| |
| |||||||
Log-Analyse und Auswertung: Rootkit.Dropper firefox.exe und diverses -ÜberprüfungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.07.2011, 14:04
| #1 |
 |  Rootkit.Dropper firefox.exe und diverses -Überprüfung Hallihallo, wahrscheinlich ist mein PC von Ungeziefer ziemlich befallen, hatte mich aber nie getraut iwas dagegen zu unternehmen, da ich wenig Ahnung habe. Grade den Malewarebytes Anti-Maleware scannen lassen und 2 Funde: Rootkit.Dropper firefox.exe Auslöser für meine Virensucherei ist diese Toolbar Searchqu oder so.... ich muss zugeben....ich habe ein wenig selbst herumgedoktert. Mit HijackThis habe ich es soweit wegbekommen, allerdings erschien es noch im Autostart. Ich poste einfach mal diverse Logs. Ich würde mich freuen, (eigentlich nicht  ) wenn jemand etwas Verdächtiges oder unnötiges Gedönse findet, bzw. Verbesserungsvorschläge hat.. oder sowasSo genug gelabert, ich danke Euch schonmal vorab!  LG Mari defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:49 on 17/07/2011 (Marion)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 17.07.2011 12:53:21 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Marion\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,29% Memory free 6,19 Gb Paging File | 4,84 Gb Available in Paging File | 78,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 294,33 Gb Total Space | 215,51 Gb Free Space | 73,22% Space Free | Partition Type: NTFS Drive D: | 294,03 Gb Total Space | 223,90 Gb Free Space | 76,15% Space Free | Partition Type: NTFS Computer Name: MARION-PC | User Name: Marion | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.17 12:52:16 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Marion\Desktop\OTL.exe PRC - [2011.07.11 16:07:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.25 05:03:54 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.05.25 05:03:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011.05.01 20:50:34 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.04 21:52:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010.01.14 22:10:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.11.05 22:35:26 | 001,468,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2009.07.20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.05.06 15:53:34 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.03.05 00:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.09 19:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe PRC - [2008.01.09 19:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe PRC - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe PRC - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.09.06 12:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe ========== Modules (SafeList) ========== MOD - [2011.07.17 12:52:16 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Marion\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service) SRV - File not found [Auto | Stopped] -- -- (LightScribeService) SRV - [2011.07.11 16:07:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.25 05:03:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.05.01 20:50:34 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService) SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) ========== Driver Services (SafeList) ========== DRV - [2011.07.11 16:07:24 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.11 16:07:24 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.25 06:25:48 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2011.05.25 06:25:48 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.05.25 04:25:20 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011.03.30 20:46:24 | 000,097,808 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService) DRV - [2009.11.05 22:35:25 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 18:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.06.17 18:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2009.05.11 10:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.05.06 09:53:20 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2008.05.06 09:53:20 | 000,132,128 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2008.04.28 11:02:42 | 000,042,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.02.26 23:05:00 | 007,629,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.11.06 10:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport) DRV - [2007.11.06 10:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport) DRV - [2007.09.10 20:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.07.03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=0810&m=aspire_m5641 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=0810&m=aspire_m5641 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.16 20:42:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.16 20:42:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Users\Marion\components [2011.07.08 18:37:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Users\Marion\plugins [2011.07.17 10:55:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Users\Marion\components [2011.07.08 18:37:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Users\Marion\plugins [2011.07.17 10:55:52 | 000,000,000 | ---D | M] [2011.07.17 12:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marion\AppData\Roaming\mozilla\Extensions [2011.07.17 12:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\vg2a6dqa.default\extensions [2011.01.24 20:10:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\vg2a6dqa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.14 13:42:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\vg2a6dqa.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d} [2010.11.06 09:57:54 | 000,000,950 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\vg2a6dqa.default\searchplugins\icqplugin-1.xml [2010.11.14 19:00:02 | 000,000,950 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\vg2a6dqa.default\searchplugins\icqplugin-2.xml [2010.10.24 20:27:31 | 000,001,056 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\vg2a6dqa.default\searchplugins\icqplugin.xml [2011.07.03 10:11:48 | 000,002,501 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\vg2a6dqa.default\searchplugins\SearchResults.xml [2011.01.16 20:42:51 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.01.16 20:42:52 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2010.11.13 11:02:00 | 000,000,000 | ---D | M] (Java Console) -- C:\USERS\MARION\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Marion\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Marion\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found MsConfig - StartUpReg: PCMMediaSharing - hkey= - key= - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () MsConfig - StartUpReg: removeSearchqudatamngr - hkey= - key= - File not found MsConfig - StartUpReg: removeSearchqutoolbar - hkey= - key= - File not found MsConfig - StartUpReg: swg - hkey= - key= - File not found MsConfig - StartUpReg: tcactive - hkey= - key= - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.17 12:52:14 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Marion\Desktop\OTL.exe [2011.07.17 12:33:30 | 000,000,000 | ---D | C] -- C:\Users\Marion\Desktop\backups [2011.07.17 12:07:09 | 000,000,000 | ---D | C] -- C:\Users\Marion\Documents\Schule ect Downloads [2011.07.17 11:26:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2011.07.17 11:25:53 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2011.07.17 11:25:53 | 001,723,536 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll [2011.07.17 11:25:53 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2011.07.17 11:25:53 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2011.07.17 11:25:53 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2011.07.17 11:25:53 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2011.07.17 11:25:52 | 000,214,352 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFNHK.dll [2011.07.17 11:25:52 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFCOM.dll [2011.07.17 11:25:52 | 000,068,944 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFAPO.dll [2011.07.17 11:25:50 | 001,705,816 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll [2011.07.17 11:25:50 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2011.07.17 11:25:50 | 000,341,848 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll [2011.07.17 11:25:50 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2011.07.17 11:25:50 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2011.07.17 11:25:50 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2011.07.17 11:25:50 | 000,096,600 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll [2011.07.17 11:25:50 | 000,081,240 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll [2011.07.17 11:25:50 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2011.07.17 11:25:50 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2011.07.17 11:25:50 | 000,061,784 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll [2011.07.17 11:25:49 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2011.07.17 11:25:49 | 001,439,064 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll [2011.07.17 11:25:49 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll [2011.07.17 11:25:49 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll [2011.07.17 11:25:49 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2011.07.17 11:25:49 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2011.07.17 11:25:47 | 001,558,944 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2011.07.17 11:25:47 | 001,132,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2011.07.17 11:25:47 | 000,962,664 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2011.07.17 11:25:47 | 000,901,224 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2011.07.17 11:25:47 | 000,448,616 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2011.07.17 11:25:47 | 000,429,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2011.07.17 11:25:47 | 000,406,120 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2011.07.17 11:25:47 | 000,291,432 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2011.07.17 11:25:47 | 000,236,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2011.07.17 11:25:47 | 000,224,360 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2011.07.17 11:25:47 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2011.07.17 11:25:47 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2011.07.17 11:25:47 | 000,106,600 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2011.07.17 11:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2011.07.17 11:21:34 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp [2011.07.17 11:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.07.17 11:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2011.07.17 11:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.07.17 11:04:18 | 000,000,000 | ---D | C] -- C:\ATI [2011.07.17 10:37:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Marion\Desktop\HiJackThis204(2).exe [2011.07.10 19:03:43 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\gtk-2.0 [2011.07.10 19:03:02 | 000,000,000 | ---D | C] -- C:\Users\Marion\.thumbnails [2011.07.10 19:01:18 | 000,000,000 | ---D | C] -- C:\Users\Marion\Documents\gegl-0.0 [2011.07.10 19:01:18 | 000,000,000 | ---D | C] -- C:\Users\Marion\.gimp-2.6 [2011.07.10 19:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP [2011.07.10 19:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2011.07.10 19:00:29 | 020,367,424 | ---- | C] (The GIMP Team ) -- C:\Users\Marion\Desktop\gimp-2.6.11-i686-setup-1.exe [2011.07.09 11:43:37 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{790643D0-D9E4-48B5-AC29-6A1D642CBA7C} [2011.07.08 18:24:50 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{56735254-FEA2-42F7-B4F9-7FF46D716A24} [2011.07.04 07:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2011.07.03 10:13:12 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Ilivid Player [2011.07.03 10:12:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C1D18E30-468F-478F-8837-B6CBA25F6547} [2011.07.03 09:43:58 | 000,000,000 | ---D | C] -- C:\Users\Marion\Desktop\HTC DESIRE HD [2011.07.02 11:11:10 | 000,000,000 | ---D | C] -- C:\Users\Marion\Desktop\Juli 2011 [2010.08.27 07:14:17 | 000,049,152 | ---- | C] ( ) -- C:\Windows\INTEROP.IWSHRUNTIMELIBRARY.DLL [2010.08.27 07:09:39 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe ========== Files - Modified Within 30 Days ========== [2011.07.17 12:52:16 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Marion\Desktop\OTL.exe [2011.07.17 12:52:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.17 12:50:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.17 12:50:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.17 12:50:36 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.17 12:50:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.17 12:50:29 | 3220,389,888 | -HS- | M] () -- C:\hiberfil.sys [2011.07.17 12:48:03 | 000,000,000 | ---- | M] () -- C:\Users\Marion\defogger_reenable [2011.07.17 12:47:23 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.17 12:47:23 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.17 12:47:23 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.17 12:47:23 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.07.17 12:45:18 | 000,050,477 | ---- | M] () -- C:\Users\Marion\Desktop\Defogger.exe [2011.07.17 12:13:10 | 000,026,610 | ---- | M] () -- C:\Users\Marion\Documents\cc_20110717_121308.reg [2011.07.17 10:55:52 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2011.07.17 10:37:04 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Marion\Desktop\HiJackThis204(2).exe [2011.07.15 19:20:26 | 003,678,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.11 16:07:24 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.07.11 16:07:24 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.07.10 19:03:43 | 000,000,857 | ---- | M] () -- C:\Users\Marion\.recently-used.xbel [2011.07.10 19:01:14 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2011.07.10 19:00:42 | 020,367,424 | ---- | M] (The GIMP Team ) -- C:\Users\Marion\Desktop\gimp-2.6.11-i686-setup-1.exe [2011.07.01 17:50:13 | 000,004,723 | ---- | M] () -- C:\Users\Marion\updates.xml [2011.07.01 17:50:13 | 000,000,057 | ---- | M] () -- C:\Users\Marion\active-update.xml [2011.07.01 17:50:10 | 001,014,744 | ---- | M] () -- C:\Users\Marion\js3250.dll [2011.07.01 17:50:10 | 000,505,816 | ---- | M] (sqlite.org) -- C:\Users\Marion\sqlite3.dll [2011.07.01 17:50:10 | 000,000,478 | ---- | M] () -- C:\Users\Marion\softokn3.chk [2011.07.01 17:50:10 | 000,000,478 | ---- | M] () -- C:\Users\Marion\nssdbm3.chk [2011.07.01 17:50:10 | 000,000,478 | ---- | M] () -- C:\Users\Marion\freebl3.chk [2011.07.01 17:50:10 | 000,000,142 | ---- | M] () -- C:\Users\Marion\platform.ini [2011.07.01 17:50:09 | 000,002,129 | ---- | M] () -- C:\Users\Marion\application.ini ========== Files Created - No Company Name ========== [2011.07.17 12:48:03 | 000,000,000 | ---- | C] () -- C:\Users\Marion\defogger_reenable [2011.07.17 12:45:17 | 000,050,477 | ---- | C] () -- C:\Users\Marion\Desktop\Defogger.exe [2011.07.17 12:13:09 | 000,026,610 | ---- | C] () -- C:\Users\Marion\Documents\cc_20110717_121308.reg [2011.07.17 11:25:55 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2011.07.17 10:55:52 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2011.07.17 10:55:52 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk [2011.07.10 19:03:43 | 000,000,857 | ---- | C] () -- C:\Users\Marion\.recently-used.xbel [2011.07.10 19:01:14 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2011.07.01 17:50:12 | 000,004,723 | ---- | C] () -- C:\Users\Marion\updates.xml [2011.07.01 17:50:12 | 000,000,057 | ---- | C] () -- C:\Users\Marion\active-update.xml [2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.04.20 18:30:06 | 000,233,765 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.11.26 04:15:14 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2010.11.14 18:07:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.10.26 19:58:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.10.26 19:58:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.10.25 17:46:50 | 000,001,356 | ---- | C] () -- C:\Users\Marion\AppData\Local\d3d9caps.dat [2010.09.14 19:10:50 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.09.14 19:10:49 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.09.14 19:10:49 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.09.14 19:10:49 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.09.14 19:10:49 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.09.14 19:10:49 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.09.14 19:10:49 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.09.14 19:10:49 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.09.14 19:10:49 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.09.14 19:10:49 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.09.14 19:10:49 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.09.14 19:10:49 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.09.14 19:10:49 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.09.14 19:10:49 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.09.14 19:10:49 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.09.14 19:10:49 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.09.14 19:10:49 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.09.14 19:10:49 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.09.14 19:10:49 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.09.14 19:02:01 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini [2010.09.02 20:34:57 | 000,028,160 | ---- | C] () -- C:\Users\Marion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.27 07:20:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.08.27 07:14:24 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2010.08.27 07:14:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2010.08.27 07:12:55 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2010.08.27 07:12:55 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2010.08.27 07:10:38 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE [2010.08.27 07:09:39 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2010.08.26 21:19:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.05.21 16:05:54 | 003,099,648 | ---- | C] () -- C:\Program Files\openofficeorg32.msi [2010.05.21 16:04:24 | 000,460,088 | ---- | C] () -- C:\Program Files\setup.exe [2010.05.21 16:02:28 | 145,988,142 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2010.05.21 15:07:44 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini [2008.03.22 00:49:55 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.03.21 23:05:48 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini [2008.03.21 23:05:48 | 000,000,138 | ---- | C] () -- C:\Windows\Alaunch.ini [2008.03.21 16:18:28 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.03.21 15:19:12 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.01.21 09:15:58 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 003,678,312 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008.03.21 15:57:57 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Acer GameZone Console [2011.01.19 10:02:09 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Auslogics [2011.05.23 16:37:37 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010.12.28 21:59:46 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\EPSON [2011.01.25 19:14:18 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Fighters [2010.08.27 18:47:03 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\GetRightToGo [2011.07.10 19:03:43 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\gtk-2.0 [2011.07.17 12:11:52 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\ICQ [2011.01.26 16:17:11 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Leadertech [2011.01.16 20:42:53 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Local [2010.11.14 12:52:39 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\OpenOffice.org [2011.01.24 16:47:35 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\thecleaner [2010.08.28 19:42:04 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\TS3Client [2011.02.02 18:59:31 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Uniblue [2011.07.17 12:49:40 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.08.26 21:28:46 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.08.26 21:35:01 | 000,000,000 | ---D | M] -- C:\5f58f3e56a0a7a309775f3e2708a06bc [2010.08.27 07:08:13 | 000,000,000 | ---D | M] -- C:\Acer [2010.08.27 18:14:27 | 000,000,000 | ---D | M] -- C:\AcerSW [2011.07.17 11:08:25 | 000,000,000 | ---D | M] -- C:\AMD [2011.07.17 11:04:18 | 000,000,000 | ---D | M] -- C:\ATI [2008.03.21 23:05:47 | 000,000,000 | ---D | M] -- C:\Book [2010.10.30 20:04:57 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.08.26 21:23:39 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.08.27 07:14:22 | 000,000,000 | ---D | M] -- C:\DRV [2008.03.21 15:36:02 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.07.17 12:10:40 | 000,000,000 | R--D | M] -- C:\Program Files [2011.07.17 12:09:34 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.08.26 21:23:39 | 000,000,000 | -HSD | M] -- C:\Programme [2011.07.17 12:54:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.08.26 21:27:14 | 000,000,000 | R--D | M] -- C:\Users [2011.07.17 12:20:52 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > [2010.05.21 16:04:24 | 000,460,088 | ---- | M] () -- C:\Program Files\setup.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-16 10:05:24 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.07.2011 12:53:21 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Marion\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,29% Memory free
6,19 Gb Paging File | 4,84 Gb Available in Paging File | 78,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 294,33 Gb Total Space | 215,51 Gb Free Space | 73,22% Space Free | Partition Type: NTFS
Drive D: | 294,03 Gb Total Space | 223,90 Gb Free Space | 76,15% Space Free | Partition Type: NTFS
Computer Name: MARION-PC | User Name: Marion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\Marion\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15B94945-53D4-43BD-B57D-5282F15EA5AE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2DD51182-FC64-4CF5-A11E-63B410CBB201}" = lport=139 | protocol=6 | dir=in | app=system |
"{3B05027F-2664-422C-9F1D-B49CF14D346D}" = lport=445 | protocol=6 | dir=in | app=system |
"{4F4533BC-9D2E-4BE0-8FAC-758043B44151}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8337E78B-2607-436E-929B-0154C348149B}" = lport=138 | protocol=17 | dir=in | app=system |
"{8989EA0C-2C84-4DEB-A506-4A4CC3229496}" = rport=445 | protocol=6 | dir=out | app=system |
"{8A5FF588-4141-4E3B-A259-DCDE888D12C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CDEBF96D-1425-4886-BFBA-362665C89C8A}" = rport=138 | protocol=17 | dir=out | app=system |
"{DB5E71D4-174B-4C88-9BC6-972F5EBA2390}" = rport=139 | protocol=6 | dir=out | app=system |
"{E4A02D87-4964-49D3-B2C8-A5F9388B60D7}" = rport=137 | protocol=17 | dir=out | app=system |
"{EE9CCDD5-82CA-461C-95C9-E30A4049CB62}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F5B97BC0-61E7-4084-85DB-8EE35C5B9C10}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{077D2931-DB4D-4CCD-99C5-11DB2FC33C10}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{16CD19F5-5416-4E02-B4C8-E2154CF5FFE0}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{1F737DB0-A5FC-4DAA-B056-E3C3DA941552}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2D937DCC-89DF-408A-B5B0-485337D6B49C}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{3346C1E6-4F92-4D3F-B0B9-4406C8A74FFE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{35D53898-57BE-4F42-B36A-0743BE2F1468}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{44243609-A4B6-4B6E-90C7-CA3CD553AADA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{47D16413-04EB-4B22-BA9C-B4F828EAF718}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4AE2CD71-746B-490E-A268-4155D6E0EE3E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4D56D392-50C7-48E8-8CE2-A2FEC81D8D05}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{56C7AC59-B7FD-41BD-88A9-C7E531B96227}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{58BEA4DE-640F-4CB2-B799-CC58BA736C79}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5A4B0AC6-94CB-4AFC-8EC7-A51E2F73DC3D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{8111BAA1-A3B6-48D3-8F15-F7A714861972}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9D81F770-C5C3-4649-9B8E-03A975A0B578}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9DD883C7-01A0-49D2-81F9-4086CC10441B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{A3B416BD-6980-4235-BE55-1B9529AE5EBB}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{AF5C8288-6EA0-4A05-A18E-4AFAE5C0C963}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B44AA5D3-0CFD-44BE-9577-18C84291DF01}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{BCCE2808-3651-42B2-B6C0-3FC7A8BC2D36}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{C00FD3C5-4BC7-4880-A82F-9A48F7ABA477}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{C8366C07-2131-473C-BBED-D27222D02A87}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{C9BE918B-43B1-4DF5-84A0-E1760D6C4B95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D64B9BE2-AD71-472C-9DB8-D2D6810FAB82}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{D8247DA8-A092-4F69-8CC3-7F4EA54A7FC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DC96B31F-5D1B-4D34-954B-65049D1139C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{183A5A47-78DB-4578-80B8-4A048A906D9C}D:\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{2E365986-B6C4-4C1C-A500-63C98D24F63C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{2FF0C35C-59B3-4DCC-9E2E-0DAE3E70D23F}D:\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{31D3B45B-818A-4359-A6C7-0B430A2A389B}C:\users\marion\firefox.exe" = protocol=6 | dir=in | app=c:\users\marion\firefox.exe |
"TCP Query User{4BDC0BD7-5DB4-4266-A6BF-64149C0A665C}C:\users\marion\test wow\world of warcraft public test\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\marion\test wow\world of warcraft public test\launcher.patch.exe |
"TCP Query User{5BE3C05B-BF18-4A2C-A7EB-0AE8F2E51B36}D:\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"TCP Query User{808491E8-EDD5-4BD6-B5FB-42A9CCFE3D81}D:\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"TCP Query User{ABA58270-F577-4ED5-B130-658D9F6FDFD5}D:\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"TCP Query User{AC75059C-908A-42AA-8578-15EFC0D25B28}D:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"TCP Query User{B342180F-A339-4AE9-AFE4-4132D3CF5063}D:\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{BD02E061-B233-434D-B826-6CBC9430A330}D:\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{BE732AF1-B84B-4DD9-A053-B788631E3EE9}D:\games\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe |
"TCP Query User{BEC7C282-29F4-4536-A8BB-258F09EFC142}D:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"TCP Query User{CCEB8479-0D91-4BEF-BD08-54847CAC4498}D:\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{E6DD1A4B-C3E6-4095-BED1-865C8C8C81A2}D:\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{EBDDFE26-0893-4367-A73D-80D5576434C3}D:\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"TCP Query User{F1603AC7-9447-4DFC-BEB1-A1DE00A931F4}D:\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{06B670F3-6387-4D77-9915-7E439BCE5152}D:\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{0FF2F826-B635-42BA-8FF1-239A0241996C}D:\games\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe |
"UDP Query User{16140DF1-3CA5-45EA-8E5E-914FD58D9FB2}D:\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{1C45EC75-F7D6-4A67-8DA8-E6CBBBB7C8F1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{265E2DEF-EC14-47C1-90EA-038C316B5299}D:\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{7A9DF6E8-E72C-4AA3-9859-1AE0997CFE2C}D:\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{A3C56611-CE2B-41CE-9469-11182B01D03C}D:\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"UDP Query User{AD8D12AE-6766-456E-97EF-E83AADB1A4E8}D:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"UDP Query User{ADECDA5A-E0A8-4802-A0B3-1BB3F0AC15F4}D:\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{B57BA662-4724-4132-B31E-B1E7B2AD4A70}D:\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"UDP Query User{BC897D9A-5856-49B3-B0B6-588471D3045C}D:\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"UDP Query User{C8F13599-FA7A-45C7-85DC-D9F3C7167E68}D:\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"UDP Query User{CA648B48-3D38-433C-96E0-2D72ABB9301C}D:\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{CCAAF495-CA0D-4DF8-9C37-397B378C4DD8}C:\users\marion\firefox.exe" = protocol=17 | dir=in | app=c:\users\marion\firefox.exe |
"UDP Query User{D11E88B5-AB08-4076-87A0-BD58E0D15B76}D:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"UDP Query User{E3B7D727-2C43-404F-B1EE-2A2CC5B7AFF8}C:\users\marion\test wow\world of warcraft public test\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\marion\test wow\world of warcraft public test\launcher.patch.exe |
"UDP Query User{F4B43442-91B6-4096-8569-CD08FA19BB10}D:\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{027B17C7-C291-6FB5-0C82-8BC157599201}" = Catalyst Control Center
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07D3F755-05A0-934E-6F48-706C43927AA9}" = CCC Help English
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{363188E4-1A27-4DE6-BA48-823D2E205385}" = ArcSoft Scan-n-Stitch Deluxe
"{37530151-56A6-4CE4-9F9F-CE1F5A1356C6}" = ArcSoft Panorama Maker 4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA2B4FD-AEF2-ED4F-F5E5-0095DDA47AC7}" = Adobe Download Assistant
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{40DA94AF-34B7-4BA7-A37F-26F899C031FF}" = ArcSoft PhotoStudio Darkroom 2
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{469032A5-C6F3-CE61-67B1-F8820B747401}" = Application Profiles
"{488405CF-0BD3-D35E-13BD-4D71ADE5E401}" = ATI Problem Report Wizard
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67D7D7EB-9330-2884-6EC2-4AB32CC981B5}" = ATI AVIVO Codecs
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68CF04B1-A3B4-472D-BF4C-1B562EE2BE17}" = ArcSoft PhotoImpression 2000
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BCC0A09-6235-C2DE-4E3D-09F7793C6FB3}" = Catalyst Control Center Graphics Previews Common
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{81E04A8B-C804-4886-FA79-0AD2BE946A06}" = Catalyst Control Center InstallProxy
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.0 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8FA4B2B-67A0-18D0-77DD-F08405016F37}" = ATI Catalyst Install Manager
"{C1392D78-3958-03C8-E747-51DE7CEE8E03}" = Catalyst Control Center InstallProxy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D751FC11-146D-9848-6993-9A567E05B1EF}" = ccc-utility
"{D8A8894A-B875-8206-E820-B27BCD72C5A0}" = HydraVision
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F03EC055-F34E-4F6B-A684-8A370E11A304}" = ArcSoft Print Creations
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX-Setup
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"Security Task Manager" = Security Task Manager 1.8c
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.07.2011 13:20:51 | Computer Name = Marion-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15.07.2011 13:21:02 | Computer Name = Marion-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.07.2011 06:00:52 | Computer Name = Marion-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.07.2011 06:01:04 | Computer Name = Marion-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.07.2011 06:01:04 | Computer Name = Marion-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.07.2011 04:51:44 | Computer Name = Marion-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.07.2011 04:51:44 | Computer Name = Marion-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.07.2011 04:53:58 | Computer Name = Marion-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.07.2011 04:54:08 | Computer Name = Marion-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.07.2011 04:54:08 | Computer Name = Marion-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 25.10.2010 11:46:52 | Computer Name = Marion-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: COMException trying to call ehepgdat. Prozess:
DefaultDomain Objektname: Microsoft.Ehome.Epg.Helper.EhepgdatHelper
Error - 25.10.2010 11:46:52 | Computer Name = Marion-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: COMException trying to call ehepgdat. Prozess:
DefaultDomain Objektname: Microsoft.Ehome.Epg.Helper.EhepgdatHelper
Error - 25.10.2010 11:46:52 | Computer Name = Marion-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: COMException trying to call ehepgdat. Prozess:
DefaultDomain Objektname: Microsoft.Ehome.Epg.Helper.EhepgdatHelper
Error - 25.10.2010 11:46:52 | Computer Name = Marion-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: COMException trying to call ehepgdat. Prozess:
DefaultDomain Objektname: Microsoft.Ehome.Epg.Helper.EhepgdatHelper
Error - 25.10.2010 11:46:52 | Computer Name = Marion-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: Error reprocessing guide: System.Runtime.InteropServices.COMException
(0x8007043C): Die COM-Klassenfactory für die Komponente mit CLSID {4B635ECB-0887-4015-8CA6-D621362F98D1}
konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 8007043c. bei Microsoft.Ehome.Epg.Helper.EhepgdatHelper.GetEhepgdat()
bei Microsoft.Ehome.Epg.Helper.EhepgdatBase.Retry(EhepgdatCall action) bei
Microsoft.Ehome.Epg.Guide.ReprocessGuideImp() Prozess: DefaultDomain Objektname:
Media Center Guide
[ System Events ]
Error - 17.07.2011 04:55:19 | Computer Name = Marion-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 17.07.2011 04:55:19 | Computer Name = Marion-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.07.2011 05:21:58 | Computer Name = Marion-PC | Source = DCOM | ID = 10010
Description =
Error - 17.07.2011 05:23:52 | Computer Name = Marion-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.07.2011 05:27:08 | Computer Name = Marion-PC | Source = DCOM | ID = 10010
Description =
Error - 17.07.2011 05:28:57 | Computer Name = Marion-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.07.2011 06:19:52 | Computer Name = Marion-PC | Source = DCOM | ID = 10010
Description =
Error - 17.07.2011 06:21:06 | Computer Name = Marion-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.07.2011 06:49:37 | Computer Name = Marion-PC | Source = DCOM | ID = 10010
Description =
Error - 17.07.2011 06:50:42 | Computer Name = Marion-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-07-17 13:36:07
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000058 WDC_WD64 rev.01.0
Running: tebx99zx.exe; Driver: C:\Users\Marion\AppData\Local\Temp\fgriypod.sys
---- System - GMER 1.0.15 ----
INT 0xA0 ? 9166BCD0
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EA07000, 0x38E905, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[684] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 767EB37C 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
---- EOF - GMER 1.0.15 ----
mbam-log Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7173
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
17.07.2011 14:36:20
mbam-log-2011-07-17 (14-35-59).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 335731
Laufzeit: 34 Minute(n), 4 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
c:\Users\Marion\firefox.exe (Rootkit.Dropper) -> 5564 -> No action taken.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Marion\firefox.exe (Rootkit.Dropper) -> No action taken.
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:37:22, on 17.07.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Windows\System32\nvraidservice.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\System32\mobsync.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\Marion\firefox.exe C:\Users\Marion\plugin-container.exe C:\Users\Marion\Desktop\HiJackThis204(2).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=0810&m=aspire_m5641 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=0810&m=aspire_m5641 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: ASETRES.EXE O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (file missing) O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- End of file - 9139 bytes |
|
18.07.2011, 10:22
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Rootkit.Dropper firefox.exe und diverses -Überprüfung Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
18.07.2011, 18:15
| #3 |
| | Rootkit.Dropper firefox.exe und diverses -Überprüfung Danke für Deine Antwort.
__________________Leider "hängt" sich Malwarebytes nach dem Scan auf, sprich, die Reiter sind nicht Anklickbar. Muss ich mich da erst anmelden? Habe den Voll-Scan und den Quick-Scan gemacht - erfolglos. Upgedatet hab ich ihn auch jedesmal aufs neue. Hier die logs die in dem Reiter logdateien sichtbar sind. -----Zu meinem erschrecken ist dieses Programm GMER oder so? welches sich in tebx99zx.exe umbenannt hat, wessen log ich auch gepostet habe, ein Trojaner?-----(AntiVir hat ihn grad während des Malwarebytes-Scans ausgespuckt) Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7192
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
18.07.2011 19:05:25
mbam-log-2011-07-18 (19-05-25).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 48241
Laufzeit: 3 Minute(n), 18 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7191
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
18.07.2011 19:00:44
mbam-log-2011-07-18 (19-00-44).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 0
Laufzeit: 3 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7173
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
18.07.2011 17:44:26
mbam-log-2011-07-18 (17-44-26).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 1505
Laufzeit: 18 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 18. Juli 2011 18:56
Es wird nach 2985992 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MARION-PC
Versionsinformationen:
BUILD.DAT : 10.2.0.696 35934 Bytes 29.06.2011 17:26:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 11.07.2011 14:07:23
AVSCAN.DLL : 10.0.5.0 57192 Bytes 11.07.2011 14:07:23
LUKE.DLL : 10.3.0.5 45416 Bytes 11.07.2011 14:07:23
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:48
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 11.07.2011 14:07:24
AVREG.DLL : 10.3.0.9 88833 Bytes 12.07.2011 15:15:09
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:47:49
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 07:43:07
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 11:33:50
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 15:58:08
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 14:07:23
VBASE006.VDF : 7.11.10.252 2048 Bytes 07.07.2011 14:07:23
VBASE007.VDF : 7.11.10.253 2048 Bytes 07.07.2011 14:07:23
VBASE008.VDF : 7.11.10.254 2048 Bytes 07.07.2011 14:07:23
VBASE009.VDF : 7.11.10.255 2048 Bytes 07.07.2011 14:07:23
VBASE010.VDF : 7.11.11.0 2048 Bytes 07.07.2011 14:07:23
VBASE011.VDF : 7.11.11.1 2048 Bytes 07.07.2011 14:07:23
VBASE012.VDF : 7.11.11.2 2048 Bytes 07.07.2011 14:07:23
VBASE013.VDF : 7.11.11.75 688128 Bytes 12.07.2011 04:44:57
VBASE014.VDF : 7.11.11.104 978944 Bytes 13.07.2011 04:44:58
VBASE015.VDF : 7.11.11.137 655360 Bytes 14.07.2011 04:44:59
VBASE016.VDF : 7.11.11.138 2048 Bytes 14.07.2011 04:44:59
VBASE017.VDF : 7.11.11.139 2048 Bytes 14.07.2011 04:44:59
VBASE018.VDF : 7.11.11.140 2048 Bytes 14.07.2011 04:44:59
VBASE019.VDF : 7.11.11.141 2048 Bytes 14.07.2011 04:45:00
VBASE020.VDF : 7.11.11.142 2048 Bytes 14.07.2011 04:45:00
VBASE021.VDF : 7.11.11.143 2048 Bytes 14.07.2011 04:45:00
VBASE022.VDF : 7.11.11.144 2048 Bytes 14.07.2011 04:45:00
VBASE023.VDF : 7.11.11.145 2048 Bytes 14.07.2011 04:45:00
VBASE024.VDF : 7.11.11.146 2048 Bytes 14.07.2011 04:45:00
VBASE025.VDF : 7.11.11.147 2048 Bytes 14.07.2011 04:45:00
VBASE026.VDF : 7.11.11.148 2048 Bytes 14.07.2011 04:45:00
VBASE027.VDF : 7.11.11.149 2048 Bytes 14.07.2011 04:45:00
VBASE028.VDF : 7.11.11.150 2048 Bytes 14.07.2011 04:45:00
VBASE029.VDF : 7.11.11.151 2048 Bytes 14.07.2011 04:45:00
VBASE030.VDF : 7.11.11.152 2048 Bytes 14.07.2011 04:45:00
VBASE031.VDF : 7.11.11.179 164864 Bytes 18.07.2011 15:40:17
Engineversion : 8.2.6.16
AEVDF.DLL : 8.1.2.1 106868 Bytes 05.09.2010 08:04:35
AESCRIPT.DLL : 8.1.3.73 1622395 Bytes 16.07.2011 10:45:22
AESCN.DLL : 8.1.7.2 127349 Bytes 24.11.2010 19:44:44
AESBX.DLL : 8.2.1.34 323957 Bytes 05.06.2011 07:18:17
AERDL.DLL : 8.1.9.13 639349 Bytes 15.07.2011 04:45:04
AEPACK.DLL : 8.2.9.5 676214 Bytes 15.07.2011 04:45:04
AEOFFICE.DLL : 8.1.2.12 201083 Bytes 16.07.2011 10:45:20
AEHEUR.DLL : 8.1.2.144 3621240 Bytes 16.07.2011 10:45:20
AEHELP.DLL : 8.1.17.5 246135 Bytes 16.07.2011 10:45:10
AEGEN.DLL : 8.1.5.6 401780 Bytes 22.05.2011 11:22:11
AEEMU.DLL : 8.1.3.0 393589 Bytes 24.11.2010 19:44:39
AECORE.DLL : 8.1.22.4 196983 Bytes 15.07.2011 04:45:00
AEBB.DLL : 8.1.1.0 53618 Bytes 05.09.2010 08:04:26
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:12
AVPREF.DLL : 10.0.3.2 44904 Bytes 11.07.2011 14:07:23
AVREP.DLL : 10.0.0.10 174120 Bytes 22.05.2011 11:22:14
AVARKT.DLL : 10.0.26.1 255336 Bytes 11.07.2011 14:07:23
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 11.07.2011 14:07:23
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:54
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:56
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 11.07.2011 14:07:23
RCTEXT.DLL : 10.0.64.0 98664 Bytes 11.07.2011 14:07:23
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fa6077a\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Montag, 18. Juli 2011 18:56
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mobsync.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ERAGENT.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeaTimer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ipoint.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvraidservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'eDSLoader.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SysMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'capuserv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'eRecoveryService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'eDSService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MemCheck.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMSServer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Marion\Desktop\tebx99zx.exe'
C:\Users\Marion\Desktop\tebx99zx.exe
[FUND] Ist das Trojanische Pferd TR/Spy.302592.8
Beginne mit der Desinfektion:
C:\Users\Marion\Desktop\tebx99zx.exe
[FUND] Ist das Trojanische Pferd TR/Spy.302592.8
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4bdac7f0.qua' verschoben!
Ende des Suchlaufs: Montag, 18. Juli 2011 18:59
Benötigte Zeit: 01:49 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
72 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
71 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
76421 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Die Suchergebnisse werden an den Guard übermittelt.
|
|
18.07.2011, 19:02
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit.Dropper firefox.exe und diverses -Überprüfung Ok, mach bitte zunächst mal einen Scan mit ESET, ich will wissen, ob da noch weiteres zum Vorschein kommt, damit ich das weitere Vorgehen besser planen kann. ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.07.2011, 19:06
| #5 |
| | Rootkit.Dropper firefox.exe und diverses -Überprüfung *überfordert*Versuche es die ganze Zeit mit dem Mbam, damit der mir wie gewünscht noch ein log ausspuckt. Hab den Schutz von Malwarebytes angemacht und dann meldet er den firefox: 19:54:03 Marion MESSAGE Protection started successfully 19:54:07 Marion MESSAGE IP Protection started successfully 19:54:36 Marion DETECTION C:\USERS\MARION\FIREFOX.EXE Rootkit.Dropper QUARANTINE 19:54:49 Marion DETECTION C:\USERS\MARION\FIREFOX.EXE Rootkit.Dropper DENY 19:55:03 Marion DETECTION C:\USERS\MARION\FIREFOX.EXE Rootkit.Dropper DENY 19:55:20 Marion DETECTION C:\USERS\MARION\FIREFOX.EXE Rootkit.Dropper DENY 19:55:24 Marion DETECTION C:\USERS\MARION\FIREFOX.EXE Rootkit.Dropper DENY Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7192 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 18.07.2011 19:58:02 mbam-log-2011-07-18 (19-58-02).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 48271 Laufzeit: 2 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
18.07.2011, 19:22
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit.Dropper firefox.exe und diverses -Überprüfung Nix Malwarebytes! Die bisherigen Logs reichen, warum nochmal? Ich hab dir eine ESET-Anleitung gepostet und du machst wieder Malwarebytes...warum?  Zum Schluss kommt das zur Kontrolle aber jetzt bitte nicht
__________________ --> Rootkit.Dropper firefox.exe und diverses -Überprüfung |
|
18.07.2011, 20:22
| #7 |
| | Rootkit.Dropper firefox.exe und diverses -Überprüfung Sorry, hatte dein post noch nicht gelesen als ich da zu Gange war: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK |
|
18.07.2011, 20:27
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit.Dropper firefox.exe und diverses -Überprüfung Wie? Mehr steh da nicht? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2011, 20:32
| #9 |
| | Rootkit.Dropper firefox.exe und diverses -Überprüfung ne  steht nix weiter. hab auch mehrmals reinkopiert.es war aber auch ein wenig komsich, der hat direkt angefangen (IE), konnte nicht wegen vista "als Admin" auswählen. soll ichs nochmal machen? |
|
19.07.2011, 00:16
| #10 |
| | Rootkit.Dropper firefox.exe und diverses -Überprüfung So, nochmal die ganze Geschichte mit firefox: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=6435a2238a26aa42a21c66f19debc9f3 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-18 08:46:20 # local_time=2011-07-18 10:46:20 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775165 100 94 125253 47554929 7246 0 # compatibility_mode=5892 16776573 100 100 207356 148550803 0 0 # compatibility_mode=8192 67108863 100 0 5351 5351 0 0 # scanned=209195 # found=0 # cleaned=0 # scan_time=3904 |
|
19.07.2011, 09:45
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit.Dropper firefox.exe und diverses -Überprüfung Keine Funde!  Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.07.2011, 16:41
| #12 |
| | Rootkit.Dropper firefox.exe und diverses -Überprüfung Code:
ATTFilter 2011/07/19 17:30:23.0486 5612 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/19 17:30:23.0686 5612 ================================================================================
2011/07/19 17:30:23.0686 5612 SystemInfo:
2011/07/19 17:30:23.0686 5612
2011/07/19 17:30:23.0686 5612 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/19 17:30:23.0686 5612 Product type: Workstation
2011/07/19 17:30:23.0686 5612 ComputerName: MARION-PC
2011/07/19 17:30:23.0686 5612 UserName: Marion
2011/07/19 17:30:23.0687 5612 Windows directory: C:\Windows
2011/07/19 17:30:23.0687 5612 System windows directory: C:\Windows
2011/07/19 17:30:23.0687 5612 Processor architecture: Intel x86
2011/07/19 17:30:23.0687 5612 Number of processors: 4
2011/07/19 17:30:23.0687 5612 Page size: 0x1000
2011/07/19 17:30:23.0687 5612 Boot type: Normal boot
2011/07/19 17:30:23.0687 5612 ================================================================================
2011/07/19 17:30:24.0141 5612 Initialize success
2011/07/19 17:30:32.0155 2988 ================================================================================
2011/07/19 17:30:32.0155 2988 Scan started
2011/07/19 17:30:32.0155 2988 Mode: Manual;
2011/07/19 17:30:32.0155 2988 ================================================================================
2011/07/19 17:30:32.0682 2988 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/19 17:30:32.0721 2988 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/19 17:30:32.0750 2988 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/19 17:30:32.0772 2988 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/19 17:30:33.0016 2988 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/19 17:30:33.0060 2988 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
2011/07/19 17:30:33.0124 2988 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/19 17:30:33.0148 2988 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/19 17:30:33.0168 2988 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/19 17:30:33.0220 2988 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/19 17:30:33.0327 2988 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/19 17:30:33.0350 2988 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/19 17:30:33.0383 2988 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/19 17:30:33.0418 2988 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/07/19 17:30:33.0604 2988 amdkmdag (aeae5ecbeaa0107d36c0b94ef341abc7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/19 17:30:33.0745 2988 amdkmdap (60643c3abe28015269a62eb3dd4a49f4) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/07/19 17:30:33.0788 2988 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/19 17:30:33.0906 2988 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/19 17:30:33.0929 2988 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/19 17:30:33.0956 2988 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/19 17:30:33.0990 2988 AtiHDAudioService (1af3b5f04cc572daffcb6b5528c63134) C:\Windows\system32\drivers\AtihdLH3.sys
2011/07/19 17:30:34.0189 2988 atikmdag (aeae5ecbeaa0107d36c0b94ef341abc7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/19 17:30:34.0267 2988 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/19 17:30:34.0298 2988 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/19 17:30:34.0356 2988 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/19 17:30:34.0414 2988 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/19 17:30:34.0544 2988 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/19 17:30:34.0578 2988 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/19 17:30:34.0614 2988 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/19 17:30:34.0665 2988 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/19 17:30:34.0694 2988 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/19 17:30:34.0736 2988 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/19 17:30:34.0752 2988 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/19 17:30:34.0790 2988 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/19 17:30:34.0836 2988 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/19 17:30:34.0869 2988 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/19 17:30:34.0900 2988 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/07/19 17:30:34.0929 2988 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/19 17:30:35.0022 2988 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/19 17:30:35.0039 2988 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/07/19 17:30:35.0066 2988 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/19 17:30:35.0095 2988 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/19 17:30:35.0153 2988 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/19 17:30:35.0212 2988 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/19 17:30:35.0277 2988 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/19 17:30:35.0315 2988 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/19 17:30:35.0354 2988 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/19 17:30:35.0409 2988 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/19 17:30:35.0483 2988 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/19 17:30:35.0531 2988 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/19 17:30:35.0581 2988 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/19 17:30:35.0708 2988 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/19 17:30:35.0728 2988 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/19 17:30:35.0780 2988 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/19 17:30:35.0803 2988 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/19 17:30:35.0836 2988 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/19 17:30:35.0869 2988 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/19 17:30:35.0909 2988 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/19 17:30:35.0952 2988 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/19 17:30:36.0021 2988 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/07/19 17:30:36.0055 2988 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/19 17:30:36.0096 2988 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/19 17:30:36.0116 2988 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/19 17:30:36.0144 2988 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/19 17:30:36.0191 2988 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/19 17:30:36.0236 2988 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/19 17:30:36.0271 2988 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/19 17:30:36.0300 2988 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/19 17:30:36.0328 2988 iaStor (580bfec487c55264bfe3d60c3c24eee1) C:\Windows\system32\drivers\iastor.sys
2011/07/19 17:30:36.0363 2988 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/19 17:30:36.0414 2988 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/19 17:30:36.0496 2988 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/07/19 17:30:36.0624 2988 IntcAzAudAddService (dc809d6e4cea1c3ae32199bdd3d39c2e) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/19 17:30:36.0722 2988 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/19 17:30:36.0743 2988 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/19 17:30:36.0851 2988 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/19 17:30:36.0893 2988 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/19 17:30:36.0932 2988 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/19 17:30:36.0972 2988 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/19 17:30:37.0006 2988 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/19 17:30:37.0057 2988 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/19 17:30:37.0084 2988 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/19 17:30:37.0105 2988 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/19 17:30:37.0141 2988 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/19 17:30:37.0186 2988 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/19 17:30:37.0238 2988 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/19 17:30:37.0283 2988 L8042mou (8a5993705add14352c9a279fa8338334) C:\Windows\system32\DRIVERS\L8042mou.Sys
2011/07/19 17:30:37.0330 2988 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/07/19 17:30:37.0371 2988 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/19 17:30:37.0399 2988 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/07/19 17:30:37.0420 2988 LMouKE (9837e55673818ecd8febb47f7f77521a) C:\Windows\system32\DRIVERS\LMouKE.Sys
2011/07/19 17:30:37.0450 2988 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/19 17:30:37.0481 2988 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/19 17:30:37.0498 2988 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/19 17:30:37.0515 2988 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/19 17:30:37.0564 2988 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/07/19 17:30:37.0587 2988 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/07/19 17:30:37.0670 2988 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/19 17:30:37.0701 2988 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/19 17:30:37.0729 2988 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/19 17:30:37.0763 2988 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/19 17:30:37.0801 2988 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/19 17:30:37.0844 2988 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/19 17:30:37.0880 2988 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/19 17:30:37.0907 2988 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/19 17:30:37.0944 2988 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/19 17:30:38.0056 2988 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/19 17:30:38.0084 2988 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/19 17:30:38.0129 2988 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/19 17:30:38.0167 2988 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/19 17:30:38.0187 2988 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/19 17:30:38.0227 2988 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/07/19 17:30:38.0246 2988 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/19 17:30:38.0300 2988 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/19 17:30:38.0314 2988 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/19 17:30:38.0352 2988 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/19 17:30:38.0381 2988 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/19 17:30:38.0395 2988 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/19 17:30:38.0434 2988 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/19 17:30:38.0491 2988 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/19 17:30:38.0523 2988 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/19 17:30:38.0538 2988 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/19 17:30:38.0585 2988 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/19 17:30:38.0628 2988 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/19 17:30:38.0655 2988 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/19 17:30:38.0692 2988 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/19 17:30:38.0722 2988 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/19 17:30:38.0751 2988 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/19 17:30:38.0790 2988 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/19 17:30:38.0902 2988 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/19 17:30:38.0946 2988 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/19 17:30:38.0980 2988 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/19 17:30:39.0000 2988 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/19 17:30:39.0064 2988 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/19 17:30:39.0130 2988 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/07/19 17:30:39.0170 2988 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/19 17:30:39.0184 2988 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/19 17:30:39.0234 2988 NVENETFD (b896fb556b4dc1e1d2943559ea79c5c5) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/07/19 17:30:39.0276 2988 NVHDA (57945c4c155a79cf3e0f463e3cc9923e) C:\Windows\system32\drivers\nvhda32v.sys
2011/07/19 17:30:39.0427 2988 nvlddmkm (9787cb64bff24785e7b82fd08c6a7aab) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/19 17:30:39.0561 2988 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/19 17:30:39.0593 2988 nvrd32 (73f84853274c0f633425b102b4edd631) C:\Windows\system32\drivers\nvrd32.sys
2011/07/19 17:30:39.0611 2988 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/07/19 17:30:39.0659 2988 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/19 17:30:39.0676 2988 nvstor32 (a136ba7eb1eebe4b2469f123f4607518) C:\Windows\system32\drivers\nvstor32.sys
2011/07/19 17:30:39.0717 2988 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/19 17:30:39.0806 2988 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/19 17:30:39.0851 2988 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/19 17:30:39.0882 2988 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/19 17:30:39.0919 2988 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/19 17:30:39.0986 2988 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/19 17:30:40.0042 2988 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/19 17:30:40.0077 2988 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/19 17:30:40.0146 2988 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/19 17:30:40.0238 2988 Point32 (04df0452fbededf9297fd2e5440cb3c9) C:\Windows\system32\DRIVERS\point32k.sys
2011/07/19 17:30:40.0286 2988 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/19 17:30:40.0315 2988 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/19 17:30:40.0372 2988 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/19 17:30:40.0404 2988 PSDFilter (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/07/19 17:30:40.0420 2988 PSDNServ (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/07/19 17:30:40.0451 2988 psdvdisk (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/07/19 17:30:40.0543 2988 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/19 17:30:40.0601 2988 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/19 17:30:40.0631 2988 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/19 17:30:40.0743 2988 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/19 17:30:40.0792 2988 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/19 17:30:40.0852 2988 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/19 17:30:40.0901 2988 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/19 17:30:40.0945 2988 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/19 17:30:40.0989 2988 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/19 17:30:41.0035 2988 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/19 17:30:41.0054 2988 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/19 17:30:41.0111 2988 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/19 17:30:41.0156 2988 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/19 17:30:41.0182 2988 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/19 17:30:41.0242 2988 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/19 17:30:41.0278 2988 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/19 17:30:41.0307 2988 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/07/19 17:30:41.0331 2988 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/19 17:30:41.0395 2988 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/19 17:30:41.0440 2988 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/19 17:30:41.0485 2988 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/19 17:30:41.0602 2988 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/19 17:30:41.0641 2988 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/19 17:30:41.0687 2988 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/19 17:30:41.0713 2988 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/19 17:30:41.0801 2988 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/19 17:30:41.0856 2988 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/19 17:30:41.0911 2988 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/19 17:30:41.0938 2988 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/19 17:30:41.0988 2988 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/19 17:30:42.0028 2988 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/19 17:30:42.0103 2988 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/19 17:30:42.0207 2988 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/19 17:30:42.0262 2988 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/19 17:30:42.0291 2988 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/19 17:30:42.0380 2988 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/19 17:30:42.0453 2988 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/19 17:30:42.0501 2988 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/19 17:30:42.0555 2988 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/19 17:30:42.0576 2988 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/19 17:30:42.0624 2988 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/19 17:30:42.0677 2988 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/19 17:30:42.0764 2988 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/19 17:30:42.0808 2988 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/19 17:30:42.0824 2988 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/19 17:30:42.0871 2988 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\Windows\system32\drivers\tvicport.sys
2011/07/19 17:30:42.0893 2988 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/19 17:30:42.0933 2988 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/19 17:30:42.0989 2988 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/19 17:30:43.0050 2988 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/19 17:30:43.0109 2988 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/19 17:30:43.0139 2988 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/19 17:30:43.0183 2988 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/19 17:30:43.0221 2988 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/19 17:30:43.0253 2988 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/19 17:30:43.0288 2988 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/19 17:30:43.0339 2988 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/19 17:30:43.0355 2988 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/19 17:30:43.0409 2988 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/19 17:30:43.0450 2988 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/19 17:30:43.0479 2988 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/19 17:30:43.0505 2988 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/19 17:30:43.0563 2988 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/19 17:30:43.0586 2988 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/19 17:30:43.0629 2988 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/19 17:30:43.0662 2988 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/19 17:30:43.0687 2988 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/19 17:30:43.0728 2988 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/19 17:30:43.0830 2988 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/19 17:30:43.0879 2988 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/19 17:30:43.0914 2988 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/19 17:30:43.0996 2988 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/19 17:30:44.0040 2988 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/19 17:30:44.0068 2988 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/19 17:30:44.0114 2988 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/19 17:30:44.0144 2988 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/19 17:30:44.0257 2988 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/19 17:30:44.0346 2988 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/19 17:30:44.0371 2988 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/19 17:30:44.0422 2988 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/19 17:30:44.0486 2988 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\Windows\system32\drivers\zntport.sys
2011/07/19 17:30:44.0526 2988 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
2011/07/19 17:30:44.0616 2988 Boot (0x1200) (2c4c92ec52fdf0487867b98b68e7eaef) \Device\Harddisk0\DR0\Partition0
2011/07/19 17:30:44.0654 2988 Boot (0x1200) (844018e5422fbe70fe80ac18d1177a57) \Device\Harddisk0\DR0\Partition1
2011/07/19 17:30:44.0674 2988 ================================================================================
2011/07/19 17:30:44.0674 2988 Scan finished
2011/07/19 17:30:44.0674 2988 ================================================================================
2011/07/19 17:30:44.0687 4972 Detected object count: 0
2011/07/19 17:30:44.0687 4972 Actual detected object count: 0
Ich kenne mich nicht aus, aber vlt ist da nichts, weil die bei AntiVir in Quarantäne sind (Malwarebytes hat den Rootkit auch in Quarantäne), muss ich die vlt rausnehmen?: Typ: Datei Quelle: C:\Users\Marion\Desktop\tebx99zx.exe Status: Infiziert Quarantäne-Objekt: 4bdac7f0.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows 2000/XP/VISTA Workstation Suchengine: 8.02.06.16 Virendefinitionsdatei: 7.11.11.179 Meldung: Ist das Trojanische Pferd TR/Spy.302592.8 Datum/Uhrzeit: 18.07.2011, 18:59 und hier schon älter...  Typ: Datei Quelle: C:\Users\Marion\AppData\Local\Mozilla\Firefox\Profiles\vg2a6dqa.default\Cache\BCF9825Fd01 Status: Infiziert Quarantäne-Objekt: 49403e34.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows 2000/XP/VISTA Workstation Suchengine: 8.02.04.192 Virendefinitionsdatei: 7.11.05.94 Meldung: Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/AdSpy.Gen2 Datum/Uhrzeit: 28.03.2011, 16:44 Typ: Datei Quelle: C:\Users\Marion\AppData\Local\Mozilla\Firefox\Profiles\vg2a6dqa.default\Cache\C9CCCE0Ed01 Status: Infiziert Quarantäne-Objekt: 48c266e0.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows 2000/XP/VISTA Workstation Suchengine: 8.02.04.188 Virendefinitionsdatei: 7.11.04.255 Meldung: Enthält Erkennungsmuster der Adware ADWARE/WhiteSmoke.T Datum/Uhrzeit: 19.03.2011, 16:11 |
|
19.07.2011, 20:44
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit.Dropper firefox.exe und diverses -Überprüfung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.07.2011, 21:01
| #14 |
| | Rootkit.Dropper firefox.exe und diverses -ÜberprüfungCode:
ATTFilter ComboFix 11-07-19.03 - Marion 19.07.2011 21:50:46.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1919 [GMT 2:00]
ausgeführt von:: c:\users\Marion\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
c:\users\Marion\AccessibleMarshal.dll
c:\users\Marion\AppData\Roaming\Local
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\(2).ddr
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\(3).ddr
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\FILE4D13FE7D0FBC9.ddr
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\Skyline.R5.Line.Dubbed.German.Merry.Xmas.XviD_VCF.avi.ddr
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4D13FE7D0FBC9.ddp
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx.ddp
c:\users\Marion\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Skyline.R5.Line.Dubbed.German.Merry.Xmas.XviD_VCF.avi.ddp
c:\users\Marion\crashreporter.exe
c:\users\Marion\freebl3.dll
c:\users\Marion\js3250.dll
c:\users\Marion\mozcpp19.dll
c:\users\Marion\mozcrt19.dll
c:\users\Marion\nspr4.dll
c:\users\Marion\nss3.dll
c:\users\Marion\nssckbi.dll
c:\users\Marion\nssdbm3.dll
c:\users\Marion\nssutil3.dll
c:\users\Marion\plc4.dll
c:\users\Marion\plds4.dll
c:\users\Marion\plugin-container.exe
c:\users\Marion\smime3.dll
c:\users\Marion\softokn3.dll
c:\users\Marion\sqlite3.dll
c:\users\Marion\ssl3.dll
c:\users\Marion\updater.exe
c:\users\Marion\xpcom.dll
c:\users\Marion\xul.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-19 bis 2011-07-19 ))))))))))))))))))))))))))))))
.
.
2011-07-19 19:56 . 2011-07-19 19:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-19 15:27 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDFCFC75-13F8-49AB-BCB0-C1EC20A22108}\mpengine.dll
2011-07-18 18:12 . 2011-07-18 18:12 -------- d-----w- c:\program files\ESET
2011-07-18 17:50 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-18 17:50 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-17 11:58 . 2011-07-17 11:58 -------- d-----w- c:\users\Marion\AppData\Roaming\Malwarebytes
2011-07-17 11:58 . 2011-07-17 11:58 -------- d-----w- c:\programdata\Malwarebytes
2011-07-17 11:58 . 2011-07-18 17:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-17 09:26 . 2011-07-17 09:26 -------- d-----w- c:\windows\system32\RTCOM
2011-07-17 09:21 . 2011-07-17 09:27 -------- d--h--w- c:\program files\Temp
2011-07-17 09:08 . 2011-07-17 09:08 -------- d-----w- c:\programdata\ATI
2011-07-17 09:08 . 2011-07-17 09:08 -------- d-----w- c:\program files\AMD APP
2011-07-17 09:04 . 2011-07-17 09:04 -------- d-----w- C:\ATI
2011-07-15 04:48 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-15 04:47 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-15 04:47 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-10 17:03 . 2011-07-10 17:03 -------- d-----w- c:\users\Marion\AppData\Roaming\gtk-2.0
2011-07-10 17:03 . 2011-07-10 17:03 -------- d-----w- c:\users\Marion\.thumbnails
2011-07-10 17:01 . 2011-07-10 17:05 -------- d-----w- c:\users\Marion\.gimp-2.6
2011-07-10 17:00 . 2011-07-10 17:00 -------- d-----w- c:\program files\GIMP-2.0
2011-07-04 05:17 . 2011-07-04 05:17 -------- d-----w- c:\programdata\boost_interprocess
2011-07-03 08:13 . 2011-07-03 08:13 -------- d-----w- c:\users\Marion\AppData\Local\Ilivid Player
2011-07-03 08:12 . 2011-07-17 10:10 -------- dc-h--w- c:\programdata\{C1D18E30-468F-478F-8837-B6CBA25F6547}
2011-06-29 15:40 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 09:25 . 2008-03-21 13:33 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-07-11 14:07 . 2010-09-05 08:03 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-11 14:07 . 2010-09-05 08:03 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-05 15:38 . 2011-05-15 08:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 04:25 . 2011-05-25 04:25 7800832 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-05-25 03:31 . 2011-05-25 03:31 17940992 ----a-w- c:\windows\system32\atioglxx.dll
2011-05-25 03:07 . 2011-05-25 03:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-05-25 03:07 . 2010-11-26 02:58 688128 ----a-w- c:\windows\system32\aticfx32.dll
2011-05-25 03:04 . 2011-05-25 03:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 03:03 . 2011-05-25 03:03 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-05-25 03:03 . 2011-05-25 03:03 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-05-25 03:02 . 2011-05-25 03:02 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-05-25 03:02 . 2011-05-25 03:02 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-25 03:02 . 2011-05-25 03:02 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-25 03:01 . 2011-05-25 03:01 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-05-25 03:01 . 2011-05-25 03:01 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-25 02:59 . 2011-05-25 02:59 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-05-25 02:58 . 2011-05-25 02:58 4219904 ----a-w- c:\windows\system32\atidxx32.dll
2011-05-25 02:50 . 2011-05-25 02:50 4017152 ----a-w- c:\windows\system32\atiumdva.dll
2011-05-25 02:47 . 2011-05-25 02:47 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-05-25 02:47 . 2011-05-25 02:47 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-05-25 02:43 . 2011-05-25 02:43 6847488 ----a-w- c:\windows\system32\aticaldd.dll
2011-05-25 02:39 . 2010-08-27 05:14 4330496 ----a-w- c:\windows\system32\atiumdag.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-05-25 02:26 . 2011-05-25 02:26 262144 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-05-25 02:25 . 2011-05-25 02:25 245760 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-05-25 02:24 . 2011-05-25 02:24 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-05-25 02:24 . 2010-11-26 02:15 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-05-25 02:24 . 2010-11-26 02:15 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-05-25 02:24 . 2011-05-25 02:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:18 . 2010-11-26 02:24 52736 ----a-w- c:\windows\system32\coinst.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-24 17:14 . 2010-11-06 00:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 17:16 . 2011-06-16 15:35 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-16 15:35 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-16 15:35 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-16 15:35 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-16 15:35 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-16 15:35 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 16:04 . 2011-06-16 15:35 834048 ----a-w- c:\windows\system32\wininet.dll
2011-04-21 14:57 . 2011-06-16 15:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-21 14:15 . 2011-06-16 15:35 389632 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:58 . 2011-06-16 15:35 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2010-05-21 14:05 . 2010-05-21 14:05 3099648 ----a-w- c:\program files\openofficeorg32.msi
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-05-06 196128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-26 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-26 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-26 88608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-12-23 9972328]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-4-14 20480]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-21 535336]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-26 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removeSearchqudatamngr]
RD [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removeSearchqutoolbar]
RD [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-05-27 12:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 18:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
2008-01-25 17:49 204908 ----a-w- c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-04 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-04 136176]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-25 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-25 7800832]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-25 245760]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-03-30 97808]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-28 42528]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 45084439
*NewlyCreated* - 66159978
*Deregistered* - 45084439
*Deregistered* - 66159978
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-04 12:37]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-04 12:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=0810&m=aspire_m5641
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: EXIF lesen
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\vg2a6dqa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-tcactive - c:\program files\The Cleaner\tcap.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-07-19 21:57
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-19 21:58:56
ComboFix-quarantined-files.txt 2011-07-19 19:58
.
Vor Suchlauf: 12 Verzeichnis(se), 233.087.995.904 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 233.064.824.832 Bytes frei
.
- - End Of File - - C75C1E8ADBFCBC75438FF6BBDE0D5134
|
|
19.07.2011, 21:34
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit.Dropper firefox.exe und diverses -Überprüfung Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Rootkit.Dropper firefox.exe und diverses -Überprüfung |
| antivir, antivir guard, autorun, avira, bho, c:\windows\system32\rundll32.exe, converter, diner dash, error, excel.exe, flash player, focus, google earth, helper, hijack, hijackthis, home, ilivid, install.exe, logfile, microsoft office word, mp3, nvlddmkm.sys, office 2007, plug-in, popup, problem, prozess, registry, rootkit.dropper, rundll, scan, security update, senden, shortcut, siteadvisor, software, start menu, studio, teamspeak, vista, wenig ahnung |
Linear-Darstellung
