| |
| |||||||
Log-Analyse und Auswertung: Internet sehr langsam, "System Tool", und andere Plagegeister, PC = SchneckeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.02.2011, 22:32
| #1 |
 |  Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke /// Upps falsches Unterforum, bitte dicht machen. Hallo, ich habe neulich mit MSCONFIG einige Autostarts bearbeitet, danach öffnete sich das Programm "Systemtool". Ich bin nach der Chip Anleitung vorgegangen, und konnte so einen Autostart des Programms verhindern und habe die .exe gelöscht. Allerdings ist mein Ping sehr hoch und die Zeit zum Aufbau einer Website deutlich langsamer (Ich hänge mit einem Netzwerkkabel alleine an einem Router - DSL ist schnell genug, daran liegt es nicht). HiJackThis spuckt folgendes aus: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:31:59, on 22.02.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16722) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\Program Files\ICQ6\ICQ6.5\ICQ.exe C:\Users\Julian\Downloads\HiJackThis204.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\Pokerstars\PokerStarsUpdate.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ6.5\ICQ.exe O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} (System Requirements Lab) - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_test.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 4362 bytes Geändert von TrjPferd (22.02.2011 um 22:55 Uhr) |
|
23.02.2011, 11:38
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html
__________________ |
|
23.02.2011, 12:36
| #3 |
| | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke Hallo,
__________________so habe jetzt mal alle Schritte der Anleitung befolgt, MBAM funktioniert nicht, es wird die neuste Version verlangt?! Außerdem ist die Seite hier sehr langsam, ich bin mir nie sicher ob ich den Beitrag abgeschickt habe oder nicht?! OTL Code:
ATTFilter OTL logfile created on: 23.02.2011 12:29:07 - Run 2 OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Julian\Desktop\MFTools Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Programme Drive C: | 148,95 Gb Total Space | 35,89 Gb Free Space | 24,10% Space Free | Partition Type: NTFS Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.02.23 11:50:11 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\MFTools\OTL.exe PRC - [2011.01.10 14:23:04 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.01.10 14:22:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.01.05 22:23:48 | 000,222,568 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010.07.09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:28 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe ========== Modules (SafeList) ========== MOD - [2011.02.23 11:50:11 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\MFTools\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2010.05.05 07:46:55 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll MOD - [2009.07.14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2009.07.14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2009.07.14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009.07.14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll MOD - [2009.07.14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll MOD - [2009.07.14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009.07.14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009.07.14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009.07.14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009.07.14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll ========== Win32 Services (SafeList) ========== SRV - [2011.01.10 14:23:04 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.01.10 14:22:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.01.05 22:23:48 | 000,222,568 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2011.01.05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.12.06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.11.02 05:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2010.07.09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) ========== Driver Services (SafeList) ========== DRV - [2011.01.10 14:23:16 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.01.05 22:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.11.18 20:27:32 | 000,311,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hjidhp.sys -- (hjidhp) DRV - [2010.07.09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.04.27 03:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm) DRV - [2010.04.27 03:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) DRV - [2010.04.27 03:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl) DRV - [2010.02.26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.02.26 13:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.02.26 13:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2010.02.17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.11.25 17:00:17 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.11.18 10:09:52 | 000,376,832 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2009.11.15 14:19:18 | 000,281,504 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.11.15 14:19:17 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.10.07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC) DRV - [2009.10.07 09:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009.10.07 09:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2009.08.22 19:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32) DRV - [2009.08.13 22:09:58 | 000,060,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21) DRV - [2009.08.06 22:39:28 | 000,167,936 | ---- | M] (D-Link corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DLKRT32.sys -- (DLKRT32) DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:45:42 | 000,465,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc) DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM) DRV - [2009.07.13 23:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.05.04 17:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006.09.24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 D8 C8 DB F8 65 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://web.de/" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.6 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.02.20 14:18:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.02.17 20:36:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.02.20 14:18:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.02.17 20:36:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.02.20 14:18:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.02.17 20:36:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.02.20 14:18:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.02.17 20:36:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.02.20 14:18:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.02.17 20:36:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.02.20 14:18:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.02.17 20:36:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.02.20 14:18:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.02.17 20:36:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.02.20 14:18:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.02.17 20:36:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.02.20 14:18:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.02.17 20:36:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.02.20 14:18:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.02.17 20:36:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.02.20 14:18:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.02.17 20:36:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.02.20 14:18:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.02.17 20:36:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.02.20 14:18:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.02.17 20:36:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.02.20 14:18:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.02.17 20:36:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.02.20 14:18:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.02.17 20:36:30 | 000,000,000 | ---D | M] [2009.11.15 12:31:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions [2011.02.22 19:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\2ef4xmbb.default\extensions [2010.04.14 19:31:02 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\2ef4xmbb.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe} [2010.07.24 12:55:00 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\2ef4xmbb.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.05.28 16:21:20 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\2ef4xmbb.default\extensions\battlefieldheroespatcher@ea.com [2011.02.22 19:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\mozilla firefox\extensions [2009.11.22 18:47:21 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2010.12.12 10:08:51 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.12 10:08:51 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010.12.12 10:08:51 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.12 10:08:51 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.12 10:08:51 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.28 16:27:22 | 000,000,698 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe () O4 - HKCU..\Run: [Netreal] C:\Users\Julian\AppData\Roaming\Wmidep\monadv.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - File not found O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class) O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_test.cab (System Requirements Lab Class) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2010.02.10 07:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ] O32 - AutoRun File - [2010.01.31 09:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2010.02.10 03:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ] O32 - AutoRun File - [2010.02.10 03:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Setup-Assistent.lnk - C:\Programme\NETGEAR\WG111v3\WG111v3.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ6\ICQ6.5\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Programme\Samsung\Kies\KiesHelper.exe (Samsung) MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RivaTunerStartupDaemon - hkey= - key= - C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe () MsConfig - StartUpReg: ROUTE66Sync - hkey= - key= - C:\Programme\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe (ROUTE 66) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: Steam - hkey= - key= - C:\Programme\Steam\Steam.exe (Valve Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 ========== Files/Folders - Created Within 30 Days ========== [2011.02.23 11:51:34 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Malwarebytes [2011.02.23 11:51:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.02.23 11:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.23 11:51:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.02.23 11:50:06 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\MFTools [2011.02.22 22:57:23 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Wmidep [2011.02.20 15:50:16 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Avira [2011.02.20 15:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.02.20 15:21:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.02.20 15:21:28 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.02.20 15:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.02.19 14:44:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2011.02.17 20:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.02.17 20:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.02.16 14:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead [2011.02.14 20:52:52 | 000,406,528 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll [2011.02.14 20:52:52 | 000,338,432 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\REX Shared Library.dll [2011.02.14 20:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Propellerhead Software [2011.02.14 20:52:37 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Propellerhead Software [2011.02.14 19:23:12 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Ableton [2011.02.14 19:23:12 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Ableton [2011.02.14 19:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton [2011.02.14 19:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton [2011.02.11 10:12:06 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Unity [2011.02.11 10:01:51 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Unity [2011.02.08 17:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.02.08 17:42:01 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Google [2011.02.06 12:38:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32 [2011.01.29 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\EA Games [2011.01.29 16:31:47 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\EA Games [2011.01.29 16:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield ========== Files - Modified Within 30 Days ========== [2011.02.23 12:05:05 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.23 12:05:05 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.23 11:57:44 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.23 11:57:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2011.02.23 11:57:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.23 11:57:25 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys [2011.02.23 11:56:33 | 000,000,020 | ---- | M] () -- C:\Users\Julian\defogger_reenable [2011.02.23 11:51:25 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.23 11:50:24 | 000,296,448 | ---- | M] () -- C:\Users\Julian\Desktop\g2m3e4r.exe [2011.02.23 11:50:22 | 000,050,477 | ---- | M] () -- C:\Users\Julian\Desktop\defogger.exe [2011.02.23 11:47:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.22 19:36:51 | 000,138,416 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.02.22 19:36:43 | 000,270,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.02.22 19:34:03 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2011.02.21 21:44:04 | 000,015,110 | ---- | M] () -- C:\Users\Julian\Documents\Englisch.odt [2011.02.20 17:59:26 | 000,696,832 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.20 17:59:26 | 000,652,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.20 17:59:26 | 000,148,128 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.20 17:59:26 | 000,121,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.20 15:21:38 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.02.17 20:38:13 | 000,001,693 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.02.17 16:40:16 | 000,113,234 | ---- | M] () -- C:\Users\Julian\Documents\Dokument 1.rns [2011.02.16 14:34:44 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Reason.lnk [2011.02.14 20:52:52 | 000,406,528 | ---- | M] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll [2011.02.14 20:52:52 | 000,338,432 | ---- | M] (Propellerhead Software AB) -- C:\Windows\System32\REX Shared Library.dll [2011.02.10 19:14:14 | 000,283,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.09 20:03:49 | 000,021,318 | ---- | M] () -- C:\Users\Julian\Documents\Porsche.odt [2011.02.02 20:47:13 | 000,292,704 | ---- | M] () -- C:\Users\Julian\Desktop\Deal no problem.png [2011.01.30 21:00:03 | 000,058,824 | ---- | M] () -- C:\Users\Julian\Documents\INTERNETMARKE.pdf [2011.01.27 18:11:08 | 000,279,555 | ---- | M] () -- C:\Users\Julian\Desktop\DSC05899.jpg [2011.01.25 16:59:24 | 000,001,693 | ---- | M] () -- C:\Users\Julian\Desktop\Tunatic.lnk ========== Files Created - No Company Name ========== [2011.02.23 11:56:18 | 000,000,020 | ---- | C] () -- C:\Users\Julian\defogger_reenable [2011.02.23 11:51:25 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.23 11:50:23 | 000,296,448 | ---- | C] () -- C:\Users\Julian\Desktop\g2m3e4r.exe [2011.02.23 11:50:22 | 000,050,477 | ---- | C] () -- C:\Users\Julian\Desktop\defogger.exe [2011.02.21 21:35:05 | 000,015,110 | ---- | C] () -- C:\Users\Julian\Documents\Englisch.odt [2011.02.20 15:21:38 | 000,001,936 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.02.17 20:38:13 | 000,001,693 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.02.17 16:40:16 | 000,113,234 | ---- | C] () -- C:\Users\Julian\Documents\Dokument 1.rns [2011.02.16 14:34:44 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Reason.lnk [2011.02.09 18:42:02 | 000,021,318 | ---- | C] () -- C:\Users\Julian\Documents\Porsche.odt [2011.02.08 17:42:05 | 000,001,088 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.08 17:42:05 | 000,001,084 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.02 20:47:13 | 000,292,704 | ---- | C] () -- C:\Users\Julian\Desktop\Deal no problem.png [2011.01.30 21:00:03 | 000,058,824 | ---- | C] () -- C:\Users\Julian\Documents\INTERNETMARKE.pdf [2011.01.27 18:11:08 | 000,279,555 | ---- | C] () -- C:\Users\Julian\Desktop\DSC05899.jpg [2011.01.25 16:59:24 | 000,001,693 | ---- | C] () -- C:\Users\Julian\Desktop\Tunatic.lnk [2011.01.13 19:21:41 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.01.13 19:21:41 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.01.04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.01.04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.01.04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.01.04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.12.29 19:57:06 | 000,000,311 | ---- | C] () -- C:\Windows\game.ini [2010.11.18 20:27:32 | 000,311,296 | ---- | C] () -- C:\Windows\System32\drivers\hjidhp.sys [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.08.17 00:59:48 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2010.06.03 13:50:40 | 000,000,375 | ---- | C] () -- C:\Users\Julian\AppData\Local\postgresinstall.bat [2010.04.27 16:48:16 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.04.13 16:26:45 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.03.24 17:27:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp.dll [2010.02.21 00:58:13 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.02.12 18:37:08 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.12.20 15:05:44 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2009.11.18 15:53:07 | 000,138,416 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.11.18 15:53:07 | 000,138,056 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\PnkBstrK.sys [2009.11.15 14:19:18 | 000,281,504 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.11.15 14:19:17 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2011.02.14 19:23:12 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Ableton [2011.02.16 14:18:30 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Azureus [2009.12.20 15:08:29 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\BOM [2009.11.25 17:03:20 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\DAEMON Tools Lite [2009.11.25 16:50:24 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\DAEMON Tools Pro [2010.05.12 16:29:34 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Degener [2010.05.12 16:29:44 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Ebner [2010.10.02 13:33:40 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\foobar2000 [2011.02.22 23:24:30 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\ICQ [2010.02.21 00:59:18 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Leadertech [2009.11.22 19:42:28 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Miranda [2010.03.29 20:05:14 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Nokia [2010.03.29 13:22:34 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Notepad++ [2010.11.18 20:27:32 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Online Solutions [2010.01.10 11:53:13 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\OpenOffice.org [2010.03.29 19:43:33 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\PC Suite [2011.02.16 14:35:05 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Propellerhead Software [2010.11.14 12:05:55 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\ROUTE 66 Sync [2011.01.13 19:20:30 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Samsung [2011.02.11 10:12:06 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Unity [2009.11.23 18:26:33 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\uTorrent [2011.02.22 22:57:23 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Wmidep [2011.02.10 19:14:17 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.12.29 19:15:00 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.11.15 13:21:41 | 000,000,000 | ---D | M] -- C:\Boot [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.01.01 00:45:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.12.31 19:31:44 | 000,000,000 | ---D | M] -- C:\Neuer Ordner [2010.08.24 16:18:23 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.01.01 10:59:28 | 000,000,000 | ---D | M] -- C:\OEMSettings [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.02.23 11:51:18 | 000,000,000 | R--D | M] -- C:\Programme [2011.02.20 15:21:28 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.01.01 00:45:22 | 000,000,000 | -HSD | M] -- C:\Programme [2010.08.09 10:55:52 | 000,000,000 | ---D | M] -- C:\Programs [2010.11.17 16:26:22 | 000,000,000 | ---D | M] -- C:\Qoobox [2009.01.01 00:45:22 | 000,000,000 | ---D | M] -- C:\Recovery [2010.12.15 15:44:23 | 000,000,000 | ---D | M] -- C:\SLIDING [2011.02.22 14:33:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.01.13 19:26:10 | 000,000,000 | ---D | M] -- C:\Temp [2010.05.17 13:12:33 | 000,000,000 | R--D | M] -- C:\Users [2011.02.07 19:30:41 | 000,000,000 | ---D | M] -- C:\Vuze [2011.01.25 16:59:24 | 000,000,000 | ---D | M] -- C:\Windows [2010.11.17 15:17:28 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-02-22 13:33:55 < End of report > Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-23 12:25:03
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7 ST3160827AS rev.3.42
Running: g2m3e4r.exe; Driver: C:\Users\Julian\AppData\Local\Temp\uxryqpod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E89589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EAE092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.OnlSol C:\Windows\System32\Drivers\hjidhp.sys unknown last code section [0x8B151000, 0x45D04, 0xE0000060]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x94F53300, 0x3B638, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x94F96300, 0x1BEE, 0xE8000020]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A23B0000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A23B0123 629 Bytes [B5, 3A, A2, FE, 05, 34, B5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A23B0399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A23B03FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B A23B04AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
.text wininet.dll!HttpAddRequestHeadersA 778C9ABA 5 Bytes CALL 013B0000
.text wininet.dll!InternetCloseHandle 778CC83E 5 Bytes CALL 01430000
.text wininet.dll!InternetReadFile 778CE264 5 Bytes CALL 005D0000
.text wininet.dll!HttpSendRequestW 778CEEB3 5 Bytes CALL 01390000
.text wininet.dll!HttpOpenRequestA 778D03FA 5 Bytes CALL 013F0000
.text wininet.dll!InternetConnectA 778D050F 5 Bytes CALL 005F0000
.text wininet.dll!HttpOpenRequestW 778D05D3 5 Bytes CALL 01410000
.text wininet.dll!HttpAddRequestHeadersW 778D0848 5 Bytes CALL 013D0000
.text wininet.dll!InternetQueryDataAvailable 778D41CB 5 Bytes CALL 00650000
.text wininet.dll!InternetReadFileExW 778F12E1 5 Bytes CALL 00630000
.text wininet.dll!InternetReadFileExA 778F1319 5 Bytes CALL 00610000
.text wininet.dll!HttpSendRequestA 77940574 5 Bytes CALL 00670000
.text ws2_32.dll!send 7644C4C8 5 Bytes CALL 01450000
.text kernel32.dll!ExitProcess 76312AEF 5 Bytes CALL 00300000
.text advapi32.dll!CryptGenKey 76108AC7 5 Bytes CALL 014B0000
.text advapi32.dll!CryptImportKey 7610BB52 5 Bytes CALL 01490000
.text advapi32.dll!CryptDeriveKey 76142150 5 Bytes CALL 01650000
---- User code sections - GMER 1.0.15 ----
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] ntdll.dll!NtCreateThread 77A549C0 5 Bytes CALL 002C0000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] ntdll.dll!NtCreateUserProcess 77A54A20 5 Bytes CALL 002E0000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] ntdll.dll!NtProtectVirtualMemory 77A551C0 5 Bytes CALL 00290000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] kernel32.dll!ExitProcess 76312AEF 5 Bytes CALL 00300000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] advapi32.dll!CryptGenKey 76108AC7 5 Bytes CALL 014B0000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] advapi32.dll!CryptImportKey 7610BB52 5 Bytes CALL 01490000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] advapi32.dll!CryptDeriveKey 76142150 5 Bytes CALL 01650000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] ws2_32.dll!send 7644C4C8 5 Bytes CALL 01450000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] wininet.dll!HttpAddRequestHeadersA 778C9ABA 5 Bytes CALL 013B0000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] wininet.dll!InternetCloseHandle 778CC83E 5 Bytes CALL 01430000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] wininet.dll!InternetReadFile 778CE264 5 Bytes CALL 005D0000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] wininet.dll!HttpSendRequestW 778CEEB3 5 Bytes CALL 01390000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] wininet.dll!HttpOpenRequestA 778D03FA 5 Bytes CALL 013F0000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] wininet.dll!InternetConnectA 778D050F 5 Bytes CALL 005F0000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] wininet.dll!HttpOpenRequestW 778D05D3 5 Bytes CALL 01410000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] wininet.dll!HttpAddRequestHeadersW 778D0848 5 Bytes CALL 013D0000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] wininet.dll!InternetQueryDataAvailable 778D41CB 5 Bytes CALL 00650000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] wininet.dll!InternetReadFileExW 778F12E1 5 Bytes CALL 00630000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] wininet.dll!InternetReadFileExA 778F1319 5 Bytes CALL 00610000
.text C:\Users\Julian\Desktop\g2m3e4r.exe[1776] wininet.dll!HttpSendRequestA 77940574 5 Bytes CALL 00670000
.text C:\Windows\explorer.exe[2476] ntdll.dll!NtCreateThread 77A549C0 5 Bytes CALL 006C0000
.text C:\Windows\explorer.exe[2476] ntdll.dll!NtCreateUserProcess 77A54A20 5 Bytes CALL 006E0000
.text C:\Windows\explorer.exe[2476] ntdll.dll!NtProtectVirtualMemory 77A551C0 5 Bytes CALL 006A0000
.text C:\Windows\explorer.exe[2476] kernel32.dll!ExitProcess 76312AEF 5 Bytes CALL 00700000
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000056 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1B 0x3C 0xAB 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0xE0 0xE9 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x24 0xF4 0xBA 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBB 0x9E 0xB0 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1B 0x3C 0xAB 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0xE0 0xE9 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x24 0xF4 0xBA 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBB 0x9E 0xB0 0x21 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA790X-DS4
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 206):
0x82E3C000 \SystemRoot\system32\ntkrnlpa.exe
0x82E05000 \SystemRoot\system32\halmacpi.dll
0x80BA5000 \SystemRoot\system32\kdcom.dll
0x8B227000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8B232000 \SystemRoot\system32\PSHED.dll
0x8B243000 \SystemRoot\system32\BOOTVID.dll
0x8B24B000 \SystemRoot\system32\CLFS.SYS
0x8B28D000 \SystemRoot\system32\CI.dll
0x8B338000 \SystemRoot\System32\Drivers\hjidhp.sys
0x8B387000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B200000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B437000 \SystemRoot\System32\Drivers\spwi.sys
0x8B52A000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8B533000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8B559000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B5A1000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B5A9000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B5B4000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B5DE000 \SystemRoot\System32\drivers\partmgr.sys
0x8B5EF000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B630000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B67B000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8B682000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B690000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B6A6000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B6AF000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B6D2000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8B6DB000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B70F000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B823000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B952000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B97D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B990000 \SystemRoot\System32\Drivers\cng.sys
0x8B9ED000 \SystemRoot\System32\drivers\pcw.sys
0x8B800000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B720000 \SystemRoot\system32\drivers\ndis.sys
0x8BA05000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BA43000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BA68000 \SystemRoot\System32\drivers\tcpip.sys
0x8BBB1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BBE2000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8BC0E000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8BC4D000 \SystemRoot\System32\Drivers\spldr.sys
0x8BC55000 \SystemRoot\system32\speedfan.sys
0x8BC57000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BC84000 \SystemRoot\System32\Drivers\mup.sys
0x8BC94000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BC9C000 \SystemRoot\system32\giveio.sys
0x8BC9D000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BCCF000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BCE0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BD05000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8BD3F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BD5E000 \SystemRoot\System32\Drivers\Null.SYS
0x8BD65000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BD6C000 \SystemRoot\System32\drivers\vga.sys
0x8BD78000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BD99000 \SystemRoot\System32\drivers\watchdog.sys
0x8BDA6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BDAE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BDB6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8BDBE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BDC9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BDD7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BDEE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90A0B000 \SystemRoot\system32\drivers\afd.sys
0x90A65000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90A97000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90A9E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90ABD000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x90ACE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90ADC000 \SystemRoot\system32\DRIVERS\serial.sys
0x90AF6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90B09000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90B19000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90B1F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90B60000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90B6A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90B74000 \SystemRoot\System32\drivers\discache.sys
0x90B80000 \SystemRoot\system32\drivers\csc.sys
0x90BE4000 \SystemRoot\System32\Drivers\dfsc.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8B7D7000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90BFC000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0x8B600000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BBEB000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x90A00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90E0B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x91889000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x9188B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91942000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9197B000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x91985000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x919D0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x919DF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8B400000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x96807000 \SystemRoot\system32\DRIVERS\DLKRT32.sys
0x96833000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x9685F000 \SystemRoot\System32\Drivers\avkomed1.SYS
0x96898000 \SystemRoot\system32\DRIVERS\fdc.sys
0x968A3000 \SystemRoot\system32\DRIVERS\serenum.sys
0x968AD000 \SystemRoot\system32\DRIVERS\parport.sys
0x968C5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x968DD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x968EA000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x968F7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x96909000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x96921000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9692C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9694E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x96966000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9697D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x96994000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9699E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x969AB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x969AD000 \SystemRoot\system32\DRIVERS\ks.sys
0x969E1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x96C0B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x96C4F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x96C59000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x96C6A000 \SystemRoot\system32\drivers\HdAudio.sys
0x96CBA000 \SystemRoot\system32\drivers\portcls.sys
0x96CE9000 \SystemRoot\system32\drivers\drmk.sys
0x98670000 \SystemRoot\System32\win32k.sys
0x96D02000 \SystemRoot\System32\drivers\Dxapi.sys
0x96D0C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x96D23000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9FA0F000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0xA007F000 \SystemRoot\system32\drivers\usbaudio.sys
0xA00D3000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA00DE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA00E9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA00FC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA0103000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA010E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x988D0000 \SystemRoot\System32\TSDDD.dll
0x98900000 \SystemRoot\System32\cdd.dll
0xA011A000 \SystemRoot\system32\drivers\luafv.sys
0xA0135000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA0149000 \SystemRoot\system32\drivers\WudfPf.sys
0xA0163000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA0179000 \SystemRoot\System32\Drivers\crashdmp.sys
0xA0186000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0xA0191000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xA019A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0xA01AB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x96D25000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA01BB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA01CB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x96D6B000 \SystemRoot\system32\drivers\HTTP.sys
0xA01DE000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA0093000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA00A5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0420000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA045B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0476000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA047D000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xA04C0000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA04C5000 \SystemRoot\system32\drivers\peauth.sys
0xA055C000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0566000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA0587000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA0594000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA1A16000 \SystemRoot\System32\DRIVERS\srv.sys
0xA1A67000 \??\C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
0xA1A6A000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77CB0000 \Windows\System32\ntdll.dll
0x48090000 \Windows\System32\smss.exe
0x77EF0000 \Windows\System32\apisetschema.dll
0x00620000 \Windows\System32\autochk.exe
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x77B50000 \Windows\System32\ole32.dll
0x77E50000 \Windows\System32\oleaut32.dll
0x77E40000 \Windows\System32\psapi.dll
0x77E10000 \Windows\System32\imagehlp.dll
0x77A10000 \Windows\System32\urlmon.dll
0x779B0000 \Windows\System32\difxapi.dll
0x77970000 \Windows\System32\ws2_32.dll
0x77770000 \Windows\System32\iertutil.dll
0x77DF0000 \Windows\System32\imm32.dll
0x776C0000 \Windows\System32\msvcrt.dll
0x76A70000 \Windows\System32\shell32.dll
0x769C0000 \Windows\System32\rpcrt4.dll
0x76970000 \Windows\System32\Wldap32.dll
0x768E0000 \Windows\System32\clbcatq.dll
0x768C0000 \Windows\System32\sechost.dll
0x767F0000 \Windows\System32\user32.dll
0x767A0000 \Windows\System32\gdi32.dll
0x76700000 \Windows\System32\usp10.dll
0x76630000 \Windows\System32\msctf.dll
0x76620000 \Windows\System32\normaliz.dll
0x765C0000 \Windows\System32\shlwapi.dll
0x765B0000 \Windows\System32\lpk.dll
0x76530000 \Windows\System32\comdlg32.dll
0x76390000 \Windows\System32\setupapi.dll
0x762F0000 \Windows\System32\advapi32.dll
0x76210000 \Windows\System32\kernel32.dll
0x76200000 \Windows\System32\nsi.dll
0x76100000 \Windows\System32\wininet.dll
0x760B0000 \Windows\System32\KernelBase.dll
0x76090000 \Windows\System32\devobj.dll
0x76000000 \Windows\System32\comctl32.dll
0x75FD0000 \Windows\System32\wintrust.dll
0x75EB0000 \Windows\System32\crypt32.dll
0x75E80000 \Windows\System32\cfgmgr32.dll
0x75E70000 \Windows\System32\msasn1.dll
Processes (total 50):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
364 csrss.exe
440 C:\Windows\System32\wininit.exe
452 csrss.exe
488 C:\Windows\System32\services.exe
512 C:\Windows\System32\lsass.exe
520 C:\Windows\System32\lsm.exe
580 C:\Windows\System32\winlogon.exe
680 C:\Windows\System32\svchost.exe
760 C:\Windows\System32\nvvsvc.exe
800 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\audiodg.exe
1144 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\svchost.exe
1404 C:\Windows\System32\nvvsvc.exe
1484 C:\Windows\System32\spoolsv.exe
1512 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1532 C:\Windows\System32\svchost.exe
1664 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1692 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1720 C:\Program Files\Bonjour\mDNSResponder.exe
1784 C:\Windows\System32\PnkBstrA.exe
1816 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1860 C:\Windows\System32\svchost.exe
2012 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
372 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
1276 C:\Windows\System32\taskhost.exe
1348 C:\Windows\System32\dwm.exe
1208 C:\Windows\explorer.exe
2444 C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe
2472 C:\Program Files\DAEMON Tools Lite\DTLite.exe
2584 C:\Windows\System32\SearchIndexer.exe
3116 C:\Program Files\Windows Media Player\wmpnetwk.exe
3156 C:\Program Files\Mozilla Firefox\firefox.exe
3232 C:\Windows\System32\svchost.exe
3404 WmiPrvSE.exe
3856 C:\Windows\System32\SearchProtocolHost.exe
3896 C:\Windows\System32\svchost.exe
3924 C:\Windows\System32\SearchFilterHost.exe
1552 C:\Program Files\Mozilla Firefox\plugin-container.exe
2328 dllhost.exe
3104 C:\Users\Julian\Downloads\MBRCheck.exe
3052 C:\Windows\System32\conhost.exe
3076 C:\Windows\System32\dllhost.exe
3612 C:\Program Files\Windows NT\Accessories\wordpad.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
PhysicalDrive0 Model Number: ST3160827AS, Rev: 3.42
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:56 on 23/02/2011 (Julian)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Julian |
|
23.02.2011, 14:15
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = SchneckeZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.02.2011, 14:33
| #5 | |
| | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke Also, ich bin zunächst mit der ".com" Methode vorgegangen, da es sich zunächst gar nicht installieren hat lassen, dann habe ich es zuerst über den Updater versucht, der vor dem Programmstart aktualisiert (also nach der Installation), dann startet das Programm aber gar nicht, sondern spuckt nur folgendes aus: Zitat:
|
|
23.02.2011, 14:55
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke random installer probieren => http://malwarebytes.org/mbam-download-exe-random.php Per Rechtsklick => als Admin ausführen!!!!
__________________ --> Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke |
|
23.02.2011, 17:26
| #7 |
| | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke Hallo, auch damit habe ich keinen Erfolg. Die Datei ist zudem 0Byte groß. |
|
23.02.2011, 19:04
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke So, nimm mal das Setup hier => File-Upload.net - klickmichmbam.exe Habs eben selbst hochgeladen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.02.2011, 19:34
| #9 |
| | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke Was vielleicht auch ganz interessant sein könnte, ist mir jetzt erst aufgefallen: Wenn ich irgendwelche Ordner öffnen möchte, geht kurz die Taskleiste und alle Icons auf dem Desktop weg, dann ist der Ordner zu. Also als ob man den "explorer.exe" killen würde. Der Fehler mit der Datenbank bleibt allerdings. Stehe kurz davor Windows neu aufzusetzen. // EDIT: Ich habe gerade eben 2 Prozesse, die ich nicht kannte (und nicht notiert habe), über den Taskmanager gekillt, seitdem kann ich zumindest wieder Ordner öffnen. "SearchProtocollHost.exe" und den anderen hab ich noch nicht. Geändert von TrjPferd (23.02.2011 um 19:42 Uhr) |
|
23.02.2011, 22:11
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke Was ist mit "meinem" Setup, geht das nun oder nicht?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.02.2011, 07:08
| #11 |
| | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke Nein, das geht auch nicht. |
|
24.02.2011, 10:35
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.02.2011, 12:45
| #13 |
| | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke Dir nochmal vielen Dank für die kompetente Hilfe! Ich musste es in den Anhang packen. Grüße |
|
24.02.2011, 13:11
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Driver::
hjidhp
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.02.2011, 16:00
| #15 |
| | Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke Hallo, erstmal vielen Dank! Hier der Log mit der "eingefügten" .txt. |
|
| Themen zu Internet sehr langsam, "System Tool", und andere Plagegeister, PC = Schnecke |
| adobe, antivir, antivir guard, avg, avira, bho, desktop, dsl, explorer, firefox, hijack, hijackthis, internet, internet explorer, internet sehr langsam, langsam, logfile, mozilla, nvidia, object, plug-in, programm, programme, router, sehr langsam, software, system, windows |
Linear-Darstellung
