFBB63399B}C:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=17 | dir=in | app=c:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"UDP Query User{B196D91B-02FE-4B89-BD5D-3268A1AF68FD}C:\users\User\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\User\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe |
"UDP Query User{B75F893E-9DA3-4046-BEDE-CF738FFA659C}C:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=17 | dir=in | app=c:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"UDP Query User{BA0DEA0A-BB90-444F-9FEC-31E1AC96C5E2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C9AFD9F0-2DA8-478A-AAB3-A4A59F102D6A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{ED2B6065-3918-4327-8E6D-B0F2B3AA86AB}C:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=17 | dir=in | app=c:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"UDP Query User{F764786B-58FF-4B45-820E-1FC3992C7FB8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04CB6099-90D2-896A-8E01-8F1228499D93}" = Catalyst Control Center Localization Dutch
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068138BE-11F5-8F56-8D88-13837314558E}" = CCC Help German
"{0A2F0BB6-D45B-AF3C-C19A-6950342AF6B1}" = Catalyst Control Center Localization Turkish
"{0B2FF6D9-359D-4481-8A0D-43A674B665C9}" = TA 33 USB
"{0BAA36F4-8138-AD8A-3791-44A7F0DD63E7}" = CCC Help Japanese
"{0C2B0B35-CF80-1384-D2F0-14F119F1784E}" = Catalyst Control Center Localization Chinese Standard
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A998953-E64F-CE34-4517-C58EF5092157}" = CCC Help Turkish
"{1AED74D3-4C54-3CAA-65DE-4EAB7B589AE1}" = Catalyst Control Center Localization Greek
"{1E61538A-D482-4252-BBB7-D892FD52FC50}" = Grabster AV 400
"{228A2F09-4557-92B9-44A9-E13D41FFAD02}" = Catalyst Control Center Localization Hungarian
"{228D6BCB-7B30-39F5-5442-A99CD76A9762}" = Catalyst Control Center Localization Danish
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2672817F-EB60-5FA1-9691-FE03D3E674F9}" = CCC Help French
"{2CC25320-CD83-B987-4B0A-B53B8413CC87}" = CCC Help Italian
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33A0D18A-019E-8F30-6EDA-776CDC319771}" = CCC Help Norwegian
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34537704-7E4C-F552-AFC7-E3FDB0A4FDC1}" = Catalyst Control Center Localization Italian
"{357D2DAA-1743-AC07-D88B-0077FC725DF6}" = Catalyst Control Center Graphics Full Existing
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3735A109-7039-446B-BB91-19925EE32BE1}" = Perfect Ace 2
"{3899B709-95BD-752E-B320-1686DACA370E}" = CCC Help Portuguese
"{3E84E56E-FC81-4E08-AA90-E8B2FDC02557}" = Catalyst Control Center Localization Norwegian
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{469DFB95-185F-CA9E-3D5E-0036754B5033}" = Catalyst Control Center Localization German
"{475BF3D4-E418-18CF-34FC-1D8DD3E67F46}" = Catalyst Control Center Localization Chinese Traditional
"{4D881F9F-90B1-6992-BA30-72333A6BC669}" = CCC Help Danish
"{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1" = DVDx 2
"{51035563-B7F5-01AF-0BE4-47533DEE5B51}" = Catalyst Control Center Localization Russian
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5AC66835-7850-401E-AC93-65AD4D6A7E2E}" = Catalyst Control Center Localization Portuguese
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6789E743-FF41-3E96-8C59-0F43ADE6D9E6}" = Catalyst Control Center Localization French
"{698CEC51-8E29-5B7C-2C88-20CDE9DC3DFF}" = ccc-core-static
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4DAD2F-38F5-4F2A-87BF-924B175A38F3}" = CD/DVD Label Printer LPCW-100
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{74E2F60E-5C4D-3200-3AB5-6A5C1806A64F}" = CCC Help Hungarian
"{759D7567-3027-5605-BF42-9363090FAF71}" = CCC Help Czech
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{85737D46-5FDE-7798-02BA-68AC06CD0B17}" = CCC Help Spanish
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87928EE0-041D-11D6-BCD5-00A0244800F4}" = WinSuite
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{892DB0A0-CF31-DA46-8142-2B3953CA7B38}" = CCC Help English
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F2E8ADC-871F-7B91-708D-BC2899C7D986}" = Catalyst Control Center Localization Swedish
"{8FC9A62D-90DB-7122-09F3-587C42EE9FAC}" = Catalyst Control Center Localization Czech
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9128A108-FE27-997F-A118-E6C65FAE2256}" = CCC Help Korean
"{9809A7E4-3B3B-4547-3B80-0073E0115EB4}" = Catalyst Control Center Graphics Previews Vista
"{9842DEA7-806B-08CA-608C-9717F5F5D7F3}" = Catalyst Control Center Graphics Light
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis(TM) 2009
"{9C6ABCF3-A9BF-2A09-0974-777B6C421E28}" = CCC Help Swedish
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A04BF5DC-6DD3-4B6D-BABD-B1BC5DB23CF0}" = Ulead DVD PowerTools
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A6F2C0CD-E0A2-BCC1-5BEF-600AC4D9AE62}" = Catalyst Control Center Localization Spanish
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AED8FA19-763C-BA3F-A243-3136EEF255E8}" = CCC Help Russian
"{b0d4d957-3ad0-4ccf-80ed-303274c119f6}" = Nero 9 Trial
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{BA98E840-DCB3-10B7-D016-8890E4F8F4CC}" = Catalyst Control Center Graphics Full New
"{BC1ADEAD-99F1-4707-B31B-CDB222D5BB68}" = Catalyst Control Center - Branding
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C1F4123D-6C93-D087-F50F-8D7AC51AFE76}" = ATI Catalyst Install Manager
"{C3E7A3AD-142E-2433-0107-D2CA4D85F19F}" = CCC Help Greek
"{C5A5F901-08F3-7E96-3049-A950A80ACCF4}" = Catalyst Control Center Graphics Previews Common
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB082B01-F65B-05DA-3048-8979BF7B5BD2}" = CCC Help Dutch
"{CC0E0442-B3BA-6FB5-3E94-C5F96B9B8915}" = Skins
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D121161E-AD64-4438-97A0-66A1AB7FFDE3}" = Works Suite-Betriebssystem-Pack
"{D281F20C-FA11-D09A-8A20-B78D771222F8}" = Catalyst Control Center Localization Japanese
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DD766B16-BE10-F87C-73A7-A6FC09148633}" = CCC Help Polish
"{DDF91F62-6CBF-2932-93BA-D487B60635B5}" = Catalyst Control Center Core Implementation
"{DEC00B1F-5E63-D40F-6291-A2A531414613}" = CCC Help Chinese Traditional
"{DF066D23-C0C8-8755-8244-A8A78B8798A5}" = CCC Help Thai
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC2F2081-6B46-810C-8408-EC04D29EDFF0}" = Catalyst Control Center Localization Thai
"{ED5EDCD0-5745-4B13-8061-58C9833FD06D}" = Microsoft Works 6.0
"{F0EF93AE-6B13-DB6A-3C03-8CB5A51D0A7A}" = CCC Help Finnish
"{F0FFE43C-7FCC-55F3-6BDE-11F6E9F9FB4A}" = CCC Help Chinese Standard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F1E1E2E3-2F93-E548-7675-10A78CDD04A6}" = Catalyst Control Center Localization Finnish
"{F20B6876-0F18-1A47-D858-D0D9F6888B99}" = Catalyst Control Center Localization Polish
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F2260E94-80F2-4CB1-B6B1-6043D9BFFA47}" = Works-Synchronisierung
"{F400ED9E-848C-DB0B-CED5-F69DAA2CE8AD}" = ccc-utility
"{F5EFBB2D-2CD6-FD3D-FA53-DFB962BFD14C}" = Catalyst Control Center Localization Korean
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 7.5.1
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2006
"ActiveFax" = ActiveFax
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Any Video Converter Professional_is1" = Any Video Converter Professional 3.0.3
"Audacity_is1" = Audacity 1.2.6
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS TV Box_is1" = AVS TV Box 1.5.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"FileZilla Client" = FileZilla Client 3.2.4.1
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FreeStar Free Video Converter" = FreeStar Free Video Converter 9.0.1
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HijackThis" = HijackThis 2.0.2
"IBP11_is1" = IBP 11.5
"ICQToolbar" = ICQ Toolbar
"InfoRapid Suchen & Ersetzen" = InfoRapid Suchen & Ersetzen
"InstallShield_{3735A109-7039-446B-BB91-19925EE32BE1}" = Perfect Ace 2
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Kate's Video Converter_is1" = Kate's Video Converter 2.8.0
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX video deLuxe 2003 2004 PLUS" = MAGIX video deLuxe 2003 2004 PLUS
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"myphotobook" = myphotobook 3.1
"PersonalFax" = PersonalFax 1.50
"Prism" = Prism Video Converter
"RelayFax Printer Driver + SMTP Client" = RelayFax Printer Driver + SMTP Client
"RelayFax PRO" = RelayFax PRO
"Scribus 1.3.3.13" = Scribus 1.3.3.13
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SuperMailer" = SuperMailer 4.90
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"Videoload Manager" = Videoload Manager 2.0.2171
"VLC media player" = VLC media player 1.0.1
"VobSub" = VobSub v2.23 (Remove Only)
"Warcraft II BNE" = Warcraft II BNE
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"Works2002Setup" = Microsoft Works 2002-Setup-Start
"XMedia Recode" = XMedia Recode 2.1.2.9
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 13.05.2010 08:02:20 | Computer Name = User | Source = WerSvc | ID = 5007
Description =

Error - 13.05.2010 14:00:31 | Computer Name = User | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung McUICnt.exe, Version 2.11.103.0, Zeitstempel
0x4a29ab0a, fehlerhaftes Modul ieframe.dll, Version 8.0.6001.18904, Zeitstempel
0x4b8376ea, Ausnahmecode 0xc0000005, Fehleroffset 0x00126e2c, Prozess-ID 0x1250,
Anwendungsstartzeit 01caf2c5c13202d0.

Error - 13.05.2010 18:24:09 | Computer Name = User | Source = WerSvc | ID = 5007
Description =

Error - 15.05.2010 06:09:00 | Computer Name = User | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung McUICnt.exe, Version 2.11.103.0, Zeitstempel
0x4a29ab0a, fehlerhaftes Modul ieframe.dll, Version 8.0.6001.18904, Zeitstempel
0x4b8376ea, Ausnahmecode 0xc0000005, Fehleroffset 0x00126e2c, Prozess-ID 0xe8c,
Anwendungsstartzeit 01caf4165af3a027.

Error - 15.05.2010 06:29:39 | Computer Name = User | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.18904 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 12f4 Anfangszeit: 01caf4171cde91e7 Zeitpunkt
der Beendigung: 94

Error - 15.05.2010 06:55:55 | Computer Name = User | Source = WerSvc | ID = 5007
Description =

Error - 15.05.2010 10:11:00 | Computer Name = User | Source = WerSvc | ID = 5007
Description =

Error - 15.05.2010 12:17:27 | Computer Name = User | Source = EventSystem | ID = 4621
Description =

Error - 15.05.2010 13:19:35 | Computer Name = User | Source = WerSvc | ID = 5007
Description =

Error - 15.05.2010 14:07:14 | Computer Name = User | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.4.1 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 6a0 Anfangszeit: 01caf4591b5caeb0 Zeitpunkt der Beendigung:
15

[ System Events ]
Error - 15.05.2010 09:12:33 | Computer Name = User | Source = Service Control Manager | ID = 7000
Description =

Error - 15.05.2010 09:12:33 | Computer Name = User | Source = Service Control Manager | ID = 7000
Description =

Error - 15.05.2010 09:12:33 | Computer Name = User | Source = Service Control Manager | ID = 7000
Description =

Error - 15.05.2010 09:12:33 | Computer Name = User | Source = Service Control Manager | ID = 7000
Description =

Error - 15.05.2010 09:12:59 | Computer Name = User | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error - 15.05.2010 09:12:59 | Computer Name = User | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.1.3 deaktiviert, da
die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.

Error - 15.05.2010 12:17:26 | Computer Name = User | Source = DCOM | ID = 10010
Description =

Error - 15.05.2010 12:20:22 | Computer Name = User | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error - 15.05.2010 12:20:22 | Computer Name = User | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.1.3 deaktiviert, da
die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.

Error - 15.05.2010 13:18:54 | Computer Name = User | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.1.3 deaktiviert, da
die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.


< End of report >

Und hier die OTL.Txt

Zitat

OTL logfile created on: 15.05.2010 20:07:32 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,77 Gb Total Space | 16,70 Gb Free Space | 18,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 92,07 Gb Total Space | 17,17 Gb Free Space | 18,64% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 233,76 Gb Total Space | 41,31 Gb Free Space | 17,67% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: User
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\ActiveFax\Terminal\TSClientB.exe (ActFax Communication)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\WinSuite\sndml.exe ()
PRC - C:\Programme\WinSuite\strtfx.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634c4a0218d65c1\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (TOSHIBA Bluetooth Service) -- File not found
SRV - (freenet_4) -- File not found
SRV - (freenet_2) -- File not found
SRV - (ActiveFaxServiceNT) -- C:\Programme\ActiveFax\Server\ActSrvNT.exe (ActFax Communication)
SRV - (RelayFax) -- C:\Programme\RelayFax\App\RFEngine.exe (Alt-N Technologies, Ltd.)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (iComp) -- C:\Windows\System32\drivers\p2usbwdm.sys (Conexant Systems Inc.)
DRV - (CAPI20) -- C:\Windows\System32\drivers\Capi20.sys (DeTeWe Berlin)
DRV - (ulisa) DeTeWe ISDN-Adapter (USB) -- C:\Windows\System32\drivers\ULISA.SYS (DeTeWe Berlin)
DRV - (CW100) -- C:\Windows\System32\drivers\CW100.sys (CASIO COMPUTER CO.,LTD.)
DRV - (DETEWECP) -- C:\Windows\System32\drivers\detewecp.sys (DeTeWe Berlin)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2431245&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.5
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.06 11:15:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.14 12:51:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.18 14:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2007.01.17 13:18:04 | 000,095,200 | ---- | M] ()

[2009.09.13 11:32:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010.05.15 19:59:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions
[2009.11.27 09:54:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.21 22:04:53 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.05.01 14:08:53 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2009.11.26 10:04:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\firefox@tvunetworks.com
[2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\z5gf9b9g.default\searchplugins\conduit.xml
[2010.05.01 15:50:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007.03.02 15:17:24 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPAPIX.dll
[2007.01.17 13:18:04 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2007.09.07 16:25:50 | 000,103,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPMPDRM.dll
[2007.09.07 15:46:48 | 000,098,968 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPWMDRMWrapper.dll
[2010.03.06 11:15:22 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.06 11:15:22 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.06 11:15:22 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.06 11:15:22 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.06 11:15:22 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.09.14 17:38:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ActiveFax Terminal Server] C:\Programme\ActiveFax\Terminal\TSClientB.exe (ActFax Communication)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Common Files\microsoft shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [sndml] C:\Program Files\WinSuite\sndml.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [strtfx] C:\Program Files\WinSuite\strtfx.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [FaxStart] C:\Program Files\WinSuite\Fax.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O24 - Desktop WallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.13 13:56:09 | 000,000,078 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.05.15 20:04:09 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010.05.15 15:30:04 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.15 14:51:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2010.05.15 14:51:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.15 14:51:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.15 14:51:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.15 14:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.15 14:49:48 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup.exe
[2010.05.15 14:42:31 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.05.15 14:41:15 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Users\User\Desktop\ccsetup231.exe
[2010.05.15 14:01:51 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\ftp_log_2010-05-01
[2010.05.15 14:00:50 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\ftp_log_2010-05-02
[2010.05.15 13:57:12 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\ftp_log_2010-05-03
[2010.05.15 13:51:16 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\ftp_log_2010-05-04
[2010.05.15 13:43:52 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\ftp_log_2010-05-12
[2010.05.15 13:41:15 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\ftp_log_2010-05-05
[2010.05.15 13:40:03 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\ftp_log_2010-05-09
[2010.05.15 13:11:13 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\ftp_log_2010-05-06
[2010.05.15 13:09:48 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\ftp_log_2010-05-08
[2010.05.14 12:49:13 | 028,534,656 | ---- | C] ( ) -- C:\Users\User\Desktop\AdbeRdr930_de_DE.exe
[2010.05.09 23:52:22 | 000,000,000 | ---D | C] -- C:\RELAYFAX
[2010.05.09 23:51:02 | 000,373,464 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\TIFF32.dll
[2010.05.09 23:46:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\RelayFax
[2010.05.09 23:46:01 | 000,294,912 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\imgman32.dll
[2010.05.09 23:46:01 | 000,073,728 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\im32tif.dil
[2010.05.09 23:46:01 | 000,065,536 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM32fax.dil
[2010.05.09 23:46:01 | 000,045,056 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM32pcx.dil
[2010.05.09 23:46:01 | 000,040,960 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31wpg.dil
[2010.05.09 23:46:01 | 000,036,864 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM32bmp.dil
[2010.05.09 23:46:00 | 000,294,912 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31fpx.dil
[2010.05.09 23:46:00 | 000,081,920 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31xpng.del
[2010.05.09 23:46:00 | 000,077,824 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31fax.dil
[2010.05.09 23:46:00 | 000,073,728 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31tif.dil
[2010.05.09 23:46:00 | 000,073,728 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31dxf.dil
[2010.05.09 23:46:00 | 000,057,344 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31xtif.del
[2010.05.09 23:46:00 | 000,057,344 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31xjpg.del
[2010.05.09 23:46:00 | 000,057,344 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31eps.dil
[2010.05.09 23:46:00 | 000,053,248 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM32xfax.del
[2010.05.09 23:46:00 | 000,053,248 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31jpg.dil
[2010.05.09 23:46:00 | 000,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31png.dil
[2010.05.09 23:46:00 | 000,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\im30tif.dil
[2010.05.09 23:46:00 | 000,045,056 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31xpcx.del
[2010.05.09 23:46:00 | 000,045,056 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31pcx.dil
[2010.05.09 23:46:00 | 000,040,960 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31wmf.dil
[2010.05.09 23:46:00 | 000,038,400 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31gif.dil
[2010.05.09 23:46:00 | 000,036,864 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\Im31tga.dil
[2010.05.09 23:46:00 | 000,036,864 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31pcd.dil
[2010.05.09 23:46:00 | 000,036,864 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31img.dil
[2010.05.09 23:46:00 | 000,036,864 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31bmp.dil
[2010.05.09 23:46:00 | 000,034,816 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31xgif.del
[2010.05.09 23:45:59 | 000,211,488 | ---- | C] (Borland International) -- C:\Windows\System32\Bwcc32.dll
[2010.05.09 23:45:59 | 000,053,248 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31xfax.del
[2010.05.09 23:45:59 | 000,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31xeps.del
[2010.05.09 23:45:59 | 000,045,056 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31xdcx.del
[2010.05.09 23:45:59 | 000,032,768 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31xbmp.del
[2010.05.09 23:45:56 | 000,164,568 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\BuMAppNT.exe
[2010.05.09 23:45:56 | 000,118,784 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\BuMResNT.dll
[2010.05.09 23:45:55 | 000,361,704 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\BuMMonNT.dll
[2010.05.09 23:45:55 | 000,316,128 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\BuMRmvNT.dll
[2010.05.09 23:45:55 | 000,230,112 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\BiImgUser.dll
[2010.05.09 23:45:55 | 000,164,568 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\JPEG32.dll
[2010.05.09 23:45:39 | 000,000,000 | ---D | C] -- C:\Programme\RelayFax
[2010.05.09 23:18:52 | 000,439,488 | ---- | C] (ActFax Communication) -- C:\Windows\System32\ActMonNT.dll
[2010.05.09 23:18:52 | 000,090,112 | ---- | C] (ActFax Communication) -- C:\Windows\System32\ActMonRe.dll
[2010.05.09 23:18:51 | 000,083,136 | ---- | C] (ActFax Communication) -- C:\Windows\UIActFax.exe
[2010.05.09 23:18:51 | 000,069,632 | ---- | C] (ActFax Communication) -- C:\Windows\UIActFax.dll
[2010.05.09 23:18:51 | 000,000,000 | ---D | C] -- C:\Programme\ActiveFax
[2010.05.09 23:18:07 | 009,469,168 | ---- | C] (ActFax Communication) -- C:\Users\User\Desktop\actfax_setup_ge.exe
[2010.05.09 20:13:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PersonalFax
[2010.05.09 20:12:15 | 000,331,136 | ---- | C] (Mirko Böer) -- C:\Windows\PFUn.EXE
[2010.05.09 20:12:07 | 000,000,000 | ---D | C] -- C:\Programme\PersonalFax
[2010.05.09 20:11:20 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2010.05.09 20:10:11 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\pfsw
[2010.05.09 20:07:37 | 011,090,240 | ---- | C] (AVM Berlin ) -- C:\Users\User\Desktop\fritz_fax_3_06.exe
[2010.05.09 19:57:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FRITZ!
[2010.05.09 19:57:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\FRITZ!
[2010.05.09 19:56:33 | 000,000,000 | ---D | C] -- C:\Programme\FRITZ!DSL
[2010.05.09 19:56:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\AVM
[2010.05.09 19:55:54 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.05.09 18:00:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\winsuite
[2010.05.09 17:57:09 | 000,192,512 | ---- | C] (Winfinity GmbH) -- C:\Windows\System32\CORFAX.dll
[2010.05.09 17:55:10 | 000,056,320 | ---- | C] (InstallShield Software Corporation) -- C:\Users\User\Desktop\Setup.exe
[2010.05.09 17:01:14 | 000,000,000 | ---D | C] -- C:\Programme\WinSuite
[2010.05.09 16:54:45 | 000,000,000 | ---D | C] -- C:\Programme\DeTeWe
[2010.[3 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.05.15 20:11:03 | 003,932,160 | -HS- | M] () -- C:\Users\User\NTUSER.DAT
[2010.05.15 20:04:16 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010.05.15 19:19:35 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.15 19:19:35 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.15 19:18:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.15 18:19:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.15 18:17:17 | 004,031,608 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2010.05.15 15:29:36 | 000,824,681 | ---- | M] () -- C:\Users\User\Desktop\RSIT.exe
[2010.05.15 14:51:17 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.15 14:50:06 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup.exe
[2010.05.15 14:42:33 | 000,001,675 | ---- | M] () -- C:\Users\User\Desktop\CCleaner.lnk
[2010.05.15 14:41:22 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Users\User\Desktop\ccsetup231.exe
[2010.05.15 14:01:27 | 000,000,803 | ---- | M] () -- C:\Users\User\Desktop\ftp_log_2010-05-01.gz
[2010.05.15 14:00:37 | 000,000,755 | ---- | M] () -- C:\Users\User\Desktop\ftp_log_2010-05-02.gz
[2010.05.15 13:57:04 | 000,014,897 | ---- | M] () -- C:\Users\User\Desktop\ftp_log_2010-05-03.gz
[2010.05.15 13:50:57 | 000,009,961 | ---- | M] () -- C:\Users\User\Desktop\ftp_log_2010-05-04.gz
[2010.05.15 13:43:40 | 000,231,667 | ---- | M] () -- C:\Users\User\Desktop\ftp_log_2010-05-12.gz
[2010.05.15 13:41:05 | 000,002,202 | ---- | M] () -- C:\Users\User\Desktop\ftp_log_2010-05-05.gz
[2010.05.15 13:38:52 | 000,000,418 | ---- | M] () -- C:\Users\User\Desktop\ftp_log_2010-05-09.gz
[2010.05.15 13:10:38 | 000,000,686 | ---- | M] () -- C:\Users\User\Desktop\ftp_log_2010-05-06.gz
[2010.05.15 13:09:39 | 000,001,027 | ---- | M] () -- C:\Users\User\Desktop\ftp_log_2010-05-08.gz
[2010.05.14 13:50:37 | 000,053,726 | ---- | M] () -- C:\Users\User\Documents\90531.pdf
[2010.05.14 12:51:13 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.05.14 12:49:16 | 028,534,656 | ---- | M] ( ) -- C:\Users\User\Desktop\AdbeRdr930_de_DE.exe
[2010.05.13 23:27:44 | 000,148,992 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[[3 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.05.15 15:29:33 | 000,824,681 | ---- | C] () -- C:\Users\User\Desktop\RSIT.exe
[2010.05.15 14:51:17 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.15 14:42:33 | 000,001,675 | ---- | C] () -- C:\Users\User\Desktop\CCleaner.lnk
[2010.05.15 14:01:26 | 000,000,803 | ---- | C] () -- C:\Users\User\Desktop\ftp_log_2010-05-01.gz
[2009.11.26 20:57:15 | 000,000,085 | ---- | C] () -- C:\Windows\System32\dojzjytg.dll
[2009.10.20 19:11:08 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.10.13 13:56:11 | 000,000,182 | ---- | C] () -- C:\Windows\ulead32.ini
[2009.10.13 13:53:06 | 000,000,000 | ---- | C] () -- C:\Windows\videodeLuxe.INI
[2009.10.13 13:49:47 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.10.13 13:49:38 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2009.10.13 13:47:12 | 000,000,192 | ---- | C] () -- C:\Windows\magix.ini
[2009.09.27 19:08:45 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2009.09.27 19:08:45 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.09.27 16:05:58 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.08.20 11:40:41 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.25 23:10:48 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.01.09 01:01:22 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.04.15 16:29:24 | 000,018,432 | ---- | C] () -- C:\Windows\vmmreg3.dll
[2008.01.08 10:35:57 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.10.15 20:52:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.10.15 20:51:56 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.10.15 20:51:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.10.15 20:51:56 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.10.15 20:51:56 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.07.12 10:45:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.07.12 10:45:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.07.12 10:45:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.07.12 10:45:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.07.12 10:45:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.07.12 10:45:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.07.12 10:26:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007.04.16 08:35:21 | 000,000,887 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.04.16 08:02:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.04.16 06:38:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.11.23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:661DFA1C
< End of report >

#7 leider haut das mit Gmer nicht hin. Er stürzt mir immer nach dem Kurzscan ab, bevor ich den Hauptscan überhaupt starten kann.

#8 Schritt 1

Java aktualisieren

Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.

Downloade nun die Offline-Version von Java (Java SE Runtime Environment (JRE) 6 Update 20) von SUN. Wenn Du auf Download geklickt hast, erscheint eine Seite, wo Du das Betriebssystem auswählen musst (also Windows) und ein Häkchen bei "I agree" setzen musst. Dann auf den Button "Continue" klicken. Dort die jre-6u20-windows-i586.exe downloaden und anschließend installieren, eventuell angebotene Toolbars nicht mitinstallieren.

Schritt 2

[color=blue]Programme deinstallieren[/color]

Da einige Programme und Anti-Spy-Programme uns u. U. bei der Bereinigung behindern (z. B. durch ständig laufende Hintergrundwächter), unnötig oder schädlich sind oder einfach nicht mehr gebraucht werden, bitte ich darum, die folgenden Programme über Systemsteuerung => Software komplett zu deinstallieren.

Code

pdfforge Toolbar
softonic-de3
Application Updater

Berichte mir, falls sich ein Programm nicht deinstallieren lässt. Nach Beendigung der Bereinigung können wir schauen, welche davon Du wieder installieren kannst/sollest.


Schritt 3

Datei-Überprüfung

Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. Dafür musst Du jede Datei einzeln über den Button "Durchsuchen" und "Senden der Datei" nach VirusTotal hochladen und prüfen lassen. Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen. Sollte VirusTotal melden, dass die Datei bereits überpüft wurde, lasse sie trotzdem über den Button "Analysiere die Datei" erneut prüfen.

Wenn das Ergebnis vorliegt, den kleinen Button "Filter" links oberhalb der Ergebnisse drücken, dann das Ergebnis (egal wie es aussieht und dabei auch die Zeilen mit Namen und Größe der Datei, MD5 und SHA1 kopieren) hier posten. Solltest Du die Datei/en nicht finden oder hochladen können, dann teile uns das ebenfalls mit. Solltest Du die Datei/en nicht finden, überprüfe, ob folgende Einstellungen richtig gesetzt sind.

Zitat

C:\Windows\System32\dojzjytg.dll

Schritt 4

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

:OTL
PRC - C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (TOSHIBA Bluetooth Service) -- File not found
SRV - (freenet_4) -- File not found
SRV - (freenet_2) -- File not found
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
:Files
C:\Programme\pdfforge Toolbar
C:\Programme\Application Updater
:Commands
[purity]
[emptytemp]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• Klick auf .
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread

Schritt 5

• Eset Online Scanner (NOD32)
• Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
• Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
• Voraussetzung: Internet Explorer (IE) 5.0 oder höher
• Haken bei "YES, I accept the Terms of Use" machen
• Start
• ActiveX-Steuerelement installieren
• Start
• Signaturen werden heruntergeladen
• Haken machen bei "Remove found threads"
• Haken machen bei "Remove found threads" und "Scan unwanted applications"
• Scan
• Scanende
• Browser schließen
• Explorer öffnen
• C:\Programme\EsetOnlineScanner\log.txt
• Log hier posten
• Deinstallation: Systemsteuerung => Software => Eset Online Scanner entfernen.



Schritt 6

Rootkitscan mit RootRepeal
• Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
• Entpacke die Datei auf Deinen Desktop.
• Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
• Klicke auf den Reiter Report und dann auf den Button Scan.
• Mache einen Haken bei den folgenden Elementen und klicke Ok.
.
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT
.
• Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
• Wähle C:\ und klicke wieder Ok.
• Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
• Wenn der Suchlauf beendet ist, klicke auf Save Report.
• Speichere das Logfile als RootRepeal.txt auf dem Desktop.
• Kopiere den Inhalt hier in den Thread.

#9 Hier jetzt erstmal noch der Log von Gmer (hatte im abgesicherten Modus funktioniert):

Zitat

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-16 08:52:49
Windows 6.0.6000
Running: jqu2gsnp.exe; Driver: C:\ugrdipod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A2AE000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A2F7000, 0x510, 0x40000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7481FBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747EB9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747DA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747DCBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747D8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [747ECF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747D7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747D7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747D6A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7486C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747F7F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747D90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747E2179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747E21A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747E7F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747E7D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1020] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [748183D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 974DF067

---- EOF - GMER 1.0.15 ----

#10 Punkt 1 erledigt

Punkt 2 hab ich auch erledigt bis auf Application Updater. Dieses Programm finde ich nicht unter Systemsteuerung - Programme und Funktionen.

Punkt 3 erledigt. Hier das Ergebnis von Virustotal:

Zitat

Datei dojzjytg.dll empfangen 2010.05.16 07:26:44 (UTC)Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 -
AntiVir 8.2.1.242 2010.05.14 -
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.15 -
Avast 4.8.1351.0 2010.05.16 -
Avast5 5.0.332.0 2010.05.16 -
AVG 9.0.0.787 2010.05.15 -
BitDefender 7.2 2010.05.16 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4856 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.16 -
eSafe 7.0.17.0 2010.05.13 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.15 -
F-Secure 9.0.15370.0 2010.05.15 -
Fortinet 4.1.133.0 2010.05.15 -
GData 21 2010.05.16 -
Ikarus T3.1.1.84.0 2010.05.16 -
Jiangmin 13.0.900 2010.05.15 -
Kaspersky 7.0.0.125 2010.05.16 -
McAfee 5.400.0.1158 2010.05.16 -
McAfee-GW-Edition 2010.1 2010.05.16 -
Microsoft 1.5703 2010.05.16 -
NOD32 5117 2010.05.15 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.16 -
Prevx 3.0 2010.05.16 -
Rising 22.47.06.03 2010.05.16 -
Sophos 4.53.0 2010.05.16 -
Sunbelt 6308 2010.05.16 -
Symantec 20101.1.0.89 2010.05.16 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.16 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.15 -
VirusBuster 5.0.27.0 2010.05.15 -

weitere Informationen
File size: 85 bytes
MD5...: a5174926575f6512319d1e909cb05b0f
SHA1..: 21fdf52e18452d2ad50d5caed6e8528f8ad30eac
SHA256: fe94a6725d03745fef6cee974f63b1f8f1756db0ac2ed9f77fe2eb5c38e9f0d6
ssdeep: 3:VmWOdkQ/dZZUTBxUv0yF5Y62igybEvYyn:MW3aZqtSvtZ3o7<BR>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Unknown!
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

#11 Punkt 4 ebenfalls durchgeführt:

Zitat

All processes killed
========== OTL ==========
No active process named SearchSettings.exe was found!
No active process named ApplicationUpdater.exe was found!
Error: No service named TOSHIBA Bluetooth Service was found to stop!
Service\Driver key TOSHIBA Bluetooth Service not found.
File File not found not found.
Error: No service named freenet_4 was found to stop!
Service\Driver key freenet_4 not found.
File File not found not found.
Error: No service named freenet_2 was found to stop!
Service\Driver key freenet_2 not found.
File File not found not found.
Error: No service named Application Updater was found to stop!
Service\Driver key Application Updater not found.
File C:\Program Files\Application Updater\ApplicationUpdater.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Programme\pdfforge Toolbar\SearchSettings.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Programme\pdfforge Toolbar\SearchSettings.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Programme\pdfforge Toolbar\SearchSettings.exe not found.
========== FILES ==========
File\Folder C:\Programme\pdfforge Toolbar not found.
File\Folder C:\Programme\Application Updater not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Journal
-> No Temporary Internet Files cache folder defined!

User: RegBack
-> No Temporary Internet Files cache folder defined!

User: systemprofile
-> No Temporary Internet Files cache folder defined!

User: TxR
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 249112787 bytes
RecycleBin emptied: 15761740 bytes

Total Files Cleaned = 253,00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05162010_102559

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#12 kann anhand der bisherigen Logs schon was gesagt werden?
Ich führe gerade den Eset Online Scanner durch (dauert sehr lange).

Soll ich Schritt 6 ebenfalls noch ausführen, obwohl Gmer nun doch geklappt hat?

Vielen Dank für die bisherige Hilfe!

#13 Schritt 1

Ja bitte reich noch das Log von rootrepeal nach.

Schritt 2

Erneuter Systemscan mit OTL

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles in Code-Tags hier in den Thread.

#14 Hier die Log-Datei von Eset Online Scanner:

Zitat

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=acf23f0bc439084291587d0f06ccb52d
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-05-16 10:24:19
# local_time=2010-05-17 12:24:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=768 16777215 100 0 23338832 23338832 0 0
# compatibility_mode=1797 16775125 100 100 275310 49539145 12742 0
# compatibility_mode=5892 16776573 100 100 202764 111556566 0 0
# compatibility_mode=8192 67108863 100 0 25082 25082 0 0
# compatibility_mode=9730 16764926 0 4 21092427 21092427 0 0
# scanned=335786
# found=0
# cleaned=0
# scan_time=24822

#15 Rootrepeal konnte ich nicht ausführen, da mir nach dem Start folgendes angezeigt wird:
FOPS - DeviceIOControl Error!

Habe nun daher direkt mit OTL erstmal weitergemacht:

Extras.Txt:

Zitat

OTL Extras logfile created on: 17.05.2010 00:41:52 - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,77 Gb Total Space | 42,22 Gb Free Space | 45,51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 92,07 Gb Total Space | 58,14 Gb Free Space | 63,14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: User
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4224013243-733336848-3315584339-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{213B6063-EEA0-4DAB-8C07-6E3840784CEE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21DA054B-CC80-4EFD-99E7-A9E8E6294179}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{372DB673-6FA9-49EA-ABD4-C942FA58B360}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4369CFD6-A117-442E-8ACD-E5A7BA65F5AE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4574583F-ACB9-4F3D-B1E8-4E6E5FCE039B}" = rport=445 | protocol=6 | dir=out | app=system |
"{4BA64640-78E6-47C7-B1B6-446278D2AF3E}" = rport=139 | protocol=6 | dir=out | app=system |
"{58257C49-AA02-4317-8DC5-E2155446DC30}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5845BC1C-131A-4065-9B4F-6E94F5225732}" = rport=2869 | protocol=6 | dir=out | app=system |
"{62069C4B-78AE-4404-9119-EA07DA209606}" = lport=137 | protocol=17 | dir=in | app=system |
"{6C36B477-F876-4A13-8895-A4F3F6754577}" = lport=2869 | protocol=6 | dir=in | app=system |
"{79E6A86C-2395-40BB-ADC6-2F725AF4E517}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C593CB2-C1D9-4D1C-9E25-D5CFC0427755}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8EC6317B-D948-405E-9F0D-E710EF524B68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9546F2D1-C145-4BB9-A18F-2B5D335125EF}" = lport=139 | protocol=6 | dir=in | app=system |
"{9FABA555-78D9-4FD7-90D1-9106F9376E03}" = rport=137 | protocol=17 | dir=out | app=system |
"{B49F64E3-3C6D-494C-AD13-BA89FCE0C032}" = rport=138 | protocol=17 | dir=out | app=system |
"{BC4644C6-1406-4667-9B91-5F95E812659E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C1E293CD-3B87-4201-8E4E-8DD1288BAE2B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CA994807-51F8-47CA-BA85-12814A860691}" = lport=138 | protocol=17 | dir=in | app=system |
"{DE63AF88-3167-46E5-AAF5-D6EB716FC9D0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EC244E30-B314-4B80-B20E-01714C2DCC1C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FDA3F475-36DF-4763-B979-58E8386ECABA}" = lport=445 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26BF1D5F-52F3-4324-A54E-8BEED22613FA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{38368D17-4461-4034-91BC-6A41D6DB0497}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{38F94ECA-E91F-44AE-888A-5FFB3019BD4A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{529D87AD-23F5-4FAD-93CA-6233308F37A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5B58EC70-5E24-4416-A491-9FD96B55A3D4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7396C061-4C9E-4270-8302-ACB9DC8B244A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{845E82F2-E9B0-4F3F-B641-1CAC904B0D3C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{995FC087-1D11-4BA7-9954-5D348857E461}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BF8B29BB-EACC-48E1-A181-729007375529}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DE44483D-E6F4-4E56-9017-CC0838804374}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E5074246-1541-4800-B0F3-EFC1E7C8F699}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FCE8C68C-E26D-459F-8BF6-5EBC49BDA270}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"TCP Query User{06FEF7F7-68C0-41FB-8D54-82687C77AD8D}C:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=6 | dir=in | app=c:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"TCP Query User{0A7D8949-670B-4F77-924D-41C7042C48F3}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{236E4B37-5D26-4064-BFE6-0EB697F05991}C:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=6 | dir=in | app=c:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"TCP Query User{38D23013-620F-488C-84B8-2099AA880EA9}C:\users\User\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\User\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe |
"TCP Query User{4F79B3F1-2E02-4680-B901-81BF758F989F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{62DEB3E5-C603-4760-BD4D-E466BB6F3202}C:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=6 | dir=in | app=c:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"TCP Query User{9184F94E-94E6-472D-9BAD-C2181F0FBAA9}E:\program files\ea sports\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=e:\program files\ea sports\fifa 10\fifa10.exe |
"TCP Query User{B76F7F90-4C5D-4478-A5D5-9C4486D4F300}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{C90B67C5-B5D2-4726-9CEA-8163FD138EBF}C:\users\User\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe" = protocol=6 | dir=in | app=c:\users\User\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe |
"TCP Query User{CBA3E1FE-E9D2-42A7-BDA5-27CDDBBFE435}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D305DED3-7531-4A8F-9894-91866BF6B75C}C:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=6 | dir=in | app=c:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"TCP Query User{D4D3A80C-7390-48BA-9798-88FECC33A0CB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3360E5B3-EE72-4B20-92C8-A14C4E2C5579}E:\program files\ea sports\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=e:\program files\ea sports\fifa 10\fifa10.exe |
"UDP Query User{4D2C1353-3239-4894-8E69-FC297582F7ED}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{54A35FCB-F92B-4173-93FE-E2C5902A0A04}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{8B5A7DC0-56CB-4D06-B88C-F49FB2CD3057}C:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=17 | dir=in | app=c:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"UDP Query User{9C1D0029-BD85-45DE-AC82-F45238EE5F91}C:\users\User\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe" = protocol=17 | dir=in | app=c:\users\User\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\empires2.exe |
"UDP Query User{A3E16757-D387-4723-8AE1-BCBFBB63399B}C:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=17 | dir=in | app=c:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"UDP Query User{B196D91B-02FE-4B89-BD5D-3268A1AF68FD}C:\users\User\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\User\desktop\age_of_empires_2_fullrip\age_of_empires_2_fullrip\age2_x1.exe |
"UDP Query User{B75F893E-9DA3-4046-BEDE-CF738FFA659C}C:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe" = protocol=17 | dir=in | app=c:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.exe |
"UDP Query User{BA0DEA0A-BB90-444F-9FEC-31E1AC96C5E2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C9AFD9F0-2DA8-478A-AAB3-A4A59F102D6A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{ED2B6065-3918-4327-8E6D-B0F2B3AA86AB}C:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd" = protocol=17 | dir=in | app=c:\users\User\desktop\age of empires 2 & the conquerors expansion - full game\age of empires 2 & the conquerors expansion - full game\empires2.icd |
"UDP Query User{F764786B-58FF-4B45-820E-1FC3992C7FB8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04CB6099-90D2-896A-8E01-8F1228499D93}" = Catalyst Control Center Localization Dutch
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068138BE-11F5-8F56-8D88-13837314558E}" = CCC Help German
"{0A2F0BB6-D45B-AF3C-C19A-6950342AF6B1}" = Catalyst Control Center Localization Turkish
"{0B2FF6D9-359D-4481-8A0D-43A674B665C9}" = TA 33 USB
"{0BAA36F4-8138-AD8A-3791-44A7F0DD63E7}" = CCC Help Japanese
"{0C2B0B35-CF80-1384-D2F0-14F119F1784E}" = Catalyst Control Center Localization Chinese Standard
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A998953-E64F-CE34-4517-C58EF5092157}" = CCC Help Turkish
"{1AED74D3-4C54-3CAA-65DE-4EAB7B589AE1}" = Catalyst Control Center Localization Greek
"{228A2F09-4557-92B9-44A9-E13D41FFAD02}" = Catalyst Control Center Localization Hungarian
"{228D6BCB-7B30-39F5-5442-A99CD76A9762}" = Catalyst Control Center Localization Danish
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2672817F-EB60-5FA1-9691-FE03D3E674F9}" = CCC Help French
"{2CC25320-CD83-B987-4B0A-B53B8413CC87}" = CCC Help Italian
"{33A0D18A-019E-8F30-6EDA-776CDC319771}" = CCC Help Norwegian
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34537704-7E4C-F552-AFC7-E3FDB0A4FDC1}" = Catalyst Control Center Localization Italian
"{357D2DAA-1743-AC07-D88B-0077FC725DF6}" = Catalyst Control Center Graphics Full Existing
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3899B709-95BD-752E-B320-1686DACA370E}" = CCC Help Portuguese
"{3E84E56E-FC81-4E08-AA90-E8B2FDC02557}" = Catalyst Control Center Localization Norwegian
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{469DFB95-185F-CA9E-3D5E-0036754B5033}" = Catalyst Control Center Localization German
"{475BF3D4-E418-18CF-34FC-1D8DD3E67F46}" = Catalyst Control Center Localization Chinese Traditional
"{4D881F9F-90B1-6992-BA30-72333A6BC669}" = CCC Help Danish
"{51035563-B7F5-01AF-0BE4-47533DEE5B51}" = Catalyst Control Center Localization Russian
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5AC66835-7850-401E-AC93-65AD4D6A7E2E}" = Catalyst Control Center Localization Portuguese
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6789E743-FF41-3E96-8C59-0F43ADE6D9E6}" = Catalyst Control Center Localization French
"{698CEC51-8E29-5B7C-2C88-20CDE9DC3DFF}" = ccc-core-static
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E2F60E-5C4D-3200-3AB5-6A5C1806A64F}" = CCC Help Hungarian
"{759D7567-3027-5605-BF42-9363090FAF71}" = CCC Help Czech
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{85737D46-5FDE-7798-02BA-68AC06CD0B17}" = CCC Help Spanish
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{892DB0A0-CF31-DA46-8142-2B3953CA7B38}" = CCC Help English
"{8F2E8ADC-871F-7B91-708D-BC2899C7D986}" = Catalyst Control Center Localization Swedish
"{8FC9A62D-90DB-7122-09F3-587C42EE9FAC}" = Catalyst Control Center Localization Czech
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9128A108-FE27-997F-A118-E6C65FAE2256}" = CCC Help Korean
"{9809A7E4-3B3B-4547-3B80-0073E0115EB4}" = Catalyst Control Center Graphics Previews Vista
"{9842DEA7-806B-08CA-608C-9717F5F5D7F3}" = Catalyst Control Center Graphics Light
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6ABCF3-A9BF-2A09-0974-777B6C421E28}" = CCC Help Swedish
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A04BF5DC-6DD3-4B6D-BABD-B1BC5DB23CF0}" = Ulead DVD PowerTools
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A6F2C0CD-E0A2-BCC1-5BEF-600AC4D9AE62}" = Catalyst Control Center Localization Spanish
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AED8FA19-763C-BA3F-A243-3136EEF255E8}" = CCC Help Russian
"{b0d4d957-3ad0-4ccf-80ed-303274c119f6}" = Nero 9 Trial
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{BA98E840-DCB3-10B7-D016-8890E4F8F4CC}" = Catalyst Control Center Graphics Full New
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C1F4123D-6C93-D087-F50F-8D7AC51AFE76}" = ATI Catalyst Install Manager
"{C3E7A3AD-142E-2433-0107-D2CA4D85F19F}" = CCC Help Greek
"{C5A5F901-08F3-7E96-3049-A950A80ACCF4}" = Catalyst Control Center Graphics Previews Common
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB082B01-F65B-05DA-3048-8979BF7B5BD2}" = CCC Help Dutch
"{CC0E0442-B3BA-6FB5-3E94-C5F96B9B8915}" = Skins
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D121161E-AD64-4438-97A0-66A1AB7FFDE3}" = Works Suite-Betriebssystem-Pack
"{D281F20C-FA11-D09A-8A20-B78D771222F8}" = Catalyst Control Center Localization Japanese
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DD766B16-BE10-F87C-73A7-A6FC09148633}" = CCC Help Polish
"{DDF91F62-6CBF-2932-93BA-D487B60635B5}" = Catalyst Control Center Core Implementation
"{DEC00B1F-5E63-D40F-6291-A2A531414613}" = CCC Help Chinese Traditional
"{DF066D23-C0C8-8755-8244-A8A78B8798A5}" = CCC Help Thai
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC2F2081-6B46-810C-8408-EC04D29EDFF0}" = Catalyst Control Center Localization Thai
"{ED5EDCD0-5745-4B13-8061-58C9833FD06D}" = Microsoft Works 6.0
"{F0EF93AE-6B13-DB6A-3C03-8CB5A51D0A7A}" = CCC Help Finnish
"{F0FFE43C-7FCC-55F3-6BDE-11F6E9F9FB4A}" = CCC Help Chinese Standard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F1E1E2E3-2F93-E548-7675-10A78CDD04A6}" = Catalyst Control Center Localization Finnish
"{F20B6876-0F18-1A47-D858-D0D9F6888B99}" = Catalyst Control Center Localization Polish
"{F2260E94-80F2-4CB1-B6B1-6043D9BFFA47}" = Works-Synchronisierung
"{F400ED9E-848C-DB0B-CED5-F69DAA2CE8AD}" = ccc-utility
"{F5EFBB2D-2CD6-FD3D-FA53-DFB962BFD14C}" = Catalyst Control Center Localization Korean
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FileZilla Client" = FileZilla Client 3.2.4.1
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FreeStar Free Video Converter" = FreeStar Free Video Converter 9.0.1
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"myphotobook" = myphotobook 3.1
"PersonalFax" = PersonalFax 1.50
"SuperMailer" = SuperMailer 4.90
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 1.0.1
"VobSub" = VobSub v2.23 (Remove Only)
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"Works2002Setup" = Microsoft Works 2002-Setup-Start
"XMedia Recode" = XMedia Recode 2.1.2.9
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 16.05.2010 10:28:13 | Computer Name = User | Source = VSS | ID = 8194
Description =

Error - 16.05.2010 10:47:42 | Computer Name = User | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RunDLL32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul lmpgspl.ax, Version 3.5.0.64, Zeitstempel 0x3bf3f037,
Ausnahmecode 0xc0000005, Fehleroffset 0x00001652, Prozess-ID 0xb20, Anwendungsstartzeit
01caf506bc922ee3.

Error - 16.05.2010 10:48:29 | Computer Name = User | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RunDLL32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul lmpgspl.ax, Version 3.5.0.64, Zeitstempel 0x3bf3f037,
Ausnahmecode 0xc0000005, Fehleroffset 0x00001652, Prozess-ID 0x1370, Anwendungsstartzeit
01caf506d8e00863.

Error - 16.05.2010 11:11:01 | Computer Name = User | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RunDLL32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul lmpgspl.ax, Version 3.5.0.64, Zeitstempel 0x3bf3f037,
Ausnahmecode 0xc0000005, Fehleroffset 0x00001652, Prozess-ID 0xd48, Anwendungsstartzeit
01caf509ff00bf03.

Error - 16.05.2010 11:19:48 | Computer Name = User | Source = VSS | ID = 8194
Description =

Error - 16.05.2010 12:14:34 | Computer Name = User | Source = WerSvc | ID = 5007
Description =

Error - 16.05.2010 18:31:27 | Computer Name = User | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RootRepeal.exe, Version 1.3.5.0, Zeitstempel
0x4a842d4f, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
Ausnahmecode 0xc0000005, Fehleroffset 0x00062086, Prozess-ID 0x11d0, Anwendungsstartzeit
01caf5476b5e11cc.

Error - 16.05.2010 18:34:26 | Computer Name = User | Source = EventSystem | ID = 4621
Description =

Error - 16.05.2010 18:36:34 | Computer Name = User | Source = EventSystem | ID = 4609
Description =

Error - 16.05.2010 18:41:35 | Computer Name = User | Source = WerSvc | ID = 5007
Description =

[ System Events ]
Error - 16.05.2010 18:36:23 | Computer Name = User | Source = DCOM | ID = 10005
Description =

Error - 16.05.2010 18:36:23 | Computer Name = User | Source = LSM | ID = 1048
Description =

Error - 16.05.2010 18:36:27 | Computer Name = User | Source = DCOM | ID = 10005
Description =

Error - 16.05.2010 18:36:34 | Computer Name = User | Source = DCOM | ID = 10005
Description =

Error - 16.05.2010 18:36:35 | Computer Name = User | Source = DCOM | ID = 10005
Description =

Error - 16.05.2010 18:36:35 | Computer Name = User | Source = DCOM | ID = 10005
Description =

Error - 16.05.2010 18:36:36 | Computer Name = User | Source = DCOM | ID = 10005
Description =

Error - 16.05.2010 18:40:15 | Computer Name = User | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error - 16.05.2010 18:40:15 | Computer Name = User | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.1.3 deaktiviert, da
die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.

Error - 16.05.2010 18:40:52 | Computer Name = User | Source = Service Control Manager | ID = 7000
Description =


< End of report >

OTl.Txt:

Zitat

OTL logfile created on: 17.05.2010 00:41:52 - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,77 Gb Total Space | 42,22 Gb Free Space | 45,51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 92,07 Gb Total Space | 58,14 Gb Free Space | 63,14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: User
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634c4a0218d65c1\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (RelayFax) -- C:\Program Files\RelayFax\App\RFEngine.exe (Alt-N Technologies, Ltd.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (iComp) -- C:\Windows\System32\drivers\p2usbwdm.sys (Conexant Systems Inc.)
DRV - (CAPI20) -- C:\Windows\System32\drivers\Capi20.sys (DeTeWe Berlin)
DRV - (ulisa) DeTeWe ISDN-Adapter (USB) -- C:\Windows\System32\drivers\ULISA.SYS (DeTeWe Berlin)
DRV - (CW100) -- C:\Windows\System32\drivers\CW100.sys (CASIO COMPUTER CO.,LTD.)
DRV - (DETEWECP) -- C:\Windows\System32\drivers\detewecp.sys (DeTeWe Berlin)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2431245&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.5
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.16 17:27:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.16 17:27:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.18 14:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2007.01.17 13:18:04 | 000,095,200 | ---- | M] ()

[2009.09.13 11:32:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010.05.15 19:59:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions
[2009.11.27 09:54:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.21 22:04:53 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.05.01 14:08:53 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2009.11.26 10:04:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z5gf9b9g.default\extensions\firefox@tvunetworks.com
[2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\z5gf9b9g.default\searchplugins\conduit.xml
[2010.05.16 09:21:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007.03.02 15:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
[2007.01.17 13:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2007.09.07 16:25:50 | 000,103,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll
[2007.09.07 15:46:48 | 000,098,968 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPWMDRMWrapper.dll
[2010.03.06 11:15:22 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.06 11:15:22 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.06 11:15:22 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.06 11:15:22 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.06 11:15:22 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.09.14 17:38:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O24 - Desktop WallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.13 13:56:09 | 000,000,078 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.05.17 00:31:34 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RootRepeal
[2010.05.17 00:29:59 | 000,472,064 | ---- | C] ( ) -- C:\Users\User\Desktop\RootRepeal.exe
[2010.05.16 09:33:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.05.15 21:17:16 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010.05.15 20:04:09 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010.05.15 15:30:04 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.15 14:51:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2010.05.15 14:51:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.15 14:51:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.15 14:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.15 14:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.09 23:52:22 | 000,000,000 | ---D | C] -- C:\RELAYFAX
[2010.05.09 23:51:02 | 000,373,464 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\TIFF32.dll
[2010.05.09 23:46:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\RelayFax
[2010.05.09 23:46:01 | 000,294,912 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\imgman32.dll
[2010.05.09 23:45:56 | 000,164,568 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\BuMAppNT.exe
[2010.05.09 23:45:56 | 000,118,784 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\BuMResNT.dll
[2010.05.09 23:45:55 | 000,361,704 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\BuMMonNT.dll
[2010.05.09 23:45:55 | 000,316,128 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\BuMRmvNT.dll
[2010.05.09 23:45:55 | 000,230,112 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\BiImgUser.dll
[2010.05.09 23:45:55 | 000,164,568 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\System32\JPEG32.dll
[2010.05.09 23:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\RelayFax
[2010.05.09 23:18:52 | 000,439,488 | ---- | C] (ActFax Communication) -- C:\Windows\System32\ActMonNT.dll
[2010.05.09 23:18:52 | 000,090,112 | ---- | C] (ActFax Communication) -- C:\Windows\System32\ActMonRe.dll
[2010.05.09 23:18:51 | 000,083,136 | ---- | C] (ActFax Communication) -- C:\Windows\UIActFax.exe
[2010.05.09 23:18:51 | 000,069,632 | ---- | C] (ActFax Communication) -- C:\Windows\UIActFax.dll
[2010.05.09 20:13:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PersonalFax
[2010.05.09 20:12:15 | 000,331,136 | ---- | C] (Mirko Böer) -- C:\Windows\PFUn.EXE
[2010.05.09 20:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\PersonalFax
[2010.05.09 20:11:20 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2010.05.09 19:57:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FRITZ!
[2010.05.09 19:57:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\FRITZ!
[2010.05.09 19:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\FRITZ!DSL
[2010.05.09 18:00:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\winsuite
[2010.05.09 17:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\WinSuite
[2010.05.09 16:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\DeTeWe
[2010.05.06 11:41:33 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Fleischer-Adressen
[2010.05.01 15:53:37 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\AdobeStockPhotos
[2010.05.01 15:50:18 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2010.05.01 15:50:17 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2010.05.01 15:50:15 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2010.05.01 15:50:15 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2010.05.01 15:50:15 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2010.05.01 15:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2010.05.01 14:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.04.30 15:56:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Opera
[2010.04.29 15:29:08 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\visitenkarte-Dateien
[2010.04.29 11:23:22 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Updater
[2010.04.29 11:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2010.04.29 11:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2010.04.19 17:14:18 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Desktop2
[3 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.05.17 00:41:52 | 003,932,160 | -HS- | M] () -- C:\Users\User\NTUSER.DAT
[2010.05.17 00:39:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.17 00:39:26 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.17 00:39:25 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.17 00:39:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.17 00:34:17 | 004,551,926 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2010.05.17 00:33:09 | 000,465,298 | ---- | M] () -- C:\Users\User\Desktop\RootRepeal.rar
[2010.05.17 00:31:24 | 000,136,261 | ---- | M] () -- C:\Users\User\Desktop\RootRepeal.dmp
[2010.05.17 00:30:12 | 000,000,000 | ---- | M] () -- C:\Users\User\Desktop\settings.dat
[2010.05.17 00:28:17 | 000,464,491 | ---- | M] () -- C:\Users\User\Desktop\RootRepeal.zip
[2010.05.16 17:15:02 | 000,081,648 | ---- | M] () -- C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.16 17:14:29 | 000,314,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.16 17:13:09 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010.05.16 17:09:32 | 000,000,133 | ---- | M] () -- C:\Windows\magix.ini
[2010.05.16 16:59:36 | 000,149,504 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.15 20:04:16 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010.05.15 14:51:17 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.14 13:50:37 | 000,053,726 | ---- | M] () -- C:\Users\User\Documents\90531.pdf
[2010.05.14 12:51:13 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[[2010.05.09 23:52:22 | 000,000,264 | ---- | M] () -- C:\Windows\win.ini
[2010.05.09 23:51:21 | 000,001,814 | ---- | M] () -- C:\Windows\FAXCPP1.INI
[2010.05.09 23:51:12 | 000,000,034 | ---- | M] () -- C:\Windows\RFOIni.ini
[2010.05.09 23:51:06 | 000,000,034 | ---- | M] () -- C:\Windows\RFPIni.ini
[2010.05.09 23:51:04 | 000,000,034 | ---- | M] () -- C:\Windows\RFRIni.ini
[2010.05.09 23:18:53 | 000,000,127 | ---- | M] () -- C:\Windows\System32\ActiveFax.Cmd
[2010.05.09 23:18:52 | 000,439,488 | ---- | M] (ActFax Communication) -- C:\Windows\System32\ActMonNT.dll
[2010.05.09 23:18:52 | 000,199,900 | ---- | M] () -- C:\Windows\System32\ActMon32.hlp
[2010.05.09 23:18:52 | 000,090,112 | ---- | M] (ActFax Communication) -- C:\Windows\System32\ActMonRe.dll
[2010.05.09 23:18:52 | 000,083,677 | ---- | M] () -- C:\Windows\System32\ActMon32.chm
[2010.05.09 23:18:52 | 000,000,613 | ---- | M] () -- C:\Windows\System32\ActMon32.cnt
[2010.05.09 23:18:51 | 000,083,136 | ---- | M] (ActFax Communication) -- C:\Windows\UIActFax.exe
[2010.05.09 23:18:51 | 000,069,632 | ---- | M] (ActFax Communication) -- C:\Windows\UIActFax.dll
[2010.05.09 23:18:51 | 000,014,134 | ---- | M] () -- C:\Windows\UIActFax.chm
[2010.05.09 23:18:51 | 000,008,538 | ---- | M] () -- C:\Windows\UIActFax.hlp
[2010.05.09 23:18:51 | 000,000,134 | ---- | M] () -- C:\Windows\UIActFax.cnt
[2010.05.09 20:49:24 | 000,000,059 | ---- | M] () -- C:\Windows\WINPHONE.INI
[2010.05.09 20:49:18 | 000,001,894 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CAPIControl.lnk
[2010.05.09 20:12:15 | 000,002,856 | R--- | M] () -- C:\Windows\PersonalFax_Uninstall.in
[2010.05.09 03:41:37 | 274,430,506 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[3 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.05.17 00:33:04 | 000,465,298 | ---- | C] () -- C:\Users\User\Desktop\RootRepeal.rar
[2010.05.17 00:31:21 | 000,136,261 | ---- | C] () -- C:\Users\User\Desktop\RootRepeal.dmp
[2010.05.17 00:30:12 | 000,000,000 | ---- | C] () -- C:\Users\User\Desktop\settings.dat
[2010.05.17 00:28:13 | 000,464,491 | ---- | C] () -- C:\Users\User\Desktop\RootRepeal.zip
[2010.05.16 17:13:09 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.05.15 14:51:17 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.14 12:51:13 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.05.09 23:51:21 | 000,001,814 | ---- | C] () -- C:\Windows\FAXCPP1.INI
[2010.05.09 23:51:21 | 000,000,422 | ---- | C] () -- C:\Windows\FAXCPP.INI
[2010.05.09 23:51:12 | 000,000,034 | ---- | C] () -- C:\Windows\RFOIni.ini
[2010.05.09 23:51:04 | 000,000,034 | ---- | C] () -- C:\Windows\RFRIni.ini
[2010.05.09 23:45:57 | 000,000,034 | ---- | C] () -- C:\Windows\RFPIni.ini
[2010.05.09 23:18:53 | 000,000,127 | ---- | C] () -- C:\Windows\System32\ActiveFax.Cmd
[2010.05.09 23:18:52 | 000,199,900 | ---- | C] () -- C:\Windows\System32\ActMon32.hlp
[2010.05.09 23:18:52 | 000,083,677 | ---- | C] () -- C:\Windows\System32\ActMon32.chm
[2010.05.09 23:18:52 | 000,000,613 | ---- | C] () -- C:\Windows\System32\ActMon32.cnt
[2010.05.09 23:18:51 | 000,014,134 | ---- | C] () -- C:\Windows\UIActFax.chm
[2010.05.09 23:18:51 | 000,008,538 | ---- | C] () -- C:\Windows\UIActFax.hlp
[2010.05.09 23:18:51 | 000,000,134 | ---- | C] () -- C:\Windows\UIActFax.cnt
[2010.05.09 20:49:18 | 000,001,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CAPIControl.lnk
[2010.05.09 20:16:33 | 000,000,000 | ---- | C] () -- C:\Users\User\Documents\FaxMan
[2010.05.09 20:12:15 | 000,002,856 | R--- | C] () -- C:\Windows\PersonalFax_Uninstall.in
[2010.05.09 16:54:49 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI
[2010.05.03 19:53:26 | 000,000,016 | ---- | C] () -- C:\Users\User\AppData\Roaming\qvjsge.dat
[2010.05.01 15:50:21 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2010.05.01 15:50:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.11.26 20:57:15 | 000,000,085 | ---- | C] () -- C:\Windows\System32\dojzjytg.dll
[2009.10.20 19:11:08 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.10.13 13:56:11 | 000,000,182 | ---- | C] () -- C:\Windows\ulead32.ini
[2009.10.13 13:53:06 | 000,000,000 | ---- | C] () -- C:\Windows\videodeLuxe.INI
[2009.10.13 13:49:47 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.10.13 13:49:38 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2009.10.13 13:47:12 | 000,000,133 | ---- | C] () -- C:\Windows\magix.ini
[2009.09.27 19:08:45 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2009.09.27 19:08:45 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.09.27 16:05:58 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.08.20 11:40:41 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.25 23:10:48 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.01.09 01:01:22 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.04.15 16:29:24 | 000,018,432 | ---- | C] () -- C:\Windows\vmmreg3.dll
[2008.01.08 10:35:57 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.10.15 20:52:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.10.15 20:51:56 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.10.15 20:51:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.10.15 20:51:56 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.10.15 20:51:56 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.07.12 10:26:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007.04.16 08:35:21 | 000,000,887 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.04.16 08:02:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.04.16 06:38:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.11.23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:661DFA1C
< End of report >