Search redirect infection

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Page 1 of 1

You cannot start a new topic
This topic is locked

Search redirect infection Looking for help to identify and remove infection

#1 Panchi

New Member

Group: Members
Posts: 6
Joined: 26-January 10

Posted 27 January 2010 - 12:46 PM

Dear all,

Clicking on search results, Google and Yahoo, leads to different pages from those displayed. This happens with Firefox, when Javascript is active, and Internet Explorer.
I have Trend Micro Internet Security as antivirus, but it has not detected anything. After noticing the infection I used Ad-Aware (nothing detected), Malwarebytes (trojan.fakealert detected and removed), SuperAntiSpyware (trojan.fakealert detected and removed) and Eset on line (Win32/Kryptik.BXN detected and removed). However, the programs do not detect further infections and the redirection still happens.
I don´t know what to do next. Any help would be appreciated.

Here you have the log file DDS.txt

DDS (Ver_09-12-01.01) - NTFSx86
Run by Panchi at 19:27:14,68 on 26.01.2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2038.934 [GMT 1:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\Programme\LENOVO\HOTKEY\FNF5SVC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
C:\PROGRA~1\Lenovo\LENOVO~1\LPMGR.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe
C:\Programme\Lenovo\PM Driver\PMSveH.exe
C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programme\Trend Micro\Internet Security\SfCtlCom.exe
C:\Programme\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Programme\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Programme\Lenovo\Client Security Solution\cssauth.exe
C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Lenovo\System Update\SUService.exe
C:\Programme\Trend Micro\BM\TMBMSRV.exe
C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Programme\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Dokumente und Einstellungen\Panchi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programme\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programme\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\programme\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\programme\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\programme\windows live\toolbar\wltcore.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [CTSyncU.exe] "c:\programme\creative\sync manager unicode\CTSyncU.exe"
uRun: [SUPERAntiSpyware] c:\programme\superantispyware\SUPERAntiSpyware.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\programme\realtek\installshield\AzMixerSel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PMHandler] c:\progra~1\lenovo\pmdriv~1\PMHandler.exe
mRun: [LPManager] c:\progra~1\lenovo\lenovo~1\LPMGR.exe
mRun: [TPWAUDAP] c:\programme\lenovo\hotkey\TpWAudAp.exe
mRun: [ACTray] c:\programme\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\programme\thinkpad\connectutilities\ACWLIcon.exe
mRun: [<NO NAME>]
mRun: [FingerPrintSoftware] "c:\programme\lenovo fingerprint software\fpapp.exe" \s
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TVT Scheduler Proxy] c:\programme\gemeinsame dateien\lenovo\scheduler\scheduler_proxy.exe
mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [UfSeAgnt.exe] "c:\programme\trend micro\internet security\UfSeAgnt.exe"
mRun: [Message Center Plus] c:\programme\lenovo\message center plus\MCPLaunch.exe /start
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [cssauth] "c:\programme\lenovo\client security solution\cssauth.exe" silent
mRun: [TPFNF7] c:\programme\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\programme\gemeinsame dateien\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\fritz!~1.lnk - c:\windows\installer\{2457326b-c110-40c3-89b0-889cc913871a}\Icon2457326B4.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Block this popup - c:\programme\f-secure\anti-spyware\blockpopups.htm
IE: Senden an &Bluetooth-Gerät... - c:\programme\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programme\windows live\writer\WriterBrowserExtension.dll
IE: {300DB664-75B5-47c0-8B45-A44ACCF73C00} - {0928F506-07E8-470c-979D-147C296D4879} - c:\programme\f-secure\anti-spyware\ieshield.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\programme\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212849099246
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
Notify: !SASWinLogon - c:\programme\superantispyware\SASWINLO.dll
Notify: ACNotify - ACNotify.dll
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: igfxcui - igfxdev.dll
Notify: tphotkey - c:\programme\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programme\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\dokume~1\panchi\anwend~1\mozilla\firefox\profiles\xp0r99b6.default\
FF - component: c:\programme\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\programme\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - c:\programme\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programme\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programme\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-24 64288]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-5-24 10240]
R1 SASDIFSV;SASDIFSV;c:\programme\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\programme\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2007-1-19 61440]
R2 FNF5SVC;Fn+F5 Service;c:\programme\lenovo\hotkey\FnF5svc.exe [2007-4-9 54560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-12-13 54752]
R2 IGDCTRL;AVM IGD CTRL Service;c:\programme\fritz!dsl\IGDCTRL.EXE [2007-9-4 87344]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-26 52624]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-3-7 36368]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-25 38224]
R3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\drivers\PA707UCM.SYS [2005-6-27 140800]
R3 RDID1021;EDIROL UA-20;c:\windows\system32\drivers\Rdwm1021.sys [2008-6-18 171585]
R3 SASENUM;SASENUM;c:\programme\superantispyware\SASENUM.SYS [2010-1-5 7408]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-3-7 333328]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2009-3-26 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\programme\trend micro\internet security\TmProxy.exe [2009-3-26 648456]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
R3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [2008-3-28 89856]
S2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\f-secure\backweb\7681197\program\servic~1.exe --> c:\progra~1\f-secure\backweb\7681197\program\SERVIC~1.EXE [?]
S3 fsssvc;Windows Live Family Safety-Dienst;c:\programme\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2010-01-25 20:26:06 0 d-----w- c:\dokume~1\alluse~1\anwend~1\SUPERAntiSpyware.com
2010-01-25 20:25:57 0 d-----w- c:\programme\SUPERAntiSpyware
2010-01-25 20:25:57 0 d-----w- c:\dokume~1\panchi\anwend~1\SUPERAntiSpyware.com
2010-01-25 17:11:05 0 d-----w- c:\dokume~1\panchi\anwend~1\Malwarebytes
2010-01-25 17:11:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 17:11:00 0 d-----w- c:\dokume~1\alluse~1\anwend~1\Malwarebytes
2010-01-25 17:10:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-25 17:10:59 0 d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-01-24 20:02:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-24 18:28:24 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-24 18:26:38 0 dc-h--w- c:\dokume~1\alluse~1\anwend~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-24 18:26:19 0 d-----w- c:\programme\Lavasoft
2010-01-19 19:31:14 0 d-----w- C:\My Music
2010-01-19 19:22:30 0 d-----w- c:\programme\gemeinsame dateien\xing shared
2010-01-17 19:27:04 2112 ----a-w- c:\dokumente und einstellungen\panchi\fet2_settings.dat

==================== Find3M ====================

2009-12-21 19:05:02 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-13 20:32:47 81720 ----a-w- c:\windows\system32\perfc007.dat
2009-12-13 20:32:47 450888 ----a-w- c:\windows\system32\perfh007.dat

============= FINISH: 19:30:28,21 ===============

Attached File(s)

Attach.txt (11.3K)
Number of downloads: 9
ark.txt (5.43K)
Number of downloads: 10

#2 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 03 February 2010 - 12:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#3 Panchi

New Member

Group: Members
Posts: 6
Joined: 26-January 10

Posted 03 February 2010 - 05:19 PM

I´m glad to hear from you.

Here you have the requested log files.
In the meantime I did a Repair Install of XP.
Thanks again for your help !!

Attached File(s)

DDS.txt (18.56K)
Number of downloads: 8
Attach.txt (5.05K)
Number of downloads: 6
gmer.log (1.81K)
Number of downloads: 10

#4 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 04 February 2010 - 03:50 PM

Hello, Panchi
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the

button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:

Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Please don't attach the logfiles, just post it here in your thread.

Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

Link 1
Link 2

--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#5 Panchi

New Member

Group: Members
Posts: 6
Joined: 26-January 10

Posted 06 February 2010 - 11:04 AM

Dear Thomas,

I ran combofix as indicated, no problemo. I post the log file below.
It seems that the redirections do not take place any longer.

Let´s knock on wood !
Thanks a lot !

-------8<--------------------------------------------------------------

ComboFix 10-02-05.01 - Panchi 05.02.2010 20:22:15.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2038.1441 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Panchi\Desktop\schrauber.exe
AV: avast! antivirus 4.7.892 [VPS 100205-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((( Dateien erstellt von 2010-01-05 bis 2010-02-05 ))))))))))))))))))))))))))))))
.

2010-02-05 17:48 . 2010-02-05 17:48 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth
2010-02-04 19:42 . 2010-02-04 19:42 -------- d-----w- c:\programme\MSXML 6.0
2010-02-04 19:40 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-04 19:39 . 2009-12-21 19:05 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-04 19:39 . 2009-12-21 19:04 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-04 19:39 . 2009-12-21 19:04 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-04 19:39 . 2009-12-21 19:04 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-04 19:39 . 2009-12-21 19:04 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-04 19:39 . 2009-12-21 19:04 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-04 18:16 . 2001-08-18 03:54 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-04 18:16 . 2001-08-18 03:55 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-02-04 18:16 . 2001-08-18 03:55 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-02-04 18:16 . 2001-08-18 03:55 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-02-04 18:16 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-02-04 18:16 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-02-04 18:16 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-02-04 18:16 . 2004-08-03 21:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-02-04 18:14 . 2001-08-17 12:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-02-04 18:14 . 2001-08-17 12:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2010-02-04 18:14 . 2001-08-17 11:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2010-02-04 18:14 . 2001-08-17 12:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2010-02-04 18:14 . 2001-08-17 12:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-02-04 18:14 . 2001-08-17 12:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2010-02-04 18:14 . 2001-08-17 12:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2010-02-04 18:14 . 2001-08-17 12:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2010-02-04 18:14 . 2001-08-17 12:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2010-02-04 18:14 . 2001-08-17 12:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-02-04 18:14 . 2001-08-17 12:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2010-02-04 18:14 . 2001-08-17 12:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2010-02-04 18:14 . 2004-08-03 23:43 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2010-02-04 18:12 . 2001-08-17 11:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2010-02-04 18:11 . 2001-08-17 12:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-02-04 18:10 . 2001-08-17 11:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-02-04 18:09 . 2001-08-17 11:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2010-02-04 18:09 . 2001-08-18 03:35 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2010-02-04 18:09 . 2001-08-17 11:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2010-02-04 18:09 . 2001-08-17 12:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2010-02-04 18:09 . 2001-08-18 03:54 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2010-02-04 18:09 . 2001-08-18 03:54 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2010-02-04 18:09 . 2001-08-18 03:54 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2010-02-04 18:09 . 2001-08-18 03:54 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2010-02-04 18:09 . 2004-08-03 21:31 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2010-02-04 18:09 . 2001-08-17 11:12 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2010-02-04 18:09 . 2001-08-18 03:35 95178 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2010-02-04 18:09 . 2001-08-18 03:52 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2010-02-04 18:09 . 2001-08-17 11:50 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2010-02-04 18:07 . 2001-08-17 12:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-02-04 18:06 . 2001-08-17 11:50 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2010-02-04 18:06 . 2001-08-17 12:57 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2010-02-04 18:06 . 2001-08-18 03:54 83968 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2010-02-04 18:06 . 2001-08-18 03:54 81408 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2010-02-04 18:06 . 2004-08-03 21:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-02-04 18:06 . 2001-08-17 11:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2010-02-04 18:06 . 2001-08-17 11:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2010-02-04 18:06 . 2001-08-18 03:54 10752 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2010-02-04 18:06 . 2001-08-17 11:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-02-04 18:06 . 2001-08-17 11:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2010-02-04 18:06 . 2001-08-18 03:54 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-02-04 18:05 . 2001-08-17 12:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-02-04 18:05 . 2001-08-18 03:33 715242 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-02-04 18:05 . 2001-08-18 03:33 899658 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2010-02-04 18:05 . 2001-08-18 03:54 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2010-02-04 18:05 . 2001-08-17 12:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2010-02-04 18:05 . 2001-08-17 12:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2010-02-04 18:05 . 2001-08-17 12:52 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2010-02-04 18:05 . 2001-08-17 12:52 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2010-02-04 18:05 . 2001-08-17 12:52 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2010-02-04 18:05 . 2001-08-17 12:52 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2010-02-04 18:04 . 2001-08-17 12:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-02-04 18:04 . 2001-08-17 12:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-02-04 18:04 . 2001-08-17 12:28 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2010-02-04 18:04 . 2001-08-18 03:54 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2010-02-04 18:04 . 2001-08-18 03:54 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2010-02-04 18:04 . 2001-08-18 03:32 16384 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2010-02-04 18:04 . 2001-08-17 12:53 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2010-02-04 18:04 . 2001-08-17 12:53 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2010-02-04 18:04 . 2001-08-18 03:54 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2010-02-04 18:04 . 2001-08-17 13:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2010-02-04 18:04 . 2001-08-17 13:04 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2010-02-04 18:02 . 2001-08-18 03:54 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2010-02-04 18:01 . 2001-08-17 11:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2010-02-04 18:00 . 2001-08-18 03:54 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2010-02-04 18:00 . 2001-08-17 12:49 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2010-02-04 18:00 . 2001-08-18 03:54 20480 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-02-04 18:00 . 2001-08-18 03:25 22144 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2010-02-04 18:00 . 2001-08-17 11:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-02-04 18:00 . 2001-08-17 12:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-02-04 18:00 . 2001-08-17 13:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-02-04 17:59 . 2001-08-17 13:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-02-04 17:59 . 2001-08-17 12:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-02-04 17:59 . 2001-08-17 12:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-02-04 17:59 . 2001-08-17 12:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-02-04 17:59 . 2001-08-17 12:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-02-04 17:59 . 2001-08-18 03:22 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2010-02-04 17:59 . 2001-08-18 03:52 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2010-02-04 17:59 . 2001-08-18 03:53 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2010-02-04 17:59 . 2001-08-17 12:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2010-02-04 17:57 . 2001-08-18 03:53 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2010-02-04 17:57 . 2001-08-18 03:53 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-02-04 17:57 . 2001-08-18 03:53 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-02-04 17:57 . 2001-08-17 13:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-02-04 17:57 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-02-04 17:57 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-02-04 17:57 . 2001-08-17 12:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2010-02-04 17:56 . 2001-08-17 12:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2010-02-04 17:56 . 2001-08-17 12:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2010-02-04 17:56 . 2001-08-17 11:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2010-02-04 17:56 . 2001-08-18 03:53 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2010-02-04 17:56 . 2001-08-17 12:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2010-02-04 17:56 . 2001-08-18 03:18 13440 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-02-04 17:56 . 2001-08-17 12:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2010-02-04 17:54 . 2001-08-17 12:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-02-04 17:53 . 2001-08-18 03:53 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-02-04 17:52 . 2001-08-17 11:15 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2010-02-04 17:52 . 2001-08-18 03:53 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2010-02-04 17:52 . 2001-08-17 11:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2010-02-04 17:52 . 2001-08-17 11:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2010-02-04 17:52 . 2001-08-17 11:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2010-02-04 17:52 . 2001-08-17 11:14 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2010-02-04 17:52 . 2001-08-17 11:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2010-02-04 17:52 . 2004-08-03 21:31 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2010-02-04 17:52 . 2001-08-18 03:53 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-02-04 17:52 . 2001-08-17 11:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2010-02-04 17:52 . 2001-08-17 11:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2010-02-04 17:52 . 2001-08-17 11:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 19:33 . 2006-02-28 12:00 81720 ----a-w- c:\windows\system32\perfc007.dat
2010-02-05 19:33 . 2006-02-28 12:00 450888 ----a-w- c:\windows\system32\perfh007.dat
2010-02-05 19:10 . 2009-10-24 17:25 -------- d-----w- c:\dokumente und einstellungen\Panchi\Anwendungsdaten\FRITZ!
2010-02-03 22:27 . 2010-02-03 18:28 -------- d-----w- c:\programme\Spyware Doctor
2010-02-03 18:57 . 2009-10-24 18:13 472304 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2010-02-03 18:34 . 2010-02-03 18:28 -------- d-----w- c:\programme\Gemeinsame Dateien\PC Tools
2010-02-03 18:09 . 2009-03-26 17:48 -------- d-----w- c:\programme\Trend Microxxxxxxxxxxxx
2010-02-03 18:01 . 2009-03-26 17:50 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Trend Micro
2010-02-01 18:43 . 2008-06-04 21:16 22880 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-25 20:25 . 2009-10-20 18:08 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2010-01-20 18:02 . 2009-12-13 17:09 -------- d-----w- c:\programme\Microsoft Silverlight
2010-01-19 19:22 . 2008-08-30 13:34 -------- d-----w- c:\programme\Gemeinsame Dateien\Real
2010-01-17 18:53 . 2008-06-21 14:42 -------- d-----w- c:\programme\u-he
2010-01-06 17:42 . 2010-01-06 17:42 -------- d-----w- c:\dokumente und einstellungen\Panchi\Anwendungsdaten\Apple Computer
2009-12-22 05:34 . 2009-12-22 05:34 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-21 19:05 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 08:13 . 2009-12-17 20:42 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NOS
2009-12-17 18:22 . 2009-12-17 18:22 -------- dc-h--w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{0431FA92-08E5-47E9-950C-61AAE87BAD26}
2009-12-17 18:20 . 2008-06-07 17:10 -------- d-----w- c:\programme\Gemeinsame Dateien\Native Instruments
2009-12-15 15:56 . 2009-12-17 18:22 4183776 -c--a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{0431FA92-08E5-47E9-950C-61AAE87BAD26}\Compilation Vol. 2 Setup PC.exe
2009-12-14 16:44 . 2009-12-14 16:44 -------- d-----w- c:\programme\Microsoft CAPICOM 2.1.0.2
2009-12-13 17:13 . 2008-06-07 14:19 32472 ----a-w- c:\dokumente und einstellungen\Panchi\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-12-13 17:09 . 2009-12-13 17:06 -------- d-----w- c:\programme\Windows Live
2009-12-13 17:08 . 2009-12-13 17:08 -------- d-----w- c:\programme\Microsoft Sync Framework
2009-12-13 17:08 . 2009-12-13 17:08 -------- d-----w- c:\programme\Microsoft SQL Server Compact Edition
2009-12-13 17:06 . 2009-12-13 17:06 -------- d-----w- c:\programme\Microsoft
2009-12-13 17:06 . 2009-12-13 17:06 -------- d-----w- c:\programme\Windows Live SkyDrive
2009-12-13 16:59 . 2009-12-13 16:59 -------- d-----w- c:\programme\Gemeinsame Dateien\Windows Live
2009-11-21 15:54 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-10 09:28 . 2010-02-03 18:34 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-10 09:28 . 2010-02-03 18:34 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-10 09:28 . 2010-02-03 18:34 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-11-10 09:26 . 2010-02-03 18:34 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-09 10:20 . 2010-02-03 18:29 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\programme\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 868352]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\programme\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\programme\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-03-16 31840]
"LPManager"="c:\progra~1\Lenovo\LENOVO~1\LPMGR.exe" [2007-03-01 120368]
"TPWAUDAP"="c:\programme\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]
"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Message Center Plus"="c:\programme\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2007-11-29 2872632]
"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-03 62240]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-11-10 417792]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2010-01-19 198160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-23 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-23 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-23 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"MSSE"="c:\programme\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\dokumente und einstellungen\Panchi\Startmen\Programme\Autostart\
FRITZ!DSL Protect.lnk - c:\programme\FRITZ!DSL\FwebProt.exe [2007-9-7 1070384]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe [2009-10-20 29184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2007-02-27 15:26 131072 ----a-w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2009-05-21 18:48 34080 ----a-w- c:\programme\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [03.02.2010 19:29 207792]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24.05.2006 10:48 10240]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [05.01.2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [05.01.2010 07:56 74480]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\Spyware Doctor\BDT\BDTUpdateService.exe [03.02.2010 19:34 112592]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [19.01.2007 14:16 61440]
R2 FNF5SVC;Fn+F5 Service;c:\programme\Lenovo\HOTKEY\FnF5svc.exe [09.04.2007 09:24 54560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [13.12.2009 18:09 54752]
R2 IGDCTRL;AVM IGD CTRL Service;c:\programme\FRITZ!DSL\IGDCTRL.EXE [04.09.2007 09:14 87344]
R3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\drivers\PA707UCM.SYS [27.06.2005 17:09 140800]
R3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [05.01.2010 07:56 7408]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22.05.2007 13:59 30336]
S2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE --> c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [?]
S3 fsssvc;Windows Live Family Safety-Dienst;c:\programme\Windows Live\Family Safety\fsssvc.exe [05.08.2009 22:48 704864]
S3 RDID1021;EDIROL UA-20;c:\windows\system32\drivers\Rdwm1021.sys [18.06.2008 18:42 171585]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [03.02.2010 19:28 359624]
S3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [28.03.2008 01:21 89856]
.
Inhalt des "geplante Tasks" Ordners

2009-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-02-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 16:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
LSP: c:\programme\FRITZ!DSL\\sarah.dll
FF - ProfilePath - c:\dokumente und einstellungen\Panchi\Anwendungsdaten\Mozilla\Firefox\Profiles\xp0r99b6.default\
FF - component: c:\programme\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\programme\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: general.useragent.extra.zencast - c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)
HKLM-Run-UfSeAgnt.exe - c:\programme\Trend Micro\Internet Security\UfSeAgnt.exe
HKLM-Run-ISW - c:\programme\CheckPoint\ZAForceField\ForceField.exe
Notify-ACNotify - ACNotify.dll
AddRemove-RD - c:\programme\d-lusion\RD\uninstall.exe
AddRemove-HijackThis - c:\programme\Trend Micro\HijackThis\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 20:29
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iaStor]
"ImagePath"=""
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\programme\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\FpWinLogonNp.dll
c:\programme\Lenovo Fingerprint Software\ATCSSINT.dll
c:\programme\Lenovo Fingerprint Software\SharedResources.dll
c:\programme\Lenovo Fingerprint Software\FPResource.dll
c:\programme\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(1000)
c:\programme\FRITZ!DSL\sarah.dll
c:\programme\FRITZ!DSL\block.dll

- - - - - - - > 'explorer.exe'(1712)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Microsoft Security Essentials\MsMpEng.exe
c:\programme\Lenovo\Bluetooth Software\bin\btwdins.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Alwil Software\Avast4\aswUpdSv.exe
c:\programme\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\CTsvcCDA.exe
c:\programme\Lenovo\PM Driver\PMSveH.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\PAStiSvc.exe
c:\programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
c:\programme\Lenovo\System Update\SUService.exe
c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programme\Alwil Software\Avast4\ashMaiSv.exe
c:\programme\Alwil Software\Avast4\ashWebSv.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\wscntfy.exe
c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\programme\FRITZ!DSL\StCenter.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-02-05 20:34:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-02-05 19:34

Vor Suchlauf: 13 Verzeichnis(se), 132.113.473.536 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 133.261.938.688 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 21812F13E7AA484019077FA15010A2B9

#6 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 06 February 2010 - 11:57 AM

Sounds good

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
Push the Quick Scan button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#7 Panchi

New Member

Group: Members
Posts: 6
Joined: 26-January 10

Posted 07 February 2010 - 01:46 PM

Hi Thomas,
Thanks for your quick answer and the new advice.

Here you have the log files:

[Extras]-------------8<-----------------------------------------
OTL Extras logfile created on: 07.02.2010 19:28:07 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Dokumente und Einstellungen\Panchi\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 124,02 Gb Free Space | 83,21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RATICULI-FA8A88
Current User Name: Panchi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe" = C:\Programme\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe:*:Enabled:F-Secure Automatic Update -- File not found
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live Sync -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.32
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Ergänzung zu Lenovo Care
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{6890BB45-8983-47C3-8FE5-4A03CB7554FE}" = Native Instruments Compilation Vol. 1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B0DAA1BD-65E9-4D1B-BBB5-850021C4D17F}" = Native Instruments Compilation Vol. 2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2A36CC2-531D-4BD7-BB75-69F51CB31305}" = PC VGA Camera
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7F56612-69F7-4F85-AD0B-B04B1C5BC3BD}" = Creative ZEN V Series (R2)
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"avast!" = avast! Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Browser Defender_is1" = Browser Defender 2.0.6.11
"Creative Removable Disk Manager" = Creative-Manager für Wechseldatenträger
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"ESET Online Scanner" = ESET Online Scanner v3
"Free FLV Converter_is1" = Free FLV Converter V 6.5
"Furnish Pro" = Furnish Pro
"G7EDE" = G7.1ut Editor/Librarian
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"InstallShield_{E2A36CC2-531D-4BD7-BB75-69F51CB31305}" = PC VGA Camera
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSNINST" = MSN
"Native Instruments Compilation Vol. 1" = Native Instruments Compilation Vol. 1
"Native Instruments Compilation Vol. 2" = Native Instruments Compilation Vol. 2
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Service Center" = Native Instruments Service Center
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"Pixie_is1" = Pixie 1.4.1
"PrimoPDF3.0" = PrimoPDF
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"Sibelius Scorch Plugin_is1" = Sibelius Scorch Plugin 5.2.5.30
"Spyware Doctor" = Spyware Doctor 7.0
"Steinberg Cubase LE" = Steinberg Cubase LE
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative-Systeminformationen
"TuxGuitar_0" = TuxGuitar 1.2
"Unique Sound + Recording Edition" = Unique Sound + Recording Edition
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZOOM G Series Audio Driver" = ZOOM G Series Audio Driver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 07.02.2010 14:25:13 | Computer Name = RATICULI-FA8A88 | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalProperties (Object, Property, Val)
VALUES (1, 'MAIL--PopRedirectPort', '110');" failed. Error description: "unable
to open database file [14]".

Error - 07.02.2010 14:25:13 | Computer Name = RATICULI-FA8A88 | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalProperties (Object, Property, Val)
VALUES (1, 'MAIL--ImapRedirectPort', '143');" failed. Error description: "unable
to open database file [14]".

Error - 07.02.2010 14:25:13 | Computer Name = RATICULI-FA8A88 | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalProperties (Object, Property, Val)
VALUES (1, 'MAIL--HeurSensitivity', '2');" failed. Error description: "unable to
open database file [14]".

Error - 07.02.2010 14:25:13 | Computer Name = RATICULI-FA8A88 | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalProperties (Object, Property, Val)
VALUES (1, 'WS--ExcTypes1', '');" failed. Error description: "unable to open database
file [14]".

Error - 07.02.2010 14:25:17 | Computer Name = RATICULI-FA8A88 | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalProperties (Object, Property, Val)
VALUES (1, 'MAIL--Flags', '0');" failed. Error description: "unable to open database
file [14]".

Error - 07.02.2010 14:25:17 | Computer Name = RATICULI-FA8A88 | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalProperties (Object, Property, Val)
VALUES (1, 'MAIL--POPFlags', '1');" failed. Error description: "unable to open
database file [14]".

Error - 07.02.2010 14:25:17 | Computer Name = RATICULI-FA8A88 | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalProperties (Object, Property, Val)
VALUES (1, 'MAIL--HeurTimePeriodCheckTime', '0');" failed. Error description: "unable
to open database file [14]".

Error - 07.02.2010 14:25:18 | Computer Name = RATICULI-FA8A88 | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalProperties (Object, Property, Val)
VALUES (1, 'OUTLOOK--InboundAction', '0');" failed. Error description: "unable
to open database file [14]".

Error - 07.02.2010 14:25:18 | Computer Name = RATICULI-FA8A88 | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalProperties (Object, Property, Val)
VALUES (1, 'STANDARD--BlockExtensions', '');" failed. Error description: "unable
to open database file [14]".

Error - 07.02.2010 14:25:18 | Computer Name = RATICULI-FA8A88 | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalProperties (Object, Property, Val)
VALUES (1, 'STANDARD--Exceptions1', '');" failed. Error description: "unable to
open database file [14]".

[ Application Events ]
Error - 07.02.2010 14:15:49 | Computer Name = RATICULI-FA8A88 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 timeout, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8 NIL,
P9 NIL, P10 NIL.

Error - 07.02.2010 14:15:50 | Computer Name = RATICULI-FA8A88 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 passthrough, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8
NIL, P9 NIL, P10 NIL.

Error - 07.02.2010 14:15:50 | Computer Name = RATICULI-FA8A88 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 timeout, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8 NIL,
P9 NIL, P10 NIL.

Error - 07.02.2010 14:15:51 | Computer Name = RATICULI-FA8A88 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 timeout, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8 NIL,
P9 NIL, P10 NIL.

Error - 07.02.2010 14:15:51 | Computer Name = RATICULI-FA8A88 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 timeout, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8 NIL,
P9 NIL, P10 NIL.

Error - 07.02.2010 14:15:52 | Computer Name = RATICULI-FA8A88 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 passthrough, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8
NIL, P9 NIL, P10 NIL.

Error - 07.02.2010 14:15:52 | Computer Name = RATICULI-FA8A88 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.0.6212.0, P3 timeout, P4 1.1.5406.0, P5 unspecified, P6 NIL, P7 NIL, P8 NIL,
P9 NIL, P10 NIL.

Error - 07.02.2010 14:21:35 | Computer Name = RATICULI-FA8A88 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avast.setup, Version 4.8.0.0, fehlgeschlagenes
Modul tapi32.dll, Version 5.1.2600.5512, Fehleradresse 0x00005842.

Error - 07.02.2010 14:24:40 | Computer Name = RATICULI-FA8A88 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3667, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 07.02.2010 14:31:08 | Computer Name = RATICULI-FA8A88 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3667, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

[ Lenovo-Message Center Plus/Admin Events ]
Error - 13.06.2009 10:54:23 | Computer Name = RATICULI-FA8A88 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = DirectoryNotFoundException -> Exception message: Ein Teil des Pfades
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo\MessageCenterPlus\LocalRepository\Messages
konnte nicht gefunden werden.

Error - 14.06.2009 08:45:04 | Computer Name = RATICULI-FA8A88 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = DirectoryNotFoundException -> Exception message: Ein Teil des Pfades
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo\MessageCenterPlus\LocalRepository\Messages
konnte nicht gefunden werden.

Error - 14.06.2009 15:35:10 | Computer Name = RATICULI-FA8A88 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = DirectoryNotFoundException -> Exception message: Ein Teil des Pfades
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo\MessageCenterPlus\LocalRepository\Messages
konnte nicht gefunden werden.

Error - 17.06.2009 12:48:24 | Computer Name = RATICULI-FA8A88 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = DirectoryNotFoundException -> Exception message: Ein Teil des Pfades
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo\MessageCenterPlus\LocalRepository\Messages
konnte nicht gefunden werden.

Error - 03.02.2010 19:00:04 | Computer Name = RATICULI-FA8A88 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = An exception occurred while validating the file signature -> Exception
message: Die DLL tvtfilesig32.dll: Das angegebene Modul wurde nicht gefunden. (Ausnahme
von HRESULT: 0x8007007E) kann nicht geladen werden.

Error - 03.02.2010 19:00:04 | Computer Name = RATICULI-FA8A88 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program failed digital signature verification for message
'MCPToLTT_ROW': LTTCheck.exe

Error - 06.02.2010 12:12:25 | Computer Name = RATICULI-FA8A88 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = An exception occurred while validating the file signature -> Exception
message: Die DLL tvtfilesig32.dll: Das angegebene Modul wurde nicht gefunden. (Ausnahme
von HRESULT: 0x8007007E) kann nicht geladen werden.

Error - 06.02.2010 12:12:25 | Computer Name = RATICULI-FA8A88 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 06.02.2010 12:12:29 | Computer Name = RATICULI-FA8A88 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = An exception occurred while validating the file signature -> Exception
message: Die DLL tvtfilesig32.dll: Das angegebene Modul wurde nicht gefunden. (Ausnahme
von HRESULT: 0x8007007E) kann nicht geladen werden.

[ System Events ]
Error - 05.02.2010 15:25:48 | Computer Name = RATICULI-FA8A88 | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_ROOTREPEAL\0000" wurde ohne vorbereitende Maßnahmen
vom System entfernt.

Error - 05.02.2010 15:28:31 | Computer Name = RATICULI-FA8A88 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "F-Secure Automatic Update" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3

Error - 05.02.2010 15:33:36 | Computer Name = RATICULI-FA8A88 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Fingerprint Server" hat einen ungültigen aktuellen Status
gemeldet: 0

Error - 06.02.2010 11:33:43 | Computer Name = RATICULI-FA8A88 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "F-Secure Automatic Update" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3

Error - 07.02.2010 14:13:02 | Computer Name = RATICULI-FA8A88 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "F-Secure Automatic Update" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3

Error - 07.02.2010 14:15:06 | Computer Name = RATICULI-FA8A88 | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%861-Echtzeitschutzfunktion. Funktion: %%834 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%838

Error - 07.02.2010 14:15:06 | Computer Name = RATICULI-FA8A88 | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%861-Echtzeitschutzfunktion. Funktion: %%834 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%838

Error - 07.02.2010 14:15:06 | Computer Name = RATICULI-FA8A88 | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%861-Echtzeitschutzfunktion. Funktion: %%834 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%838

Error - 07.02.2010 14:15:16 | Computer Name = RATICULI-FA8A88 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Terminaldienste" wurde nicht ordnungsgemäß gestartet.

Error - 07.02.2010 14:15:16 | Computer Name = RATICULI-FA8A88 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Kompatibilität für schnelle Benutzerumschaltung" ist vom
Dienst "Terminaldienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1070

< End of report >

[OTL]-------------8<-----------------------------------------

OTL logfile created on: 07.02.2010 19:28:07 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Dokumente und Einstellungen\Panchi\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 124,02 Gb Free Space | 83,21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RATICULI-FA8A88
Current User Name: Panchi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.02.07 19:27:03 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Panchi\Desktop\OTL.exe
PRC - [2010.01.25 22:44:45 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.01.19 20:22:13 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2010.01.05 07:56:02 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009.09.13 18:52:50 | 001,048,392 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Essentials\msseces.exe
PRC - [2009.08.03 03:07:00 | 000,062,240 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009.07.29 09:43:34 | 000,163,840 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009.07.29 09:42:32 | 000,221,184 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009.07.29 09:42:28 | 000,098,304 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009.07.29 09:40:40 | 000,425,984 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009.07.29 09:35:18 | 000,172,032 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2009.07.02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009.05.27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008.10.20 10:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.14 09:08:38 | 000,054,560 | ---- | M] (Lenovo.) -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe
PRC - [2008.03.11 12:33:02 | 000,054,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.11.29 17:36:38 | 002,872,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\cssauth.exe
PRC - [2007.11.29 16:56:34 | 000,722,232 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.09.11 14:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2007.09.07 10:06:46 | 001,070,384 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\FwebProt.exe
PRC - [2007.09.04 09:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2007.05.30 12:52:32 | 000,868,352 | ---- | M] () -- C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2007.03.23 15:32:42 | 000,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2007.03.23 15:32:40 | 000,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007.03.23 15:32:36 | 000,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007.03.23 15:32:24 | 000,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007.03.16 04:26:22 | 000,057,344 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\PM Driver\PMSveH.exe
PRC - [2007.03.16 04:26:18 | 000,031,840 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\PM Driver\PMHandler.exe
PRC - [2007.03.01 01:02:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\LenovoCare\LPMGR.EXE
PRC - [2007.01.30 17:54:00 | 016,116,224 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007.01.19 14:16:46 | 000,061,440 | ---- | M] (AuthenTec,Inc) -- C:\WINDOWS\system32\FpLogonServ.exe
PRC - [2006.11.11 20:56:18 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2006.11.08 09:28:52 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006.11.08 09:20:58 | 000,950,272 | ---- | M] (Intel Corporation ) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006.11.08 09:14:00 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006.09.25 17:42:01 | 000,108,160 | ---- | M] () -- C:\Programme\Alwil Software\Avast4\ashServ.exe
PRC - [2006.09.25 17:41:44 | 000,251,520 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2006.09.25 17:41:34 | 000,370,304 | ---- | M] (ALWIL Software) -- C:\Programme\Alwil Software\Avast4\ashWebSv.exe
PRC - [2006.09.25 17:32:08 | 000,059,008 | ---- | M] () -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2006.08.30 15:40:04 | 000,089,542 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2006.05.19 13:51:16 | 000,774,233 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005.01.14 08:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe
PRC - [1999.12.13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE

========== Modules (SafeList) ==========

MOD - [2010.02.07 19:27:03 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Panchi\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (BackWeb Plug-in - 7681197)
SRV - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009.11.06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009.10.30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009.08.05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.07.29 09:42:32 | 000,221,184 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009.07.29 09:42:28 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009.07.02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.10.20 10:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008.03.14 09:08:38 | 000,054,560 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.11.29 16:56:34 | 000,722,232 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.09.04 09:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.03.16 04:26:22 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)
SRV - [2007.01.19 14:16:46 | 000,061,440 | ---- | M] (AuthenTec,Inc) [Auto | Running] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2006.11.11 20:56:18 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006.11.08 09:28:52 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006.11.08 09:20:58 | 000,950,272 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006.11.08 09:14:00 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006.09.25 17:42:01 | 000,108,160 | ---- | M] () [Auto | Running] -- C:\Programme\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2006.09.25 17:41:44 | 000,251,520 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Programme\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2006.09.25 17:41:34 | 000,370,304 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Programme\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2006.09.25 17:32:08 | 000,059,008 | ---- | M] () [Auto | Running] -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2005.01.14 08:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)
SRV - [1999.12.13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.02.03 18:36:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.01.25 22:44:58 | 000,000,000 | ---D | M]

[2008.08.30 14:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Mozilla\Extensions
[2010.02.03 23:47:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Mozilla\Firefox\Profiles\xp0r99b6.default\extensions
[2010.01.08 21:01:48 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Mozilla\Firefox\Profiles\xp0r99b6.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010.01.17 16:27:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Mozilla\Firefox\Profiles\xp0r99b6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.08 21:01:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Mozilla\Firefox\Profiles\xp0r99b6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.08.30 14:29:15 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

O1 HOSTS File: ([2010.02.05 20:28:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Programme\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Message Center Plus] C:\Programme\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [MSSE] c:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PMHandler] C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\WINDOWS\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Panchi\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure\Anti-Spyware\ieshield.dll File not found
O9 - Extra 'Tools' menuitem : IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure\Anti-Spyware\ieshield.dll File not found
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1212849099246 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\tphotkey: DllName - C:\Programme\Lenovo\HOTKEY\tphklock.dll - C:\Programme\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.04 22:19:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.02.01 19:45:42 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010.02.07 19:23:42 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Panchi\Desktop\OTL.exe
[2010.02.06 16:46:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.02.05 20:21:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.02.05 20:18:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.02.05 20:18:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.02.05 20:18:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.02.05 20:18:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.02.05 20:18:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.02.05 20:15:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.02.05 19:23:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.02.05 18:55:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010.02.05 18:48:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2010.02.04 20:42:44 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 6.0
[2010.02.04 19:16:50 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2010.02.04 19:16:36 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2010.02.04 19:16:29 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2010.02.04 19:16:02 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2010.02.04 19:15:59 | 000,035,402 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2010.02.04 19:15:44 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2010.02.04 19:15:22 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2010.02.04 19:15:10 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2010.02.04 19:15:08 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2010.02.04 19:15:05 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2010.02.04 19:15:00 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2010.02.04 19:14:56 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2010.02.04 19:14:49 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2010.02.04 19:14:46 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2010.02.04 19:14:31 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2010.02.04 19:14:18 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2010.02.04 19:14:15 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2010.02.04 19:14:12 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2010.02.04 19:14:06 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2010.02.04 19:13:43 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010.02.04 19:13:31 | 000,212,480 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2010.02.04 19:13:28 | 000,216,576 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2010.02.04 19:13:10 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2010.02.04 19:13:07 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2010.02.04 19:13:04 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2010.02.04 19:13:01 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2010.02.04 19:12:58 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2010.02.04 19:12:55 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2010.02.04 19:12:29 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2010.02.04 19:12:19 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2010.02.04 19:12:16 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2010.02.04 19:12:11 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2010.02.04 19:12:08 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2010.02.04 19:11:53 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2010.02.04 19:11:50 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2010.02.04 19:11:13 | 000,159,744 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2010.02.04 19:11:10 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2010.02.04 19:11:08 | 000,287,232 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2010.02.04 19:11:04 | 000,017,152 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2010.02.04 19:10:57 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2010.02.04 19:10:33 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2010.02.04 19:10:03 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2010.02.04 19:10:00 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2010.02.04 19:09:56 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2010.02.04 19:09:54 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2010.02.04 19:09:51 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2010.02.04 19:09:11 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2010.02.04 19:09:08 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2010.02.04 19:09:05 | 000,095,178 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2010.02.04 19:08:59 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2010.02.04 19:08:26 | 000,161,888 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2010.02.04 19:08:23 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2010.02.04 19:08:21 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2010.02.04 19:08:16 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2010.02.04 19:07:45 | 000,017,792 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2010.02.04 19:07:38 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2010.02.04 19:07:36 | 000,024,192 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2010.02.04 19:07:19 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2010.02.04 19:07:16 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2010.02.04 19:07:13 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2010.02.04 19:07:11 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2010.02.04 19:07:08 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2010.02.04 19:07:05 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2010.02.04 19:07:02 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2010.02.04 19:07:00 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2010.02.04 19:06:57 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2010.02.04 19:06:50 | 000,083,968 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2010.02.04 19:06:47 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2010.02.04 19:06:33 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2010.02.04 19:06:31 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2010.02.04 19:06:22 | 000,010,752 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2010.02.04 19:06:08 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2010.02.04 19:05:37 | 000,715,242 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2010.02.04 19:05:34 | 000,899,658 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2010.02.04 19:04:57 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2010.02.04 19:04:54 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2010.02.04 19:04:51 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2010.02.04 19:04:40 | 000,016,384 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2010.02.04 19:03:40 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2010.02.04 19:03:37 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2010.02.04 19:03:27 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2010.02.04 19:03:25 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2010.02.04 19:03:22 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2010.02.04 19:02:45 | 000,054,730 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2010.02.04 19:02:40 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2010.02.04 19:02:35 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2010.02.04 19:02:09 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2010.02.04 19:01:53 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2010.02.04 19:01:51 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2010.02.04 19:01:45 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2010.02.04 19:01:44 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2010.02.04 19:01:31 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2010.02.04 19:01:29 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2010.02.04 19:01:20 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2010.02.04 19:01:18 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2010.02.04 19:01:15 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2010.02.04 19:01:13 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2010.02.04 19:01:10 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2010.02.04 19:01:08 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2010.02.04 19:01:00 | 000,076,288 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2010.02.04 19:00:58 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2010.02.04 19:00:55 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2010.02.04 19:00:53 | 000,020,480 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2010.02.04 19:00:51 | 000,022,144 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2010.02.04 19:00:47 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2010.02.04 18:59:39 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2010.02.04 18:58:57 | 000,164,970 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2010.02.04 18:58:35 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2010.02.04 18:58:33 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2010.02.04 18:58:32 | 000,422,016 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2010.02.04 18:58:28 | 000,607,196 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2010.02.04 18:58:28 | 000,577,226 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2010.02.04 18:58:26 | 000,728,298 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2010.02.04 18:58:15 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2010.02.04 18:58:13 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010.02.04 18:58:10 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2010.02.04 18:58:08 | 000,016,256 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2010.02.04 18:58:02 | 000,026,506 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2010.02.04 18:58:00 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2010.02.04 18:56:55 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2010.02.04 18:56:41 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2010.02.04 18:55:51 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2010.02.04 18:54:04 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010.02.04 18:53:56 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010.02.04 18:53:15 | 000,082,560 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010.02.04 18:53:13 | 000,017,792 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010.02.04 18:52:59 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010.02.04 18:52:48 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010.02.04 18:52:46 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010.02.04 18:52:36 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010.02.04 18:52:33 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010.02.04 18:52:31 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010.02.04 18:52:29 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010.02.04 18:52:03 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010.02.04 18:51:55 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010.02.04 18:51:53 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010.02.04 18:51:42 | 000,046,080 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2010.02.04 18:51:40 | 000,046,080 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2010.02.04 18:51:38 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2010.02.04 18:51:32 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2010.02.04 18:51:19 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2010.02.04 18:50:19 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010.02.04 18:50:03 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010.02.04 18:49:49 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010.02.04 18:49:47 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010.02.04 18:49:46 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010.02.04 18:49:42 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010.02.04 18:49:41 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010.02.04 18:49:39 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010.02.04 18:49:34 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010.02.04 18:49:10 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010.02.04 18:49:09 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010.02.04 18:49:04 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010.02.04 18:48:32 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010.02.04 18:48:31 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010.02.04 18:48:30 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010.02.04 18:48:29 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010.02.04 18:48:28 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010.02.04 18:48:27 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010.02.04 18:48:26 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010.02.04 18:48:15 | 000,216,576 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010.02.04 18:48:13 | 000,061,130 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2010.02.04 18:47:52 | 000,020,864 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010.02.04 18:47:40 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010.02.04 18:46:48 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010.02.04 18:46:47 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010.02.04 18:46:46 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010.02.04 18:46:46 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010.02.04 18:46:45 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010.02.04 18:46:41 | 000,715,210 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010.02.04 18:46:40 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010.02.04 18:46:39 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010.02.04 18:46:38 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010.02.04 18:46:35 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010.02.04 18:46:34 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010.02.04 18:45:41 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010.02.04 18:45:41 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010.02.04 18:45:41 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010.02.04 18:45:40 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010.02.04 18:45:39 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010.02.04 18:45:39 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010.02.04 18:45:38 | 000,039,808 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010.02.04 18:45:37 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010.02.04 18:45:35 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010.02.04 18:45:34 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010.02.04 18:45:34 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010.02.04 18:45:33 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010.02.04 18:45:32 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010.02.04 18:45:31 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010.02.04 18:45:31 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010.02.04 18:45:30 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010.02.04 18:45:30 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010.02.04 18:45:29 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010.02.04 18:45:20 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010.02.04 18:45:15 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010.02.04 18:45:15 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010.02.04 18:45:13 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010.02.04 18:45:13 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010.02.04 18:45:11 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010.02.04 18:45:10 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010.02.04 18:45:10 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010.02.04 18:44:44 | 000,077,824 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010.02.04 18:44:43 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010.02.04 18:44:32 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010.02.04 18:44:13 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010.02.04 18:44:12 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010.02.04 18:44:12 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010.02.04 18:44:11 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010.02.04 18:44:11 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010.02.04 18:44:11 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010.02.04 18:44:08 | 000,061,952 | ---- | C] (Farb-Flachbett-Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010.02.04 18:44:06 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010.02.04 18:44:04 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010.02.04 18:44:04 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010.02.04 18:44:01 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010.02.04 18:44:01 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010.02.04 18:44:01 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010.02.03 23:56:05 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2010.02.03 23:45:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials
[2010.02.03 19:47:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010.02.03 19:34:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Panchi\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2010.02.03 19:34:08 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010.02.03 19:34:08 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010.02.03 19:34:08 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010.02.03 19:29:13 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010.02.03 19:29:09 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010.02.03 19:29:09 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010.02.03 19:29:01 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010.02.03 19:28:48 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Doctor
[2010.02.03 19:28:48 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools
[2010.02.03 19:28:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\PC Tools
[2010.02.03 19:28:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2010.02.03 19:28:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.02.03 19:23:35 | 000,016,352 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.02.03 19:23:34 | 000,036,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.02.03 19:23:34 | 000,024,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.02.03 19:23:32 | 000,087,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.02.03 19:23:32 | 000,085,952 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.02.03 19:23:28 | 000,090,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AVASTSS.scr
[2010.02.03 19:23:26 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software
[2010.02.01 20:17:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010.02.01 20:13:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data
[2010.02.01 19:49:04 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010.02.01 19:49:04 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010.02.01 19:47:50 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010.02.01 19:47:50 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010.02.01 19:47:50 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010.02.01 19:47:33 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010.01.29 20:24:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Panchi\DoctorWeb
[2010.01.29 18:34:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Panchi\Eigene Dateien\ForceField Shared Files
[2010.01.29 18:34:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\CheckPoint
[2010.01.29 18:33:26 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint
[2010.01.28 19:48:29 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.01.26 19:30:24 | 000,472,064 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\Panchi\Desktop\RootRepeal.exe
[2010.01.25 21:26:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2010.01.25 21:25:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\SUPERAntiSpyware.com
[2010.01.25 21:25:57 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.01.25 18:11:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Malwarebytes
[2010.01.25 18:11:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.01.25 18:11:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.01.25 18:10:59 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.01.25 18:10:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2008.06.07 16:08:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2008.06.04 22:24:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2008.06.04 22:19:18 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010.02.07 19:27:03 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Panchi\Desktop\OTL.exe
[2010.02.07 19:20:09 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.02.07 19:12:43 | 000,002,165 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk
[2010.02.07 19:12:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.02.07 19:12:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.02.07 19:11:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.02.06 17:42:19 | 004,718,592 | -H-- | M] () -- C:\Dokumente und Einstellungen\Panchi\NTUSER.DAT
[2010.02.06 17:42:19 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Panchi\ntuser.ini
[2010.02.05 20:33:01 | 001,046,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.02.05 20:33:01 | 000,450,888 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.02.05 20:33:01 | 000,434,346 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.02.05 20:33:01 | 000,081,720 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.02.05 20:33:01 | 000,068,632 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.02.05 20:29:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.02.05 20:28:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.02.05 20:21:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.02.05 19:54:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.02.05 19:43:12 | 003,848,393 | R--- | M] () -- C:\Dokumente und Einstellungen\Panchi\Desktop\schrauber.exe
[2010.02.05 19:29:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.02.05 19:23:01 | 000,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.02.05 19:21:40 | 004,846,142 | -H-- | M] () -- C:\Dokumente und Einstellungen\Panchi\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.02.03 23:46:00 | 000,000,798 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Security Essentials.lnk
[2010.02.03 23:28:11 | 000,000,857 | ---- | M] () -- C:\Dokumente und Einstellungen\Panchi\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk
[2010.02.03 20:20:40 | 000,524,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Panchi\Desktop\dds.scr
[2010.02.03 19:29:06 | 000,001,587 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Doctor.lnk
[2010.02.03 19:23:35 | 000,001,673 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Antivirus.lnk
[2010.02.03 19:23:34 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.02.01 19:50:26 | 000,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010.02.01 19:46:22 | 000,000,723 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.02.01 19:46:19 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.02.01 19:46:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.02.01 19:46:04 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010.02.01 19:45:15 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010.02.01 19:45:15 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010.02.01 19:43:46 | 000,022,880 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.02.01 19:42:44 | 000,000,525 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010.02.01 19:40:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.01.30 19:57:57 | 000,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2010.01.29 20:22:36 | 029,185,800 | ---- | M] () -- C:\Dokumente und Einstellungen\Panchi\Desktop\c95jdl9j.exe
[2010.01.29 18:33:25 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010.01.26 19:32:18 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Panchi\Desktop\settings.dat
[2010.01.26 19:30:33 | 000,472,064 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Panchi\Desktop\RootRepeal.exe
[2010.01.25 21:26:03 | 000,000,752 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.01.25 18:11:04 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.02.05 20:21:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.02.05 20:21:24 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.02.05 20:18:25 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.02.05 20:18:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.02.05 20:18:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.02.05 20:18:25 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.02.05 20:18:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.02.05 19:41:58 | 003,848,393 | R--- | C] () -- C:\Dokumente und Einstellungen\Panchi\Desktop\schrauber.exe
[2010.02.04 19:16:44 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010.02.04 19:06:04 | 000,086,097 | ---- | C] () -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2010.02.04 19:02:42 | 000,044,105 | ---- | C] () -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2010.02.04 18:54:02 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010.02.04 18:53:58 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010.02.04 18:53:53 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010.02.04 18:53:49 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010.02.04 18:53:45 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010.02.04 18:49:45 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010.02.04 18:49:44 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010.02.04 18:49:43 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010.02.04 18:49:40 | 000,031,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010.02.04 18:44:59 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010.02.04 18:44:58 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010.02.04 18:44:58 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010.02.04 18:44:57 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010.02.04 18:44:57 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010.02.04 18:44:56 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010.02.04 18:44:56 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010.02.04 18:44:55 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010.02.04 18:44:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010.02.04 18:44:48 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010.02.03 23:55:36 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.02.03 23:46:00 | 000,000,798 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Security Essentials.lnk
[2010.02.03 23:33:20 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010.02.03 23:33:20 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010.02.03 23:33:20 | 000,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010.02.03 23:33:20 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010.02.03 23:33:19 | 000,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010.02.03 23:33:19 | 000,076,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010.02.03 23:33:19 | 000,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010.02.03 23:33:18 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010.02.03 23:33:18 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010.02.03 23:33:18 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010.02.03 23:33:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010.02.03 23:33:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010.02.03 23:33:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010.02.03 23:33:18 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010.02.03 23:33:18 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010.02.03 23:33:18 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010.02.03 23:33:17 | 000,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010.02.03 23:33:17 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010.02.03 23:33:17 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010.02.03 23:33:17 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010.02.03 23:33:17 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010.02.03 23:33:17 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010.02.03 23:33:17 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010.02.03 23:33:17 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010.02.03 23:33:17 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010.02.03 23:33:17 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010.02.03 23:33:17 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010.02.03 23:33:16 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010.02.03 23:33:16 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010.02.03 23:33:15 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010.02.03 23:33:13 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010.02.03 23:33:13 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010.02.03 23:33:13 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010.02.03 23:33:13 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010.02.03 23:33:13 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010.02.03 23:33:13 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010.02.03 23:33:13 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010.02.03 23:33:13 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010.02.03 23:33:13 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010.02.03 23:33:13 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010.02.03 23:33:11 | 000,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010.02.03 23:33:11 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010.02.03 23:33:10 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010.02.03 23:33:09 | 000,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010.02.03 23:33:08 | 000,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010.02.03 23:33:07 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010.02.03 23:33:06 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010.02.03 23:33:06 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010.02.03 23:33:01 | 000,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010.02.03 23:33:01 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010.02.03 23:33:01 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010.02.03 23:32:59 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010.02.03 23:32:53 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010.02.03 23:32:48 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010.02.03 23:32:47 | 000,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010.02.03 23:32:47 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010.02.03 23:32:47 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010.02.03 23:32:47 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010.02.03 23:32:46 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010.02.03 23:32:46 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010.02.03 23:32:46 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010.02.03 23:32:46 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010.02.03 23:32:46 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010.02.03 23:32:45 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010.02.03 23:28:11 | 000,000,857 | ---- | C] () -- C:\Dokumente und Einstellungen\Panchi\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk
[2010.02.03 19:34:09 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010.02.03 19:34:08 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010.02.03 19:34:08 | 000,000,883 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010.02.03 19:34:08 | 000,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010.02.03 19:34:08 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010.02.03 19:29:13 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010.02.03 19:29:09 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010.02.03 19:29:09 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010.02.03 19:29:06 | 000,001,587 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Doctor.lnk
[2010.02.03 19:29:01 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010.02.03 19:23:35 | 000,001,673 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Antivirus.lnk
[2010.02.03 19:23:28 | 000,666,240 | ---- | C] () -- C:\WINDOWS\System32\aswBoot.exe
[2010.02.03 19:23:28 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010.02.01 19:49:45 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010.02.01 19:48:57 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010.02.01 19:48:57 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010.02.01 19:48:55 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010.02.01 19:48:29 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010.02.01 19:48:28 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010.02.01 19:48:19 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010.02.01 19:48:18 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010.02.01 19:48:15 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010.02.01 19:48:04 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010.02.01 19:47:56 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010.02.01 19:47:37 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010.02.01 19:47:32 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010.02.01 19:47:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010.02.01 19:47:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010.02.01 19:47:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010.02.01 19:47:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010.02.01 19:47:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010.02.01 19:47:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010.02.01 19:47:30 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010.02.01 19:47:30 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010.02.01 19:47:30 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010.02.01 19:47:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010.02.01 19:47:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010.02.01 19:47:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010.02.01 19:47:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010.02.01 19:47:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010.02.01 19:47:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010.02.01 19:47:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010.02.01 19:47:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010.02.01 19:47:28 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010.02.01 19:47:28 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010.02.01 19:47:28 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010.02.01 19:47:28 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010.02.01 19:47:28 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010.02.01 19:47:28 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010.02.01 19:47:28 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010.02.01 19:47:26 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010.02.01 19:47:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010.02.01 19:47:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010.02.01 19:47:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010.02.01 19:47:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010.02.01 19:47:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010.02.01 19:47:25 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010.02.01 19:47:25 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010.02.01 19:47:25 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010.02.01 19:47:24 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010.02.01 19:47:24 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010.02.01 19:45:15 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010.02.01 19:20:11 | 001,014,663 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010.02.01 19:20:11 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010.02.01 19:20:11 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010.02.01 19:20:11 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010.02.01 19:20:11 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010.02.01 19:20:11 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010.02.01 19:20:11 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010.01.30 19:23:13 | 000,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2010.01.29 20:19:13 | 029,185,800 | ---- | C] () -- C:\Dokumente und Einstellungen\Panchi\Desktop\c95jdl9j.exe
[2010.01.29 18:33:25 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010.01.26 19:32:18 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Panchi\Desktop\settings.dat
[2010.01.26 19:26:01 | 000,524,288 | ---- | C] () -- C:\Dokumente und Einstellungen\Panchi\Desktop\dds.scr
[2010.01.25 21:26:03 | 000,000,752 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.01.25 18:11:04 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.12.11 12:39:39 | 000,000,079 | ---- | C] () -- C:\WINDOWS\UF.INI
[2009.10.24 19:13:40 | 000,472,304 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009.10.24 11:23:56 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2009.10.10 15:26:19 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.10.02 18:38:22 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Panchi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.21 15:25:56 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008.06.18 18:42:03 | 000,031,862 | ---- | C] () -- C:\WINDOWS\System32\RdCi1021.dll
[2008.06.12 14:03:33 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008.06.09 22:36:53 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008.06.06 18:51:20 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008.06.06 18:51:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2008.03.28 01:20:54 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\zmghpaso.dll
[2006.11.11 20:50:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006.08.31 17:46:13 | 000,000,302 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2005.02.17 10:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 10:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009.10.24 11:30:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2008.06.09 22:12:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC-Doctor
[2010.02.07 19:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.12.17 19:22:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0431FA92-08E5-47E9-950C-61AAE87BAD26}
[2008.12.16 19:59:21 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{9C36D948-8394-4450-B5B9-025B8EC0198D}
[2010.01.29 18:34:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\CheckPoint
[2009.06.13 15:19:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Downloaded Installations
[2010.02.06 17:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\FRITZ!
[2008.10.06 18:38:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\GNU Solfege
[2009.10.24 11:30:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Lenovo
[2008.06.07 15:34:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Steinberg
[2008.08.02 15:27:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Topten Software
[2010.02.07 19:20:09 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.02.05 18:54:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.02.05 18:54:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010.02.05 18:54:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.02.05 18:54:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.02.05 18:54:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010.02.05 18:54:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006.02.28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007.02.12 12:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\AHCI\Driver64\IaStor.sys
[2007.02.12 12:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\AHCI\Driver\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006.02.28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\SoftwareDistribution\Download\9a1182b50c9ecbd8bedf4c560755eafc\sp2qfe\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\SoftwareDistribution\Download\c73c85abcd9580c46805ff94bb133fb8\sp2qfe\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006.02.28 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
< End of report >

#8 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 08 February 2010 - 03:05 PM

Hi,

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Also please post back with a fresh OTL logfile.

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#9 Panchi

New Member

Group: Members
Posts: 6
Joined: 26-January 10

Posted 09 February 2010 - 03:24 PM

Dear Thomas,

so far, so good:All the scans were negative.

Apparently the computer is clean now.
Here you have the log files.

Many thanks and regards !

%%%%%%%%%%%% MALWARE BYTES %%%%%%%%%%%%%%%%%%%%
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3714
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09.02.2010 19:31:06
mbam-log-2010-02-09 (19-31-06).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 119431
Laufzeit: 9 minute(s), 57 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

%%%%%%%%%%%%% ESET %%%%%%%%%

# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 252116 252116 0 0
# compatibility_mode=8192 67108863 100 0 3757 3757 0 0
# scanned=44211
# found=0
# cleaned=0
# scan_time=2079
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=036d24821f44c84a9c624c180fd64518
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-09 07:43:05
# local_time=2010-02-09 08:43:05 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777175 100 0 522817 522817 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776533 100 100 657 20393339 0 0
# compatibility_mode=8192 67108863 100 0 1039714 1039714 0 0
# scanned=60364
# found=0
# cleaned=0
# scan_time=3964

%%%%%%%%%%%%%%%%%% OTL.txt %%%%%%%%%%%%%

OTL logfile created on: 09.02.2010 20:44:27 - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Dokumente und Einstellungen\Panchi\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,05 Gb Total Space | 123,83 Gb Free Space | 83,08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RATICULI-FA8A88
Current User Name: Panchi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.02.07 19:27:03 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Panchi\Desktop\OTL.exe
PRC - [2010.01.25 22:44:45 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.01.19 20:22:13 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2010.01.07 16:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.01.05 07:56:02 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009.09.13 18:52:50 | 001,048,392 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Essentials\msseces.exe
PRC - [2009.08.03 03:07:00 | 000,062,240 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009.07.29 09:43:34 | 000,163,840 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009.07.29 09:42:32 | 000,221,184 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009.07.29 09:42:28 | 000,098,304 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009.07.29 09:40:40 | 000,425,984 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009.07.29 09:35:18 | 000,172,032 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2009.07.02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009.05.27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008.10.20 10:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.14 09:08:38 | 000,054,560 | ---- | M] (Lenovo.) -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe
PRC - [2008.03.11 12:33:02 | 000,054,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.11.29 17:36:38 | 002,872,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\cssauth.exe
PRC - [2007.11.29 16:56:34 | 000,722,232 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.09.11 14:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2007.09.07 10:06:46 | 001,070,384 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\FwebProt.exe
PRC - [2007.09.04 09:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2007.05.30 12:52:32 | 000,868,352 | ---- | M] () -- C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2007.03.23 15:32:42 | 000,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2007.03.23 15:32:40 | 000,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007.03.23 15:32:36 | 000,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007.03.23 15:32:24 | 000,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007.03.16 04:26:22 | 000,057,344 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\PM Driver\PMSveH.exe
PRC - [2007.03.16 04:26:18 | 000,031,840 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\PM Driver\PMHandler.exe
PRC - [2007.03.01 01:02:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\LenovoCare\LPMGR.EXE
PRC - [2007.01.30 17:54:00 | 016,116,224 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007.01.19 14:16:46 | 000,061,440 | ---- | M] (AuthenTec,Inc) -- C:\WINDOWS\system32\FpLogonServ.exe
PRC - [2006.11.11 20:56:18 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2006.11.08 09:28:52 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006.11.08 09:20:58 | 000,950,272 | ---- | M] (Intel Corporation ) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006.11.08 09:14:00 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006.09.25 17:42:07 | 000,108,160 | ---- | M] () -- C:\Programme\Alwil Software\Avast4\ashDisp.exe
PRC - [2006.09.25 17:42:01 | 000,108,160 | ---- | M] () -- C:\Programme\Alwil Software\Avast4\ashServ.exe
PRC - [2006.09.25 17:32:08 | 000,059,008 | ---- | M] () -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2006.08.30 15:40:04 | 000,089,542 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2006.05.19 13:51:16 | 000,774,233 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005.01.14 08:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe
PRC - [1999.12.13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE

========== Modules (SafeList) ==========

MOD - [2010.02.07 19:27:03 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Panchi\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (BackWeb Plug-in - 7681197)
SRV - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009.11.06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009.10.30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009.08.05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.07.29 09:42:32 | 000,221,184 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009.07.29 09:42:28 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009.07.02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.10.20 10:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008.03.14 09:08:38 | 000,054,560 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.11.29 16:56:34 | 000,722,232 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.09.04 09:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.03.16 04:26:22 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)
SRV - [2007.01.19 14:16:46 | 000,061,440 | ---- | M] (AuthenTec,Inc) [Auto | Running] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2006.11.11 20:56:18 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006.11.08 09:28:52 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006.11.08 09:20:58 | 000,950,272 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006.11.08 09:14:00 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006.09.25 17:42:01 | 000,108,160 | ---- | M] () [Auto | Running] -- C:\Programme\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2006.09.25 17:41:44 | 000,251,520 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Programme\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2006.09.25 17:41:34 | 000,370,304 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Programme\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2006.09.25 17:32:08 | 000,059,008 | ---- | M] () [Auto | Running] -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2005.01.14 08:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)
SRV - [1999.12.13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.02.03 18:36:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.01.25 22:44:58 | 000,000,000 | ---D | M]

[2008.08.30 14:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Mozilla\Extensions
[2010.02.08 19:50:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Mozilla\Firefox\Profiles\xp0r99b6.default\extensions
[2010.01.08 21:01:48 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Mozilla\Firefox\Profiles\xp0r99b6.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010.01.17 16:27:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Mozilla\Firefox\Profiles\xp0r99b6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.08 21:01:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Mozilla\Firefox\Profiles\xp0r99b6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.08.30 14:29:15 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

O1 HOSTS File: ([2010.02.05 20:28:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Programme\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Message Center Plus] C:\Programme\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [MSSE] c:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PMHandler] C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\WINDOWS\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Panchi\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure\Anti-Spyware\ieshield.dll File not found
O9 - Extra 'Tools' menuitem : IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure\Anti-Spyware\ieshield.dll File not found
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1212849099246 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\tphotkey: DllName - C:\Programme\Lenovo\HOTKEY\tphklock.dll - C:\Programme\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.04 22:19:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.02.01 19:45:42 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010.02.07 19:23:42 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Panchi\Desktop\OTL.exe
[2010.02.06 16:46:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.02.05 20:21:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.02.05 20:18:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.02.05 20:18:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.02.05 20:18:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.02.05 20:18:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.02.05 20:18:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.02.05 20:15:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.02.05 19:23:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.02.05 18:55:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010.02.05 18:48:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2010.02.04 20:42:44 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 6.0
[2010.02.04 19:16:50 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2010.02.04 19:16:36 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2010.02.04 19:16:29 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2010.02.04 19:16:02 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2010.02.04 19:15:59 | 000,035,402 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2010.02.04 19:15:44 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2010.02.04 19:15:22 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2010.02.04 19:15:10 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2010.02.04 19:15:08 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2010.02.04 19:15:05 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2010.02.04 19:15:00 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2010.02.04 19:14:56 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2010.02.04 19:14:49 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2010.02.04 19:14:46 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2010.02.04 19:14:31 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2010.02.04 19:14:18 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2010.02.04 19:14:15 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2010.02.04 19:14:12 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2010.02.04 19:14:06 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2010.02.04 19:13:43 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010.02.04 19:13:31 | 000,212,480 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2010.02.04 19:13:28 | 000,216,576 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2010.02.04 19:13:10 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2010.02.04 19:13:07 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2010.02.04 19:13:04 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2010.02.04 19:13:01 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2010.02.04 19:12:58 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2010.02.04 19:12:55 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2010.02.04 19:12:29 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2010.02.04 19:12:19 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2010.02.04 19:12:16 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2010.02.04 19:12:11 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2010.02.04 19:12:08 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2010.02.04 19:11:53 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2010.02.04 19:11:50 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2010.02.04 19:11:13 | 000,159,744 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2010.02.04 19:11:10 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2010.02.04 19:11:08 | 000,287,232 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2010.02.04 19:11:04 | 000,017,152 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2010.02.04 19:10:57 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2010.02.04 19:10:33 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2010.02.04 19:10:03 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2010.02.04 19:10:00 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2010.02.04 19:09:56 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2010.02.04 19:09:54 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2010.02.04 19:09:51 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2010.02.04 19:09:11 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2010.02.04 19:09:08 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2010.02.04 19:09:05 | 000,095,178 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2010.02.04 19:08:59 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2010.02.04 19:08:26 | 000,161,888 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2010.02.04 19:08:23 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2010.02.04 19:08:21 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2010.02.04 19:08:16 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2010.02.04 19:07:45 | 000,017,792 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2010.02.04 19:07:38 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2010.02.04 19:07:36 | 000,024,192 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2010.02.04 19:07:19 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2010.02.04 19:07:16 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2010.02.04 19:07:13 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2010.02.04 19:07:11 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2010.02.04 19:07:08 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2010.02.04 19:07:05 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2010.02.04 19:07:02 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2010.02.04 19:07:00 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2010.02.04 19:06:57 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2010.02.04 19:06:50 | 000,083,968 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2010.02.04 19:06:47 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2010.02.04 19:06:33 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2010.02.04 19:06:31 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2010.02.04 19:06:22 | 000,010,752 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2010.02.04 19:06:08 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2010.02.04 19:05:37 | 000,715,242 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2010.02.04 19:05:34 | 000,899,658 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2010.02.04 19:04:57 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2010.02.04 19:04:54 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2010.02.04 19:04:51 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2010.02.04 19:04:40 | 000,016,384 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2010.02.04 19:03:40 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2010.02.04 19:03:37 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2010.02.04 19:03:27 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2010.02.04 19:03:25 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2010.02.04 19:03:22 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2010.02.04 19:02:45 | 000,054,730 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2010.02.04 19:02:40 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2010.02.04 19:02:35 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2010.02.04 19:02:09 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2010.02.04 19:01:53 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2010.02.04 19:01:51 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2010.02.04 19:01:45 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2010.02.04 19:01:44 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2010.02.04 19:01:31 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2010.02.04 19:01:29 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2010.02.04 19:01:20 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2010.02.04 19:01:18 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2010.02.04 19:01:15 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2010.02.04 19:01:13 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2010.02.04 19:01:10 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2010.02.04 19:01:08 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2010.02.04 19:01:00 | 000,076,288 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2010.02.04 19:00:58 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2010.02.04 19:00:55 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2010.02.04 19:00:53 | 000,020,480 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2010.02.04 19:00:51 | 000,022,144 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2010.02.04 19:00:47 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2010.02.04 18:59:39 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2010.02.04 18:58:57 | 000,164,970 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2010.02.04 18:58:35 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2010.02.04 18:58:33 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2010.02.04 18:58:32 | 000,422,016 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2010.02.04 18:58:28 | 000,607,196 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2010.02.04 18:58:28 | 000,577,226 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2010.02.04 18:58:26 | 000,728,298 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2010.02.04 18:58:15 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2010.02.04 18:58:13 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010.02.04 18:58:10 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2010.02.04 18:58:08 | 000,016,256 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2010.02.04 18:58:02 | 000,026,506 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2010.02.04 18:58:00 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2010.02.04 18:56:55 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2010.02.04 18:56:41 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2010.02.04 18:55:51 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2010.02.04 18:54:04 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010.02.04 18:53:56 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010.02.04 18:53:15 | 000,082,560 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010.02.04 18:53:13 | 000,017,792 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010.02.04 18:52:59 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010.02.04 18:52:48 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010.02.04 18:52:46 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010.02.04 18:52:36 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010.02.04 18:52:33 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010.02.04 18:52:31 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010.02.04 18:52:29 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010.02.04 18:52:03 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010.02.04 18:51:55 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010.02.04 18:51:53 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010.02.04 18:51:42 | 000,046,080 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2010.02.04 18:51:40 | 000,046,080 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2010.02.04 18:51:38 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2010.02.04 18:51:32 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2010.02.04 18:51:19 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2010.02.04 18:50:19 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010.02.04 18:50:03 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010.02.04 18:49:49 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010.02.04 18:49:47 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010.02.04 18:49:46 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010.02.04 18:49:42 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010.02.04 18:49:41 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010.02.04 18:49:39 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010.02.04 18:49:34 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010.02.04 18:49:10 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010.02.04 18:49:09 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010.02.04 18:49:04 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010.02.04 18:48:32 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010.02.04 18:48:31 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010.02.04 18:48:30 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010.02.04 18:48:29 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010.02.04 18:48:28 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010.02.04 18:48:27 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010.02.04 18:48:26 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010.02.04 18:48:15 | 000,216,576 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010.02.04 18:48:13 | 000,061,130 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2010.02.04 18:47:52 | 000,020,864 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010.02.04 18:47:40 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010.02.04 18:46:48 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010.02.04 18:46:47 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010.02.04 18:46:46 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010.02.04 18:46:46 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010.02.04 18:46:45 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010.02.04 18:46:41 | 000,715,210 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010.02.04 18:46:40 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010.02.04 18:46:39 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010.02.04 18:46:38 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010.02.04 18:46:35 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010.02.04 18:46:34 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010.02.04 18:45:41 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010.02.04 18:45:41 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010.02.04 18:45:41 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010.02.04 18:45:40 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010.02.04 18:45:39 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010.02.04 18:45:39 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010.02.04 18:45:38 | 000,039,808 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010.02.04 18:45:37 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010.02.04 18:45:35 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010.02.04 18:45:34 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010.02.04 18:45:34 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010.02.04 18:45:33 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010.02.04 18:45:32 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010.02.04 18:45:31 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010.02.04 18:45:31 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010.02.04 18:45:30 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010.02.04 18:45:30 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010.02.04 18:45:29 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010.02.04 18:45:20 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010.02.04 18:45:15 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010.02.04 18:45:15 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010.02.04 18:45:13 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010.02.04 18:45:13 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010.02.04 18:45:11 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010.02.04 18:45:10 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010.02.04 18:45:10 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010.02.04 18:44:44 | 000,077,824 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010.02.04 18:44:43 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010.02.04 18:44:32 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010.02.04 18:44:13 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010.02.04 18:44:12 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010.02.04 18:44:12 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010.02.04 18:44:11 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010.02.04 18:44:11 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010.02.04 18:44:11 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010.02.04 18:44:08 | 000,061,952 | ---- | C] (Farb-Flachbett-Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010.02.04 18:44:06 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010.02.04 18:44:04 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010.02.04 18:44:04 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010.02.04 18:44:01 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010.02.04 18:44:01 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010.02.04 18:44:01 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010.02.03 23:56:05 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2010.02.03 23:45:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials
[2010.02.03 19:47:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010.02.03 19:34:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Panchi\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2010.02.03 19:34:08 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010.02.03 19:34:08 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010.02.03 19:34:08 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010.02.03 19:29:13 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010.02.03 19:29:09 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010.02.03 19:29:09 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010.02.03 19:29:01 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010.02.03 19:28:48 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Doctor
[2010.02.03 19:28:48 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools
[2010.02.03 19:28:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\PC Tools
[2010.02.03 19:28:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2010.02.03 19:28:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.02.03 19:23:35 | 000,016,352 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.02.03 19:23:34 | 000,036,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.02.03 19:23:34 | 000,024,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.02.03 19:23:32 | 000,087,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.02.03 19:23:32 | 000,085,952 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.02.03 19:23:28 | 000,090,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AVASTSS.scr
[2010.02.03 19:23:26 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software
[2010.02.01 20:17:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010.02.01 20:13:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data
[2010.02.01 19:49:04 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010.02.01 19:49:04 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010.02.01 19:47:50 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010.02.01 19:47:50 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010.02.01 19:47:50 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010.02.01 19:47:33 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010.01.29 20:24:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Panchi\DoctorWeb
[2010.01.29 18:34:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Panchi\Eigene Dateien\ForceField Shared Files
[2010.01.29 18:34:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\CheckPoint
[2010.01.29 18:33:26 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint
[2010.01.28 19:48:29 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2008.06.07 16:08:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2008.06.04 22:24:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2008.06.04 22:19:18 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010.02.09 19:20:28 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.02.09 19:12:58 | 000,002,165 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk
[2010.02.09 19:12:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.02.09 19:12:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.02.09 19:12:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.02.08 20:00:52 | 004,718,592 | -H-- | M] () -- C:\Dokumente und Einstellungen\Panchi\NTUSER.DAT
[2010.02.08 20:00:52 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Panchi\ntuser.ini
[2010.02.07 19:27:03 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Panchi\Desktop\OTL.exe
[2010.02.05 20:33:01 | 001,046,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.02.05 20:33:01 | 000,450,888 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.02.05 20:33:01 | 000,434,346 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.02.05 20:33:01 | 000,081,720 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.02.05 20:33:01 | 000,068,632 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.02.05 20:29:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.02.05 20:28:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.02.05 20:21:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.02.05 19:54:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.02.05 19:43:12 | 003,848,393 | R--- | M] () -- C:\Dokumente und Einstellungen\Panchi\Desktop\schrauber.exe
[2010.02.05 19:29:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.02.05 19:23:01 | 000,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.02.05 19:21:40 | 004,846,142 | -H-- | M] () -- C:\Dokumente und Einstellungen\Panchi\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.02.03 23:46:00 | 000,000,798 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Security Essentials.lnk
[2010.02.03 23:28:11 | 000,000,857 | ---- | M] () -- C:\Dokumente und Einstellungen\Panchi\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk
[2010.02.03 20:20:40 | 000,524,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Panchi\Desktop\dds.scr
[2010.02.03 19:29:06 | 000,001,587 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Doctor.lnk
[2010.02.03 19:23:35 | 000,001,673 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Antivirus.lnk
[2010.02.03 19:23:34 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.02.01 19:50:26 | 000,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010.02.01 19:46:22 | 000,000,723 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.02.01 19:46:19 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.02.01 19:46:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.02.01 19:46:04 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010.02.01 19:45:15 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010.02.01 19:45:15 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010.02.01 19:43:46 | 000,022,880 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.02.01 19:42:44 | 000,000,525 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010.02.01 19:40:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.01.30 19:57:57 | 000,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2010.01.29 20:22:36 | 029,185,800 | ---- | M] () -- C:\Dokumente und Einstellungen\Panchi\Desktop\c95jdl9j.exe
[2010.01.29 18:33:25 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.02.05 20:21:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.02.05 20:21:24 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.02.05 20:18:25 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.02.05 20:18:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.02.05 20:18:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.02.05 20:18:25 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.02.05 20:18:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.02.05 19:41:58 | 003,848,393 | R--- | C] () -- C:\Dokumente und Einstellungen\Panchi\Desktop\schrauber.exe
[2010.02.04 19:16:44 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010.02.04 19:06:04 | 000,086,097 | ---- | C] () -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2010.02.04 19:02:42 | 000,044,105 | ---- | C] () -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2010.02.04 18:54:02 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010.02.04 18:53:58 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010.02.04 18:53:53 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010.02.04 18:53:49 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010.02.04 18:53:45 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010.02.04 18:49:45 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010.02.04 18:49:44 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010.02.04 18:49:43 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010.02.04 18:49:40 | 000,031,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010.02.04 18:44:59 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010.02.04 18:44:58 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010.02.04 18:44:58 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010.02.04 18:44:57 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010.02.04 18:44:57 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010.02.04 18:44:56 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010.02.04 18:44:56 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010.02.04 18:44:55 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010.02.04 18:44:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010.02.04 18:44:48 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010.02.03 23:55:36 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.02.03 23:46:00 | 000,000,798 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft Security Essentials.lnk
[2010.02.03 23:33:20 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010.02.03 23:33:20 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010.02.03 23:33:20 | 000,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010.02.03 23:33:20 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010.02.03 23:33:19 | 000,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010.02.03 23:33:19 | 000,076,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010.02.03 23:33:19 | 000,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010.02.03 23:33:18 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010.02.03 23:33:18 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010.02.03 23:33:18 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010.02.03 23:33:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010.02.03 23:33:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010.02.03 23:33:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010.02.03 23:33:18 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010.02.03 23:33:18 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010.02.03 23:33:18 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010.02.03 23:33:17 | 000,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010.02.03 23:33:17 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010.02.03 23:33:17 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010.02.03 23:33:17 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010.02.03 23:33:17 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010.02.03 23:33:17 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010.02.03 23:33:17 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010.02.03 23:33:17 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010.02.03 23:33:17 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010.02.03 23:33:17 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010.02.03 23:33:17 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010.02.03 23:33:16 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010.02.03 23:33:16 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010.02.03 23:33:15 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010.02.03 23:33:13 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010.02.03 23:33:13 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010.02.03 23:33:13 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010.02.03 23:33:13 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010.02.03 23:33:13 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010.02.03 23:33:13 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010.02.03 23:33:13 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010.02.03 23:33:13 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010.02.03 23:33:13 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010.02.03 23:33:13 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010.02.03 23:33:11 | 000,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010.02.03 23:33:11 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010.02.03 23:33:10 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010.02.03 23:33:09 | 000,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010.02.03 23:33:08 | 000,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010.02.03 23:33:07 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010.02.03 23:33:06 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010.02.03 23:33:06 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010.02.03 23:33:01 | 000,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010.02.03 23:33:01 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010.02.03 23:33:01 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010.02.03 23:32:59 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010.02.03 23:32:53 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010.02.03 23:32:48 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010.02.03 23:32:47 | 000,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010.02.03 23:32:47 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010.02.03 23:32:47 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010.02.03 23:32:47 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010.02.03 23:32:46 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010.02.03 23:32:46 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010.02.03 23:32:46 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010.02.03 23:32:46 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010.02.03 23:32:46 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010.02.03 23:32:45 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010.02.03 23:28:11 | 000,000,857 | ---- | C] () -- C:\Dokumente und Einstellungen\Panchi\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk
[2010.02.03 19:34:09 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010.02.03 19:34:08 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010.02.03 19:34:08 | 000,000,883 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010.02.03 19:34:08 | 000,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010.02.03 19:34:08 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010.02.03 19:29:13 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010.02.03 19:29:09 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010.02.03 19:29:09 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010.02.03 19:29:06 | 000,001,587 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Doctor.lnk
[2010.02.03 19:29:01 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010.02.03 19:23:35 | 000,001,673 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Antivirus.lnk
[2010.02.03 19:23:28 | 000,666,240 | ---- | C] () -- C:\WINDOWS\System32\aswBoot.exe
[2010.02.03 19:23:28 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010.02.01 19:49:45 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010.02.01 19:48:57 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010.02.01 19:48:57 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010.02.01 19:48:55 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010.02.01 19:48:29 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010.02.01 19:48:28 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010.02.01 19:48:19 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010.02.01 19:48:18 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010.02.01 19:48:15 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010.02.01 19:48:04 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010.02.01 19:47:56 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010.02.01 19:47:37 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010.02.01 19:47:32 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010.02.01 19:47:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010.02.01 19:47:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010.02.01 19:47:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010.02.01 19:47:31 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010.02.01 19:47:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010.02.01 19:47:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010.02.01 19:47:30 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010.02.01 19:47:30 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010.02.01 19:47:30 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010.02.01 19:47:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010.02.01 19:47:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010.02.01 19:47:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010.02.01 19:47:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010.02.01 19:47:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010.02.01 19:47:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010.02.01 19:47:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010.02.01 19:47:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010.02.01 19:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010.02.01 19:47:28 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010.02.01 19:47:28 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010.02.01 19:47:28 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010.02.01 19:47:28 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010.02.01 19:47:28 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010.02.01 19:47:28 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010.02.01 19:47:28 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010.02.01 19:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010.02.01 19:47:26 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010.02.01 19:47:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010.02.01 19:47:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010.02.01 19:47:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010.02.01 19:47:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010.02.01 19:47:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010.02.01 19:47:25 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010.02.01 19:47:25 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010.02.01 19:47:25 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010.02.01 19:47:24 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010.02.01 19:47:24 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010.02.01 19:45:15 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010.02.01 19:45:09 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010.02.01 19:20:11 | 001,014,663 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010.02.01 19:20:11 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010.02.01 19:20:11 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010.02.01 19:20:11 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010.02.01 19:20:11 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010.02.01 19:20:11 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010.02.01 19:20:11 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010.01.30 19:23:13 | 000,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2010.01.29 20:19:13 | 029,185,800 | ---- | C] () -- C:\Dokumente und Einstellungen\Panchi\Desktop\c95jdl9j.exe
[2010.01.29 18:33:25 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009.12.11 12:39:39 | 000,000,079 | ---- | C] () -- C:\WINDOWS\UF.INI
[2009.10.24 19:13:40 | 000,472,304 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009.10.24 11:23:56 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2009.10.10 15:26:19 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.10.02 18:38:22 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Panchi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.21 15:25:56 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008.06.18 18:42:03 | 000,031,862 | ---- | C] () -- C:\WINDOWS\System32\RdCi1021.dll
[2008.06.12 14:03:33 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008.06.09 22:36:53 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008.06.06 18:51:20 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008.06.06 18:51:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2008.03.28 01:20:54 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\zmghpaso.dll
[2006.11.11 20:50:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006.08.31 17:46:13 | 000,000,302 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2005.02.17 10:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 10:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009.10.24 11:30:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2008.06.09 22:12:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC-Doctor
[2010.02.09 19:12:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.12.17 19:22:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0431FA92-08E5-47E9-950C-61AAE87BAD26}
[2008.12.16 19:59:21 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{9C36D948-8394-4450-B5B9-025B8EC0198D}
[2010.01.29 18:34:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\CheckPoint
[2009.06.13 15:19:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Downloaded Installations
[2010.02.08 20:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\FRITZ!
[2008.10.06 18:38:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\GNU Solfege
[2009.10.24 11:30:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Lenovo
[2008.06.07 15:34:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Steinberg
[2008.08.02 15:27:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Panchi\Anwendungsdaten\Topten Software
[2010.02.09 19:20:28 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.02.05 18:54:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.02.05 18:54:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010.02.05 18:54:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.02.05 18:54:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.02.05 18:54:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010.02.05 18:54:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006.02.28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007.02.12 12:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\AHCI\Driver64\IaStor.sys
[2007.02.12 12:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\AHCI\Driver\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006.02.28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\SoftwareDistribution\Download\9a1182b50c9ecbd8bedf4c560755eafc\sp2qfe\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\SoftwareDistribution\Download\c73c85abcd9580c46805ff94bb133fb8\sp2qfe\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006.02.28 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
< End of report >

%%%%%%%%%%%%%%%

#10 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 09 February 2010 - 04:01 PM

Hi,

Delete ComboFix and Clean Up
Click Start > Run > type combofix /Uninstall > OK (Note the space between combofix and /Uninstall)
Please advise if this step is missed for any reason as it performs some important actions.

Please run OTL one more time and hit Cleanup. This will remove OTL and all helper tools.

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean

Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future.

Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.

There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Visit Microsoft's Windows Update Site Frequently

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Make Internet Explorer 7 more secure

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
1. Change the Download signed ActiveX controls to Prompt
2. Change the Download unsigned ActiveX controls to Disable
3. Change the Initialize and script ActiveX controls not marked as safe to Disable
4. Change the Installation of desktop items to Prompt
5. Change the Launching programs and files in an IFRAME to Prompt
6. Change the Navigate sub-frames across different domains to Prompt
7. When all these settings have been made, click on the OK button.
8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Use an AntiVirus Software

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Install SpywareBlaster

SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#11 Panchi

New Member

Group: Members
Posts: 6
Joined: 26-January 10

Posted 11 February 2010 - 12:58 PM

Dear Thomas,

Thanks a lot for your help and your good advices,I´m certainly going to implement them.
I hope not to need to be here again begging for help.

Best regards !!

#12 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 13 February 2010 - 12:21 PM

You're welcome

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware