Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avast locked up. InternetSecurity2010 plus others?

Started by ToniB , Oct 17 2010 08:18 PM

  • Please log in to reply

#1
ToniB
Posted 17 October 2010 - 08:18 PM

ToniB

    Member

  • Member
  • PipPip
  • 84 posts
Hi,

Sorry about the long-winded explanation below, not sure of any way around it.

I first noticed a problem when my Avast was inactive. Couldn't get it to activate (message said damaged path or something similar if I remember correctly). Tried to reinstall, didn't help. Had no other problems that I was aware of; my son didn't tell me of any (if he would even recognize them as such). Called Avast for help, they told me they found all kinds of stuff & would kindly fix it for a price that was much more than this computer is worth. (Although they told me my machine was 'in great shape' -- not sure if there are diagnostics tha would tell them that in 5 minutes or was that all smoke?) But you folks have previously helped and are great so here I am.

One thing I did remember that they found to be problematic was InternetSecurity2010 folder under programs. (This machine was bought in Germany & thinks it is still there so most programs are in the C:/Programme folder but this one did land in the C:/Program Files folder. BTW, any advice on how to let the computer know that it is now indeed in the US? OTL, for instance, automatically downloaded in German.)

Wasn't sure how best to proceed as they indicated multiple problems,ultimately decided to follow the "normal malware removal procedure" instructions but the new virus protection software showed 2 things but didn't let me remove them, so I went to your internet security removal instructions, then proceed all the way through the "normal malware removal procedure" instructions.

Therefore, I ran
1)Malewarebytes, which found 1 problem, let it fix it.
2)downloaded & ran a new virus protector program (Avira)after uninstalling a)Avast and b) McAfee. I am not sure if McAfee was real or a virus as I didn't download or install it but maybe my son did. Avira hung at searching for hidden objects. I stopped it and it ran again but not sure if it searched for hidden objects. Found 2 problems but wouldn't let me remove them so decided to try specific InternetSecurity removal instructions.
3) ran OTL with the special instructions under 'fix' mode. One thing I did change -- I noticed it was for only a short time period. As the Avast people indicated that there were problems there for a long time, I increased that timeframe to the max (360-? days).
4)ran Malewarebytes again
5) ran Avira again which again froze at searching for hidden objects. (I even tried letting it run overnight this time) I stopped it and it ran again but, again, not sure if it searched for hidden objects. It did let me fix the problems on this run-through.
6)ran GMER
7)ran OTL again w/ Quickfix, special instructions, left at 90 days.

Logs posted below & in next posts. I can gladly upload them if that is easier for you.

GMER log:

GMER 1.0.15.15319 - http://www.gmer.net
Rootkit scan 2010-10-17 20:59:55
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\THEFAM~1\LOKALE~1\Temp\fwliikoc.sys


---- System - GMER 1.0.15 ----

SSDT F7A6B8AE ZwCreateKey
SSDT F7A6B8A4 ZwCreateThread
SSDT F7A6B8B3 ZwDeleteKey
SSDT F7A6B8BD ZwDeleteValueKey
SSDT F7A6B8C2 ZwLoadKey
SSDT F7A6B890 ZwOpenProcess
SSDT F7A6B895 ZwOpenThread
SSDT F7A6B8CC ZwReplaceKey
SSDT F7A6B8C7 ZwRestoreKey
SSDT F7A6B8B8 ZwSetValueKey
SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB896A620]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x59 0x5E 0xE7 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7C 0x66 0x56 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDF 0x2D 0xB0 0x63 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x59 0x5E 0xE7 0x0A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7C 0x66 0x56 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDF 0x2D 0xB0 0x63 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x59 0x5E 0xE7 0x0A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7C 0x66 0x56 0x0E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDF 0x2D 0xB0 0x63 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x59 0x5E 0xE7 0x0A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7C 0x66 0x56 0x0E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDF 0x2D 0xB0 0x63 ...

---- EOF - GMER 1.0.15 ----

Latest OTL logs:

OTL.txt:

OTL logfile created on: 17.10.2010 21:02:29 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Dokumente und Einstellungen\The Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 256 256 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.50 Gb Total Space | 4.52 Gb Free Space | 6.07% Space Free | Partition Type: NTFS
Drive D: | 65.73 Gb Total Space | 19.91 Gb Free Space | 30.28% Space Free | Partition Type: NTFS
Drive E: | 8.79 Gb Total Space | 5.53 Gb Free Space | 62.94% Space Free | Partition Type: FAT32
Drive N: | 465.76 Gb Total Space | 178.79 Gb Free Space | 38.39% Space Free | Partition Type: NTFS

Computer Name: CHAPMAN-03 | User Name: The Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010.10.16 01:11:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\The Family\Desktop\OTL.exe
PRC - [2010.10.16 00:48:56 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010.09.21 14:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010.04.01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.03.05 02:31:41 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.03.05 02:31:39 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.03.02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.02.02 17:31:56 | 000,279,296 | ---- | M] (Motorola) -- C:\Programme\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010.01.27 11:37:22 | 000,091,392 | ---- | M] () -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010.01.14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.11 16:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2009.06.23 11:55:24 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2009.06.23 11:54:18 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008.10.28 17:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008.04.13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.01 03:16:54 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdpcoms.exe
PRC - [2007.12.01 03:16:47 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpserv.exe
PRC - [2007.01.04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Programme\Viewpoint\Common\ViewpointService.exe
PRC - [2006.09.11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
PRC - [2003.06.19 17:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2002.10.31 04:35:58 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2010.10.16 01:11:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\The Family\Desktop\OTL.exe
MOD - [2008.04.13 22:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.04.01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.05 02:31:39 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.27 11:37:22 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009.06.23 11:55:24 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2009.06.23 11:54:18 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2008.10.28 17:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008.08.08 23:44:19 | 000,354,560 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.05.01 12:24:16 | 000,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2008.05.01 12:24:12 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2008.05.01 12:23:54 | 001,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2008.04.04 14:51:32 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007.12.01 03:16:54 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdpcoms.exe -- (lxdp_device)
SRV - [2007.12.01 03:16:47 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe -- (lxdpCATSCustConnectService)
SRV - [2007.01.04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Programme\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006.10.23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004.10.21 21:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.06.19 17:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2002.10.31 04:35:58 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2001.11.12 08:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Besitzer\Desktop\MD8008_1120\Biosupdate\WinFlash.sys -- (WINFLASH)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\iiusbisp.sys -- (IIUSBISP)
DRV - [2010.08.31 13:54:03 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.03.01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.26 21:07:15 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010.02.26 21:07:15 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.02.11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010.01.10 21:14:55 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009.10.27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.24 01:31:44 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008.04.13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.02.27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007.12.19 21:02:56 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007.03.11 17:37:20 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007.03.11 17:37:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004.08.04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003.07.18 04:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003.05.22 11:44:44 | 000,670,203 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctxs51.sys -- (Intels51)
DRV - [2003.03.20 10:21:24 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.02.09 17:33:14 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003.01.10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002.11.04 10:32:00 | 000,027,520 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2002.11.04 10:29:42 | 000,422,976 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) MEDION (7134)
DRV - [2002.10.28 02:38:06 | 000,947,884 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002.08.29 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002.08.29 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002.08.14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002.07.10 11:39:34 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002.04.17 14:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (asapiW2k)
DRV - [2002.03.22 02:43:58 | 000,321,394 | ---- | M] (GlobeSpan Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GLAPCI.SYS -- (glapci)
DRV - [2002.03.20 12:38:20 | 000,019,140 | ---- | M] (America Online) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atwpkt.sys -- (ATWPKT)
DRV - [2001.11.14 13:07:42 | 000,010,761 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\x10uif.sys -- (X10UIF)
DRV - [2001.08.17 13:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)
DRV - [2001.08.17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)
DRV - [2001.08.17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/2...ions/index.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.20
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {bcd47b5a-43be-433f-9051-7ce2cdf94ac0}:3.1.3
FF - prefs.js..extensions.enabledItems: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:3.6
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Programme\Real\RealPlayer\browserrecord [2007.12.07 22:11:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.15 19:19:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.26 12:10:02 | 000,000,000 | ---D | M]

[2008.08.14 22:43:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Extensions
[2010.10.16 14:41:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions
[2010.09.26 15:41:54 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.09.26 15:42:31 | 000,000,000 | ---D | M] (ActiveInbox for Gmail and Google Apps) -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\{bcd47b5a-43be-433f-9051-7ce2cdf94ac0}
[2010.09.26 15:41:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.08 12:26:35 | 000,000,000 | ---D | M] (myFireFox) -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2010.08.08 12:26:03 | 000,000,000 | ---D | M] (Aeon Clouds) -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}
[2010.03.14 00:32:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\[email protected]
[2010.09.26 15:41:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\[email protected]
[2010.03.14 00:32:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\[email protected]
[2010.09.26 15:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\[email protected]
[2010.08.08 12:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2008.06.02 20:41:50 | 000,001,193 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\altavista.xml
[2010.10.10 21:15:23 | 000,001,968 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\bremende.xml
[2007.09.07 03:14:21 | 000,000,953 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\businesscom.xml
[2010.09.26 12:21:45 | 000,001,728 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\canoonet-inflection.xml
[2010.10.10 21:15:25 | 000,004,267 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\deutscher-wortschatz.xml
[2010.10.10 21:15:25 | 000,001,137 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\dictionarycom.xml
[2010.10.10 21:15:25 | 000,002,008 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\leo-de-en.xml
[2008.08.02 08:02:19 | 000,001,173 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\referencecom---encyclopedia.xml
[2010.10.10 21:15:26 | 000,005,124 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\spiegel-wissen.xml
[2008.06.25 09:14:37 | 000,000,681 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\webster.xml
[2010.10.16 14:41:32 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.09.03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll
[2005.12.05 16:31:00 | 000,114,688 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npmozax.dll
[2008.04.13 20:40:09 | 000,163,840 | ---- | M] (CNN) -- C:\Programme\Mozilla Firefox\plugins\NPTURNMED.dll
[2007.04.16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npViewpoint.dll
[2007.04.16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npViewpoint_.dll

O1 HOSTS File: ([2010.10.16 10:19:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [XdriveTray] C:\Programme\xdrive\xdrive desktop\xdrive.exe File not found
O4 - HKCU..\Run: [XdriveTrayIcon] C:\Programme\Xdrive\Xdrive Desktop\XdriveTray.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Alarm Manager.LNK = C:\Programme\palmOne\AlarmApp.exe (Palm, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HotSync Manager.lnk = C:\Programme\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Dokumente und Einstellungen\The Family\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\The Family\Startmenü\Programme\Autostart\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 21
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} http://www.xdrive.co...stall/setup.exe ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1186325003218 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1186325760765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7657.0299189815 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Programme\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\The Family\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\The Family\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.02.05 03:31:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk N:\
O33 - MountPoints2\{40003803-403d-11df-9d88-00038a000015}\Shell\AutoRun\command - "" = J:\setupSNK.exe -- File not found
O33 - MountPoints2\{b65e5658-d2e5-11df-9dc9-00038a000015}\Shell\AutoRun\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b65e5658-d2e5-11df-9dc9-00038a000015}\Shell\install\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b65e5658-d2e5-11df-9dc9-00038a000015}\Shell\usermanualEnglish\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b65e5658-d2e5-11df-9dc9-00038a000015}\Shell\usermanualFrench\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b65e5658-d2e5-11df-9dc9-00038a000015}\Shell\usermanualSpanish\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 90 Days ==========

[2010.10.16 10:17:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.10.16 09:45:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira
[2010.10.16 01:11:30 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\The Family\Desktop\OTL.exe
[2010.10.16 01:04:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Avira
[2010.10.16 01:00:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.10.16 01:00:45 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.10.16 01:00:45 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.10.16 01:00:45 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.10.16 01:00:45 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.10.16 01:00:44 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.10.16 01:00:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.10.15 13:16:26 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.10.15 13:14:57 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Dokumente und Einstellungen\The Family\Desktop\erunt-setup.exe
[2010.10.14 22:49:50 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\The Family\Desktop\mbam-setup-1.46.exe
[2010.10.14 18:47:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Local Settings
[2010.10.14 18:47:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Software Update Utility
[2010.10.14 18:13:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ICS
[2010.10.14 12:24:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\HamsterSoft
[2010.10.13 16:44:28 | 000,000,000 | ---D | C] -- C:\Programme\NCH Software
[2010.10.11 08:52:38 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\The Family\Desktop\My Dropbox
[2010.10.11 08:48:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Dropbox
[2010.10.05 23:14:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Desktop\Adam Mesh
[2010.10.03 21:50:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Desktop\Mash Season 8 DVDRip
[2010.09.27 18:52:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Desktop\Neuer Ordner
[2010.09.26 22:29:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Desktop\Season 7
[2010.09.01 20:18:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Lokale Einstellungen\Anwendungsdaten\AIM
[2010.09.01 20:18:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AIM
[2010.09.01 20:16:35 | 000,000,000 | ---D | C] -- C:\Programme\AIM
[2010.08.11 12:41:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\McAfee
[2010.08.08 12:32:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Abine
[2010.08.08 10:54:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
[2010.08.04 10:39:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2010.08.04 10:39:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010.07.21 10:21:17 | 000,000,000 | ---D | C] -- C:\Programme\Tracker Software
[2009.04.01 08:29:13 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDPhcp.dll
[2009.04.01 08:29:13 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpinpa.dll
[2009.04.01 08:29:13 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpiesc.dll
[2009.04.01 08:29:12 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpserv.dll
[2009.04.01 08:29:12 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpusb1.dll
[2009.04.01 08:29:12 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpprox.dll
[2009.04.01 08:29:11 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdppmui.dll
[2009.04.01 08:29:11 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdplmpm.dll
[2009.04.01 08:29:10 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdphbn3.dll
[2009.04.01 08:29:08 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomc.dll
[2009.04.01 08:29:08 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomm.dll
[2009.03.19 15:07:22 | 037,452,296 | ---- | C] (Lavasoft ) -- C:\Programme\Ad-AwareAE.exe
[2008.05.27 16:30:45 | 001,282,759 | ---- | C] (Alexander van Kaam ) -- C:\Programme\MotherboardMonitor.exe
[2008.05.27 14:54:01 | 014,782,496 | ---- | C] (Microsoft Corporation) -- C:\Programme\IE7-WindowsXP-x86-deu.exe
[2008.04.27 22:51:12 | 000,399,000 | ---- | C] (NCH Software) -- C:\Programme\switchsetup.exe
[2007.07.16 10:53:02 | 000,728,624 | ---- | C] (AOL LLC) -- C:\Programme\aolsetup.exe
[2 C:\Dokumente und Einstellungen\The Family\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\The Family\Desktop\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\The Family\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\The Family\Eigene Dateien\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.10.17 21:00:00 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.10.17 18:17:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.10.17 13:24:05 | 000,285,230 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\gmer.zip
[2010.10.17 13:14:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.16 11:31:03 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\qmcz98to.exe
[2010.10.16 10:19:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010.10.16 01:16:02 | 000,033,792 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Download OTL to your Desktop.doc
[2010.10.16 01:11:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\The Family\Desktop\OTL.exe
[2010.10.16 01:01:04 | 000,001,675 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.10.15 19:18:18 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.10.15 19:07:41 | 000,025,600 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\cleaning PC log.doc
[2010.10.15 19:07:41 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$eaning PC log.doc
[2010.10.15 18:13:15 | 000,000,359 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Eigene Dateien.lnk
[2010.10.15 16:42:13 | 000,082,944 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.15 13:16:26 | 000,000,595 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\NTREGOPT.lnk
[2010.10.15 13:16:26 | 000,000,576 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\ERUNT.lnk
[2010.10.15 13:14:57 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Dokumente und Einstellungen\The Family\Desktop\erunt-setup.exe
[2010.10.15 12:01:31 | 044,089,904 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\avira_antivir_personal_en.exe
[2010.10.15 01:32:25 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.10.14 22:50:49 | 000,000,680 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.14 22:49:58 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\The Family\Desktop\mbam-setup-1.46.exe
[2010.10.14 20:12:54 | 000,024,576 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Honors VocabWk7.doc
[2010.10.14 19:33:52 | 000,040,448 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\English 9 Vocabulary.doc
[2010.10.14 19:33:17 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\~$nors VocabWk7.doc
[2010.10.14 18:47:29 | 000,000,731 | -H-- | M] () -- C:\IPH.PH
[2010.10.14 18:47:27 | 000,001,544 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AIM.lnk
[2010.10.14 15:13:14 | 050,594,264 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\setup_av_free.exe
[2010.10.14 12:23:51 | 000,000,526 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Hamster Free Video Converter.lnk
[2010.10.13 23:11:37 | 000,025,600 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\Journal Entry 9.doc
[2010.10.13 16:47:06 | 000,000,782 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WavePad Sound Editor.lnk
[2010.10.13 16:44:28 | 000,000,745 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Prism Video Converter.lnk
[2010.10.12 17:08:08 | 000,021,504 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\DayAllotment.xls
[2010.10.11 08:52:39 | 000,001,027 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Startmenü\Programme\Autostart\Dropbox.lnk
[2010.10.11 08:52:38 | 000,001,027 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Dropbox.lnk
[2010.10.11 01:32:39 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010.10.11 01:32:39 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010.10.05 17:27:16 | 019,248,337 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Owensonradio-short.mp3
[2010.10.05 17:23:47 | 106,100,768 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Owensonradio-short.wav
[2010.09.26 13:59:22 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$ghtTummy.doc
[2010.09.26 13:59:17 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$use-Org-Storage.doc
[2010.09.26 12:07:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.07 00:52:40 | 000,136,704 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\The Wal.doc
[2010.09.07 00:52:40 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\~$he Wal.doc
[2010.09.04 19:07:54 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$crosoft OUTLOOK 2007.doc
[2010.09.04 19:07:53 | 000,033,792 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\Microsoft OUTLOOK 2007.doc
[2010.09.04 18:54:40 | 000,439,443 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Bike rack_2009NewF6InstructionsV1.pdf
[2010.08.31 16:05:05 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.31 13:26:40 | 000,540,964 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Elevate_America_User_Guide.pdf
[2010.08.31 12:57:23 | 000,001,713 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.08.16 12:49:52 | 000,028,160 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\East WHeeling.doc
[2010.08.06 09:19:44 | 000,000,655 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Alarm Manager.LNK
[2010.08.03 08:58:25 | 000,029,696 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\Scrabble.doc
[2010.07.28 21:55:02 | 000,001,404 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Verknüpfung mit Wallpaper.lnk
[2010.07.27 00:08:46 | 000,099,328 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\GTD_Tools for Thought.doc
[2010.07.27 00:08:46 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\~$D_Tools for Thought.doc
[2010.07.23 00:39:15 | 000,075,264 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\2010 picnic.doc
[2010.07.21 23:55:17 | 000,226,816 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Dem vs Rep Talking Points_toni.doc
[2010.07.21 23:35:31 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$e Power of Concentration.doc
[2010.07.21 10:28:03 | 000,419,136 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\print_averagejoe.pdf
[2010.07.21 10:21:22 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\PDF-Viewer.lnk
[2 C:\Dokumente und Einstellungen\The Family\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\The Family\Desktop\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\The Family\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\The Family\Eigene Dateien\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.10.17 13:24:02 | 000,285,230 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\gmer.zip
[2010.10.16 11:31:00 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\qmcz98to.exe
[2010.10.16 01:13:50 | 000,033,792 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Download OTL to your Desktop.doc
[2010.10.16 01:01:03 | 000,001,675 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.10.15 19:07:41 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$eaning PC log.doc
[2010.10.15 19:07:40 | 000,025,600 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\cleaning PC log.doc
[2010.10.15 18:13:15 | 000,000,359 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Eigene Dateien.lnk
[2010.10.15 13:16:26 | 000,000,595 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\NTREGOPT.lnk
[2010.10.15 13:16:26 | 000,000,576 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\ERUNT.lnk
[2010.10.15 11:52:13 | 044,089,904 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\avira_antivir_personal_en.exe
[2010.10.14 19:33:52 | 000,040,448 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\English 9 Vocabulary.doc
[2010.10.14 19:33:17 | 000,024,576 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Honors VocabWk7.doc
[2010.10.14 19:33:17 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\~$nors VocabWk7.doc
[2010.10.14 15:10:51 | 050,594,264 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\setup_av_free.exe
[2010.10.14 12:23:51 | 000,000,526 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Hamster Free Video Converter.lnk
[2010.10.13 23:11:37 | 000,025,600 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\Journal Entry 9.doc
[2010.10.13 16:47:06 | 000,000,782 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WavePad Sound Editor.lnk
[2010.10.13 16:44:28 | 000,000,745 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Prism Video Converter.lnk
[2010.10.11 08:52:39 | 000,001,027 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Startmenü\Programme\Autostart\Dropbox.lnk
[2010.10.11 08:52:38 | 000,001,027 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Dropbox.lnk
[2010.10.11 01:32:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010.10.11 01:32:39 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010.10.10 14:46:48 | 000,021,504 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\DayAllotment.xls
[2010.10.05 23:13:43 | 000,024,002 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\earningstheory.pdf
[2010.10.05 17:24:00 | 019,248,337 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Owensonradio-short.mp3
[2010.10.05 17:23:31 | 106,100,768 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Owensonradio-short.wav
[2010.09.26 13:59:22 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$ghtTummy.doc
[2010.09.26 13:59:17 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$use-Org-Storage.doc
[2010.09.07 00:52:40 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\~$he Wal.doc
[2010.09.07 00:52:39 | 000,136,704 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\The Wal.doc
[2010.09.04 19:07:54 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$crosoft OUTLOOK 2007.doc
[2010.09.04 19:07:53 | 000,033,792 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\Microsoft OUTLOOK 2007.doc
[2010.09.04 18:54:40 | 000,439,443 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Bike rack_2009NewF6InstructionsV1.pdf
[2010.09.01 20:18:14 | 000,001,544 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AIM.lnk
[2010.09.01 20:15:40 | 000,000,731 | -H-- | C] () -- C:\IPH.PH
[2010.08.31 13:26:38 | 000,540,964 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Elevate_America_User_Guide.pdf
[2010.08.14 13:52:47 | 000,028,160 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\East WHeeling.doc
[2010.08.06 09:19:44 | 000,000,655 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Alarm Manager.LNK
[2010.08.03 08:58:24 | 000,029,696 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\Scrabble.doc
[2010.07.27 00:08:46 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\~$D_Tools for Thought.doc
[2010.07.27 00:08:45 | 000,099,328 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\GTD_Tools for Thought.doc
[2010.07.23 00:39:15 | 000,075,264 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\2010 picnic.doc
[2010.07.21 23:35:31 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$e Power of Concentration.doc
[2010.07.21 10:28:03 | 000,419,136 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\print_averagejoe.pdf
[2010.07.21 10:21:22 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\PDF-Viewer.lnk
[2010.07.21 09:20:35 | 000,226,816 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Dem vs Rep Talking Points_toni.doc
[2010.03.27 23:30:41 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009.04.03 12:30:08 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.04.01 08:49:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdpvs.dll
[2009.04.01 08:48:49 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdpcoin.dll
[2009.04.01 08:29:37 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdprwrd.ini
[2009.04.01 08:29:13 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDPinst.dll
[2009.04.01 08:29:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdpgrd.dll
[2008.09.23 14:36:26 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008.09.14 03:15:54 | 000,021,579 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Comma Separated Values (Windows).ADR
[2008.09.11 16:28:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008.08.09 08:21:19 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008.08.05 02:07:20 | 000,065,216 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2008.07.13 05:06:17 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008.05.31 11:46:34 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008.05.31 10:09:49 | 001,500,168 | ---- | C] () -- C:\Programme\advisor.exe
[2008.05.31 09:20:30 | 000,688,638 | ---- | C] () -- C:\Programme\PC-Decrapifier-1.9.1.exe
[2008.05.30 07:25:57 | 000,948,113 | ---- | C] () -- C:\Programme\EFRCSetup.exe
[2008.05.28 07:47:08 | 001,324,633 | ---- | C] () -- C:\Programme\siw.zip
[2008.05.28 07:42:38 | 001,567,713 | ---- | C] () -- C:\Programme\revosetup.exe
[2008.05.27 11:38:04 | 006,439,960 | ---- | C] () -- C:\Programme\SUPERAntiSpyware.exe
[2008.04.29 14:42:24 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008.04.12 11:49:44 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008.04.12 11:49:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008.04.06 10:17:46 | 014,574,336 | ---- | C] () -- C:\Programme\TU2008TrialEN.exe
[2008.01.18 11:52:09 | 000,860,391 | ---- | C] () -- C:\Programme\unzipRAR-7z457.exe
[2007.12.26 17:12:22 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2007.12.08 21:45:10 | 000,000,534 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.09.20 01:38:10 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007.09.19 11:36:09 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2007.09.17 18:24:53 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007.09.13 20:49:26 | 000,001,825 | ---- | C] () -- C:\Programme\Ad-AwareAd-Aware update.log
[2007.09.02 01:31:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007.08.22 10:21:17 | 000,000,220 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007.08.21 05:35:40 | 000,259,341 | R--- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak
[2007.08.21 05:35:40 | 000,003,002 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak
[2007.08.21 05:35:40 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak
[2007.08.07 03:16:14 | 000,003,363 | ---- | C] () -- C:\Programme\Ad-AwareAdAware event.log
[2007.07.16 10:53:02 | 000,004,424 | ---- | C] () -- C:\Programme\aolsetup.bin
[2007.07.16 10:53:02 | 000,001,592 | ---- | C] () -- C:\Programme\main.ini
[2004.08.31 13:59:42 | 000,082,944 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.06.03 15:16:13 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2004.06.03 15:16:13 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004.06.03 15:16:13 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004.06.03 15:16:13 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2004.06.03 15:16:13 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004.06.02 15:18:15 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004.06.01 13:14:54 | 000,003,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\WinFlash.sys
[2004.06.01 12:56:41 | 000,000,184 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003.03.01 14:04:26 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003.02.09 18:44:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003.02.09 17:29:19 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003.02.05 11:23:47 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003.02.05 05:22:22 | 000,000,748 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003.02.05 04:39:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003.02.05 04:23:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\Dit.DLL
[2003.02.05 04:23:14 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2003.02.05 04:05:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2003.02.05 03:56:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\winio.sys
[2003.02.05 03:34:32 | 000,000,863 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003.02.05 03:27:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002.03.26 15:18:27 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[1999.01.22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008.07.21 19:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\acccore
[2009.10.13 09:50:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\agi
[2010.09.01 20:18:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AIM
[2010.10.15 19:18:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2010.03.28 20:13:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2007.09.02 02:31:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DataViz
[2009.04.09 17:05:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2007.08.06 11:05:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
[2010.01.10 20:29:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HotSync
[2008.04.19 11:20:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Musicnotes
[2010.10.13 16:47:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2009.08.14 23:12:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF
[2009.07.18 17:49:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap
[2009.08.26 18:30:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RingCentral
[2009.02.07 14:14:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Seagate
[2010.01.19 09:01:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2008.04.06 21:39:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008.07.21 19:17:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2010.03.31 13:47:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.03.19 15:10:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2010.10.17 21:00:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Abine
[2007.09.28 21:48:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\acccore
[2010.01.18 23:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Auslogics
[2010.10.14 20:28:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\BitTorrent
[2008.05.28 08:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\BizFormBar
[2007.12.30 23:06:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\DAEMON Tools
[2009.04.09 13:33:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\DNA
[2009.08.14 10:55:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Downloaded Installations
[2010.10.17 13:15:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Dropbox
[2008.05.31 00:20:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\gtopala
[2010.10.14 12:24:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\HamsterSoft
[2010.01.10 20:16:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\HotSync
[2003.02.05 04:15:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\InterTrust
[2007.09.02 01:27:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Leadertech
[2010.01.16 10:59:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\MailWasherPro
[2008.04.27 22:57:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\NCH Swift Sound
[2010.07.25 23:19:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Nitro PDF
[2009.07.30 09:46:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\PDF reDirect
[2008.07.13 05:07:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\QQ Games Plugin
[2010.03.04 14:46:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\SanDisk
[2008.04.06 21:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\TuneUp Software
[2007.10.15 20:31:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Viewpoint
[2007.09.20 02:07:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Xdrive
[2010.10.17 21:00:00 | 000,000,488 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010.10.15 01:32:25 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010.10.17 13:13:59 | 000,068,092 | ---- | M] () -- C:\aaw7boot.log
[2008.04.02 21:49:18 | 000,000,006 | ---- | M] () -- C:\agreed.txt
[2007.09.19 13:54:18 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2007.09.19 13:54:18 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2003.02.05 03:31:27 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005.10.12 09:24:44 | 045,971,964 | ---- | M] () -- C:\BackupBeforeLOPfix.reg
[2009.04.10 13:14:30 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.01.17 10:08:52 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2002.08.29 08:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2004.08.04 00:00:10 | 000,262,448 | ---- | M] () -- C:\cmldr
[2003.02.05 03:31:27 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004.08.31 14:02:56 | 000,000,000 | ---- | M] () -- C:\EPG_Chan.log
[2004.07.04 01:04:40 | 000,004,379 | -HS- | M] () -- C:\ffastun.ffa
[2004.07.04 01:04:40 | 000,180,224 | -HS- | M] () -- C:\ffastun.ffl
[2004.07.04 01:04:40 | 000,077,824 | -H-- | M] () -- C:\ffastun.ffo
[2004.07.04 01:04:40 | 000,712,704 | -HS- | M] () -- C:\ffastun0.ffx
[2010.01.10 21:20:44 | 003,844,510 | ---- | M] () -- C:\HuskyInstallerLog.txt
[2008.09.23 14:36:48 | 000,001,119 | ---- | M] () -- C:\INSTALL.LOG
[2003.02.05 03:31:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.10.14 18:47:29 | 000,000,731 | -H-- | M] () -- C:\IPH.PH
[2009.02.11 21:02:56 | 000,000,028 | ---- | M] () -- C:\liberror.txt
[2003.02.05 03:31:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007.08.05 13:23:03 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009.04.05 11:54:09 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010.10.17 13:14:01 | 268,435,456 | -HS- | M] () -- C:\pagefile.sys
[2004.08.31 14:02:11 | 000,000,184 | ---- | M] () -- C:\Setup.log
[2004.06.02 17:38:08 | 000,001,736 | ---- | M] () -- C:\TDSLCheck.txt
[2001.01.10 12:23:58 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2007.04.28 07:24:07 | 000,000,282 | ---- | M] () -- C:\Verknüpfung mit Recover ©.lnk
[2009.04.10 20:05:12 | 027,262,976 | ---- | M] () -- C:\VIRTPART.DAT

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2003.02.05 04:26:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003.02.05 04:26:10 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003.02.05 04:26:10 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-31 18:30:50

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B623B5B8

< End of report >
  • 0

Advertisements

#2
ToniB
Posted 17 October 2010 - 08:24 PM

ToniB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Extra.Txt report

OTL Extras logfile created on: 17.10.2010 21:02:29 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Dokumente und Einstellungen\The Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 256 256 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.50 Gb Total Space | 4.52 Gb Free Space | 6.07% Space Free | Partition Type: NTFS
Drive D: | 65.73 Gb Total Space | 19.91 Gb Free Space | 30.28% Space Free | Partition Type: NTFS
Drive E: | 8.79 Gb Total Space | 5.53 Gb Free Space | 62.94% Space Free | Partition Type: FAT32
Drive N: | 465.76 Gb Total Space | 178.79 Gb Free Space | 38.39% Space Free | Partition Type: NTFS

Computer Name: CHAPMAN-03 | User Name: The Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Quicken\qw.exe" = C:\Programme\Quicken\qw.exe:*:Enabled:Quicken 2007 -- (Intuit Inc.)
"C:\Programme\Quicken\QuickenOLBackupLauncher.exe" = C:\Programme\Quicken\QuickenOLBackupLauncher.exe:*:Enabled:Quicken Online Backup -- ()
"C:\Programme\Gemeinsame Dateien\AOL\acs\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\AOL\acs\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Programme\Gemeinsame Dateien\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\AOL\Loader\aolload.exe" = C:\Programme\Gemeinsame Dateien\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\AOL\System Information\sinf.exe" = C:\Programme\Gemeinsame Dateien\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Programme\Gemeinsame Dateien\AOL\1190222103\ee\aolsoftware.exe" = C:\Programme\Gemeinsame Dateien\AOL\1190222103\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Programme\AIM6\aim6.exe" = C:\Programme\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\lxdpcoms.exe" = C:\WINDOWS\system32\lxdpcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Programme\Lexmark Z2300 Series\lxdpamon.exe" = C:\Programme\Lexmark Z2300 Series\lxdpamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Programme\Lexmark Z2300 Series\frun.exe" = C:\Programme\Lexmark Z2300 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- ()
"C:\Programme\Lexmark Z2300 Series\lxdpmon.exe" = C:\Programme\Lexmark Z2300 Series\lxdpmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpwbgw.exe:*:Enabled:Lexmark Web Gateway -- ()
"C:\Programme\AOL-try to retrieve\hope\waol.exe" = C:\Programme\AOL-try to retrieve\hope\waol.exe:*:Disabled:AOL -- (AOL, LLC.)
"C:\Programme\AOL 9.1\waol.exe" = C:\Programme\AOL 9.1\waol.exe:*:Disabled:AOL -- (AOL, LLC.)
"C:\Programme\AOL 9.0a\waol.exe" = C:\Programme\AOL 9.0a\waol.exe:*:Disabled:AOL -- (AOL, LLC.)
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Disabled:AOL -- (AOL, LLC.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\AIM\aim.exe" = C:\Programme\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{03440014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Enzyklopädie 2003
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{194B2FE0-2B17-4DF2-A532-213FDFC87FB9}" = Documents To Go
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20F1FFAF-1BFF-450C-A8C7-03D1BE24B950}" = Microsoft .NET Framework (German)
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 2.0
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A6F953D-E20A-4484-8E82-4A0BE2C25D21}" = Motorola Phone Tools
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Foto 7.0
"{3D1A6B70-3E02-49BC-88B0-916C80274632}" = Informationen über Ihren PC
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{8803FCD6-F5BA-475F-A71B-D83D8E31F251}" = Nitro PDF Professional
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9F18002D-5D1A-4ACA-A6C1-9F22CF99063E}" = Roxio Media Manager
"{A0673E9E-4510-4AA0-B860-58FD5A7212A1}" = Motorola Driver Installation 4.5.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5676-5A64-800000000003}" = Adobe Reader Extended Language Support Font Pack
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4163F73-AAE4-4E4F-9E9E-70828C2ADB58}" = iPodifier
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFE24174-2A8D-11D5-9FA6-0060087051D5}" = Teledat 300 PCI
"{E34D953E-FE88-4828-B407-8FD29341D36B}" = Motorola Phone Tools
"{E61B400A-DE10-43E5-8F45-37DB764BFCFB}" = InstantCopy
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Medion Flash XL
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"7-Zip" = 7-Zip 4.57
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"America Online de" = AOL Deutschland
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Belarc Advisor" = Belarc Advisor 7.2
"CCleaner" = CCleaner (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ExpressBurn" = Express Burn
"Filao Sudoku Pack for Palm" = Sudoku Pack for Palm
"Foxit PDF Editor" = Foxit PDF Editor
"Hamster Free Video Converter_is1" = HamsterFreeVideoConverter
"Handmark Solitaire for Palm OS" = Handmark Solitaire for Palm OS
"ie8" = Windows Internet Explorer 8
"InstallShield_{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lexmark Z2300 Series" = Lexmark Z2300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaShow" = Medi@Show
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1031)" = Microsoft .NET Framework (German) v1.0.3705
"Missile Launcher_is1" = version1.2
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"PDF reDirect" = PDF reDirect (remove only)
"Philips Photo Manager_is1" = Philips Photo Manager 1.1
"powerOne Personal v2.1.1 for Handhelds" = powerOne Personal v2.1.1 for Handhelds
"Prism" = Prism Video Converter
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.60
"Shockwave" = Shockwave
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Small Business Start-Up Forms" = Small Business Start-Up Forms
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Stellar Phoenix NTFS_is1" = Stellar Phoenix NTFS 2.1
"Susan Jeffers Affirmations Screensaver" = Susan Jeffers Affirmations Screensaver
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"ToolBox" = NCH Toolbox
"Verizon Online Help and Support" = Verizon Online Help and Support
"ViewpointMediaPlayer" = Viewpoint Media Player
"WavePad" = WavePad Sound Editor
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"X10Hardware" = X10 Hardware™
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Reader for Palm OS" = Adobe Reader for Palm OS, 3.05
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.5.0.452

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16.10.2010 10:52:31 | Computer Name = CHAPMAN-03 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <http://www.download....uthrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .

Error - 16.10.2010 10:52:31 | Computer Name = CHAPMAN-03 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <http://www.download....uthrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .

Error - 16.10.2010 10:52:31 | Computer Name = CHAPMAN-03 | Source = crypt32 | ID = 131077
Description = Der automatische Aktualisierungsabruf des Drittanbieterstammzertifikats
von <http://www.download....E3370EB58A.crt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .

Error - 16.10.2010 10:52:31 | Computer Name = CHAPMAN-03 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <http://www.download....uthrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .

Error - 16.10.2010 11:33:53 | Computer Name = CHAPMAN-03 | Source = MSDTC | ID = 4404
Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren
der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File:
d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed,
hr=0x800700a1

Error - 16.10.2010 11:33:53 | Computer Name = CHAPMAN-03 | Source = MSDTC | ID = 4163
Description = Die MS DTC-Protokolldatei wurde nicht gefunden. Stellen Sie sicher,
dass alle von MS DTC koordinierten Ressourcen-Manager frei von unsicheren Transaktionen
sind, und führen Sie dann "msdtc -resetlog" aus, um die Protokolldatei zu erstelle

Error - 16.10.2010 11:33:53 | Computer Name = CHAPMAN-03 | Source = MSDTC | ID = 4185
Description = Der Transaktions-Manager von MS DTC konnte nicht gestartet werden.
'LogInit' hat den Fehler 0x5 zurückgegebe

Error - 16.10.2010 11:33:53 | Computer Name = CHAPMAN-03 | Source = MSDTC | ID = 4112
Description = Der Transaktions-Manager von MS DTC konnte nicht gestartet werde

Error - 16.10.2010 11:33:53 | Computer Name = CHAPMAN-03 | Source = MSDTC | ID = 4407
Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Leeren der
vorhandenen Ablaufverfolgungsdaten. Interne Informationen: msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1715, QueryTrace Failed, hr=0x80071069

Error - 17.10.2010 13:14:45 | Computer Name = CHAPMAN-03 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

[ System Events ]
Error - 17.10.2010 20:57:10 | Computer Name = CHAPMAN-03 | Source = Rasman | ID = 20063
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da das
Point-to-Point-Protokoll
nicht initialisiert werden konnte. Das angegebene Modul wurde nicht gefunden.

Error - 17.10.2010 20:57:11 | Computer Name = CHAPMAN-03 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler
beendet: %%126

Error - 17.10.2010 21:07:13 | Computer Name = CHAPMAN-03 | Source = Rasman | ID = 20063
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da das
Point-to-Point-Protokoll
nicht initialisiert werden konnte. Das angegebene Modul wurde nicht gefunden.

Error - 17.10.2010 21:07:14 | Computer Name = CHAPMAN-03 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler
beendet: %%126

Error - 17.10.2010 21:07:15 | Computer Name = CHAPMAN-03 | Source = Rasman | ID = 20063
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da das
Point-to-Point-Protokoll
nicht initialisiert werden konnte. Das angegebene Modul wurde nicht gefunden.

Error - 17.10.2010 21:07:16 | Computer Name = CHAPMAN-03 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler
beendet: %%126

Error - 17.10.2010 21:07:17 | Computer Name = CHAPMAN-03 | Source = Rasman | ID = 20063
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da das
Point-to-Point-Protokoll
nicht initialisiert werden konnte. Das angegebene Modul wurde nicht gefunden.

Error - 17.10.2010 21:07:18 | Computer Name = CHAPMAN-03 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler
beendet: %%126

Error - 17.10.2010 21:07:18 | Computer Name = CHAPMAN-03 | Source = Rasman | ID = 20063
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da das
Point-to-Point-Protokoll
nicht initialisiert werden konnte. Das angegebene Modul wurde nicht gefunden.

Error - 17.10.2010 21:07:19 | Computer Name = CHAPMAN-03 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler
beendet: %%126


< End of report >

Latest Malewarebytes Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4850

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16.10.2010 10:40:18
mbam-log-2010-10-16 (10-40-18).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 168353
Laufzeit: 9 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


First OTL Log:


All processes killed
Error: Unable to interpret <%HOMEDRIVE%\Internet Security 2010.lnk /s> in the current context!
Error: Unable to interpret <%systemroot%\System32\winlogon32.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\smss32.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\AVR10.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\helper32.dll> in the current context!
Error: Unable to interpret <%systemroot%\System32\winlogon32.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\smss32.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\warning.html> in the current context!
Error: Unable to interpret <%systemroot%\system32\IS15.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\winhelper86.dll> in the current context!
Error: Unable to interpret <%HOMEDRIVE%\trhh.exe> in the current context!
Error: Unable to interpret <%HOMEDRIVE%\sdigdvmg.exe> in the current context!
Error: Unable to interpret <%HOMEDRIVE%\wgqi.exe> in the current context!
Error: Unable to interpret <%HOMEDRIVE%\byyk.exe> in the current context!
Error: Unable to interpret <%systemroot%\lsass.exe > in the current context!
Error: Unable to interpret <%systemroot%\odbn0.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\sdra64.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\41.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\153.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\292.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\491.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\1869.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\2876.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\2995.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\3902.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\4827.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\5436.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\5447.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\5705.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\6334.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\7376.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\9961.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\11478.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\11538.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\11942.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\12382.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\12662.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\13931.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\14070.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\14604.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\14771.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\15724.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\16827.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\16944.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\17125.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\17421.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\18467.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\18716.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\19169.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\19718.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\19895.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\19905.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\19912.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\21386.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\21726.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\22934.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\23281.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\24242.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\24464.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\24478.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\26308.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\26500.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\26962.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\27213.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\28145.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\28466.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\29358.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\32391.exe> in the current context!
Error: Unable to interpret <%systemroot%\System32\32439.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\ndisdrv.sys> in the current context!
Error: Unable to interpret <%HOMEDRIVE%\s> in the current context!
Error: Unable to interpret <%systemroot%\system32\kbdsock.dll> in the current context!
Error: Unable to interpret <%systemroot%\system32\mshlps.dll > in the current context!
Error: Unable to interpret <%systemroot%\system32\drivers\kdrhkukb.sys > in the current context!
Error: Unable to interpret <%PROGRAMFILES%\InternetSecurity2010> in the current context!
Error: Unable to interpret <%systemroot%\System32\lowsec> in the current context!
========== SERVICES/DRIVERS ==========
Error: No service named lmuytnv was found to stop!
Service\Driver key lmuytnv not found.
Error: No service named ndisdrv was found to stop!
Service\Driver key ndisdrv not found.
Error: No service named qvazdxe was found to stop!
Service\Driver key qvazdxe not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users
->Flash cache emptied: 177 bytes

User: Anthony

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 343 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1217467 bytes

User: The Family
->Temp folder emptied: 605762733 bytes
->Temporary Internet Files folder emptied: 20320541 bytes
->Java cache emptied: 3529484 bytes
->FireFox cache emptied: 56032795 bytes
->Google Chrome cache emptied: 18278108 bytes
->Flash cache emptied: 2079993 bytes

User: To Add or Subtract

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 24192 bytes
Windows Temp folder emptied: 2523217 bytes
RecycleBin emptied: 2065887 bytes

Total Files Cleaned = 679.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10162010_101921

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Please let me know if there is anything else you need.

Thanks!

Toni
  • 0

#3
ToniB
Posted 17 October 2010 - 09:31 PM

ToniB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Just got notification of TR/Dropper.Gen on my D drive. Let it be quarantined.
  • 0

#4
RKinner
Posted 22 October 2010 - 09:46 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
When you replied to your own post you got lost. We look for posts with no replies and ignore those with replies.


You need to turn off ad-watch so it doesn't interfere:

http://aumha.net/vie...&st=0&sk=t&sd=a

Copy the text in the code box by highlighting and Ctrl + c 


:OTL
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [XdriveTray] C:\Programme\xdrive\xdrive desktop\xdrive.exe File not found
O4 - HKCU..\Run: [XdriveTrayIcon] C:\Programme\Xdrive\Xdrive Desktop\XdriveTray.exe File not found
O33 - MountPoints2\{40003803-403d-11df-9d88-00038a000015}\Shell\AutoRun\command - "" = J:\setupSNK.exe -- File not found
O33 - MountPoints2\{b65e5658-d2e5-11df-9dc9-00038a000015}\Shell\AutoRun\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b65e5658-d2e5-11df-9dc9-00038a000015}\Shell\install\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b65e5658-d2e5-11df-9dc9-00038a000015}\Shell\usermanualEnglish\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b65e5658-d2e5-11df-9dc9-00038a000015}\Shell\usermanualFrench\command - "" = H:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{b65e5658-d2e5-11df-9dc9-00038a000015}\Shell\usermanualSpanish\command - "" = H:\rcaeasyrip_setup.exe -- File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Double click on TDSSKiller.exe
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.


Bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

Ron
  • 0

#5
ToniB
Posted 24 October 2010 - 12:03 PM

ToniB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Thanks Ron. I know I messed up posting more than 1 but thought logs were too long to fit in 1. When realized my mistake, didn't want to repost re etiquette, couldn't delete original postings.

Noticed first OTL ran w/ 30 days, second w/ 90. Hope that was ok. some of programs defaulted to German; hope you can figure those out -- I can help if needed.

Also, as you'll probably notice, there's a lot of background junk running on this computer. Any advice as to where to get info re what's removable?

Thanks!
Toni


OTL Log 1

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\XdriveTray deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\XdriveTrayIcon deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40003803-403d-11df-9d88-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40003803-403d-11df-9d88-00038a000015}\ not found.
File J:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65e5658-d2e5-11df-9dc9-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65e5658-d2e5-11df-9dc9-00038a000015}\ not found.
File H:\rcaeasyrip_setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65e5658-d2e5-11df-9dc9-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65e5658-d2e5-11df-9dc9-00038a000015}\ not found.
File H:\rcaeasyrip_setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65e5658-d2e5-11df-9dc9-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65e5658-d2e5-11df-9dc9-00038a000015}\ not found.
File H:\rcaeasyrip_setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65e5658-d2e5-11df-9dc9-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65e5658-d2e5-11df-9dc9-00038a000015}\ not found.
File H:\rcaeasyrip_setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65e5658-d2e5-11df-9dc9-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65e5658-d2e5-11df-9dc9-00038a000015}\ not found.
File H:\rcaeasyrip_setup.exe not found.
AppMgmt removed from NetSvcs value successfully!
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
HidServ removed from NetSvcs value successfully!
Service HidServ stopped successfully!
Service HidServ deleted successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Anthony

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 618688 bytes

User: The Family
->Temp folder emptied: 865123 bytes
->Temporary Internet Files folder emptied: 32323078 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51275156 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 5203 bytes

User: To Add or Subtract

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 81.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10242010_121730

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL Log 2

OTL logfile created on: 24.10.2010 12:30:22 - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Dokumente und Einstellungen\The Family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 256 256 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.50 Gb Total Space | 4.25 Gb Free Space | 5.71% Space Free | Partition Type: NTFS
Drive D: | 65.73 Gb Total Space | 19.91 Gb Free Space | 30.28% Space Free | Partition Type: NTFS
Drive E: | 8.79 Gb Total Space | 5.53 Gb Free Space | 62.94% Space Free | Partition Type: FAT32

Computer Name: CHAPMAN-03 | User Name: The Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010.10.16 01:11:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\The Family\Desktop\OTL.exe
PRC - [2010.10.16 00:48:56 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010.09.21 14:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010.04.01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.03.02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.02.02 17:31:56 | 000,279,296 | ---- | M] (Motorola) -- C:\Programme\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010.01.27 11:37:22 | 000,091,392 | ---- | M] () -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010.01.14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.11 16:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
PRC - [2010.01.11 16:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2009.06.23 11:55:24 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2009.06.23 11:54:18 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008.10.28 17:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008.04.13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.01 03:16:54 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdpcoms.exe
PRC - [2007.12.01 03:16:47 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpserv.exe
PRC - [2007.01.04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Programme\Viewpoint\Common\ViewpointService.exe
PRC - [2006.09.11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
PRC - [2003.06.19 17:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2002.10.31 04:35:58 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2010.10.16 01:11:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\The Family\Desktop\OTL.exe
MOD - [2008.05.13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Programme\SUPERAntiSpyware\SASSEH.DLL
MOD - [2008.04.13 22:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010.04.01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.05 02:31:39 | 001,029,456 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.27 11:37:22 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009.06.23 11:55:24 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2009.06.23 11:54:18 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2008.10.28 17:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008.08.08 23:44:19 | 000,354,560 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.05.01 12:24:16 | 000,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2008.05.01 12:24:12 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2008.05.01 12:23:54 | 001,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2008.04.04 14:51:32 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007.12.01 03:16:54 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdpcoms.exe -- (lxdp_device)
SRV - [2007.12.01 03:16:47 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe -- (lxdpCATSCustConnectService)
SRV - [2007.01.04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Programme\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006.10.23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004.10.21 21:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.06.19 17:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2002.10.31 04:35:58 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2001.11.12 08:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Besitzer\Desktop\MD8008_1120\Biosupdate\WinFlash.sys -- (WINFLASH)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\iiusbisp.sys -- (IIUSBISP)
DRV - [2010.08.31 13:54:03 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.03.01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.26 21:07:15 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010.02.26 21:07:15 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.02.11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010.01.10 21:14:55 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009.10.27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.24 01:31:44 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008.04.13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.02.27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007.12.19 21:02:56 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007.03.11 17:37:20 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007.03.11 17:37:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004.08.04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003.07.18 04:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003.05.22 11:44:44 | 000,670,203 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctxs51.sys -- (Intels51)
DRV - [2003.03.20 10:21:24 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.02.09 17:33:14 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003.01.10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002.11.04 10:32:00 | 000,027,520 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2002.11.04 10:29:42 | 000,422,976 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) MEDION (7134)
DRV - [2002.10.28 02:38:06 | 000,947,884 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002.08.29 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002.08.29 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002.08.14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002.07.10 11:39:34 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002.04.17 14:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (asapiW2k)
DRV - [2002.03.22 02:43:58 | 000,321,394 | ---- | M] (GlobeSpan Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GLAPCI.SYS -- (glapci)
DRV - [2002.03.20 12:38:20 | 000,019,140 | ---- | M] (America Online) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atwpkt.sys -- (ATWPKT)
DRV - [2001.11.14 13:07:42 | 000,010,761 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\x10uif.sys -- (X10UIF)
DRV - [2001.08.17 13:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)
DRV - [2001.08.17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)
DRV - [2001.08.17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/2...ions/index.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.20
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {bcd47b5a-43be-433f-9051-7ce2cdf94ac0}:3.1.3
FF - prefs.js..extensions.enabledItems: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:3.6
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Programme\Real\RealPlayer\browserrecord [2007.12.07 22:11:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.21 17:27:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.21 17:27:12 | 000,000,000 | ---D | M]

[2008.08.14 22:43:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Extensions
[2010.10.22 08:23:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions
[2010.09.26 15:41:54 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.09.26 15:42:31 | 000,000,000 | ---D | M] (ActiveInbox for Gmail and Google Apps) -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\{bcd47b5a-43be-433f-9051-7ce2cdf94ac0}
[2010.09.26 15:41:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.08 12:26:35 | 000,000,000 | ---D | M] (myFireFox) -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2010.08.08 12:26:03 | 000,000,000 | ---D | M] (Aeon Clouds) -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}
[2010.03.14 00:32:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\[email protected]
[2010.09.26 15:41:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\[email protected]
[2010.03.14 00:32:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\[email protected]
[2010.09.26 15:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\[email protected]
[2010.08.08 12:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2008.06.02 20:41:50 | 000,001,193 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\altavista.xml
[2010.10.17 21:20:22 | 000,001,968 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\bremende.xml
[2007.09.07 03:14:21 | 000,000,953 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\businesscom.xml
[2010.09.26 12:21:45 | 000,001,728 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\canoonet-inflection.xml
[2010.10.17 21:20:24 | 000,004,267 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\deutscher-wortschatz.xml
[2010.10.17 21:20:24 | 000,001,137 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\dictionarycom.xml
[2010.10.17 21:20:24 | 000,002,008 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\leo-de-en.xml
[2008.08.02 08:02:19 | 000,001,173 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\referencecom---encyclopedia.xml
[2010.10.17 21:20:24 | 000,005,124 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\spiegel-wissen.xml
[2008.06.25 09:14:37 | 000,000,681 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\searchplugins\webster.xml
[2010.10.22 08:23:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.09.03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll
[2005.12.05 16:31:00 | 000,114,688 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npmozax.dll
[2008.04.13 20:40:09 | 000,163,840 | ---- | M] (CNN) -- C:\Programme\Mozilla Firefox\plugins\NPTURNMED.dll
[2007.04.16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npViewpoint.dll
[2007.04.16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npViewpoint_.dll

O1 HOSTS File: ([2010.10.24 12:17:32 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Alarm Manager.LNK = C:\Programme\palmOne\AlarmApp.exe (Palm, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HotSync Manager.lnk = C:\Programme\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Dokumente und Einstellungen\The Family\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\The Family\Startmenü\Programme\Autostart\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 21
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} http://www.xdrive.co...stall/setup.exe ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1186325003218 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1186325760765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7657.0299189815 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Programme\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\The Family\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\The Family\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.02.05 03:31:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010.10.24 12:21:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Desktop\ForRon-Fix
[2010.10.16 10:17:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.10.16 09:45:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira
[2010.10.16 01:11:30 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\The Family\Desktop\OTL.exe
[2010.10.16 01:04:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Avira
[2010.10.16 01:00:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.10.16 01:00:45 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.10.16 01:00:45 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.10.16 01:00:45 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.10.16 01:00:45 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.10.16 01:00:44 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.10.16 01:00:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.10.15 13:16:26 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.10.15 13:14:57 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Dokumente und Einstellungen\The Family\Desktop\erunt-setup.exe
[2010.10.14 22:49:50 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\The Family\Desktop\mbam-setup-1.46.exe
[2010.10.14 18:47:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Local Settings
[2010.10.14 18:47:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Software Update Utility
[2010.10.14 18:13:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ICS
[2010.10.14 12:24:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\HamsterSoft
[2010.10.13 16:44:28 | 000,000,000 | ---D | C] -- C:\Programme\NCH Software
[2010.10.11 08:52:38 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\The Family\Desktop\My Dropbox
[2010.10.11 08:48:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Dropbox
[2010.10.05 23:14:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Desktop\Adam Mesh
[2010.10.03 21:50:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Desktop\Mash Season 8 DVDRip
[2010.09.27 18:52:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Desktop\Neuer Ordner
[2010.09.26 22:29:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Desktop\Season 7
[2010.09.01 20:18:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Lokale Einstellungen\Anwendungsdaten\AIM
[2010.09.01 20:18:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AIM
[2010.09.01 20:16:35 | 000,000,000 | ---D | C] -- C:\Programme\AIM
[2010.08.11 12:41:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\McAfee
[2010.08.08 12:32:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Abine
[2010.08.08 10:54:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
[2010.08.04 10:39:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2010.08.04 10:39:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2009.04.01 08:29:13 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDPhcp.dll
[2009.04.01 08:29:13 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpinpa.dll
[2009.04.01 08:29:13 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpiesc.dll
[2009.04.01 08:29:12 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpserv.dll
[2009.04.01 08:29:12 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpusb1.dll
[2009.04.01 08:29:12 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpprox.dll
[2009.04.01 08:29:11 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdppmui.dll
[2009.04.01 08:29:11 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdplmpm.dll
[2009.04.01 08:29:10 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdphbn3.dll
[2009.04.01 08:29:08 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomc.dll
[2009.04.01 08:29:08 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomm.dll
[2009.03.19 15:07:22 | 037,452,296 | ---- | C] (Lavasoft ) -- C:\Programme\Ad-AwareAE.exe
[2008.05.27 16:30:45 | 001,282,759 | ---- | C] (Alexander van Kaam ) -- C:\Programme\MotherboardMonitor.exe
[2008.05.27 14:54:01 | 014,782,496 | ---- | C] (Microsoft Corporation) -- C:\Programme\IE7-WindowsXP-x86-deu.exe
[2008.04.27 22:51:12 | 000,399,000 | ---- | C] (NCH Software) -- C:\Programme\switchsetup.exe
[2007.07.16 10:53:02 | 000,728,624 | ---- | C] (AOL LLC) -- C:\Programme\aolsetup.exe
[2 C:\Dokumente und Einstellungen\The Family\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\The Family\Desktop\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\The Family\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\The Family\Eigene Dateien\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.10.24 12:19:45 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.10.24 12:19:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.24 12:17:32 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010.10.22 01:31:52 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.10.17 18:17:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.10.17 13:24:05 | 000,285,230 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\gmer.zip
[2010.10.16 11:31:03 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\qmcz98to.exe
[2010.10.16 01:16:02 | 000,033,792 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Download OTL to your Desktop.doc
[2010.10.16 01:11:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\The Family\Desktop\OTL.exe
[2010.10.16 01:01:04 | 000,001,675 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.10.15 19:18:18 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.10.15 19:07:41 | 000,025,600 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\cleaning PC log.doc
[2010.10.15 19:07:41 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$eaning PC log.doc
[2010.10.15 18:13:15 | 000,000,359 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Eigene Dateien.lnk
[2010.10.15 16:42:13 | 000,082,944 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.15 13:16:26 | 000,000,595 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\NTREGOPT.lnk
[2010.10.15 13:16:26 | 000,000,576 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\ERUNT.lnk
[2010.10.15 13:14:57 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Dokumente und Einstellungen\The Family\Desktop\erunt-setup.exe
[2010.10.15 12:01:31 | 044,089,904 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\avira_antivir_personal_en.exe
[2010.10.14 22:50:49 | 000,000,680 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.14 22:49:58 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\The Family\Desktop\mbam-setup-1.46.exe
[2010.10.14 20:12:54 | 000,024,576 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Honors VocabWk7.doc
[2010.10.14 19:33:52 | 000,040,448 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\English 9 Vocabulary.doc
[2010.10.14 19:33:17 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\~$nors VocabWk7.doc
[2010.10.14 18:47:29 | 000,000,731 | -H-- | M] () -- C:\IPH.PH
[2010.10.14 18:47:27 | 000,001,544 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AIM.lnk
[2010.10.14 15:13:14 | 050,594,264 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\setup_av_free.exe
[2010.10.14 12:23:51 | 000,000,526 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Hamster Free Video Converter.lnk
[2010.10.13 23:11:37 | 000,025,600 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\Journal Entry 9.doc
[2010.10.13 16:47:06 | 000,000,782 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WavePad Sound Editor.lnk
[2010.10.13 16:44:28 | 000,000,745 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Prism Video Converter.lnk
[2010.10.12 17:08:08 | 000,021,504 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\DayAllotment.xls
[2010.10.11 08:52:39 | 000,001,027 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Startmenü\Programme\Autostart\Dropbox.lnk
[2010.10.11 08:52:38 | 000,001,027 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Dropbox.lnk
[2010.10.11 01:32:39 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010.10.11 01:32:39 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010.10.05 17:27:16 | 019,248,337 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Owensonradio-short.mp3
[2010.10.05 17:23:47 | 106,100,768 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Owensonradio-short.wav
[2010.09.26 13:59:22 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$ghtTummy.doc
[2010.09.26 13:59:17 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$use-Org-Storage.doc
[2010.09.26 12:07:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.07 00:52:40 | 000,136,704 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\The Wal.doc
[2010.09.07 00:52:40 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\~$he Wal.doc
[2010.09.04 19:07:54 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$crosoft OUTLOOK 2007.doc
[2010.09.04 19:07:53 | 000,033,792 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\Microsoft OUTLOOK 2007.doc
[2010.09.04 18:54:40 | 000,439,443 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Bike rack_2009NewF6InstructionsV1.pdf
[2010.08.31 16:05:05 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.31 13:26:40 | 000,540,964 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Elevate_America_User_Guide.pdf
[2010.08.31 12:57:23 | 000,001,713 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.08.16 12:49:52 | 000,028,160 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\East WHeeling.doc
[2010.08.06 09:19:44 | 000,000,655 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Alarm Manager.LNK
[2010.08.03 08:58:25 | 000,029,696 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\Scrabble.doc
[2010.07.28 21:55:02 | 000,001,404 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Verknüpfung mit Wallpaper.lnk
[2010.07.27 00:08:46 | 000,099,328 | ---- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\GTD_Tools for Thought.doc
[2010.07.27 00:08:46 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\The Family\Desktop\~$D_Tools for Thought.doc
[2 C:\Dokumente und Einstellungen\The Family\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\The Family\Desktop\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\The Family\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\The Family\Eigene Dateien\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.10.17 13:24:02 | 000,285,230 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\gmer.zip
[2010.10.16 11:31:00 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\qmcz98to.exe
[2010.10.16 01:13:50 | 000,033,792 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Download OTL to your Desktop.doc
[2010.10.16 01:01:03 | 000,001,675 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.10.15 19:07:41 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$eaning PC log.doc
[2010.10.15 19:07:40 | 000,025,600 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\cleaning PC log.doc
[2010.10.15 18:13:15 | 000,000,359 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Eigene Dateien.lnk
[2010.10.15 13:16:26 | 000,000,595 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\NTREGOPT.lnk
[2010.10.15 13:16:26 | 000,000,576 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\ERUNT.lnk
[2010.10.15 11:52:13 | 044,089,904 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\avira_antivir_personal_en.exe
[2010.10.14 19:33:52 | 000,040,448 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\English 9 Vocabulary.doc
[2010.10.14 19:33:17 | 000,024,576 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Honors VocabWk7.doc
[2010.10.14 19:33:17 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\~$nors VocabWk7.doc
[2010.10.14 15:10:51 | 050,594,264 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\setup_av_free.exe
[2010.10.14 12:23:51 | 000,000,526 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Hamster Free Video Converter.lnk
[2010.10.13 23:11:37 | 000,025,600 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\Journal Entry 9.doc
[2010.10.13 16:47:06 | 000,000,782 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WavePad Sound Editor.lnk
[2010.10.13 16:44:28 | 000,000,745 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Prism Video Converter.lnk
[2010.10.11 08:52:39 | 000,001,027 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Startmenü\Programme\Autostart\Dropbox.lnk
[2010.10.11 08:52:38 | 000,001,027 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Dropbox.lnk
[2010.10.11 01:32:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010.10.11 01:32:39 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010.10.10 14:46:48 | 000,021,504 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\DayAllotment.xls
[2010.10.05 23:13:43 | 000,024,002 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\earningstheory.pdf
[2010.10.05 17:24:00 | 019,248,337 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Owensonradio-short.mp3
[2010.10.05 17:23:31 | 106,100,768 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Owensonradio-short.wav
[2010.09.26 13:59:22 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$ghtTummy.doc
[2010.09.26 13:59:17 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$use-Org-Storage.doc
[2010.09.07 00:52:40 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\~$he Wal.doc
[2010.09.07 00:52:39 | 000,136,704 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\The Wal.doc
[2010.09.04 19:07:54 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\~$crosoft OUTLOOK 2007.doc
[2010.09.04 19:07:53 | 000,033,792 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\Microsoft OUTLOOK 2007.doc
[2010.09.04 18:54:40 | 000,439,443 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Bike rack_2009NewF6InstructionsV1.pdf
[2010.09.01 20:18:14 | 000,001,544 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AIM.lnk
[2010.09.01 20:15:40 | 000,000,731 | -H-- | C] () -- C:\IPH.PH
[2010.08.31 13:26:38 | 000,540,964 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\Elevate_America_User_Guide.pdf
[2010.08.14 13:52:47 | 000,028,160 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\East WHeeling.doc
[2010.08.06 09:19:44 | 000,000,655 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Alarm Manager.LNK
[2010.08.03 08:58:24 | 000,029,696 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Eigene Dateien\Scrabble.doc
[2010.07.27 00:08:46 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\~$D_Tools for Thought.doc
[2010.07.27 00:08:45 | 000,099,328 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Desktop\GTD_Tools for Thought.doc
[2010.03.27 23:30:41 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009.04.03 12:30:08 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.04.01 08:49:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdpvs.dll
[2009.04.01 08:48:49 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdpcoin.dll
[2009.04.01 08:29:37 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdprwrd.ini
[2009.04.01 08:29:13 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDPinst.dll
[2009.04.01 08:29:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdpgrd.dll
[2008.09.23 14:36:26 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008.09.14 03:15:54 | 000,021,579 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Comma Separated Values (Windows).ADR
[2008.09.11 16:28:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008.08.09 08:21:19 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008.08.05 02:07:20 | 000,065,216 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2008.07.13 05:06:17 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008.05.31 11:46:34 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008.05.31 10:09:49 | 001,500,168 | ---- | C] () -- C:\Programme\advisor.exe
[2008.05.31 09:20:30 | 000,688,638 | ---- | C] () -- C:\Programme\PC-Decrapifier-1.9.1.exe
[2008.05.30 07:25:57 | 000,948,113 | ---- | C] () -- C:\Programme\EFRCSetup.exe
[2008.05.28 07:47:08 | 001,324,633 | ---- | C] () -- C:\Programme\siw.zip
[2008.05.28 07:42:38 | 001,567,713 | ---- | C] () -- C:\Programme\revosetup.exe
[2008.05.27 11:38:04 | 006,439,960 | ---- | C] () -- C:\Programme\SUPERAntiSpyware.exe
[2008.04.29 14:42:24 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008.04.12 11:49:44 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008.04.12 11:49:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008.04.06 10:17:46 | 014,574,336 | ---- | C] () -- C:\Programme\TU2008TrialEN.exe
[2008.01.18 11:52:09 | 000,860,391 | ---- | C] () -- C:\Programme\unzipRAR-7z457.exe
[2007.12.26 17:12:22 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2007.12.08 21:45:10 | 000,000,534 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.09.20 01:38:10 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007.09.19 11:36:09 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2007.09.17 18:24:53 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007.09.13 20:49:26 | 000,001,825 | ---- | C] () -- C:\Programme\Ad-AwareAd-Aware update.log
[2007.09.02 01:31:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007.08.22 10:21:17 | 000,000,220 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007.08.21 05:35:40 | 000,259,341 | R--- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak
[2007.08.21 05:35:40 | 000,003,002 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak
[2007.08.21 05:35:40 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak
[2007.08.07 03:16:14 | 000,003,363 | ---- | C] () -- C:\Programme\Ad-AwareAdAware event.log
[2007.07.16 10:53:02 | 000,004,424 | ---- | C] () -- C:\Programme\aolsetup.bin
[2007.07.16 10:53:02 | 000,001,592 | ---- | C] () -- C:\Programme\main.ini
[2004.08.31 13:59:42 | 000,082,944 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.06.03 15:16:13 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2004.06.03 15:16:13 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004.06.03 15:16:13 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004.06.03 15:16:13 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2004.06.03 15:16:13 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004.06.02 15:18:15 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\The Family\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004.06.01 13:14:54 | 000,003,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\WinFlash.sys
[2004.06.01 12:56:41 | 000,000,184 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003.03.01 14:04:26 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003.02.09 18:44:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003.02.09 17:29:19 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003.02.05 11:23:47 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003.02.05 05:22:22 | 000,000,748 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003.02.05 04:39:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003.02.05 04:23:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\Dit.DLL
[2003.02.05 04:23:14 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2003.02.05 04:05:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2003.02.05 03:56:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\winio.sys
[2003.02.05 03:34:32 | 000,000,863 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003.02.05 03:27:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002.03.26 15:18:27 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[1999.01.22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008.07.21 19:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\acccore
[2009.10.13 09:50:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\agi
[2010.09.01 20:18:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AIM
[2010.10.15 19:18:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2010.03.28 20:13:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2007.09.02 02:31:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DataViz
[2009.04.09 17:05:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2007.08.06 11:05:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
[2010.01.10 20:29:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HotSync
[2008.04.19 11:20:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Musicnotes
[2010.10.13 16:47:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2009.08.14 23:12:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF
[2009.07.18 17:49:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap
[2009.08.26 18:30:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RingCentral
[2009.02.07 14:14:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Seagate
[2010.01.19 09:01:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2008.04.06 21:39:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008.07.21 19:17:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2010.03.31 13:47:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.03.19 15:10:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2010.10.24 11:43:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Abine
[2007.09.28 21:48:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\acccore
[2010.01.18 23:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Auslogics
[2010.10.24 11:33:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\BitTorrent
[2008.05.28 08:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\BizFormBar
[2007.12.30 23:06:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\DAEMON Tools
[2009.04.09 13:33:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\DNA
[2009.08.14 10:55:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Downloaded Installations
[2010.10.24 12:21:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Dropbox
[2008.05.31 00:20:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\gtopala
[2010.10.14 12:24:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\HamsterSoft
[2010.01.10 20:16:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\HotSync
[2003.02.05 04:15:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\InterTrust
[2007.09.02 01:27:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Leadertech
[2010.01.16 10:59:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\MailWasherPro
[2008.04.27 22:57:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\NCH Swift Sound
[2010.07.25 23:19:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Nitro PDF
[2009.07.30 09:46:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\PDF reDirect
[2008.07.13 05:07:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\QQ Games Plugin
[2010.03.04 14:46:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\SanDisk
[2008.04.06 21:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\TuneUp Software
[2007.10.15 20:31:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Viewpoint
[2007.09.20 02:07:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Xdrive
[2010.10.24 12:19:45 | 000,000,488 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010.10.22 01:31:52 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B623B5B8

< End of report >

ComboFix Log

ComboFix 10-10-23.02 - The Family 24.10.2010 13:18:26.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1573 [GMT -4:00]
ausgeführt von:: c:\dokumente und einstellungen\The Family\Desktop\george.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\The Family\g2mdlhlpx.exe
c:\dokumente und einstellungen\The Family\GoToAssistDownloadHelper.exe
c:\windows\jestertb.dll

.
((((((((((((((((((((((( Dateien erstellt von 2010-09-24 bis 2010-10-24 ))))))))))))))))))))))))))))))
.

2010-10-16 14:17 . 2010-10-16 14:17 -------- d-----w- C:\_OTL
2010-10-16 13:45 . 2010-10-16 13:45 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Avira
2010-10-16 05:04 . 2010-10-16 05:04 -------- d-----w- c:\dokumente und einstellungen\The Family\Anwendungsdaten\Avira
2010-10-16 05:00 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-16 05:00 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-16 05:00 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-16 05:00 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-16 05:00 . 2010-10-16 05:00 -------- d-----w- c:\programme\Avira
2010-10-16 05:00 . 2010-10-16 05:00 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2010-10-15 17:16 . 2010-10-15 17:16 -------- d-----w- c:\programme\ERUNT
2010-10-14 22:47 . 2010-10-14 22:47 -------- d-----w- c:\programme\Gemeinsame Dateien\Software Update Utility
2010-10-14 22:13 . 2010-10-14 22:13 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ICS
2010-10-14 16:24 . 2010-10-14 16:24 -------- d-----w- c:\dokumente und einstellungen\The Family\Anwendungsdaten\HamsterSoft
2010-10-13 20:44 . 2010-10-13 20:44 -------- d-----w- c:\programme\NCH Software
2010-10-11 12:48 . 2010-10-24 16:21 -------- d-----w- c:\dokumente und einstellungen\The Family\Anwendungsdaten\Dropbox
2010-10-11 05:32 . 2010-10-11 05:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 19:07 . 2009-03-19 19:07 37452296 -c--a-w- c:\programme\Ad-AwareAE.exe
2008-11-12 17:27 . 2008-05-30 11:25 948113 -c--a-w- c:\programme\EFRCSetup.exe
2008-05-31 14:09 . 2008-05-31 14:09 1500168 -c--a-w- c:\programme\advisor.exe
2008-05-31 13:20 . 2008-05-31 13:20 688638 -c--a-w- c:\programme\PC-Decrapifier-1.9.1.exe
2008-05-28 11:42 . 2008-05-28 11:42 1567713 -c--a-w- c:\programme\revosetup.exe
2008-05-27 20:30 . 2008-05-27 20:30 1282759 -c--a-w- c:\programme\MotherboardMonitor.exe
2008-05-27 18:54 . 2008-05-27 18:54 14782496 -c--a-w- c:\programme\IE7-WindowsXP-x86-deu.exe
2008-05-27 15:38 . 2008-05-27 15:38 6439960 -c--a-w- c:\programme\SUPERAntiSpyware.exe
2008-04-28 02:51 . 2008-04-28 02:51 399000 -c--a-w- c:\programme\switchsetup.exe
2008-04-06 14:17 . 2008-04-06 14:17 14574336 -c--a-w- c:\programme\TU2008TrialEN.exe
2008-01-18 15:52 . 2008-01-18 15:52 860391 -c--a-w- c:\programme\unzipRAR-7z457.exe
2007-07-16 14:53 . 2007-07-16 14:53 728624 -c--a-w- c:\programme\aolsetup.exe
2007-07-16 14:53 . 2007-07-16 14:53 4424 -c--a-w- c:\programme\aolsetup.bin
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\The Family\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\The Family\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\The Family\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-16 2424560]
"ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-05-05 393728]
"Ad-Watch"="c:\programme\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-05 524632]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"RoxWatchTray"="c:\programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-05-01 236016]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\The Family\Startmen\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\The Family\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
PowerReg Scheduler.exe [2010-1-10 233472]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Alarm Manager.LNK - c:\programme\palmOne\AlarmApp.exe [2005-9-19 274432]
HotSync Manager.lnk - c:\programme\palmOne\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 21 (0x15)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Alarm Manager.LNK]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Alarm Manager.LNK
backup=c:\windows\pss\Alarm Manager.LNKCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^The Family^Startmenü^Programme^Autostart^HotSync Manager.lnk.disabled]
path=c:\dokumente und einstellungen\The Family\Startmenü\Programme\Autostart\HotSync Manager.lnk.disabled
backup=c:\windows\pss\HotSync Manager.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-10-27 17:44 50528 ----a-w- c:\programme\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-04-21 19:10 335872 -c--a-w- c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-02-08 13:53 342848 ----a-w- c:\programme\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
2002-08-28 12:43 73728 -c--a-w- c:\windows\Dit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\programme\Gemeinsame Dateien\AOL\1190222103\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdpamon]
2007-12-07 10:17 16040 ----a-w- c:\programme\Lexmark Z2300 Series\lxdpamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdpmon.exe]
2007-12-07 10:17 656040 ----a-w- c:\programme\Lexmark Z2300 Series\lxdpmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2008-10-28 21:42 181544 -c--a-w- c:\programme\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-04-17 07:34 61440 -c----w- c:\programme\Medion Home CinemaXL\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2007-03-11 21:37 936960 -c--a-w- c:\programme\Verizon\McciTrayApp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Microsoft Works Update Detection"=c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
"SoundMan"=SOUNDMAN.EXE
"VOBRegCheck"=c:\windows\System32\VOBREGCheck.exe -CheckReg
"SunJavaUpdateSched"="c:\programme\Java\jre1.6.0_05\bin\jusched.exe"
"AVKTray"="c:\programme\G DATA AntiVirenKit\AVKTray\AVKTray.exe"
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Quicken\\qw.exe"=
"c:\\Programme\\Quicken\\QuickenOLBackupLauncher.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\acs\\AOLDial.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\acs\\AOLacsd.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\Loader\\aolload.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\System Information\\sinf.exe"=
"c:\\Programme\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\1190222103\\ee\\aolsoftware.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\DNA\\btdna.exe"=
"c:\\Programme\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\lxdpcoms.exe"=
"c:\\Programme\\Lexmark Z2300 Series\\lxdpamon.exe"=
"c:\\Programme\\Lexmark Z2300 Series\\frun.exe"=
"c:\\Programme\\Lexmark Z2300 Series\\lxdpmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdptime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpjswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpwbgw.exe"=
"c:\\Programme\\AOL-try to retrieve\\hope\\waol.exe"=
"c:\\Programme\\AOL 9.1\\waol.exe"=
"c:\\Programme\\AOL 9.0a\\waol.exe"=
"c:\\Programme\\AOL 9.0\\waol.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\AIM\\aim.exe"=
"c:\\Dokumente und Einstellungen\\The Family\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20.03.2009 01:32 64160]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\SASDIFSV.SYS [05.01.2010 08:56 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [05.01.2010 08:56 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\Avira\AntiVir Desktop\sched.exe [16.10.2010 01:00 135336]
R2 FreeAgentGoNext Service;Seagate Service;c:\programme\Seagate\SeagateManager\Sync\FreeAgentService.exe [28.10.2008 17:42 156968]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [01.04.2009 08:48 98984]
R2 MotoConnect Service;MotoConnect Service;c:\programme\Motorola\MotoConnectService\MotoConnectService.exe [28.03.2010 20:28 91392]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\programme\Nitro PDF\Professional\NitroPDFDriverService.exe [23.06.2009 11:55 188736]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\programme\Viewpoint\Common\ViewpointService.exe [15.10.2007 15:37 24652]
R3 glapci;Teledat 300 PCI;c:\windows\system32\drivers\GLAPCI.SYS [02.06.2004 16:46 321394]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [28.01.2003 06:16 27520]
S3 ADM8511;ADMtek ADM8511/AN986-USB-Fast Ethernetkonvertierer;c:\windows\system32\drivers\ADM8511.SYS [09.04.2009 14:22 20160]
S3 ATWPKT;ATWPKT;c:\windows\system32\drivers\atwpkt.sys [05.02.2003 08:01 19140]
S3 IIUSBISP;USB Mass Storage for USB ISP;c:\windows\system32\Drivers\iiusbisp.sys --> c:\windows\system32\Drivers\iiusbisp.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [09.03.2009 15:06 1029456]
S3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [13.05.2008 12:44 12872]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.12.2007 21:02 715248]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uxtuneup
.
Inhalt des "geplante Tasks" Ordners

2010-10-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 18:24]

2010-10-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 06:31]

2010-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.cnn.com/2009/LIVING/06/03/pitts.expectations/index.html
uInternet Settings,ProxyOverride = *.local
TCP: {929D3698-D6D1-42D1-BDA1-B42863457E32} = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
FF - ProfilePath - c:\dokumente und einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - component: c:\dokumente und einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\[email protected]\lib\WINNT\ff3\AbineComponent.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npViewpoint_.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-Aim6 - c:\programme\AIM6\aim6.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\programme\SpyBot\Spybot - Search & DestroyUpdate\TeaTimer.exe
MSConfigStartUp-XdriveTrayIcon - c:\programme\Xdrive\Xdrive Desktop\XdriveTray.exe
AddRemove-Hamster Free Video Converter_is1 - n:\free video converter\unins000.exe
AddRemove-Susan Jeffers Affirmations Screensaver - c:\programme\Susan Jeffers



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 13:23
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3133463484-2706531281-3443645946-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\programme\SUPERAntiSpyware\SASWINLO.dll
.
Zeit der Fertigstellung: 2010-10-24 13:26:17
ComboFix-quarantined-files.txt 2010-10-24 17:26

Vor Suchlauf: 4,418,572,288 Bytes frei
Nach Suchlauf: 4,382,789,632 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 7805AD3A010FA1461ABDCD8BE253B102

TDDSSKiller Log

2010/10/24 13:42:40.0578 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/24 13:42:40.0578 ================================================================================
2010/10/24 13:42:40.0578 SystemInfo:
2010/10/24 13:42:40.0578
2010/10/24 13:42:40.0578 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/24 13:42:40.0578 Product type: Workstation
2010/10/24 13:42:40.0578 ComputerName: CHAPMAN-03
2010/10/24 13:42:40.0578 UserName: The Family
2010/10/24 13:42:40.0578 Windows directory: C:\WINDOWS
2010/10/24 13:42:40.0578 System windows directory: C:\WINDOWS
2010/10/24 13:42:40.0578 Processor architecture: Intel x86
2010/10/24 13:42:40.0578 Number of processors: 1
2010/10/24 13:42:40.0578 Page size: 0x1000
2010/10/24 13:42:40.0578 Boot type: Normal boot
2010/10/24 13:42:40.0578 ================================================================================
2010/10/24 13:42:40.0906 Initialize success
2010/10/24 13:42:56.0000 ================================================================================
2010/10/24 13:42:56.0000 Scan started
2010/10/24 13:42:56.0000 Mode: Manual;
2010/10/24 13:42:56.0000 ================================================================================
2010/10/24 13:42:56.0671 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/24 13:42:56.0812 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/24 13:42:56.0937 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
2010/10/24 13:42:57.0093 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/24 13:42:57.0234 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/24 13:42:57.0562 ALCXWDM (65200a479381b5aa80b527f962574d92) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/10/24 13:42:57.0828 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/24 13:42:57.0953 asapiW2k (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
2010/10/24 13:42:58.0250 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\aspi32.sys
2010/10/24 13:42:58.0390 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/24 13:42:58.0515 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/24 13:42:58.0671 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/24 13:42:58.0812 ATWPKT (aa5aeb90b8af3af9b3a27c8a344f8ed5) C:\WINDOWS\system32\Drivers\ATWPKT.SYS
2010/10/24 13:42:58.0953 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/24 13:42:59.0078 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2010/10/24 13:42:59.0203 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/10/24 13:42:59.0312 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/10/24 13:42:59.0453 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/10/24 13:42:59.0562 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/24 13:42:59.0734 Cap7134 (df5926971cf1f9d8da936d40cc506773) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
2010/10/24 13:42:59.0953 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/24 13:43:00.0093 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/24 13:43:00.0218 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/24 13:43:00.0343 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/24 13:43:00.0468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/24 13:43:00.0875 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/24 13:43:01.0031 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/24 13:43:01.0203 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/24 13:43:01.0343 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/24 13:43:01.0468 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/24 13:43:01.0640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/24 13:43:01.0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/24 13:43:01.0921 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/24 13:43:02.0046 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/24 13:43:02.0187 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/24 13:43:02.0296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/24 13:43:02.0437 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/24 13:43:02.0578 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/24 13:43:02.0703 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/10/24 13:43:02.0812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/10/24 13:43:02.0937 glapci (c66b1f9cd8ca94025f5050deb45d8b5e) C:\WINDOWS\system32\DRIVERS\glapci.sys
2010/10/24 13:43:03.0062 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/24 13:43:03.0187 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/24 13:43:03.0375 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/24 13:43:03.0656 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/24 13:43:03.0843 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/24 13:43:04.0046 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/24 13:43:04.0203 Intels51 (cb5c2935491f0f998f1b62bffa258464) C:\WINDOWS\system32\DRIVERS\ctxs51.sys
2010/10/24 13:43:04.0328 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/24 13:43:04.0437 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/24 13:43:04.0578 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/24 13:43:04.0687 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/24 13:43:04.0843 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/24 13:43:04.0968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/24 13:43:05.0093 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/24 13:43:05.0218 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/24 13:43:05.0343 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/24 13:43:05.0500 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/24 13:43:05.0625 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/24 13:43:05.0765 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/10/24 13:43:05.0968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/24 13:43:06.0093 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/24 13:43:06.0203 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2010/10/24 13:43:06.0312 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/24 13:43:06.0437 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/24 13:43:06.0546 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/24 13:43:06.0750 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2010/10/24 13:43:06.0890 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2010/10/24 13:43:07.0015 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/24 13:43:07.0156 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/24 13:43:07.0343 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/24 13:43:07.0484 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/24 13:43:07.0593 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
2010/10/24 13:43:07.0718 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/24 13:43:07.0843 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/24 13:43:07.0953 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/24 13:43:08.0078 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/24 13:43:08.0140 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/10/24 13:43:08.0250 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/24 13:43:08.0359 MxlW2k (19dd5c581eef70134ccef87d626f4417) C:\WINDOWS\system32\drivers\MxlW2k.sys
2010/10/24 13:43:08.0484 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/24 13:43:08.0625 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/24 13:43:08.0750 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/24 13:43:08.0890 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/24 13:43:09.0015 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/24 13:43:09.0140 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/24 13:43:09.0265 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/24 13:43:09.0390 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/24 13:43:09.0531 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/24 13:43:09.0718 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/24 13:43:09.0843 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/10/24 13:43:09.0968 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/24 13:43:10.0093 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/24 13:43:10.0234 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/24 13:43:10.0421 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/24 13:43:10.0703 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/24 13:43:10.0843 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/24 13:43:10.0953 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/10/24 13:43:11.0093 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/10/24 13:43:11.0218 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/10/24 13:43:11.0296 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/24 13:43:11.0421 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2010/10/24 13:43:11.0546 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/24 13:43:11.0687 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/24 13:43:11.0828 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/24 13:43:11.0953 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/24 13:43:12.0109 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/24 13:43:12.0250 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/24 13:43:12.0671 pfc (2c1eb94c24a6a1d3434481b0a5fa9c08) C:\WINDOWS\system32\drivers\pfc.sys
2010/10/24 13:43:12.0796 PhTVTune (86a49a1083a2ca4c49901b2cad17152e) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
2010/10/24 13:43:12.0921 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/24 13:43:13.0046 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/24 13:43:13.0171 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/24 13:43:13.0281 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/10/24 13:43:13.0625 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/24 13:43:13.0765 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/24 13:43:13.0906 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/24 13:43:14.0031 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/24 13:43:14.0140 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/24 13:43:14.0281 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/24 13:43:14.0406 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/24 13:43:14.0531 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/24 13:43:14.0734 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/24 13:43:14.0796 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Programme\SUPERAntiSpyware\SASENUM.SYS
2010/10/24 13:43:14.0921 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.sys
2010/10/24 13:43:15.0062 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/24 13:43:15.0187 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/24 13:43:15.0312 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/24 13:43:15.0437 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/10/24 13:43:15.0625 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2010/10/24 13:43:15.0750 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2010/10/24 13:43:15.0859 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/24 13:43:15.0968 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/10/24 13:43:16.0125 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/24 13:43:16.0281 sptd (0c1dad75274cb6e31f053ce3e08bf9c3) C:\WINDOWS\system32\Drivers\sptd.sys
2010/10/24 13:43:16.0453 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/24 13:43:16.0578 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/24 13:43:16.0734 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/10/24 13:43:16.0859 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/24 13:43:17.0015 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/24 13:43:17.0140 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/24 13:43:17.0453 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/24 13:43:17.0593 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/24 13:43:17.0718 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/10/24 13:43:17.0859 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/24 13:43:17.0968 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/24 13:43:18.0078 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/24 13:43:18.0296 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/10/24 13:43:18.0406 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/24 13:43:18.0578 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/24 13:43:18.0765 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/24 13:43:18.0875 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/24 13:43:19.0000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/24 13:43:19.0109 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/24 13:43:19.0234 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/24 13:43:19.0343 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/24 13:43:19.0468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/24 13:43:19.0578 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/24 13:43:19.0671 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/24 13:43:19.0828 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/24 13:43:19.0968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/24 13:43:20.0093 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/10/24 13:43:20.0218 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/10/24 13:43:20.0390 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/24 13:43:20.0640 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/10/24 13:43:20.0750 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/24 13:43:20.0875 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/24 13:43:21.0000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/24 13:43:21.0125 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/24 13:43:21.0250 X10UIF (2a35913cfe96e7b19097c9a1c3bc5182) C:\WINDOWS\system32\Drivers\x10uif.sys
2010/10/24 13:43:21.0500 ================================================================================
2010/10/24 13:43:21.0500 Scan finished
2010/10/24 13:43:21.0500 ================================================================================
2010/10/24 13:43:40.0312 Deinitialize success


MBRCheck Log

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007d

Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A7000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7596000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF74D7000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF74BF000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF749F000 fltmgr.sys
0xF748D000 sr.sys
0xF7647000 Lbd.sys
0xF7657000 PxHelp20.sys
0xF7476000 KSecDD.sys
0xF7463000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF7436000 NDIS.sys
0xF7667000 SISAGPX.sys
0xF7677000 ohci1394.sys
0xF7687000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xBA746000 Mup.sys
0xF790F000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF76B7000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xBA506000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xBA4F2000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF76C7000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF772F000 \SystemRoot\System32\Drivers\ASAPIW2K.sys
0xF791F000 \SystemRoot\system32\drivers\pfc.sys
0xF773F000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xF76D7000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF76E7000 \SystemRoot\System32\DRIVERS\redbook.sys
0xBA4CF000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7757000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA3EB000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xBA3C7000 \SystemRoot\system32\drivers\portcls.sys
0xF76F7000 \SystemRoot\system32\drivers\drmk.sys
0xF7777000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xBA3A3000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF777F000 \SystemRoot\System32\DRIVERS\sisnic.sys
0xBA355000 \SystemRoot\System32\DRIVERS\glapci.sys
0xBA2ED000 \SystemRoot\System32\DRIVERS\Cap7134.sys
0xF7586000 \SystemRoot\System32\DRIVERS\STREAM.SYS
0xBA1B1000 \SystemRoot\System32\DRIVERS\ctxs51.sys
0xF77A7000 \SystemRoot\System32\Drivers\Modem.SYS
0xF77B7000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7576000 \SystemRoot\System32\DRIVERS\serial.sys
0xF793B000 \SystemRoot\System32\DRIVERS\serenum.sys
0xBA19D000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7566000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF77C7000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF77D7000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7943000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF7A87000 \SystemRoot\system32\drivers\msmpu401.sys
0xF7A89000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7556000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF794B000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xBA15E000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7546000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7536000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF77F7000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7807000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7817000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF781F000 \SystemRoot\System32\DRIVERS\wanatw4.sys
0xF7526000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF798F000 \SystemRoot\System32\DRIVERS\swenum.sys
0xBA0B0000 \SystemRoot\System32\DRIVERS\update.sys
0xBA712000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7516000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7506000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7999000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF775F000 \SystemRoot\System32\DRIVERS\PhTVTune.sys
0xF7767000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF799D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A5E000 \SystemRoot\System32\Drivers\Null.SYS
0xF79A1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7797000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF779F000 \SystemRoot\System32\drivers\vga.sys
0xF79A5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79A9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77BF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77DF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA175000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB8A83000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xBA7E0000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xB8A2A000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB89F2000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xB89CC000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xBA7D0000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB89A4000 \SystemRoot\System32\DRIVERS\netbt.sys
0xBA7C0000 \SystemRoot\system32\drivers\ip6fw.sys
0xB8982000 \SystemRoot\System32\drivers\afd.sys
0xBA7B0000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF780F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB8960000 \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys
0xBA156000 \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
0xB8935000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB88C5000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA790000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA0A6000 \SystemRoot\System32\Drivers\BANTExt.sys
0xB88A3000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF79AF000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xB877C000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA2CD000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB8764000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79B3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB8F5A000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA11E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA0AF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB7101000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB684B000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xB71B6000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xB70F1000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB71D6000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xB60F4000 \SystemRoot\system32\drivers\wdmaud.sys
0xB6725000 \SystemRoot\system32\drivers\sysaudio.sys
0xB60C7000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF79E1000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB6129000 \SystemRoot\System32\drivers\aspi32.sys
0xB5EF8000 \SystemRoot\System32\Drivers\HTTP.sys
0xB5E51000 \SystemRoot\System32\DRIVERS\srv.sys
0xF79C3000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB8754000 \??\C:\DOKUME~1\THEFAM~1\LOKALE~1\Temp\catchme.sys
0xF77AF000 \??\C:\DOKUME~1\THEFAM~1\LOKALE~1\Temp\mbr.sys
0xB48B4000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 42):
0 System Idle Process
4 System
440 C:\WINDOWS\system32\smss.exe
496 csrss.exe
520 C:\WINDOWS\system32\winlogon.exe
564 C:\WINDOWS\system32\services.exe
584 C:\WINDOWS\system32\lsass.exe
752 C:\WINDOWS\system32\svchost.exe
840 svchost.exe
892 C:\WINDOWS\system32\svchost.exe
1000 C:\WINDOWS\system32\svchost.exe
1100 svchost.exe
1140 svchost.exe
1372 C:\WINDOWS\system32\spoolsv.exe
1420 C:\Programme\Avira\AntiVir Desktop\sched.exe
1544 svchost.exe
2028 C:\Programme\Avira\AntiVir Desktop\avguard.exe
2044 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
212 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
196 C:\WINDOWS\system32\ASTSRV.EXE
168 C:\Programme\Bonjour\mDNSResponder.exe
292 C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe
396 C:\WINDOWS\system32\svchost.exe
272 C:\Programme\Java\jre6\bin\jqs.exe
720 C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpserv.exe
828 C:\WINDOWS\system32\lxdpcoms.exe
1108 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
1152 C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe
1260 C:\Programme\Nitro PDF\Professional\NitroPDFDriverService.exe
1428 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
1976 C:\WINDOWS\system32\ctfmon.exe
1984 C:\WINDOWS\system32\svchost.exe
1996 C:\Programme\Viewpoint\Common\ViewpointService.exe
2012 C:\WINDOWS\wanmpsvc.exe
2164 C:\Programme\iTunes\iTunesHelper.exe
2196 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
2264 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
3236 C:\Programme\iPod\bin\iPodService.exe
3364 alg.exe
2940 C:\WINDOWS\explorer.exe
1040 C:\Programme\Motorola\MotoConnectService\MotoConnect.exe
1616 C:\Dokumente und Einstellungen\The Family\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000012`a0517a00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000023`0f480400 (FAT32)

PhysicalDrive0 Model Number: ST3160021A, Rev: 3.04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

BitDefender Log


QuickScan Beta 32-bit v0.9.9.41
-------------------------------
Scan date: Sun Oct 24 13:48:50 2010
Machine ID: C0F6F3B6



No infection found.
-------------------



Processes
---------
America Online 2012 C:\WINDOWS\wanmpsvc.exe
AntiVir Desktop 2196 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
AntiVir Desktop 2028 C:\Programme\Avira\AntiVir Desktop\avguard.exe
AntiVir Desktop 212 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
AntiVir Desktop 1420 C:\Programme\Avira\AntiVir Desktop\sched.exe
Apple Mobile Device Service 2044 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Betriebssystem Microsoft® Windows® 2940 C:\WINDOWS\explorer.exe
Betriebssystem Microsoft® Windows® 564 C:\WINDOWS\system32\services.exe
Betriebssystem Microsoft® Windows® 440 C:\WINDOWS\system32\smss.exe
Betriebssystem Microsoft® Windows® 520 C:\WINDOWS\system32\winlogon.exe
Bonjour 168 C:\Programme\Bonjour\mDNSResponder.exe
Firefox 1872 C:\Programme\Mozilla Firefox\firefox.exe
iTunes 3236 C:\Programme\iPod\bin\iPodService.exe
iTunes 2164 C:\Programme\iTunes\iTunesHelper.exe
Java™ Platform SE 6 U18 272 C:\Programme\Java\jre6\bin\jqs.exe
Java™ Platform SE Auto Updater 2 0 1428 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
Lexmark Connect 720 C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpserv.exe
Microsoft® Visual Studio .NET 1108 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
Microsoft® Windows® Operating System 3364 C:\WINDOWS\system32\alg.exe
Microsoft® Windows® Operating System 496 C:\WINDOWS\system32\csrss.exe
Microsoft® Windows® Operating System 1976 C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System 584 C:\WINDOWS\system32\lsass.exe
Microsoft® Windows® Operating System 1372 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 1100 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1544 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1000 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1984 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 892 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 840 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 752 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 396 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1140 C:\WINDOWS\system32\svchost.exe
MotoConnect 1040 C:\Programme\Motorola\MotoConnectService\MotoConnect.exe
MotoConnectService.exe 1152 C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe
Nalpeiron License Management 196 C:\WINDOWS\system32\ASTSRV.EXE
Nitro PDF Professional 1260 C:\Programme\Nitro PDF\Professional\NitroPDFDriverService.exe
Printer Communication System 828 C:\WINDOWS\system32\lxdpcoms.exe
Software Manager 2264 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
Sync 292 C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe
Viewpoint Manager 1996 C:\Programme\Viewpoint\Common\ViewpointService.exe


Network activity
----------------
Process firefox.exe (1872) connected on port 80 (HTTP) --> 184.84.224.74
Process firefox.exe (1872) connected on port 80 (HTTP) --> 66.220.146.18

Process lxdpcoms.exe (828) listens on ports: 10089
Process svchost.exe (840) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
Ad-Aware Admin Application C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Ad-Aware Tray Application C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
Adobe Acrobat C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
AntiVir Desktop C:\Programme\Avira\AntiVir Desktop\avgnt.exe
Apple Software Update C:\Programme\Apple Software Update\SoftwareUpdate.exe
Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\browseui.dll
Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\crypt32.dll
Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\cscdll.dll
Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\logonui.exe
Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\sclgntfy.dll
Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\shell32.dll
Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\stobject.dll
Betriebssystem Microsoft® Windows® c:\windows\system32\userinit.exe
Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\wlnotify.dll
CommonSDK C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
Dropbox C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Dropbox\bin\Dropbox.exe
HotSync® Manager C:\Programme\palmOne\Hotsync.exe
iTunes C:\Programme\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
Microsoft Office XP C:\Programme\Microsoft Office\Office10\OSA.EXE
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
OneClickStarter.exe C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe
Palm Desktop C:\Programme\palmOne\AlarmApp.exe
PRegScheduler Application C:\Dokumente und Einstellungen\The Family\Startmenü\Programme\Autostart\PowerReg Scheduler.exe
PSDrvCheck.exe C:\WINDOWS\System32\PSDrvCheck.exe
QuickTime C:\Programme\QuickTime\qttask.exe
Software Manager C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
SuperAntiSpyware C:\Programme\SUPERAntiSpyware\SASSEH.DLL
SUPERAntiSpyware C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
SUPERAntiSpyware WinLogon Processor C:\Programme\SUPERAntiSpyware\SASWINLO.dll
Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library c:\programme\gemeinsame dateien\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Programme\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Programme\Mozilla Firefox\plugins\nppdf32.dll
AOL Media Playback Control C:\WINDOWS\Downloaded Program Files\ampAx3.0.84.2.dll
AOL Media Playback Plugin C:\Programme\Mozilla Firefox\plugins\npunagi2.dll
Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\mswsock.dll
Betriebssystem Microsoft® Windows® C:\WINDOWS\System32\nwprovau.dll
BitDefender QuickScan C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan C:\Dokumente und Einstellungen\The Family\Anwendungsdaten\Mozilla\Firefox\Profiles\gnzvcelx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
BitTorrent C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll
Bonjour C:\Programme\Bonjour\mdnsNSP.dll
cpcScan C:\WINDOWS\Downloaded Program Files\cpcScan.dll
DivX Player Netscape Plugin C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll
DivX Player Netscape Plugin C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
DivX Web Player C:\Programme\DivX\DivX Web Player\npdivx32.dll
DivX Web Player C:\Programme\Mozilla Firefox\plugins\npdivx32.dll
DNA Plug-in C:\Programme\DNA\plugins\npbtdna.dll
downloadUpdater C:\Programme\Mozilla Firefox\plugins\npdnu.dll
downloadUpdater2 C:\Programme\Mozilla Firefox\plugins\npdnupdater2.dll
Driver Agent C:\WINDOWS\Downloaded Program Files\driveragent.ocx
HP Peripheral Interrogator C:\Programme\Internet Explorer\plugins\nphppi.dll
InstallShield ® C:\WINDOWS\Downloaded Program Files\setup.exe
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
Java Deployment Toolkit 6.0.180.7 C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll
Java™ Platform SE 6 U18 c:\programme\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U18 c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Messenger C:\Programme\Messenger\msmsgs.exe
MetaStream 3 Plugin C:\Programme\Mozilla Firefox\plugins\npViewpoint.dll
MetaStream 3 Plugin C:\Programme\Mozilla Firefox\plugins\npViewpoint_.dll
MetaStream 3 Plugin C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
Mozilla ActiveX control and plugin supp C:\Programme\Mozilla Firefox\plugins\npmozax.dll
Mozilla Default Plug-in C:\Programme\Mozilla Firefox\plugins\npnul32.dll
npitunes.dll C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.6.6 C:\Programme\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.6 C:\Programme\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.6 C:\Programme\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.6 C:\Programme\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.6 C:\Programme\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.6 C:\Programme\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.6 C:\Programme\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.6 C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.6 C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.6 C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.6 C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.6 C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.6 C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.6 C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
RealJukebox NS Plugin C:\Programme\Mozilla Firefox\plugins\nprjplug.dll
RealJukebox NS Plugin C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll
RealNetworks Rhapsody Player Engine C:\Programme\Real\RhapsodyPlayerEngine\nprhapengine.dll
RealPlayer Version Plugin C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll
RealPlayer Version Plugin C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Programme\Mozilla Firefox\plugins\nppl3260.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll
Shockwave for Director C:\Programme\Mozilla Firefox\plugins\np32dsw.dll
Silverlight Plug-In C:\Programme\Microsoft Silverlight\4.0.50524.0\npctrl.dll
Skype add-on for IE c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
Software Manager C:\WINDOWS\Downloaded Program Files\isusweb.dll
TBS WMP Plug-in C:\Programme\Mozilla Firefox\plugins\wmvfirefoxpluginsetup.exe
The OpenSSL Toolkit C:\Programme\Mozilla Firefox\plugins\libdivx.dll
The OpenSSL Toolkit C:\Programme\Mozilla Firefox\plugins\ssldivx.dll
Turner Media Plugin 1.0.0.9 C:\Programme\Mozilla Firefox\plugins\NPTURNMED.dll
TVicHW32 Generic Device Driver for Wind C:\WINDOWS\Downloaded Program Files\tvichw32.sys
unagiuninst.exe C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
Verizon TCP Configuration utility C:\WINDOWS\Downloaded Program Files\vzTCPConfig.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
Yahoo! activeX Plug-in Bridge C:\Programme\Yahoo!\Common\npyaxmpb.dll


Missing files
-------------
File not found: C:\DOKUME~1\THEFAM~1\LOKALE~1\Temp\catchme.sys
--> HKLM\System\ControlSet001\services\catchme\"ImagePath"

File not found: C:\DOKUME~1\THEFAM~1\LOKALE~1\Temp\mbr.sys
--> HKLM\System\ControlSet001\services\mbr\"ImagePath"

File not found: C:\Programme\Tracker Software\npPDFXCviewNPPlugin.dll
--> HLKM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf\"Path"

File not found: C:\WINDOWS\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

File not found: C:\WINDOWS\System32\hidserv.dll
--> HKLM\System\ControlSet001\services\HidServ\Parameters\"ServiceDll"

File not found: System32\Drivers\iiusbisp.sys
--> HKLM\System\ControlSet001\services\IIUSBISP\"ImagePath"

File not found: c:\programme\avg\avg8\avgssie.dll
--> HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\InprocServer32\(default)


Scan
----


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.05 MB sent, 1.90 KB recvd
Scanned 1051 files and modules - 109 seconds

==============================================================================
  • 0

#6
RKinner
Posted 24 October 2010 - 12:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The German is not a problem. I worked in Germany for 11 years and am pretty fluent. There should be something like Regional Settings in your Control Panel where you can tell it which language you prefer. Don't have an XP handy right now.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear Log or Clear Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP