PRJ Downloader

TIPower · 09.11.2008, 20:34

Hallo!
Ich habe mir ein Backdoor und ein Trojandownloader eingefange nsie konnten nicht downloaden weil mein AntiVirus (Eset smart Security) hat rechtzeitig die verbindung beendet.

Der Backdoor hieß:
System.exe und wahr C:/
der downloader wahr in der registry der eintrag hieß Windows Update.

Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30, on 2008-11-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programme\abylonsoft\apmPro\APMPCtrlSer.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programme\ESET\ESET Smart Security\ekrn.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\McAfee\SiteAdvisor\McSACore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programme\Spyware Terminator\sp_rsser.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA BE.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\ESET\ESET Smart Security\egui.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Internet Download Manager\IDMan.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Internet Download Manager\IEMonitor.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Programme\Mozilla Firefox 3 Beta 5\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Dokumente und Einstellungen\Ole\Desktop\Sachen\Avira\NfS Pro Street.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programme\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programme\Crawler\Toolbar\ctbr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.2.6.26.d ll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA BE.EXE /P23 "EPSON Stylus D88 Series" /O5 "LPT1:" /M "Stylus D88"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Programme\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_15_Download-Version\TrayServer.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Programme\Gemeinsame Dateien\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IDMan] C:\Programme\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RetroRun] C:\Programme\RetroShare\RetroShare.exe -a
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-3198565141-1743790203-2898894196-1009\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-21-3198565141-1743790203-2898894196-1009\..\RunOnce: [NeroHomeFirstStart] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: abylon MANAGER.lnk = C:\Programme\abylonsoft\apmPro\APMPMgr.EXE
O4 - Global Startup: abylonsoft Module aktivieren.lnk = C:\Programme\abylonsoft\apmPro\APMPSetup.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download aller Links mit IDM - C:\Programme\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Programme\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download mit IDM - C:\Programme\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programme\BitComet\tools\BitCometBHO_1.2.6.26.d ll/206 (file missing)
O9 - Extra button: Secret City - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1106843944468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...nner371420.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programme\Crawler\Toolbar\ctbr.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: apm - control service (apmctrl) - abylonsoft - Dr. Thomas Klabunde GbR - C:\Programme\abylonsoft\apmPro\APMPCtrlSer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programme\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programme\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.ex e
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programme\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programme\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13593 bytes

Ist nicht mehr das sauberste aber die meisten einträge sind sauber , und die brauche ich noch .

Malwarebytes:
Fertig log unten

Combofix:
mach ich gleich.

Counterspy:
mach ich gleich Wenn ich es nich schaffe morgen

Spywareterminator:
mach ich morgen

ESET SE:
mach ich morgen

TIPower · 09.11.2008, 20:36

Nur C:

Malwarebytes' Anti-Malware 1.30
Datenbank Version: 1378
Windows 5.1.2600 Service Pack 3

2008-11-09 21:35:31
mbam-log-2008-11-09 (21-35-31).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 29001
Laufzeit: 11 minute(s), 8 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

__________________________________________________ _________

Quick scan:
Malwarebytes' Anti-Malware 1.30
Datenbank Version: 1378
Windows 5.1.2600 Service Pack 3

2008-11-09 21:23:47
mbam-log-2008-11-09 (21-23-47).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 54502
Laufzeit: 5 minute(s), 26 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Microsoft WinUpdate (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\system.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

__________________________________________________ ____________

TIPower · 09.11.2008, 20:44

spyware terminator:
Logfile of Spyware Terminator v2.3.0.507 (db:2.011.007.000)
Scan Time: 2008-11-09 21:39:08 length: 186 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Fast_Spyware_Scan
Scanned Objects: 79592 (Critical:0)
Filter: No System items, No Safe items, No Invalid items

Running Processes
Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
agrsmsvc.exe [Agere Systems] : C:\WINDOWS\system32\agrsmsvc.exe
APMPCtrlSer.exe [abylonsoft - Dr. Thomas Klabunde GbR] : C:\Programme\abylonsoft\apmPro\APMPCtrlSer.exe
AppleMobileDeviceService.exe [Apple Inc.] : C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
BTNtService.exe : C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
CLCapSvc.exe : C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
CLMLServer.exe [Cyberlink] : C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
ekrn.exe [ESET] : C:\Programme\ESET\ESET Smart Security\ekrn.exe
CLMLService.exe [Cyberlink] : C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
ICQ Service.exe : C:\Programme\ICQ6Toolbar\ICQ Service.exe
NBService.exe [Nero AG] : C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
NMMediaServerService.exe [Nero AG] : C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe
IoctlSvc.exe [Prolific Technology Inc.] : C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe
PnkBstrA.exe : C:\WINDOWS\system32\PnkBstrA.exe
StarWindServiceAE.exe [Rocket Division Software] : C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
CLSched.exe : C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
Dit.exe [ICSI Technology Ltd.] : C:\WINDOWS\Dit.exe
AGRSMMSG.exe [Agere Systems] : C:\WINDOWS\AGRSMMSG.exe
KeyStat.exe : C:\Programme\Medion\KeyStat\KeyStat.exe
E_FATIABE.EXE [SEIKO EPSON CORPORATION] : C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIA BE.EXE
PDVDServ.exe [Cyberlink Corp.] : C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
PCMService.exe [CyberLink Corp.] : C:\Programme\Home Cinema\PowerCinema\PCMService.exe
egui.exe [ESET] : C:\Programme\ESET\ESET Smart Security\egui.exe
X10nets.exe [X10] : C:\Programme\Common Files\X10\Common\X10nets.exe
iPodService.exe [Apple Inc.] : C:\Programme\iPod\bin\iPodService.exe
IEMonitor.exe [Tonec Inc.] : C:\Programme\Internet Download Manager\IEMonitor.exe
firefox.exe [Mozilla Corporation] : C:\Programme\Mozilla Firefox 3 Beta 5\firefox.exe

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R - HKLM\Software\Microsoft\Internet Explorer\Main, CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=60327
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings, ProxyOverride = *.local
R - HKLM\System\CurrentControlSet\Services\Tcpip\Param eters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Tel ephony, DomainName =

BHO
02 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - [BitComet] : C:\Programme\BitComet\tools\BitCometBHO_1.2.6.26.d ll
02 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - [McAfee, Inc.] : C:\Programme\McAfee\SiteAdvisor\McIEPlg.dll

Toolbars
03 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - [McAfee, Inc.] : C:\Programme\McAfee\SiteAdvisor\McIEPlg.dll
03 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - [ICQ] : C:\Programme\ICQ6Toolbar\ICQToolBar.dll

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , AlcoholAutomount : : C:\Programme\ALCOHOL SOFT\ALCOHOL 120\AXCMD.EXE
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , RetroRun : : C:\Programme\RETROSHARE\RETROSHARE.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , Dit : [ICSI Technology Ltd.] : C:\WINDOWS\Dit.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , AGRSMMSG : [Agere Systems] : C:\WINDOWS\AGRSMMSG.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , Keyboard Status : : C:\Programme\Medion\KeyStat\KeyStat.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , EPSON Stylus D88 Series : [SEIKO EPSON CORPORATION] : C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIA BE.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , Adobe Reader Speed Launcher : [Adobe Systems Incorporated] : C:\Programme\ADOBE\READER 8.0\READER\READER_SL.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , RemoteControl : [Cyberlink Corp.] : C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , PCMService : [CyberLink Corp.] : C:\Programme\Home Cinema\PowerCinema\PCMService.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , egui : [ESET] : C:\Programme\ESET\ESET Smart Security\egui.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , TrayServer : [MAGIX AG] : C:\Programme\MAGIX\Video_deluxe_15_Download-Version\TrayServer.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , NBKeyScan : [Nero AG] : C:\Programme\NERO\NERO BACKITUP 4\NBKEYSCAN.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , AppleSyncNotifier : [Apple Inc.] : C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
04 - Startup: %STARTUP%\abylon MANAGER.lnk [abylonsoft - Dr. Thomas Klabunde] : C:\Programme\abylonsoft\apmPro\APMPMgr.EXE
04 - Startup: %STARTUPALL%\abylonsoft Module aktivieren.lnk [abylonsoft - Dr. Thomas Klabunde] : C:\Programme\abylonsoft\apmPro\APMPSetup.EXE
04 - Startup: %STARTUPALL%\BlueSoleil.lnk [IVT Corporation] : C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe

Shell Extensions
RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Programme\Real\RealPlayer\rpshell.dll
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Programme\WinRAR\rarext.dll
TuneUp Theme Extension - {44440D00-FF19-4AFC-B765-9A0970567D97} - [TuneUp Software GmbH] : C:\WINDOWS\system32\uxtuneup.dll
Eset Smart Security - Context Menu Shell Extension - {B089FE88-FB52-11D3-BDF1-0050DA34150D} - [ESET] : C:\Programme\ESET\ESET Smart Security\shellExt.dll
NeroCoverEdLiveIcons Class - {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} - [Nero AG] : C:\Programme\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
NeroDigitalIconHandler Class - {1CA6BBC9-E9FA-4021-822B-075DF1837B63} - [Nero AG] : C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
NeroDigitalPropSheetHandler Class - {846083A4-BFC6-4447-985C-6578B466A7D7} - [Nero AG] : C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
NeroDigitalColumnHandler Class - {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} - [Nero AG] : C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
NeroDigitalInfoHandler Class - {4FBFFA8D-F390-471a-AE46-FEB93623AD63} - [Nero AG] : C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
NeroDigitalThumbnailHandler Class - {EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} - [Nero AG] : C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
iTunes - {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - [Apple Inc.] : C:\Programme\iTunes\iTunesMiniPlayer.dll

Protocol Handler
McAfee SACore Protocol Handler - {5513F07E-936B-4E52-9B00-067394E91CC5} - [McAfee, Inc.] : C:\Programme\McAfee\SiteAdvisor\McIEPlg.dll

Services
23 - [Philips Semiconductors GmbH] : C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
23 - [Meetinghouse Data Communications] : C:\WINDOWS\system32\DRIVERS\AegisP.sys
23 - [Agere Systems] : C:\WINDOWS\system32\agrsmsvc.exe
23 - [Agere Systems] : C:\WINDOWS\system32\DRIVERS\AGRSM.sys
23 - [abylonsoft - Dr. Thomas Klabunde GbR] : C:\Programme\abylonsoft\apmPro\APMPCtrlSer.exe
23 - [abylonsoft] : C:\WINDOWS\system32\drivers\APMDrive.sys
23 - [Apple Inc.] : C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
23 - [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
23 - [IVT Corporation] : C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
23 - : C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
23 - [IVT Corporation] : C:\WINDOWS\system32\Drivers\btcusb.sys
23 - : C:\WINDOWS\system32\DRIVERS\vbtenum.sys
23 - [IVT Corporation] : C:\WINDOWS\system32\Drivers\BTHidMgr.sys
23 - : C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
23 - : C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
23 - [C-Media Inc.] : C:\WINDOWS\system32\drivers\cmudax.sys
23 - [Cyberlink] : C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
23 - [ESET] : C:\WINDOWS\system32\DRIVERS\eamon.sys
23 - [ESET] : C:\WINDOWS\system32\DRIVERS\easdrv.sys
23 - [ESET] : C:\Programme\ESET\ESET Smart Security\ekrn.exe
23 - [SlySoft, Inc.] : C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
23 - [Elaborate Bytes AG] : C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
23 - [ESET] : C:\WINDOWS\system32\DRIVERS\epfw.sys
23 - [ESET] : C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
23 - [ESET] : C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
23 - [GEAR Software Inc.] : C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23 - : C:\Programme\ICQ6Toolbar\ICQ Service.exe
23 - [Apple Inc.] : C:\Programme\iPod\bin\iPodService.exe
23 - [Nero AG] : C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
23 - [Nero AG] : C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe
23 - [Prolific Technology Inc.] : C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe
23 - : C:\WINDOWS\system32\PnkBstrA.exe
23 - [Ralink Technology Inc.] : C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
23 - [Protection Technology (StarForce)] : C:\WINDOWS\system32\drivers\sfdrv01.sys
23 - [Protection Technology (StarForce)] : C:\WINDOWS\system32\drivers\sfhlp02.sys
23 - [Protection Technology] : C:\WINDOWS\system32\drivers\sfsync03.sys
23 - [Protection Technology (StarForce)] : C:\WINDOWS\system32\drivers\sfsync04.sys
23 - : C:\WINDOWS\system32\Drivers\sptd.sys
23 - [Rocket Division Software] : C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
23 - [Acronis] : C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
23 - [Acronis] : C:\WINDOWS\system32\DRIVERS\timntr.sys
23 - [IVT Corporation] : C:\WINDOWS\system32\DRIVERS\VComm.sys
23 - [IVT Corporation] : C:\WINDOWS\system32\Drivers\VcommMgr.sys
23 - [Winbond Electronics Corp.] : C:\WINDOWS\system32\drivers\wbscr.sys
23 - [X10] : C:\Programme\Common Files\X10\Common\X10nets.exe
23 - [X10 Wireless Technology, Inc.] : C:\WINDOWS\system32\Drivers\x10ufx2.sys

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent, DLLName : [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.dll

IE URL Search Hooks
ICQToolBar - {{855F3B16-6D32-4fe6-8A56-BBB695989046}} - [ICQ] : C:\Programme\ICQ6Toolbar\ICQToolBar.dll

Advanced Files Report
%SYSDIR%\Ati2evxx.dll [ATI Technologies Inc.] [ATI External Event Utility for NT, W2K and W9X] MD5=62733C611488FAB76DEB1E66C96A443F SIZE=61440
%SYSDIR%\Ati2evxx.exe [ATI Technologies Inc.] [ATI External Event Utility for WindowsNT and Windows9X] MD5=BBA22521D24625C7A7B8D57FB20A812E SIZE=405504
%SYSDIR%\Ati2edxx.dll [ATI Technologies, Inc.] [ATI External Device Utility] MD5=24DCA3ABCC5E6C37330CA8659D0F763D SIZE=40960
%SYSDIR%\uxtuneup.dll [TuneUp Software GmbH] [TuneUp Utilities] MD5=838C97B3D28BFEBDD11D12ADFE957004 SIZE=28416
%SYSDIR%\E_FLMABE.DLL [SEIKO EPSON CORPORATION] [EPSON Bi-directional Printer] MD5=7AEC176A5DE912D440E3B37120E2E38F SIZE=79679
%SYSDIR%\spool\DRIVERS\W32X86\3\E_FUICABE.DLL [SEIKO EPSON CORP.] [EPSON Color Printing System] MD5=D7C4906F72AAA4DFEDFBAE238E8F69D5 SIZE=521728
%SYSDIR%\spool\DRIVERS\W32X86\3\E_FMAIABE.DLL [SEIKO EPSON Corporation] [EPSON Color Printing System] MD5=F2F1E908AE051099EF276A31E0E04FEF SIZE=72704
%SYSDIR%\E_FBCBABE.DLL [SEIKO EPSON CORPORATION] [EPSON CBT Engine] MD5=287D9CFC80A94E62437E7CAC7EB32979 SIZE=64000
%SYSDIR%\E_FBCHABE.DLL [SEIKO EPSON CORPORATION] [EPSON Bidirectional Printer Driver] MD5=3670675EEA8136995287DFB1B7650A5D SIZE=34304
%SYSDIR%\spool\DRIVERS\W32X86\3\E_FDSPABE.DLL [SEIKO EPSON Corporation] [EPSON Color Printing System] MD5=66FA985C6FCF1C9656B15532A115A5B4 SIZE=55296
%SYSDIR%\spool\DRIVERS\W32X86\3\E_FJBCABE.DLL [SEIKO EPSON Corporation] [EPSON Color Printing System] MD5=F42A6E4A760CDDC7B6EC64C88BC88765 SIZE=329216
%SYSDIR%\spool\DRIVERS\W32X86\3\E_FGRCABE.DLL [SEIKO EPSON CORP.] [EPSON Color Printing System] MD5=638270636E85D933FFD3CB3B3CAA3A36 SIZE=77824
%SYSDIR%\agrsmsvc.exe [Agere Systems] [Agere Soft Modem Call Progress Service] MD5=EFBC44FBD75E4F80BD927AEBF6E7EADE SIZE=13312
%PROGRAMFILES%\abylonsoft\apmPro\APMPCtrlSer.exe [abylonsoft - Dr. Thomas Klabunde GbR] [abylon protection manager] MD5=11D3D2D7A9F64DEBA59A4EDB84179469 SIZE=231760
%PROGRAMFILES%\abylonsoft\apmPro\APMPLANG.DLL [abylonsoft - Dr. Thomas Klabunde] [abylon protection manager (apm)] MD5=73FDEE58BD702644C33CDCC92EBF024F SIZE=278864
%PROGRAMFILES%\abylonsoft\apmPro\APMPCMN32.DLL [abylonsoft - Dr. Thomas Klabunde] [abylon protection manager (apm)] MD5=FC5D51FA0A3D51B2254AA9AAF36504EC SIZE=1584976
%PROGRAMFILES%\abylonsoft\apmPro\APMPTOOLS.DLL [abylonsoft - Dr. Thomas Klabunde] [abylon protection manager (apm)] MD5=53A51012AB19C61E96EA3500B089836F SIZE=1332560
%PROGRAMFILES%\McAfee\SiteAdvisor\saHook.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=1B02E5A19F2C1678E719F9A4EA6C8B7C SIZE=13840
%PROGRAMFILES%\FileZilla FTP Client\fzshellext.dll [fzshellext Dynamic Link Library] MD5=4C1B9F9B127FF56CD6FF5B5DBBE83DA0 SIZE=94720
%PROGRAMFILES%\Internet Download Manager\idmmkb.dll [Tonec Inc.] [Internet Download Manager] MD5=2DAD6798DFEF87D21E58CF58F0EAE807 SIZE=34488
%COMMONFILES%\Nero\SMC\NeroDigitalExt.dll [Nero AG] [Nero Digital Tools] MD5=E37A11DC6D87BB330C5573364C5A61BC SIZE=2061608
%PROGRAMFILES%\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] [Malwarebytes' Anti-Malware] MD5=B3D6BE8F68F4AAF9065B3A77E236F6DD SIZE=73336
%PROGRAMFILES%\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG] [Nero BackItUp] MD5=83DC1CE64D202BF50B9220BA906F2D51 SIZE=73728
%PROGRAMFILES%\Nero\Nero BackItUp 4\NBShell.dll [Nero AG] [Nero BackItUp] MD5=FAD6FE7CEDC72FEEC7589024B63D990D SIZE=283944
%PROGRAMFILES%\WinRAR\rarext.dll MD5=023707D932BA31314210E6844D33D500 SIZE=129024
%PROGRAMFILES%\ESET\ESET Smart Security\shellExt.dll [ESET] [ESET Smart Security] MD5=A324697AEB23F0D56A1C9C608FA7280A SIZE=169216
%PROGRAMFILES%\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] [Cover Designer] MD5=9773310152596C693B6AEC905B59AE82 SIZE=2135336
%PROGRAMFILES%\abylonsoft\apmPro\APMPOle.dll [abylonsoft - Dr. Thomas Klabunde] [abylon protection manager (apm)] MD5=BB7502F851619207A30281A4220936DA SIZE=633680
%SYSDIR%\CmdLineExt03.dll MD5=DB11C63CDBAA1845AD90570EB62C760F SIZE=43520
%COMMONFILES%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [Apple Inc.] [Apple Mobile Device Service] MD5=B8E865D24F2753A35CC2A9A6A3CE1AD4 SIZE=116040
%PROGRAMFILES%\IVT Corporation\BlueSoleil\BTNtService.exe MD5=29D286066519E5D0BDFDEB4FB81105AB SIZE=106496
%PROGRAMFILES%\IVT Corporation\BlueSoleil\Driver\USB\btcusb.dll [IVT Corporation] [IVT usb driver for Bluetooth device] MD5=DD7BCFAEFD650D1372BA8145BC7C9CBF SIZE=32768
%PROGRAMFILES%\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe [CLCapSvc Module] MD5=E2604A34DA5347BEA3746886DCA6D272 SIZE=184399
%PROGRAMFILES%\Home Cinema\PowerCinema\Kernel\TV\CLCapEngine.dll [CLCapEngine Dynamic Link Library] MD5=2DF222E390F9CA981ECE7B666AD278E6 SIZE=172117
%PROGRAMFILES%\Home Cinema\PowerCinema\Kernel\TV\PCMRRec4.dll [CyberLink Corp.] [CyberLink CLRec4.1] MD5=F733F5F80688D4F0F46F08FD6A5910A3 SIZE=1675264
%PROGRAMFILES%\Home Cinema\PowerCinema\Kernel\TV\CLCapSvcps.dll MD5=508369E7E9F9036D98AB6354D771A7FC SIZE=28672
%PROGRAMFILES%\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [Cyberlink] [Cyberlink Media Library Server] MD5=2BB11CD367D49098D57A8638ADB5BCF6 SIZE=24576
%PROGRAMFILES%\ESET\ESET Smart Security\ekrn.exe [ESET] [ESET Smart Security] MD5=09549E695970ED5D53404DCF1D774F4E SIZE=468224
%PROGRAMFILES%\ESET\ESET Smart Security\ekrnScan.dll [ESET] [ESET Smart Security] MD5=E1AF666015F95743217D1A3FFE86008B SIZE=156928
%PROGRAMFILES%\ESET\ESET Smart Security\ekrnAmon.dll [ESET] [ESET Smart Security] MD5=F0266CC055AD49CBA09D9D41B941F545 SIZE=136448
%PROGRAMFILES%\ESET\ESET Smart Security\ekrnEmon.dll [ESET] [ESET Smart Security] MD5=AF49A59FBB23ED110ED9E77125910FD1 SIZE=103680
%PROGRAMFILES%\ESET\ESET Smart Security\ekrnEpfw.dll [ESET] [ESET Smart Security] MD5=C79BE9006B631910C396D9D555B09142 SIZE=259328
%PROGRAMFILES%\ESET\ESET Smart Security\ekrnSmon.dll [ESET] [ESET Smart Security] MD5=AE2838825E8653FAFDB133530F0D82D7 SIZE=189696
%PROGRAMFILES%\ESET\ESET Smart Security\ekrnUpdate.dll [ESET] [ESET Smart Security] MD5=BBA93648CDBDB4D53165CE668E3774FC SIZE=140544
%PROGRAMFILES%\ESET\ESET Smart Security\updater.dll [ESET] [ESET Smart Security] MD5=08B04B69399DAF6DAAED5DA74B7FF354 SIZE=173312
%PROGRAMFILES%\ESET\ESET Smart Security\ekrnMailPlugins.dll [ESET] [ESET Smart Security] MD5=27359928E47515D9E5C8C2559B13C7D7 SIZE=103680
%PROGRAMFILES%\CyberLink\Shared Files\CLML_NTService\CLMLService.exe [Cyberlink] [Cyberlink MediaLibrary NT Service] MD5=0B591A91E838A1C6D11920491C42199E SIZE=737379
%PROGRAMFILES%\Home Cinema\PowerCinema\Kernel\HomeNetWorking\CLNetMedi a.dll [CLNetMedia Module] MD5=DEA8CA9F4B7355F765E883BF3002D06C SIZE=229458
%PROGRAMFILES%\ICQ6Toolbar\ICQ Service.exe [ICQIEUpdater Module] MD5=A4E43A7AB1202356BEBEB6B798F15488 SIZE=222456
%PROGRAMFILES%\McAfee\SiteAdvisor\apengine.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=F65D6F6FD2A532663D049BDC78B28914 SIZE=117264
%PROGRAMFILES%\McAfee\SiteAdvisor\saupkeep.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=EA3B19869A46D8EB7AEB12DC732152B6 SIZE=351248
%PROGRAMFILES%\McAfee\SiteAdvisor\mcfrmwk.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=B6DD9824B94F89D6603ED8251376C56A SIZE=71696
%PROGRAMFILES%\McAfee\SiteAdvisor\cntscan.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=8C98CA521207BE5D614C7E69601194F6 SIZE=207376
%PROGRAMFILES%\McAfee\SiteAdvisor\SACore.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=0CF3376C87913786D0F9EAB3DC9C8A19 SIZE=652304
%PROGRAMFILES%\McAfee\SiteAdvisor\SASet.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=DD6124ED3EF2AE9B02A0438FB1EC354B SIZE=310800
%PROGRAMFILES%\McAfee\SiteAdvisor\McSACorePS.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=5B66744F2FEECC9980AA749FA46320D4 SIZE=56336
%COMMONFILES%\Nero\Nero BackItUp 4\NBService.exe [Nero AG] [Nero BackItUp] MD5=C7F5C284B6F46FCAF6910EA4E644700B SIZE=935208
%COMMONFILES%\Nero\Nero BackItUp 4\NB.dll [Nero AG] [Nero BackItUp] MD5=A2FF2A9A3099C1C2F0392746AA55E933 SIZE=1152296
%COMMONFILES%\Nero\Nero BackItUp 4\LBFC.dll [Nero AG] [Nero BackItUp] MD5=82E139A863734C238AF57A20359F980C SIZE=451880
%COMMONFILES%\Nero\Nero BackItUp 4\NBBurn.dll [Nero AG] [Nero BackItUp] MD5=6DB2004232DD9F21C6BED8AD2AFDC48A SIZE=275752
%COMMONFILES%\Nero\Nero BackItUp 4\NeroAPIGlueLayerUnicode.dll [Nero AG] [NeroAPIGlueLayerUnicode] MD5=8BC19EF0C11DE279DD93D809B6404BF8 SIZE=165160
%PROGRAMFILES%\Nero\Nero MediaHome 4\NMMediaServerService.exe [Nero AG] [Nero MediaHome] MD5=E724D7C550EAA05590121EC0415F7F44 SIZE=427304
%PROGRAMFILES%\Nero\Nero MediaHome 4\NScCoreComponents\NMLogCxx.dll [Nero AG] [Nero Scout] MD5=3CF187134E0CDA6F35BA33534964B7BA SIZE=69632
%PROGRAMFILES%\Nero\Nero MediaHome 4\NScCoreComponents\log4cxx.dll [Nero AG] [Nero Home] MD5=2ED0CE940097BD29F5A9E228C8E0A0F0 SIZE=823296
%PROGRAMFILES%\Nero\Nero MediaHome 4\NMMediaServer.dll [Nero AG] [Nero MediaHome] MD5=EFFDEB100A9AD3F861C03D12F224F04A SIZE=4842792
%COMMONFILES%\Nero\AdvrCntr4\AdvrCntr4.dll [Nero AG] [AdvrCntr Module] MD5=FB02BF58322104FF67F149600ED77DF1 SIZE=5723432
%PROGRAMFILES%\Nero\Nero MediaHome 4\NScCoreComponents\NMDataServices.dll [Nero AG] [Nero Scout] MD5=B25824771010CD64BD67128B433CC6BB SIZE=3301376
%PROGRAMFILES%\Nero\Nero MediaHome 4\NScCoreComponents\NMPluginBase.dll [Nero AG] [Nero Scout] MD5=4C6AA1E473D57660CFE69EBEDC26FE45 SIZE=155648
%PROGRAMFILES%\Nero\Nero MediaHome 4\NScCoreComponents\NMCoFoundation.dll [Nero AG] [Nero Scout] MD5=7A751FFFB63308F9B9A155B73F9C1C20 SIZE=724992
%PROGRAMFILES%\Nero\Nero MediaHome 4\NScDataServicesAddOns\NMHDirServices.dll [Nero AG] [Nero Scout] MD5=48662407EAB2E2FE4FD4088BEA0FC0B8 SIZE=712704
%PROGRAMFILES%\Nero\Nero MediaHome 4\OnlineServices\NOSInternetServices.dll [Nero AG] [Nero Online Services] MD5=EE12A957BB9546396A3814C4506F14FD SIZE=1844520
%PROGRAMFILES%\Nero\Nero MediaHome 4\Nero.UPnPServices\NMUPnPServices.dll [Nero AG] [Nero MediaHome] MD5=6354F4FE9C05CA0563270C33A0DBBAEC SIZE=1312040
%PROGRAMFILES%\Nero\Nero MediaHome 4\NScMediaLibrary\NMIndexStoreServer.dll [Nero AG] [Nero Scout] MD5=899D95E2C92395C16F7CF10A81FD7A99 SIZE=1867776
%PROGRAMFILES%\Nero\Nero MediaHome 4\NScMediaLibrary\NMSQLDB.dll [Nero AG] [Nero Scout] MD5=B7849553DFAEFD60B3371E45848F8950 SIZE=274432
%PROGRAMFILES%\Nero\Nero MediaHome 4\SMC\NeMetaData.dll [Nero AG] [NeMetaData] MD5=6349F4D9BF26967BCF51A3CF9F4D2558 SIZE=1496360
%PROGRAMFILES%\Nero\Nero MediaHome 4\PTT\NMTVServices.dll [Nero AG] [Nero TV Services Dynamic Link Library] MD5=89DC9CD19581E50D240500B8D39A1DB0 SIZE=1619240
%PROGRAMFILES%\Nero\Nero MediaHome 4\PTT\NMTTranscoder.dll [Nero AG] [Nero Transcoder Dynamic Link Library] MD5=D6990DDC651CE1DCA90194A65092D033 SIZE=1647912
%PROGRAMFILES%\Nero\Nero MediaHome 4\OnlineServices\NOSMyNeroRegistration.dll [Nero AG] [Nero Online Services] MD5=FF82DF7B19CC9885E0573D497526D229 SIZE=2241832
%PROGRAMFILES%\Nero\Nero MediaHome 4\OnlineServices\iconv.dll [Free Software Foundation] [libiconv: character set conversion library] MD5=BC843993F8F7EE886FE78480F0C7242A SIZE=913408
%PROGRAMFILES%\Nero\Nero BackItUp 4\IoctlSvc.exe [Prolific Technology Inc.] [IoctlSvc Application] MD5=875E4E0661F3A5994DF9E5E3A0A4F96B SIZE=81920
%SYSDIR%\PnkBstrA.exe MD5=831883B107684301F48ACE752C963984 SIZE=66872
%PROGRAMFILES%\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [Rocket Division Software] [StarWind Alcohol Edition] MD5=B1691AF4A072CB674D600DB16DD7308E SIZE=275968
%PROGRAMFILES%\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [CLSched Module] MD5=C4AAA6C350856DDA4B4E07563FBFC1CF SIZE=110669
%PROGRAMFILES%\Home Cinema\PowerCinema\Kernel\TV\CLSchMgr.dll [CLSchMgr Dynamic Link Library] MD5=248887BE4DE21368782407FD99A65B28 SIZE=61519
%PROGRAMFILES%\ATI Technologies\ATI Control Panel\atipdsxx.dll [ATI Technologies, Inc.] [ATI Desktop Component] MD5=F4EE8A7C4C2951C606B4D1D7A9125B23 SIZE=258048
%PROGRAMFILES%\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.DEU [ATI Technologies, Inc.] [ATI Desktop Component] MD5=40FAC97EF0BE6730FC84B21BE2A1C159 SIZE=155648
%PROGRAMFILES%\ATI Technologies\ATI Control Panel\atipdxxx.dll [ATI Technologies, Inc.] [ATI Desktop Component] MD5=DD86126B5D4BE1E2E27CEE396D49E507 SIZE=73728
%PROGRAMFILES%\Common Files\X10\Common\x10net.dll [X10 Wireless Technology, Inc.] [X10net Module] MD5=8C2B05054F9CDC827ECBE7734DCFD065 SIZE=1089536
%PROGRAMFILES%\Home Cinema\PowerCinema\helper.dll [CyberLink Corp.]

TIPower · 09.11.2008, 20:44

[CyberLink Helper] MD5=18561A0CD407BE85346B10398EF916E4 SIZE=57398
%PROGRAMFILES%\Home Cinema\PowerCinema\Kernel\common\CLRCEngine3.dll [CyberLink Corp.] [Cyberlink PowerCinema] MD5=76FD877DF822824F55BF88583A6F4762 SIZE=45200
%PROGRAMFILES%\Home Cinema\PowerCinema\Kernel\TV\CLCapX.dll [Cyberlink] [Cyberlink CLCapX] MD5=01FB3B641768260BC3D7A9A44200CAA4 SIZE=168011
%PROGRAMFILES%\ESET\ESET Smart Security\eguiScan.dll [ESET] [ESET Smart Security] MD5=39E495F6C09E1F69ED1F5B2182745501 SIZE=275712
%PROGRAMFILES%\ESET\ESET Smart Security\eguiAmon.dll [ESET] [ESET Smart Security] MD5=97A6F1036F15EEE80A4B02DB680D8D3B SIZE=103680
%PROGRAMFILES%\ESET\ESET Smart Security\eguiEmon.dll [ESET] [ESET Smart Security] MD5=A71FE3851F6F629D0D8FCC3F52BB17B5 SIZE=107776
%PROGRAMFILES%\ESET\ESET Smart Security\eguiEpfw.dll [ESET] [ESET Smart Security] MD5=96786F0C1FD762109AEEBC9DD5A42E9B SIZE=771328
%PROGRAMFILES%\ESET\ESET Smart Security\eguiSmon.dll [ESET] [ESET Smart Security] MD5=BA7F5ACD6496E05F208F2B2C4A7ADC56 SIZE=152832
%PROGRAMFILES%\ESET\ESET Smart Security\eguiUpdate.dll [ESET] [ESET Smart Security] MD5=D4BDFC1C6DCC2A6481BE35ACF0115E2D SIZE=226560
%PROGRAMFILES%\ESET\ESET Smart Security\eguiMailPlugins.dll [ESET] [ESET Smart Security] MD5=728B2D4C60B58D6D2EBA1535FBDD9081 SIZE=91392
%PROGRAMFILES%\iTunes\iTunesHelper.Resources\de.lp roj\iTunesHelperLocalized.DLL [Apple Inc.] [iTunes] MD5=DD750C2D95E642E3D95DF3DD3788886F SIZE=43520
%PROGRAMFILES%\iTunes\iTunesHelper.Resources\iTune sHelper.DLL [Apple Inc.] [iTunes] MD5=D723885BC459EEE7DB7A82CDED01C5CD SIZE=42496
%PROGRAMFILES%\QuickTime\QTSystem\QuickTime.qts [Apple Inc.] [QuickTime] MD5=AFDCC9F772B713C98FA28392E7A4BF4A SIZE=13217792
%COMMONFILES%\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll [Apple Inc.] [iTunesMobileDevice] MD5=A6CCD1900DDEE95A2158D10FC00EC31C SIZE=1191936
%SYSDIR%\ElbyCDIO.dll [Elaborate Bytes AG] [Elaborate Bytes CDRTools] MD5=A9095F0297E0B7A064660CC4D4F83B7A SIZE=69632
%PROGRAMFILES%\Common Files\X10\Common\X10nets.exe [X10] [x10 Module] MD5=5A0C788C5BC5F2C993CB60940ADCF95E SIZE=20480
%PROGRAMFILES%\iPod\bin\iPodService.exe [Apple Inc.] [iTunes] MD5=D2E8EFB8AF35FCF5A7AF22F5A0CE1A82 SIZE=536872
%PROGRAMFILES%\iPod\bin\iPodService.Resources\de.l proj\iPodServiceLocalized.DLL [Apple Inc.] [iTunes] MD5=1344790F472B105921EBC7531CC49548 SIZE=43520
%PROGRAMFILES%\iPod\bin\iPodService.Resources\iPod Service.DLL [Apple Inc.] [iTunes] MD5=2F5DF20959E1AB594C8649CF7846604A SIZE=42496
%PROGRAMFILES%\Internet Download Manager\IEMonitor.exe [Tonec Inc.] [IEMonitor Application] MD5=52B3F695EDC908F3575A6834311E2968 SIZE=251312
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\firefox.exe [Mozilla Corporation] [Firefox] MD5=BAC6F7DE724D7F30EBD78648C86B4617 SIZE=307712
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\xul.dll [Mozilla Foundation] [Firefox] MD5=FBF4A948BAD674F619E6D7781CC6B2FE SIZE=9729536
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\sqlite3.dll [sqlite.org] [SQLite Database Library] MD5=99A4D62E1CA4DCD610AFB64F194C1FFA SIZE=395776
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\MOZCRT19.dll [Mozilla Foundation] [Mozilla Custom C Runtime] MD5=1D29CBBE7D65385452A5BC93B1B97719 SIZE=710144
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\js3250.dll [Netscape Communications Corporation] [NETSCAPE] MD5=AFF2C092F6240CE592D75E60667851C2 SIZE=697344
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\nspr4.dll [Mozilla Foundation] [Netscape Portable Runtime] MD5=2A7FC9E36D4B10C78899D6CDDD31F734 SIZE=198144
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\smime3.dll [Mozilla Foundation] [Network Security Services] MD5=0F7283658DCA51BCACE7249AE0D58BEB SIZE=103936
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\nss3.dll [Mozilla Foundation] [Network Security Services] MD5=15B8EEF3649D490648765289A9336B71 SIZE=697856
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\nssutil3.dll [Mozilla Foundation] [Network Security Services] MD5=30B9879E2993F47586FE2429C056BCB3 SIZE=87552
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\plc4.dll [Mozilla Foundation] [Netscape Portable Runtime] MD5=D94F4FE8B030A3B7E27AAB70CE341A21 SIZE=20480
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\plds4.dll [Mozilla Foundation] [Netscape Portable Runtime] MD5=C822704A3355DE4C88138D4C7B71E864 SIZE=17408
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\ssl3.dll [Mozilla Foundation] [Network Security Services] MD5=A617B36BD25C6D3DEF8852DFB6F5542B SIZE=136704
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\xpcom.dll [Mozilla Foundation] [Firefox] MD5=3554E4E4324EE08A44430EB51059F101 SIZE=17920
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\components\browserdirprovider.dll [Mozilla Foundation] [Firefox] MD5=A5BC08A55B522DC29B5DB9B5024D7EB8 SIZE=23040
%APPDATA%\IDM\idmmzcc2\components\idmmzcc.dll [Tonec Inc.] [Internet Download Manager module] MD5=E432EC75E1761996E1F96947FE2333C2 SIZE=165296
%APPDATA%\Mozilla\Firefox\Profiles\mk6ekwy7.defaul t\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll MD5=60E247C66B6CD02B62E58CF9413F6AB1 SIZE=696320
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\softokn3.dll [Mozilla Foundation] [Network Security Services] MD5=4101BDEC4E6A49EF30437D3F8D67D39D SIZE=151552
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\nssdbm3.dll [Mozilla Foundation] [Network Security Services] MD5=D69B73478347C2E89EA26C3DF1906BBC SIZE=103936
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\freebl3.dll [Mozilla Foundation] [Network Security Services] MD5=10923B9982625F4528B0706BEB94CC0A SIZE=233472
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\nssckbi.dll [Mozilla Foundation] [Network Security Services] MD5=2F678C48CDC94EC4A92BC67B67B44CEB SIZE=304640
%PROGRAMFILES%\Mozilla Firefox 3 Beta 5\components\brwsrcmp.dll [Mozilla Foundation] [Firefox] MD5=65C8C374BBF5DA3529580EBFABD21164 SIZE=134656
%PROGRAMFILES%\McAfee\SiteAdvisor\components\McFFP lg.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=C40A6435A5168C89EDB9E915E021ABE6 SIZE=77328
%PROGRAMFILES%\McAfee\SiteAdvisor\McBrwctl.dll [McAfee, Inc.] [McAfee SiteAdvisor] MD5=10AD6FAC677BF6FCA3F23942FE629D0A SIZE=253456
%PROGRAMFILES%\abylonsoft\apmPro\APMPMgr.EXE [abylonsoft - Dr. Thomas Klabunde] [abylon protection manager (apm)] MD5=5D00247FFADABC5621E53ECB533589B6 SIZE=1570128
%PROGRAMFILES%\abylonsoft\apmPro\APMPSetup.EXE [abylonsoft - Dr. Thomas Klabunde] [abylon protection manager (apm)] MD5=147EC3C35EF1BE8A6A66D58E56EB9B48 SIZE=1176912
%PROGRAMFILES%\IVT Corporation\BlueSoleil\BlueSoleil.exe [IVT Corporation] [BlueSoleil] MD5=2431718A89186E5437696D474B260D6B SIZE=1048576
%PROGRAMFILES%\ICQ6Toolbar\ICQToolBar.dll [ICQ] [ICQToolBar] MD5=96F76412720D0E9AD005CBD6201F688D SIZE=958712
deskpan.dll
%PROGRAMFILES%\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.] [RealPlayer] MD5=68718FBFE1513AAEED9BF319D912BB47 SIZE=49198
%PROGRAMFILES%\iTunes\iTunesMiniPlayer.dll [Apple Inc.] [iTunes] MD5=55BE33BC1E556A2DDFBC27295CE65BC6 SIZE=132392
%SYSDIR%\DRIVERS\3xHybrid.sys [Philips Semiconductors GmbH] [Philips Semiconductors 3xHybrid] MD5=1AC06930B96E1B2515ABC3A598E0FCA7 SIZE=666368
%SYSDIR%\DRIVERS\AegisP.sys [Meetinghouse Data Communications] [AEGIS Client 3.0.0.6] MD5=4B66E250C94C92522C33A759D5D273CB SIZE=15939
%SYSDIR%\DRIVERS\AGRSM.sys [Agere Systems] [Agere SoftModem Driver] MD5=1CFEBA39FC613E45B49D3EDDFBCDA289 SIZE=1203776
%SYSDIR%\drivers\APMDrive.sys [abylonsoft] [apmdrive] MD5=3E33B9411FAFA0DBB83E3CCD883E29B5 SIZE=49200
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\DRIVERS\blueletaudio.sys [IVT Corporation] [Windows (R) 2000 DDK driver] MD5=31FF5B87C1DD907613CC613224B8E303 SIZE=20096
%SYSDIR%\Drivers\btcusb.sys [IVT Corporation] [Bluetooth USB Device Driver] MD5=BDF2C32C14EF7AB75DDCC3394D6F80D4 SIZE=22488
%SYSDIR%\DRIVERS\vbtenum.sys MD5=0448968BA21ACDE511C19F3C0296E23B SIZE=12500
%SYSDIR%\Drivers\BTHidMgr.sys [IVT Corporation] [BlueSoleil(c)] MD5=F408264F6AD1DC7E7BDD4837440F115D SIZE=28207
%SYSDIR%\drivers\cmudax.sys [C-Media Inc.] [C-Media Audio Driver (WDM)] MD5=D7FCADA6833A0E243CA89C03BD559BD9 SIZE=1287296
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\DRIVERS\eamon.sys [ESET] [ESET Smart Security] MD5=68556A9D5339046A85815C3826CAF412 SIZE=39944
%SYSDIR%\DRIVERS\easdrv.sys [ESET] [ESET Smart Security] MD5=FD90EA14A6DAD9A3E380DC2B84956C0F SIZE=53256
%SYSDIR%\Drivers\ElbyCDFL.sys [SlySoft, Inc.] [CloneCD] MD5=C61C83501268B0110B5C5DB7E63DEE0C SIZE=27392
%SYSDIR%\Drivers\ElbyCDIO.sys [Elaborate Bytes AG] [CDRTools] MD5=084A13F18856D610D44D3109A9D2ACDE SIZE=10624
%SYSDIR%\DRIVERS\epfw.sys [ESET] [ESET Smart Security] MD5=4FCB6BB677EFEF9335204157D7B1B9B9 SIZE=71688
%SYSDIR%\DRIVERS\Epfwndis.sys [ESET] [ESET Smart Security] MD5=BC2EB5219481B235AE260A88E3922115 SIZE=30728
%SYSDIR%\DRIVERS\epfwtdi.sys [ESET] [ESET Smart Security] MD5=1BAD7268B8BCC56C259C141C233FB737 SIZE=54280
%SYSDIR%\DRIVERS\GEARAspiWDM.sys [GEAR Software Inc.] [CD DVD Filter] MD5=AB8A6A87D9D7255C3884D5B9541A6E80 SIZE=15464
%SYSDIR%\svchost.exe -k HTTPFilter
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\svchost -k rpcss
%SYSDIR%\DRIVERS\rt2500usb.sys [Ralink Technology Inc.] [Ralink 802.11g Wireless USB Adapters] MD5=6F6CE24F243458C92B54E0016AD46BD7 SIZE=140544
%SYSDIR%\drivers\sfdrv01.sys [Protection Technology (StarForce)] [SF FrontLine] MD5=9E7DEE11FD5A4355941A45F13C0ED59A SIZE=51200
%SYSDIR%\drivers\sfhlp02.sys [Protection Technology (StarForce)] [SF FrontLine] MD5=ECEFB59D2206D281E6D317AF0EA0D8BD SIZE=6656
%SYSDIR%\drivers\sfsync03.sys [Protection Technology] [StarForce Protection System] MD5=B27F70092A84B2A381D1FCDBBB82F876 SIZE=35328
%SYSDIR%\drivers\sfsync04.sys [Protection Technology (StarForce)] [SF FrontLine] MD5=05E3038180CD846B0BCA0E915163606A SIZE=50176
%SYSDIR%\Drivers\sptd.sys SIZE=716272
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\DRIVERS\tifsfilt.sys [Acronis] [Acronis True Image] MD5=FF7365534435607391566AB16DA3FD70 SIZE=44704
%SYSDIR%\DRIVERS\timntr.sys [Acronis] [Acronis True Image] MD5=CC2B976DDD8989E661341A6089755614 SIZE=535232
%SYSDIR%\DRIVERS\VComm.sys [IVT Corporation] [BlueSoleil] MD5=9EBEE4A060C5364A31AEAA04EAC2AF1E SIZE=61312
%SYSDIR%\Drivers\VcommMgr.sys [IVT Corporation] [BlueSoleil] MD5=EF0D45ED806B0C9AE9756BFEECB077ED SIZE=82148
%SYSDIR%\drivers\wbscr.sys [Winbond Electronics Corp.] [Winbond Smartcard Driver] MD5=67014473F902F3023F892C3A0950958A SIZE=19928
%SYSDIR%\svchost.exe -k WudfServiceGroup
%SYSDIR%\Drivers\x10ufx2.sys [X10 Wireless Technology, Inc.] [X10 USB Control Interface] MD5=41CF36A3CC7786575247ED456918E112 SIZE=17792
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\ACE.dll [Adobe Systems Incorporated] [ACE] MD5=D61F276BF38D9A79E4D456BB40288DD3 SIZE=846336
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\AGM.dll [Adobe Systems Incorporated] [AGM] MD5=0B6A7C548C07EE28AFE05E6ABB96CD2E SIZE=5345280
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\AdobeLM_libFNP.dll [Macrovision Europe Ltd.] [FLEXnet Publisher (32 bit)] MD5=83B6363E16FB12C73A247CC779E74C04 SIZE=2531328
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\AdobeUpdater.dll [Adobe Systems Incorporated] [Adobe Updater Library] MD5=DFF59761DE2D1D00618F7CB0232108CA SIZE=496128
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\BIB.dll [Adobe Systems Incorporated] [BIB] MD5=AF000DDB9802F88C3E40FA8378B835F7 SIZE=276480
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\FNP_Act_Installer.dll [Macrovision Europe Ltd.] [FLEXnet Publisher (32 bit)] MD5=6F2E09108202E5EB008C69488FAFD27C SIZE=934400
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\MPS.dll [Adobe Systems Incorporated] [MPS] MD5=63FFF89A754FC2B2D9DC37320B04547B SIZE=3798016
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\OperaMgr.dll [Adobe Systems Incorporated] [Adobe Opera Manager] MD5=9F721E5F4AC8EE6DF92060902EE0F587 SIZE=73728
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Photodownloader.exe [Adobe Systems Incorporated] [Adobe Photo Downloader] MD5=FD9E1498650668A1808B8010156E344A SIZE=4937640
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Plug-Ins\ASEFormat.8bi MD5=B13A5EBEEDF948B99F4817A7E4750579 SIZE=290816
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Plug-Ins\Cineon.8bi [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=81F9ACB9E9C30B6766CF21B775D51EB2 SIZE=29184
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Plug-Ins\MMXCore.8BX [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=202368DD475ACA1334C2D4E08715FD2A SIZE=245760
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\adobe_personalization.dll [Adobe Systems Incorporated] [Adobe EPIC Personalization] MD5=690C167A2CFCC36372706572932AA2F3 SIZE=346624
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libagli18n28.dll [IBM Corporation and others] [International Components for Unicode] MD5=E110D3350932FD8F193AB3D8A75F51D4 SIZE=671744
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libagluc28.dll [IBM Corporation and others] [International Components for Unicode] MD5=B9460E79EC16BE1416869EB13CE68D2C SIZE=589824
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libmmd.dll [Intel Corporation] [Intel(r) C Compiler, Intel(r) C++ Compiler, Intel(r) Fortran Compiler] MD5=A8E9F6ED6912CE1B03A172DB99CC1823 SIZE=2797660
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libmysqld.dll MD5=6A9DC6FB11A6BF111171AF8FADDC2809 SIZE=2748416
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\ols.dll [Adobe Systems Incorporated] [Adobe Online Services] MD5=EC903FC197E43A61EC1B7B3B3C025584 SIZE=290816
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\pspluginsupport.dll [Adobe Systems Incorporated] [Adobe Photo Downloader 4.0 component] MD5=13C04334BB067006B72A0548795AEE72 SIZE=118784
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\zlib.dll [ZLib.DLL] MD5=038F501695724FF0A44A0129DE8279DE SIZE=618496
%PROGRAMFILES%\Adobe\Adobe Device Central CS3\SCL.dll [Adobe Systems Incorporated] [Adobe SCL] MD5=B0B5EE7E84A3558E56126B63483A56CF SIZE=1410048
%PROGRAMFILES%\Adobe\Adobe Stock Photos CS3\adobe_caps.dll [Adobe Systems Incorporated] [Adobe CAPS] MD5=C4A9FBE8B7D32E29880AE41738166C4B SIZE=220856
%COMMONFILES%\Adobe\Adobe Asset Services CS3\ARE.dll [Adobe Systems Incorporated] [ARE] MD5=8B507D67731B1C6244BD61E0E92621CD SIZE=319160
%COMMONFILES%\Adobe\Adobe Asset Services CS3\AXE8SharedExpat.dll [Adobe Systems Incorporated] [AXE8SharedExpat] MD5=EF6873EF162288CD053C31EFAAF366AD SIZE=167936
%COMMONFILES%\Adobe\Adobe Asset Services CS3\AdobeXMPFiles.dll [Adobe XMP Files] MD5=FD170B371BAD0B3B99FA5B318BE0B599 SIZE=339968
%COMMONFILES%\Adobe\Adobe Asset Services CS3\BIB.dll [Adobe Systems Incorporated] [BIB] MD5=A864913759544CB26093B792206C0894 SIZE=282816
%COMMONFILES%\Adobe\Adobe Asset Services CS3\BIBUtils.dll [Adobe Systems Incorporated] [BIBUtils] MD5=2BD9F80EF217317935D9513320CF9CA6 SIZE=249552
%COMMONFILES%\Adobe\Adobe Asset Services CS3\Plug-Ins\Cineon.8bi [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=81F9ACB9E9C30B6766CF21B775D51EB2 SIZE=29184
%COMMONFILES%\Adobe\Adobe Asset Services CS3\Plug-Ins\FastCore.8BX [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=EA820925DED97BF9EDACD6A0FCBFD05C SIZE=32768
%COMMONFILES%\Adobe\Adobe Asset Services CS3\Plug-Ins\PCX.8BI [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=65CFE9BE2452FC842B8EF107107972FC SIZE=22528
%COMMONFILES%\Adobe\Linguistics\Providers\Plugins\ WRLiloPlugin1.0\NFTWin_MacEnc.dll [Winsoft SA - NeuroSoft SA] [NFTWin_MacEnc.dll Dynamic Link Library] MD5=167FC2C88CB8366C2189E82A70281162 SIZE=221184
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.ar_AE [Adobe Systems Incorporated] [Adobe Updater] MD5=37C241539946B96B1C3C83AE06F43079 SIZE=60608
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.bg_BG [Adobe Systems Incorporated] [Adobe Updater] MD5=9E888FA177852B86278AAC34B8D0FDDF SIZE=64704
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.et_EE [Adobe Systems Incorporated] [Adobe Updater] MD5=8973BF847409AE84191BBE8A24A4B167 SIZE=63168
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.lt_LT [Adobe Systems Incorporated] [Adobe Updater] MD5=310EAE4D478D85DD6FBE0F05F42F2B2B SIZE=63168
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.uk_UA [Adobe Systems Incorporated] [Adobe Updater] MD5=7766741BF52B87D901453EC62AE9EFCF SIZE=63680
%SYSDIR%\pxafs.dll [Sonic Solutions] [PxAFS Dynamic Link Library] MD5=21FE7EFA3039632434953955F3BDB235 SIZE=129784
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9 a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll [Microsoft Corporation] [Microsoft® Visual Studio® 2005] MD5=CB23B162AC655F24C6711A5F5DF348C6 SIZE=61440
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e 18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll [Microsoft Corporation] [Microsoft® Visual Studio® 2005] MD5=1B7524806D0270B81360C63A2FA047CB SIZE=1101824
%SYSDIR%\mfc80.dll [Microsoft Corporation] [Microsoft® Visual Studio® 2005] MD5=0756161AF3826820B3C1F87780711B7E SIZE=1101824
%PROGRAMFILES%\Java\jre1.6.0_07\bin\JdbcOdbc.dll [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=F708430AE09C4102933E24CD6D12780D SIZE=36352
%PROGRAMFILES%\Java\jre1.6.0_07\bin\dcpr.dll [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=D6E7FFCD38ECDFE4BD8DCE29D8D1A654 SIZE=143360
%PROGRAMFILES%\Java\jre1.6.0_07\bin\ioser12.dll [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=5CF15BC4493299F6645DB27B51278D2A SIZE=12800
%PROGRAMFILES%\Java\jre1.6.0_07\bin\javacpl.cpl [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=370716E3CA99E6A4346F272DA56017C1 SIZE=73728
%PROGRAMFILES%\Java\jre1.6.0_07\bin\policytool.exe [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U7] MD5=1C0C6888952D9EC22A7B5C6FAD0E8160 SIZE=25600
%COMMONFILES%\Microsoft Shared\GRPHFLT\CGMIMP32.FLT [Microsoft Corporation] [Microsoft Office 2003] MD5=58270DA621B532BF13652B742163A0CD SIZE=284736
%COMMONFILES%\Microsoft Shared\Smart Tag\FPERSON.DLL [Microsoft Corporation] [Microsoft Office XP] MD5=53879533D9F3B209348B9346DD717E44 SIZE=289336
%PROGRAMFILES%\Microsoft Works\ltkrn13n.dll [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=9F55BFD2C68DDD94F261B4E7A177042B SIZE=468568

End of Report

sorry der text war zu lang.

**Leonixx** · 10.11.2008, 09:25

Zitat Quelle Windows Tweak Forum:
W32/Colevo-A ist ein E-Mail-fähiger Wurm, der sich an MSN-Messenger-Kontakte des betroffenen Anwenders sendet. Die E-Mail hat folgende Merkmale: [/i]

W32/Colevo-A kopiert sich in folgende Dateien:
<Windows>\command.exe
<Windows>\Hot Girl.scr
<Windows>\hotmailpass.exe
<Windows>\Inf.exe
<Windows>\Internet download .exe
<Windows>\Internet File.exe
<Windows>\Part Hard Disk.exe
<Windows>\Shell.exe
<Windows>\system.exe
<Windows>\System32.exe
<Windows>\System64.pif
<Windows>\Temp.exe
<Windows>\All User\Server.exe
<Windows>\system32\command.com
<Windows>\system32\net.com
<Windows>\system32\www.microsoft.com
<Windows>\system32\Inf.exe
<Windows>\menu inicio\programas\inicio\www.microsoft\com
<Recycled>\Evo Morales.scr

W32/Colevo-A nimmt folgende Änderungen an der Registrierung vor:
HKCR\htafile\shell\open\command\(Default)
= "C:\Windows\commands.exe", "%1 %*"
HKCR\exefile\shell\open\command\(Default)
= "C:\Windows\command.exe", "%1 %*"
HKCR\comfile\shell\open\command\(Default)
= "C:\Windows\Inf.exe", "%1 %*"
HKCR\batfile\shell\open\command\(Default)
= "C:\Windows\temp.exe", "%1 %*"
HKCR\piffile\shell\open\command\(Default)
= "C:\Windows\commands.exe", "%1 %*"
HKCR\exefile\NeverShowExt
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \System
= C:\Windows\system.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \1\2\3\4\System
= C:\Windows\temp.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services\System
= C:\Windows\commands.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \System
= C:\Windows\system.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \1\2\3\4\System
= C:\Windows\system.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services\System
= C:\Windows\temp.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce\System
= C:\Windows\system.exe

Die folgenden Zeilen werden an den Beginn von win.ini angehängt:
[windows]
load=archivo.exe
run=archivo.exe
####Viva el EVO, y jamas erradicaran la Coca Cola!!! mentira colla maldito!!
(PYN Pablo_Hack@hotmail.com)####

Folgende Zeilen werden an den Beginn von system.ini angehängt:
[boot]
Shell=explorer.exe temp.exe

Die Datei winstart.bat wird erstellt und enthält die einzige Zeile
"null=c:\windows\system.exe".

W32/Colevo-A läuft als Backdoor-Server im Hintergrund und ermöglicht unbefugten Zugriff auf den Computer des Opfers.
W32/Colevo-A öffnet kontinuierlich den Webbrowser des Benutzers mit einer der folgenden Webseiten:
http://jeremybigwood.net/Bolivia/images/
Bolivia.Sept.2K.000.jpg
http://news.bbc.co.uk/olmedia/775000/images/
_778100_morales150.jpg
http://www.commondreams.org/headline.../100700-01.jpg
http://www.ni.laprensa.com.ni/archiv...io/09/elmundo/
elmundo-20020709-01.jpg
http://www.soc.uu.se/mapuche/indgen/...inal020822.jpg
http://www.cannabisculture.com/libra...mages/uploads/
2409-Evo-morales-speaking.jpg
http://www.chilevive.cl/news/img/evom.jpg
http://membres.lycos.fr/asocamerlat/...s_bolivia2.gif
http://news.bbc.co.uk/media/images/38128000/jpg/
_38128025_020710bolivia300b.jpg

Tue dir selbst einen Gefallen und setze das System neu auf! Alles andere ist nur ein rumgewürge mit Teilbeseitigungen. Du solltest dich einfach vorsichtiger im Netz bewegen, wenn ich bedenke wie oft du schon hier gepostet hast, das dein Rechner infiziert ist. Entweder hast du ein großes Sicherheitsleck oder du lädst zu viel Mist und bewegst dich auf Crackseiten.

Mit den bekannten AV-Proggis ist eine Desinfizierung nicht immer möglich bzw. sinnvoll.

Brain.exe einschalten und dein System bleibt sauber!

Gruss Leonixx

TIPower · 10.11.2008, 14:59

Ich bin halt zu mutig wenn mir jemand sagt die seite sei gefährlich dann gehe ich da erst drauf und versichere mich ob sie gefährlich sei.
Combofix:
ComboFix 08-10-30.12 - Ole 2008-11-10 15:46:42.7 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.781 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Ole\Desktop\ComboFix.exe

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
- REDUZIERTER FUNKTIONALITÄTSMODUS -
.

((((((((((((((((((((((( Dateien erstellt von 2008-10-10 bis 2008-11-10 ))))))))))))))))))))))))))))))
.

2008-11-10 12:26 . 2008-11-10 12:26 <DIR> d-------- C:\Programme\Strata
2008-11-09 20:14 . 2008-11-09 20:14 <DIR> d-------- C:\Programme\Winamp
2008-11-09 20:14 . 2008-11-09 20:16 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Winamp
2008-11-09 09:27 . 2008-11-09 09:27 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Corel
2008-11-09 09:27 . 2008-11-09 09:27 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Corel
2008-11-09 09:27 . 2008-11-10 09:32 88 -r-hs---- C:\WINDOWS\system32\13E00C8982.sys
2008-11-09 09:24 . 2008-11-09 09:25 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Corel
2008-11-09 09:24 . 2008-11-09 09:24 <DIR> d-------- C:\Programme\Corel
2008-11-08 11:45 . 2008-11-08 11:45 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Sports Interactive
2008-11-08 11:43 . 2008-11-08 11:43 <DIR> d--h----- C:\Programme\Zero G Registry
2008-11-08 11:43 . 2008-11-08 11:43 <DIR> d-------- C:\Programme\Sports Interactive
2008-11-08 11:42 . 2008-11-08 11:42 <DIR> d--h----- C:\Dokumente und Einstellungen\Ole\InstallAnywhere
2008-11-08 08:48 . 2008-11-08 08:48 <DIR> d-------- C:\Programme\Empire Interactive
2008-11-07 22:11 . 2008-11-07 22:14 <DIR> d-------- C:\Programme\ICQ6
2008-11-07 22:00 . 2008-11-07 22:00 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\McLoad
2008-11-07 13:45 . 2008-11-07 13:49 <DIR> d-------- C:\Programme\SlySoft
2008-11-07 13:36 . 2008-11-07 13:36 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Thinstall
2008-11-06 16:32 . 2008-11-06 16:33 <DIR> d-------- C:\Programme\RetroShare
2008-11-06 16:32 . 2008-11-06 20:15 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\RetroShare
2008-11-05 20:30 . 2008-11-08 17:35 <DIR> d-------- C:\Programme\Internet Download Manager
2008-11-05 20:30 . 2008-11-05 20:33 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\IDM
2008-11-05 20:30 . 2008-11-10 15:40 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\DMCache
2008-11-04 20:43 . 2008-11-04 20:47 <DIR> d-------- C:\Programme\Cheatbook Database 2008
2008-11-04 14:50 . 2008-11-04 14:50 <DIR> d-------- C:\Programme\iTunes
2008-11-04 14:50 . 2008-11-04 14:50 <DIR> d-------- C:\Programme\iPod
2008-11-04 14:50 . 2008-11-04 14:50 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA6 4CB79BCF6}
2008-11-04 14:50 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-11-04 14:50 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-11-02 22:12 . 2008-11-04 14:17 <DIR> d-------- C:\Programme\IcoFX 1.6
2008-11-02 22:12 . 2008-11-02 22:13 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\IcoFX
2008-11-02 21:35 . 2008-11-02 21:38 <DIR> d-------- C:\Programme\Carom3D
2008-11-02 21:23 . 2007-02-05 13:11 139,264 --a------ C:\WINDOWS\NeoUninstall.exe
2008-11-02 21:23 . 2008-11-02 21:35 26 --a------ C:\WINDOWS\neosetup.INI
2008-11-01 11:29 . 2008-11-10 15:03 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\dvdcss
2008-11-01 10:00 . 2008-11-01 11:29 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\vlc
2008-10-31 16:39 . 2008-10-31 16:39 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_010 05.Wdf
2008-10-30 20:35 . 2008-11-08 20:15 <DIR> d-------- C:\Programme\Quick Batch File Compiler
2008-10-30 15:34 . 2008-10-30 15:41 <DIR> d--h----- C:\WINDOWS\Icons
2008-10-30 14:54 . 2008-10-30 16:11 2,287,616 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-10-29 21:06 . 2008-10-29 21:06 <DIR> d-------- C:\Programme\Apple Software Update
2008-10-29 21:03 . 2008-10-29 21:07 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\.SunDownloadManager
2008-10-29 20:55 . 2008-10-29 20:55 <DIR> d-------- C:\Programme\Secunia
2008-10-29 20:50 . 2008-10-29 20:50 <DIR> d-------- C:\Programme\Crawler
2008-10-29 20:50 . 2008-11-09 21:42 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
2008-10-29 20:50 . 2008-10-29 20:50 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-10-29 20:49 . 2008-11-09 21:43 <DIR> d-------- C:\Programme\Spyware Terminator
2008-10-29 20:49 . 2008-11-09 21:43 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Spyware Terminator
2008-10-29 20:14 . 2008-10-29 20:14 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Ubisoft
2008-10-29 20:13 . 2008-10-29 20:13 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
2008-10-29 17:07 . 2008-10-29 17:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\735B
2008-10-28 11:46 . 2008-09-12 11:44 206,256 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-10-27 09:04 . 2008-10-27 09:04 7,808 --a------ C:\WINDOWS\system32\drivers\psi_mf.sys
2008-10-26 19:50 . 2008-10-26 19:50 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\16261
2008-10-25 17:53 . 2008-11-03 21:32 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-25 17:52 . 2008-11-03 21:32 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-10-25 17:52 . 2008-10-25 17:55 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-10-25 17:52 . 2008-10-25 17:52 22,328 --a------ C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\PnkBstrK.sys
2008-10-25 17:42 . 2008-10-25 17:42 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-10-24 20:33 . 2008-10-25 15:38 <DIR> d-------- C:\Programme\HyperSnap 6
2008-10-24 18:23 . 2008-01-18 23:36 1,391,616 --a------ C:\WINDOWS\system32\ActPDF.dll
2008-10-24 18:23 . 2008-07-12 08:49 884,736 --a------ C:\WINDOWS\system32\SaveTo.dll
2008-10-24 18:23 . 2007-09-10 10:32 524,288 --a------ C:\WINDOWS\system32\PrtPass.exe
2008-10-24 12:19 . 2008-10-24 12:19 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Windows Search
2008-10-24 12:09 . 2008-10-24 12:09 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-10-24 12:09 . 2008-10-24 19:56 <DIR> d-------- C:\Programme\Windows Desktop Search
2008-10-24 12:08 . 2008-03-07 18:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-10-24 12:08 . 2008-03-07 18:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-10-24 12:08 . 2008-03-07 18:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-10-24 12:06 . 2008-10-15 17:35 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 13:23 . 2008-10-22 13:23 <DIR> d-------- C:\Programme\Windows Installer Clean Up
2008-10-22 13:23 . 2008-10-22 13:23 <DIR> d-------- C:\Programme\MSECACHE
2008-10-21 19:23 . 2008-11-10 15:40 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\apm
2008-10-21 19:21 . 2008-11-08 15:29 <DIR> d-------- C:\Programme\abylonsoft
2008-10-21 19:21 . 2008-10-21 19:22 49,200 --------- C:\WINDOWS\system32\drivers\APMDrive.sys
2008-10-21 19:21 . 2008-10-21 19:22 187 --a------ C:\WINDOWS\APMPReg.ini
2008-10-21 14:03 . 2008-10-21 14:03 142,096 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-10-20 16:43 . 2008-10-25 23:02 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Auslogics
2008-10-20 16:35 . 2008-10-20 16:35 <DIR> d-------- C:\Programme\Auslogics
2008-10-20 15:58 . 2008-10-24 19:59 <DIR> d-------- C:\Programme\Tastenteufel
2008-10-20 15:56 . 2006-06-29 12:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-10-19 07:17 . 2008-11-01 10:37 <DIR> d-------- C:\Programme\Vuze
2008-10-18 11:16 . 2008-10-18 11:16 <DIR> d-------- C:\Dokumente und Einstellungen\NetworkService\Eigene Dateien
2008-10-17 21:28 . 2008-10-20 17:25 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\uTorrent
2008-10-17 17:21 . 2008-10-20 16:48 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\MailWasherPro
2008-10-16 17:27 . 2008-10-16 17:27 <DIR> d-------- C:\Dokumente und Einstellungen\NeroMediaHomeUser.4\Anwendungsdaten\ Nero
2008-10-16 17:18 . 2005-02-06 17:05 <DIR> d-------- C:\Dokumente und Einstellungen\NeroMediaHomeUser.4\WINDOWS
2008-10-16 17:18 . 2005-01-26 21:08 <DIR> d--h----- C:\Dokumente und Einstellungen\NeroMediaHomeUser.4\Vorlagen
2008-10-16 17:18 . 2005-01-27 17:39 <DIR> d---s---- C:\Dokumente und Einstellungen\NeroMediaHomeUser.4\UserData
2008-10-16 17:18 . 2005-01-26 21:05 <DIR> dr------- C:\Dokumente und Einstellungen\NeroMediaHomeUser.4\Startmenü
2008-10-16 17:18 . 2005-01-26 21:05 <DIR> d--h----- C:\Dokumente und Einstellungen\NeroMediaHomeUser.4\Netzwerkumgebung
2008-10-16 17:18 . 2008-11-10 15:46 <DIR> d--h----- C:\Dokumente und Einstellungen\NeroMediaHomeUser.4\Lokale Einstellungen
2008-10-16 17:18 . 2005-02-15 02:07 <DIR> dr------- C:\Dokumente und Einstellungen\NeroMediaHomeUser.4\Favoriten
2008-10-16 17:18 . 2005-02-15 02:13 <DIR> dr------- C:\Dokumente und Einstellungen\NeroMediaHomeUser.4\Eigene Dateien
2008-10-16 17:18 . 2005-01-26 21:05 <DIR> d--h----- C:\Dokumente und Einstellungen\NeroMediaHomeUser.4\Druckumgebung
2008-10-16 17:18 . 2005-02-06 14:35 <DIR> d-------- C:\Dokumente und Einstellungen\NeroMediaHomeUser.4\Anwendungsdaten\ You've Got Pictures Screensaver
2008-10-16 17:18 . 2005-02-16 23:02 <DIR> d-------- C:\Dokumente und Einstellungen\NeroMediaHomeUser.4\Anwendungsdaten\ CyberLink
2008-10-16 17:18 . 2008-07-18 12:55 <DIR> d-------- C:\Dokumente und Einstellungen\NeroMediaHomeUser.4\Anwendungsdaten\ Apple Computer
2008-10-16 17:18 . 2008-05-19 14:40 <DIR> d-------- C:\Dokumente und Einstellungen\NeroMediaHomeUser.4\Anwendungsdaten\ AOL
2008-10-16 17:18 . 2008-10-16 17:27 <DIR> dr-h----- C:\Dokumente und Einstellungen\NeroMediaHomeUser.4\Anwendungsdaten
2008-10-16 17:18 . 2008-10-20 17:29 <DIR> d-------- C:\Dokumente und Einstellungen\NeroMediaHomeUser.4
2008-10-16 16:36 . 2008-10-16 16:37 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Nero
2008-10-16 16:19 . 2008-10-16 16:19 4,757 --a------ C:\WINDOWS\Irremote.ini
2008-10-16 16:16 . 2008-10-16 16:16 <DIR> d-------- C:\Programme\Windows Sidebar
2008-10-16 15:59 . 2008-10-16 17:09 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nero
2008-10-16 15:59 . 2008-10-16 16:10 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2008-10-16 13:55 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 13:53 . 2008-08-14 14:19 2,191,488 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 13:53 . 2008-08-14 14:19 2,147,840 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 13:53 . 2008-08-14 14:19 2,068,352 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 13:53 . 2008-08-14 14:19 2,026,496 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 13:53 . 2008-09-15 16:24 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 19:54 . 2008-10-15 19:54 96,640 --a------ C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\GDIPFONTCACHEV1. DAT
2008-10-15 13:56 . 2008-10-15 13:56 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\ESET
2008-10-15 13:55 . 2008-10-15 13:55 <DIR> d-------- C:\Programme\ESET
2008-10-15 13:55 . 2008-10-15 13:55 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET
2008-10-12 11:27 . 2008-11-05 19:22 <DIR> d-------- C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\teamspeak2
2008-10-12 11:27 . 2008-10-12 11:27 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-10-12 11:25 . 2008-10-24 19:59 <DIR> d-------- C:\Programme\Teamspeak2_RC2
2008-10-11 08:01 . 2008-11-08 15:16 <DIR> d-------- C:\Programme\phase5
2008-10-11 08:01 . 2008-10-11 08:01 <DIR> d-------- C:\Programme\FileZilla FTP Client

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))) ))))
.
2008-11-10 14:40 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-11-10 14:06 --------- d-----w C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\ICQ
2008-11-10 11:35 14,186 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-11-10 11:26 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-11-09 20:25 --------- d-----w C:\Programme\Mozilla Firefox 3 Beta 5
2008-11-09 20:16 --------- d-----w C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\FileZilla
2008-11-07 21:13 --------- d-----w C:\Programme\ICQ6Toolbar
2008-11-07 21:08 --------- d-----w C:\Programme\ICQLite
2008-11-03 15:05 --------- d-----w C:\Programme\McAfee
2008-11-01 09:36 --------- d-----w C:\Programme\Mozilla Thunderbird
2008-10-29 20:10 --------- d-----w C:\Programme\Bonjour
2008-10-29 20:08 --------- d-----w C:\Programme\QuickTime
2008-10-29 20:08 --------- d-----w C:\Programme\Gemeinsame Dateien\Apple
2008-10-29 19:57 --------- d-----w C:\Programme\CCleaner
2008-10-29 06:22 --------- d-----w C:\Programme\ScanWizard 5
2008-10-25 08:39 956 ----a-w C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\wklnhst.dat
2008-10-23 19:33 --------- d-----w C:\Programme\Malwarebytes' Anti-Malware
2008-10-22 14:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 14:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-10-21 12:49 --------- d-----w C:\Programme\Microsoft Silverlight
2008-10-18 14:58 --------- d-----w C:\Programme\BitComet
2008-10-16 16:18 --------- d-----w C:\Programme\Nero
2008-10-15 19:30 --------- d-----w C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\MAGIX
2008-10-15 19:29 --------- d-----w C:\Programme\MAGIX
2008-10-15 19:29 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
2008-10-15 12:28 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-10-10 11:24 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton
2008-10-10 11:23 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-10-02 18:45 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2008-09-29 10:31 --------- d-----w C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\SPORE
2008-09-29 08:25 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-09-28 18:30 --------- d-----w C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Atari
2008-09-25 17:04 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller
2008-09-25 13:59 --------- d-----w C:\Programme\coolspot AG
2008-09-20 17:59 --------- d-----w C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2008-09-20 15:39 3,532 ----a-w C:\drmHeader.bin
2008-09-15 15:24 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 13:37 361,728 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-15 13:37 --------- d-----w C:\Programme\TuneUp Utilities 2008
2008-09-15 13:36 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-09-14 14:38 --------- d-----w C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Sunbelt
2008-09-14 14:37 --------- d-----w C:\Programme\Sunbelt Software
2008-09-14 14:37 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sunbelt
2008-09-14 07:33 --------- d-----w C:\Programme\Hasbro
2008-09-13 17:12 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-12 18:04 --------- d-----w C:\Programme\DVDVideoSoft
2008-09-11 15:27 --------- d-----w C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\DivX
2008-09-11 12:48 --------- d-----w C:\Programme\DivX
2008-09-10 17:45 --------- d-----w C:\Programme\Gemeinsame Dateien\McAfee
2008-09-10 17:45 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SiteAdvisor
2008-09-10 17:45 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
2008-09-10 14:04 --------- d-----w C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\TuneUp Software
2008-09-10 14:04 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2008-08-29 09:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 08:53 65,536 ----a-w C:\WINDOWS\system32\jdns_sd.dll
2008-08-29 08:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-26 17:07 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-26 07:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:19 2,147,840 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:19 2,026,496 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-01 15:00 1 ----a-w C:\Dokumente und Einstellungen\Ole\SI.bin
2008-07-16 10:51 56 --sh--r C:\WINDOWS\system32\3CF9367163.sys
2005-02-06 13:08 8 --sh--r C:\WINDOWS\system32\D5D86239B1.sys
2008-05-30 11:51 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist0120080519 20080526\index.dat
2008-05-30 11:51 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist0120080530 20080531\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-01_11.12.12,35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-29 19:12:35 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVid eoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft. DirectX.AudioVideoPlayback.dll
+ 2008-11-08 07:59:56 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVid eoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft. DirectX.AudioVideoPlayback.dll
- 2008-10-29 19:12:36 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnost ics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .Diagnostics.dll
+ 2008-11-08 07:59:56 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnost ics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .Diagnostics.dll
- 2008-10-29 19:12:36 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D \1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Di rect3D.dll
+ 2008-11-08 07:59:56 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D \1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Di rect3D.dll
- 2008-10-29 19:12:26 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2008-11-08 07:59:49 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-10-29 19:12:28 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2008-11-08 07:59:51 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-10-29 19:12:29 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2008-11-08 07:59:52 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-10-29 19:12:29 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2008-11-08 07:59:52 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-10-29 19:12:30 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2008-11-08 07:59:53 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-10-29 19:12:31 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2008-11-08 07:59:53 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-10-29 19:12:31 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2008-11-08 07:59:54 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-10-29 19:12:32 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2008-11-08 07:59:54 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-10-29 19:12:33 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2008-11-08 07:59:54 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-10-29 19:12:36 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2008-11-08 07:59:56 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-10-29 19:12:37 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDr aw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectDraw.dll
+ 2008-11-08 07:59:57 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDr aw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectDraw.dll
- 2008-10-29 19:12:37 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectIn put\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectInput.dll
+ 2008-11-08 07:59:57 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectIn put\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectInput.dll
- 2008-10-29 19:12:37 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPl ay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectPlay.dll
+ 2008-11-08 07:59:57 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPl ay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectPlay.dll
- 2008-10-29 19:12:37 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSo und\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectSound.dll
+ 2008-11-08 07:59:57 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSo und\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectSound.dll
- 2008-10-29 19:12:34 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902 .0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-11-08 07:59:55 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902 .0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-11-09 08:25:16 394,534 ----a-r C:\WINDOWS\Installer\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}\ARPPRODUCTICON.exe
+ 2008-11-09 08:25:16 22,486 ----a-r C:\WINDOWS\Installer\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}\NewShortcut1.73D5A293_D496_4B44_B535 _AA8F98088895.exe
+ 2008-11-04 13:50:58 102,400 ----a-r C:\WINDOWS\Installer\{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}\iTunesIco.exe
+ 2008-11-07 12:49:27 15,360 ----a-w C:\WINDOWS\system32\BASSMOD.dll
- 2008-03-05 13:56:58 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
+ 2008-03-05 14:56:58 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
- 2008-02-05 21:07:36 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
+ 2008-02-05 22:07:36 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
- 2008-03-05 13:56:58 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
+ 2008-03-05 14:56:58 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
+ 2005-05-03 15:34:02 27,392 ----a-w C:\WINDOWS\system32\drivers\ElbyCDFL.sys
+ 2005-04-21 11:40:36 10,624 ----a-w C:\WINDOWS\system32\drivers\ElbyCDIO.sys
+ 2008-04-17 12:12:54 107,368 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B63 81F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 12:12:54 15,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B63 81F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-10-01 12:01:28 32,000 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_246F92BBD6449 C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
+ 2005-04-21 13:45:35 69,632 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll

TIPower · 10.11.2008, 15:03

+ 2007-08-28 11:00:00 1,101,824 ----a-w C:\WINDOWS\system32\mfc80.dll
+ 2007-08-28 11:00:00 548,864 ----a-w C:\WINDOWS\system32\msvcp80.dll
+ 2007-08-28 11:00:00 626,688 ----a-w C:\WINDOWS\system32\msvcr80.dll
+ 2007-06-05 12:20:30 1,459,752 ----a-w C:\WINDOWS\system32\PSIKey.dll
+ 2007-06-05 12:20:32 177,704 ----a-w C:\WINDOWS\system32\PSIService.exe
- 2008-03-05 14:00:06 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
+ 2008-03-05 15:00:06 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
- 2008-03-05 14:03:20 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
+ 2008-03-05 15:03:20 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
- 2008-03-05 14:03:54 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
+ 2008-03-05 15:03:54 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
- 2007-11-06 23:19:32 161,784 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2007-11-07 00:19:32 161,784 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
- 2007-11-06 18:23:58 224,768 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-06 19:23:58 224,768 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
- 2007-11-06 23:19:34 568,832 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 00:19:34 568,832 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
- 2007-11-06 23:19:34 655,872 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 00:19:34 655,872 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
- 2007-11-06 23:19:38 1,156,600 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
+ 2007-11-07 00:19:38 1,156,600 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
- 2007-11-06 23:19:38 1,162,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
+ 2007-11-07 00:19:38 1,162,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
- 2007-11-06 20:51:08 59,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
+ 2007-11-06 21:51:08 59,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
- 2007-11-06 20:51:08 59,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
+ 2007-11-06 21:51:08 59,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
- 2007-11-06 23:19:16 41,472 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
+ 2007-11-07 00:19:16 41,472 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
- 2007-11-06 23:19:16 41,984 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
+ 2007-11-07 00:19:16 41,984 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
- 2007-11-06 23:19:28 60,928 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
+ 2007-11-07 00:19:28 60,928 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
- 2007-11-06 23:19:22 54,272 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
+ 2007-11-07 00:19:22 54,272 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
- 2007-11-06 23:19:22 59,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
+ 2007-11-07 00:19:22 59,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
- 2007-11-06 23:19:22 59,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
+ 2007-11-07 00:19:22 59,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
- 2007-11-06 23:19:28 60,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
+ 2007-11-07 00:19:28 60,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
- 2007-11-06 23:19:28 59,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
+ 2007-11-07 00:19:28 59,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
- 2007-11-06 23:19:16 47,104 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
+ 2007-11-07 00:19:16 47,104 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
- 2007-11-06 23:19:16 46,592 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
+ 2007-11-07 00:19:16 46,592 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
- 2007-11-06 23:19:22 54,272 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 00:19:22 54,272 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3 b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"AlcoholAutomount"="C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-08 4608]
"WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"IDMan"="C:\Programme\Internet Download Manager\IDMan.exe" [2008-11-05 2606512]
"RetroRun"="C:\Programme\RetroShare\RetroShare.exe " [2008-06-19 17383424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 344064]
"Keyboard Status"="C:\PROGRA~1\Medion\KeyStat\KeyStat.exe" [2005-01-25 411648]
"EPSON Stylus D88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIABE.EXE" [2005-01-27 98304]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2005-02-06 180269]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_0 7\bin\jusched.exe" [2008-06-10 144784]
"RemoteControl"="C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCMService"="C:\Programme\Home Cinema\PowerCinema\PCMService.exe" [2005-02-17 118926]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 155648]
"egui"="C:\Programme\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"TrayServer"="C:\Programme\MAGIX\Video_deluxe_15_D ownload-Version\TrayServer.exe" [2008-08-07 90112]
"NBKeyScan"="C:\Programme\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.e xe" [2008-10-01 289576]
"CloneCDTray"="C:\Programme\SlySoft\CloneCD\CloneC DTray.exe" [2005-05-19 57344]
"WinampAgent"="C:\Programme\Winamp\winampa.exe " [2008-07-09 36352]
"Corel Photo Downloader"="C:\Programme\Gemeinsame Dateien\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"Dit"="Dit.exe" [2004-07-20 C:\WINDOWS\Dit.exe]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAudPropShortcut.exe" [2004-03-17 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Dokumente und Einstellungen\Ole\Startmen\Programme\Autostart\
abylon MANAGER.lnk - C:\Programme\abylonsoft\apmPro\APMPMgr.EXE [2008-10-21 1570128]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
abylonsoft Module aktivieren.lnk - C:\Programme\abylonsoft\apmPro\APMPSetup.EXE [2008-10-21 1176912]
BlueSoleil.lnk - C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-01-27 1048576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll
"MSVideo"= CSvidcap.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%WinDir%\\system32\\fxsclnt.exe"=
"%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programme\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\Programme\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"F:\\CoD4MW\\iw3mp.exe"=
"F:\\Assassins Creed\\AssassinsCreed_Dx9.exe"=
"F:\\Assassins Creed\\AssassinsCreed_Dx10.exe"=
"F:\\Assassins Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"C:\\Programme\\Sports Interactive\\Football Manager 2008\\fm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"24848:TCP"= 24848:TCP:BitComet 24848 TCP
"24848:UDP"= 24848:UDP:BitComet 24848 UDP
"7689:TCP"= 7689:TCP:BitComet 7689 TCP
"7689:UDP"= 7689:UDP:BitComet 7689 UDP
"8446:TCP"= 8446:TCP:BitComet 8446 TCP
"8446:UDP"= 8446:UDP:BitComet 8446 UDP

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 35328]
S1 APMDRIVE;APMPDRIVE DRIVER;C:\WINDOWS\system32\drivers\APMDrive.sys [2008-10-21 49200]
S2 apmctrl;apm - control service;C:\Programme\abylonsoft\apmPro\APMPCtrlSer .exe [2008-10-16 231760]
S2 ICQ Service;ICQ Service;C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Programme\McAfee\SiteAdvisor\McSACore.e xe [2008-10-08 203280]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
S2 NeroMediaHomeService.4;Nero MediaHome 4 Service;C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe [2008-10-01 427304]
S2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-02-09 666368]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-11-10 17408]
S3 cdrmkaun;cdrmkaun;C:\DOKUME~1\Ole\LOKALE~1\Temp\cd rmkaun.sys [ ]
S3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Programme\MAGIX\Common\Database\bin\fb server.exe [2005-11-17 1527900]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-26 13352]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [ ]
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-10-27 7808]
S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys [ ]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-15 361728]
S3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 19928]
S3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [ ]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC168798-9F22-AEC7-E80E-FEFCBB7080C3}]
C:\WINDOWS\svchost.exe
.
Inhalt des "geplante Tasks" Ordners

2008-11-10 C:\WINDOWS\Tasks\1-Klick-Wartung.job
- C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-21 17:47]

2008-11-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - C:\Dokumente und Einstellungen\Ole\Anwendungsdaten\Mozilla\Firefox\ Profiles\mk6ekwy7.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.schÃ¼lervz.de/
FF -: plugin - C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Programme\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - C:\Programme\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Programme\Mozilla Firefox 3 Beta 5\plugins\np32dsw.dll
FF -: plugin - C:\Programme\Mozilla Firefox 3 Beta 5\plugins\npBitCometAgent.dll
FF -: plugin - C:\Programme\Mozilla Firefox 3 Beta 5\plugins\npdivx32.dll
FF -: plugin - C:\Programme\Mozilla Firefox 3 Beta 5\plugins\npDivxPlayerPlugin.dll
FF -: plugin - C:\Programme\Mozilla Firefox 3 Beta 5\plugins\npLegitCheckPlugin.dll
FF -: plugin - C:\Programme\Mozilla Firefox 3 Beta 5\plugins\npnul32.dll
FF -: plugin - C:\Programme\Mozilla Firefox 3 Beta 5\plugins\nppdf32.dll
FF -: plugin - C:\Programme\Mozilla Firefox 3 Beta 5\plugins\npqtplugin.dll
FF -: plugin - C:\Programme\Mozilla Firefox 3 Beta 5\plugins\npqtplugin2.dll
FF -: plugin - C:\Programme\Mozilla Firefox 3 Beta 5\plugins\npqtplugin3.dll
FF -: plugin - C:\Programme\Mozilla Firefox 3 Beta 5\plugins\npqtplugin4.dll
FF -: plugin - C:\Programme\Mozilla Firefox 3 Beta 5\plugins\npqtplugin5.dll
FF -: plugin - C:\Programme\Mozilla Firefox 3 Beta 5\plugins\npqtplugin6.dll
FF -: plugin - C:\Programme\Mozilla Firefox 3 Beta 5\plugins\npqtplugin7.dll
FF -: plugin - C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - F:\Opera 9.5\program\plugins\npdsplay.dll
FF -: plugin - F:\Opera 9.5\program\plugins\npqtplugin.dll
FF -: plugin - F:\Opera 9.5\program\plugins\npqtplugin2.dll
FF -: plugin - F:\Opera 9.5\program\plugins\npqtplugin3.dll
FF -: plugin - F:\Opera 9.5\program\plugins\npqtplugin4.dll
FF -: plugin - F:\Opera 9.5\program\plugins\npqtplugin5.dll
FF -: plugin - F:\Opera 9.5\program\plugins\npqtplugin6.dll
FF -: plugin - F:\Opera 9.5\program\plugins\npqtplugin7.dll
FF -: plugin - F:\Opera 9.5\program\plugins\NPSWF32.dll
FF -: plugin - F:\Opera 9.5\program\plugins\npwmsdrm.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 15:47:52
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

************************************************** ************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

Prozess: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
Zeit der Fertigstellung: 2008-11-10 15:53:39
ComboFix-quarantined-files.txt 2008-11-10 14:53:35
ComboFix2.txt 2008-11-01 10:12:54
ComboFix3.txt 2008-10-31 15:00:40
ComboFix4.txt 2008-10-13 13:29:40

Vor Suchlauf: 16 Verzeichnis(se), 14,704,185,344 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 14,706,626,560 Bytes frei

471 --- E O F --- 2008-10-21 12:39:02

**stockcarpilot** · 10.11.2008, 20:37

Hallo TIPower

Mir ist auch aufgefallen, das du oft Probleme hast. Hast du denn schon mal das Programm Sandboxie ausprobiert?. Habe es seit mehreren Monaten Installiert und bin ganz zufrieden.
Das Programm ist aber trotzdem kein Freifahrt Schein.

Gruß stockcarpilot

TIPower · 11.11.2008, 13:41

Ich habe das schon drauf gehabt , aber das war nach 10 Tagen nervig dann musste ich immer warten weil da immer werbung von kaufen kam.

Also habe ich von www.computerguard.de

**stockcarpilot** · 11.11.2008, 17:38

Hallo

Wenn ich surfe benutze ich den Firefox. Auf Seiten die vielleicht nicht "ganz ungefährlich sind" Sandboxie.
Mich nervt auch ein wenig die 10 sek. Wartezeit. Aber da ich ihn nicht so oft benutze kann ich es verschmerzen.

Gruß stockcarpilot

Sie betrachten gerade: PRJ Downloader