| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sysWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.05.2010, 12:49
| #1 |
 |  TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys Hallo Leute, ich hoffe, ich mache hier alles richtig. Also, mein Problem ist folgendes: Seit einiger Zeit melden bei mir verschiedene Antiviren-Programme, dass ich mir einen Trojaner mit obengenannter Datei eingefangen habe. Ein Löschen der Datei bringt nichts, da sie nach dem System-Neustart wiederkommt. Ich weiß nicht, ob das was mit dem Trojaner zu tun hat, aber meine Internetverbindung ist seither extrem langsam geworden. HijackThis sagt folgendes: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:16:56, on 29.05.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Razer\DeathAdder\razerhid.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\TrueCrypt\TrueCrypt.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Razer\DeathAdder\razertra.exe C:\Programme\Razer\DeathAdder\razerofa.exe C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe C:\Programme\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe c:\programme\avira\antivir desktop\avcenter.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Last.fm\LastFM.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\msiexec.exe C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15788&l=dis R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 O1 - Hosts: 92.241.168.28 gully.to O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [DeathAdder] C:\Programme\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [XboxStat] "C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\PROGRA~1\MALWAR~1\MBAM.exe" /runcleanupscript O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [TrueCrypt] "C:\Programme\TrueCrypt\TrueCrypt.exe" /q preferences O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Programme\Gemeinsame Dateien\BinarySense\hlAPP.dll" (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOKUME~1\user\LOKALE~1\Temp\AVSETUP_4a5f218b\basic\avupgsvc.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: HDD & SSD access service - Unknown owner - C:\Programme\Gemeinsame Dateien\BinarySense\disksvc.exe (file missing) O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe -- End of file - 8689 bytes Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-30 01:12:14
Windows 5.1.2600 Service Pack 3
Running: 922ynk6l.exe; Driver: C:\DOKUME~1\user\LOKALE~1\Temp\kgryikob.sys
---- System - GMER 1.0.15 ----
SSDT BA6E6E76 ZwCreateKey
SSDT BA6E6E6C ZwCreateThread
SSDT BA6E6E7B ZwDeleteKey
SSDT BA6E6E85 ZwDeleteValueKey
SSDT BA6E6E8A ZwLoadKey
SSDT BA6E6E58 ZwOpenProcess
SSDT BA6E6E5D ZwOpenThread
SSDT BA6E6E94 ZwReplaceKey
SSDT BA6E6E8F ZwRestoreKey
SSDT BA6E6E80 ZwSetValueKey
SSDT BA6E6E67 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.pak2 C:\WINDOWS\system32\drivers\herbh.sys entry point in ".pak2" section [0xB9D874E0]
? C:\WINDOWS\system32\drivers\herbh.sys Ein an das System angeschlossenes Gerät funktioniert nicht.
.xreloc C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xB9D16000, 0xC5E, 0x40000040]
PAGE Ntfs.sys B9BC2E55 4 Bytes CALL 8A6A0369
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8E35000, 0x235F87, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA8BB2300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA408300, 0x1BEE, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 008D1710
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 008D1400
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 008C9EF0
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 008CB430
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 008CE5A0
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 008CC180
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 008CB760
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 008CD8E0
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 008D08E0
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 008D0920
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 008D1A60
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 008D04D0
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 008CE500
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 008CCCA0
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 008CBE30
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 008CC720
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 008D1FE0
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 008CDC30
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 008CE360
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 008CEF90
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 008CEA70
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 008CEF10
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 008CFA30
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 008CF100
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 008CBAE0
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 008CCB50
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 008D0A00
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 008CEBB0
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 008CE4A0
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 008CE060
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 008CE6B0
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 008D1A80
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 008CE9B0
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 008D1D20
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 008D1CC0
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 008D1F10
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 008D1FB0
IAT C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe[2232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 008D1DE0
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A74D970
Device \Driver\USBSTOR \Device\0000008e 8A32E908
Device \Driver\USBSTOR \Device\0000008f 8A32E908
Device \Driver\atapi \Device\Ide\IdePort0 8A786988
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8A786988
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 8A786988
Device \Driver\atapi \Device\Ide\IdePort1 8A786988
Device \Driver\atapi \Device\Ide\IdePort2 8A786988
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8A786988
Device \Driver\atapi \Device\Ide\IdePort3 8A786988
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 8A786988
Device \Driver\USBSTOR \Device\00000088 8A32E908
Device \Driver\USBSTOR \Device\0000008c 8A32E908
Device \Driver\USBSTOR \Device\0000008d 8A32E908
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [BOOT] herbh <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x50 0x31 0xFD ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5B 0x88 0xF5 0x77 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x23 0x30 0x21 0xDC ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEA 0xA3 0xF9 0xE3 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x42 0xD5 0xD5 0x71 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x73 0x56 0xCE 0x86 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x68 0x25 0xEE 0xD0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x98 0x5B 0xBC 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x42 0xD5 0xD5 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x94 0x86 0x71 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0xA5 0x53 0x03 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x50 0x31 0xFD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5B 0x88 0xF5 0x77 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5B 0x65 0x01 0x85 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEA 0xA3 0xF9 0xE3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x42 0xD5 0xD5 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x73 0x56 0xCE 0x86 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x68 0x25 0xEE 0xD0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x98 0x5B 0xBC 0x46 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x50 0x31 0xFD ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5B 0x88 0xF5 0x77 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0x89 0x80 0xAC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEA 0xA3 0xF9 0xE3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x42 0xD5 0xD5 0x71 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x73 0x56 0xCE 0x86 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x68 0x25 0xEE 0xD0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x98 0x5B 0xBC 0x46 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x50 0x31 0xFD ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5B 0x88 0xF5 0x77 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAC 0xE4 0x10 0x09 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEA 0xA3 0xF9 0xE3 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x42 0xD5 0xD5 0x71 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x73 0x56 0xCE 0x86 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x68 0x25 0xEE 0xD0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x98 0x5B 0xBC 0x46 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x50 0x31 0xFD ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5B 0x88 0xF5 0x77 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAC 0xE4 0x10 0x09 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEA 0xA3 0xF9 0xE3 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x42 0xD5 0xD5 0x71 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x73 0x56 0xCE 0x86 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x68 0x25 0xEE 0xD0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x98 0x5B 0xBC 0x46 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x50 0x31 0xFD ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5B 0x88 0xF5 0x77 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAC 0xE4 0x10 0x09 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEA 0xA3 0xF9 0xE3 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x42 0xD5 0xD5 0x71 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x73 0x56 0xCE 0x86 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x68 0x25 0xEE 0xD0 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x98 0x5B 0xBC 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\herbh@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\herbh@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\herbh@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\herbh@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x50 0x31 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5B 0x88 0xF5 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAC 0xE4 0x10 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEA 0xA3 0xF9 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x42 0xD5 0xD5 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x73 0x56 0xCE 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x68 0x25 0xEE 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x98 0x5B 0xBC 0x46 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x50 0x31 0xFD ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5B 0x88 0xF5 0x77 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAC 0xE4 0x10 0x09 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEA 0xA3 0xF9 0xE3 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x42 0xD5 0xD5 0x71 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x73 0x56 0xCE 0x86 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x68 0x25 0xEE 0xD0 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x98 0x5B 0xBC 0x46 ...
Reg HKLM\SYSTEM\ControlSet010\Services\herbh@Type 1
Reg HKLM\SYSTEM\ControlSet010\Services\herbh@Start 0
Reg HKLM\SYSTEM\ControlSet010\Services\herbh@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet010\Services\herbh@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x50 0x31 0xFD ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5B 0x88 0xF5 0x77 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAC 0xE4 0x10 0x09 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEA 0xA3 0xF9 0xE3 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x42 0xD5 0xD5 0x71 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x73 0x56 0xCE 0x86 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x68 0x25 0xEE 0xD0 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x98 0x5B 0xBC 0x46 ...
Reg HKLM\SYSTEM\ControlSet011\Services\herbh@Type 1
Reg HKLM\SYSTEM\ControlSet011\Services\herbh@Start 0
Reg HKLM\SYSTEM\ControlSet011\Services\herbh@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet011\Services\herbh@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x50 0x31 0xFD ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5B 0x88 0xF5 0x77 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAC 0xE4 0x10 0x09 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEA 0xA3 0xF9 0xE3 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x42 0xD5 0xD5 0x71 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x73 0x56 0xCE 0x86 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x68 0x25 0xEE 0xD0 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x98 0x5B 0xBC 0x46 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION B285266C023320150BCEE99544F00C320EBC9A78A1195866F02F1FC1718BB3B01D385FEE299C07AA387F8C678D7D2E6E003B432B3640F8047032F384DA61FEE6BCD722DA75E94B1819ED6F0CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407C9520150EBE880D65593B3D669FBF110D0A75D451C33825C20368200EE049C94CF3EBE8511F488D7B5B0DF80B544F2DE63215F6BB2A0CB6B638126C4E26DF0BF4CF2224F689C2E2C1F2727E42A0E87A4FA48A658B30DD5F098FA346AD956B1E220ECD6CBB7A9B5A24874B22BF073010AC1BBF75CCF06A08C7F022C8B2AD9AEB4C1EA3CFB1B68592C7957DEDC0D142958F6DC4D2A0F982103EBBB47237E96281439F0E44583AAC7E093D73BE8528FB8806FD2D3D949563EBA468C6F9057B1D101A3499972B343237786BD0DA1E90B5F931107ECE6ACD754408B22C11A05D1D59FB3FC54AE430C8050D996CDBECF32C04857A7AE30BBB73444CB6A92E7AF23513A2D5FC68C9FE0EAEB28B2A85856B0737BD128E1F8CB13211A2B18E7855154D5BDE802D28206A360F01EA7FD6DA0BA02AA24BC84E8078D52386123FBE33A9A67B9D63F10670C38D1A980CFE3E128036CF885DFC70BE9CDF53D3CC6BD578B2CFEE376B14BF
---- EOF - GMER 1.0.15 ----
Infizierte Dateien: C:\WINDOWS\system32\drivers\herbh.sys (Rootkit.Agent) -> Delete on reboot. Das "Delete on Reboot" war wiegesagt nicht erfolgreich, also wende ich mich lieber mal hierhin und hoffe, dass mir da jemand weiterhelfen kann, was das weitere Vorgehen betrifft. Danke schonmal! |
|
30.05.2010, 16:31
| #2 |
| /// Selecta Jahrusso   | TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys schritt 1
__________________Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
schritt 2 Temp File Cleaner Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. schritt 3 Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**  
schritt 4 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
Bitte poste in Deiner nächsten Antwort Log von defogger combo-fix.txt otl.txt extras.txt
__________________ |
|
30.05.2010, 18:49
| #3 |
| | TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys Defogger:
__________________Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:48 on 30/05/2010 (user)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
Code:
ATTFilter ComboFix 10-05-29.05 - user 30.05.2010 19:07:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1574 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\user\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\user\Anwendungsdaten\AD ON Multimedia
c:\dokumente und einstellungen\user\Anwendungsdaten\inst.exe
C:\test.txt
C:\Thumbs.db
c:\windows\system32\driVERs\herbh.sys
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Legacy_herbh
-------\Service_herbh
((((((((((((((((((((((( Dateien erstellt von 2010-04-28 bis 2010-05-30 ))))))))))))))))))))))))))))))
.
2010-05-29 16:16 . 2010-05-29 16:16 388096 ----a-r- c:\dokumente und einstellungen\user\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-29 16:16 . 2010-05-29 16:16 -------- d-----w- c:\programme\Trend Micro
2010-05-25 11:29 . 2009-08-13 15:15 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-05-23 18:58 . 2002-04-03 13:35 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2010-05-23 18:58 . 2000-09-01 09:41 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2010-05-23 18:58 . 2008-04-14 01:57 93184 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-05-23 18:58 . 2008-04-14 02:22 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-05-22 16:41 . 2010-02-17 12:04 2192256 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-05-22 16:41 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-05-22 16:41 . 2009-03-06 14:19 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-05-22 16:41 . 2009-02-09 11:21 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-05-22 16:41 . 2009-02-09 10:51 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-05-22 16:41 . 2009-02-09 10:51 678400 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-05-22 16:41 . 2009-02-09 10:51 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-05-22 16:41 . 2010-02-16 19:04 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-05-22 16:41 . 2009-06-25 08:25 737792 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-05-22 16:41 . 2009-02-09 10:51 740352 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-05-22 16:41 . 2009-02-09 10:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-05-22 16:41 . 2010-02-16 19:04 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-05-22 14:48 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-05-22 14:34 . 2010-01-29 14:59 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-05-22 14:34 . 2010-01-29 14:59 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-05-22 14:20 . 2008-04-21 21:13 217600 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-05-22 14:13 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-05-22 14:13 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-05-22 12:29 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-05-22 12:17 . 2008-10-15 16:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-05-21 21:48 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-05-21 21:44 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-21 21:14 . 2008-06-14 17:32 273024 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-20 11:54 . 2010-05-20 12:41 -------- d-----w- c:\programme\UnderCoverXP
2010-05-19 14:23 . 2000-09-01 09:41 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2010-05-19 14:22 . 2003-03-24 14:52 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2010-05-19 14:22 . 2000-09-01 09:42 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2010-05-19 14:22 . 2000-09-01 09:40 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-05-19 14:22 . 2000-09-01 09:40 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-05-19 14:22 . 2000-09-01 09:40 172032 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-05-19 14:22 . 2003-03-24 14:52 217088 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2010-05-19 14:22 . 2000-09-01 09:40 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-05-19 14:22 . 2000-09-01 09:40 15360 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-05-19 14:22 . 2000-09-01 09:40 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-05-19 14:21 . 2000-09-01 09:40 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-05-19 13:27 . 2000-09-01 09:42 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-05-19 13:27 . 2000-09-01 09:42 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-05-19 13:27 . 2000-09-01 09:40 13824 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-05-19 13:27 . 2000-09-01 09:40 13824 ----a-w- c:\windows\system32\irclass.dll
2010-05-17 19:36 . 2010-05-17 19:36 -------- d-----w- c:\dokumente und einstellungen\user\Anwendungsdaten\Malwarebytes
2010-05-17 19:28 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-17 19:28 . 2010-05-17 19:28 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-17 19:28 . 2010-05-17 19:29 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-05-17 19:28 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-17 19:03 . 2010-05-17 19:35 -------- d-----w- c:\dokumente und einstellungen\user\Lokale Einstellungen\Anwendungsdaten\kwildiagt
2010-05-12 00:48 . 2010-05-12 00:56 10752 ----a-w- c:\windows\DCEBoot.exe
2010-05-11 15:08 . 2010-05-11 15:08 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\F-Secure
2010-05-09 13:18 . 2010-05-09 13:18 302592 ----a-w- c:\dokumente und einstellungen\user\Anwendungsdaten\Thinstall\Adobe Color NA Recommended Settings CS4\400000130000002i\Illustrator.exe
2010-05-04 19:25 . 2010-05-04 19:25 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ATI
2010-05-04 16:46 . 2010-04-07 01:26 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-05-04 16:45 . 2010-05-04 19:26 -------- d-----w- c:\programme\ATI
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 17:19 . 2009-02-15 22:54 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-05-30 16:36 . 2008-10-11 16:09 -------- d-----w- c:\dokumente und einstellungen\user\Anwendungsdaten\foobar2000
2010-05-30 16:27 . 2008-10-12 17:54 -------- d-----w- c:\programme\Mozilla Thunderbird
2010-05-30 09:08 . 2000-09-01 09:41 81102 ----a-w- c:\windows\system32\perfc007.dat
2010-05-30 09:08 . 2000-09-01 09:41 451906 ----a-w- c:\windows\system32\perfh007.dat
2010-05-27 22:54 . 2008-10-11 15:08 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-05-23 16:29 . 2009-09-07 18:59 -------- d-----w- c:\dokumente und einstellungen\user\Anwendungsdaten\vlc
2010-05-20 11:51 . 2008-10-29 19:30 74752 ----a-w- c:\windows\ST6UNST.EXE
2010-05-19 17:30 . 2010-05-19 17:30 4 ----a-w- c:\dokumente und einstellungen\user\Anwendungsdaten\ofubwi.dat
2010-05-19 14:19 . 2008-10-08 19:19 22880 -c--a-w- c:\windows\system32\emptyregdb.dat
2010-05-17 19:23 . 2009-10-01 15:23 -------- d-----w- c:\programme\Orbitdownloader
2010-05-16 18:11 . 2008-10-11 13:42 -------- d-----w- c:\programme\Steam
2010-05-11 16:19 . 2008-12-31 17:52 -------- d-----w- c:\programme\RSD 0.59
2010-05-11 11:42 . 2008-11-14 22:43 -------- d-----w- c:\dokumente und einstellungen\user\Anwendungsdaten\dvdcss
2010-05-09 21:06 . 2008-10-17 13:40 -------- d-----w- c:\dokumente und einstellungen\user\Anwendungsdaten\U3
2010-05-06 10:43 . 2009-08-07 08:38 -------- d-----w- c:\programme\Opera
2010-05-04 16:50 . 2008-10-11 17:13 -------- d-----w- c:\programme\ATI Technologies
2010-05-04 16:43 . 2008-10-11 14:54 -------- d-----w- c:\programme\CCleaner
2010-05-01 10:34 . 2009-02-09 17:31 -------- d-----w- c:\programme\SpeedFan
2010-04-28 10:38 . 2009-09-04 10:52 181096 ----a-w- c:\dokumente und einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\FlashGot.exe
2010-04-27 11:07 . 2010-01-07 13:54 -------- d-----w- c:\programme\7-Zip
2010-04-22 11:21 . 2010-04-22 11:21 -------- d-----w- c:\programme\Medieval Software
2010-04-16 21:14 . 2010-04-16 21:13 -------- d-----w- c:\programme\Microsoft Games for Windows - LIVE
2010-04-16 21:13 . 2008-10-08 20:17 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-04-15 08:26 . 2008-10-08 20:07 76336 -c--a-w- c:\dokumente und einstellungen\user\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-04-14 14:06 . 2008-10-11 16:09 -------- d-----w- c:\programme\foobar2000
2010-04-07 02:42 . 2008-08-21 04:52 4687872 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-04-07 02:02 . 2009-02-04 02:43 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-04-07 02:02 . 2009-02-04 02:42 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-04-07 02:01 . 2008-08-21 01:50 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-04-07 02:00 . 2009-02-04 02:40 3981312 ----a-w- c:\windows\system32\aticaldd.dll
2010-04-07 01:52 . 2008-08-21 02:01 14356480 ----a-w- c:\windows\system32\atioglxx.dll
2010-04-07 01:46 . 2008-08-21 02:19 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-04-07 01:45 . 2008-08-21 02:18 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-04-07 01:41 . 2008-08-21 01:55 3620288 ----a-w- c:\windows\system32\ati3duag.dll
2010-04-07 01:31 . 2008-06-03 09:11 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-04-07 01:30 . 2008-08-21 02:08 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-04-07 01:30 . 2008-08-21 02:07 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-04-07 01:30 . 2008-06-03 09:11 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-04-07 01:30 . 2008-06-03 09:11 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-04-07 01:28 . 2008-06-03 09:09 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-04-07 01:28 . 2008-08-21 01:38 2220928 ----a-w- c:\windows\system32\ativvaxx.dll
2010-04-07 01:27 . 2008-08-21 01:37 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-04-07 01:27 . 2008-08-21 01:37 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-04-07 01:27 . 2008-08-21 02:04 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-04-07 01:23 . 2008-06-03 08:29 585728 ----a-w- c:\windows\system32\atikvmag.dll
2010-04-07 01:21 . 2008-06-03 09:04 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-04-07 01:21 . 2008-08-21 01:18 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-04-07 01:20 . 2008-08-21 01:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-04-07 01:15 . 2008-08-21 01:11 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-04-07 01:15 . 2008-08-21 01:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-04-07 01:14 . 2009-03-16 19:40 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-04-07 01:14 . 2008-08-21 01:23 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-04-06 16:58 . 2010-04-06 16:58 -------- d-----w- c:\dokumente und einstellungen\user\Anwendungsdaten\rockbox.org
2010-03-17 15:06 . 2008-07-17 12:23 202234 ----a-w- c:\windows\system32\atiicdxx.dat
2010-03-09 11:09 . 2004-08-03 23:57 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 18:59 . 2010-03-06 18:30 699392 ----a-w- c:\dokumente und einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components\kikin_updater_2.0.0.11.exe
2008-09-30 16:09 . 2008-09-30 16:09 135427055 -c--a-w- c:\programme\openofficeorg1.cab
2008-09-30 15:48 . 2008-09-30 15:48 217 -c--a-w- c:\programme\setup.ini
2008-09-30 15:48 . 2008-09-30 15:48 9776640 -c--a-w- c:\programme\openofficeorg30.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\programme\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\programme\instmsia.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-02-10 01:34 750256 ----a-w- c:\programme\kikin\ie_kikin.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TrueCrypt"="c:\programme\TrueCrypt\TrueCrypt.exe" [2009-08-25 1369792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeathAdder"="c:\programme\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"XboxStat"="c:\programme\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-17 17508864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-9-4 809488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 14:41 72208 ----a-w- c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBSsprestrt
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^D-Link AirPlus DWL-120+ Wireless USB Adapter.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\D-Link AirPlus DWL-120+ Wireless USB Adapter.lnk
backup=c:\windows\pss\D-Link AirPlus DWL-120+ Wireless USB Adapter.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^D-link AirPlus G DWL-G120 Wireless USB.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\D-link AirPlus G DWL-G120 Wireless USB.lnk
backup=c:\windows\pss\D-link AirPlus G DWL-G120 Wireless USB.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^NETGEAR WN121T Smart Wizard.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\NETGEAR WN121T Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WN121T Smart Wizard.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Orbit.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^user^Startmenü^Programme^Autostart^HDDlife.lnk]
path=c:\dokumente und einstellungen\user\Startmenü\Programme\Autostart\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDtemp4]
c:\programme\BinarySense\HDDTemp4\\hddtemp4 [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\programme\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-04-29 17:55 3338240 ----a-w- c:\programme\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 -c--a-w- c:\programme\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMAgent]
2010-01-03 15:30 1367488 ----a-w- c:\programme\Mobile Master\MMAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22 1695232 ------w- c:\programme\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2008-09-04 05:01 2524416 ----a-w- c:\windows\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\programme\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2009-01-21 13:19 92168 -c--a-w- c:\programme\Logitech\Gaming Software\LWEMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-16 17:57 1238352 ----a-w- c:\programme\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 03:23 149280 -c--a-w- c:\programme\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 -c--a-w- c:\programme\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"odserv"=3 (0x3)
"O&O Defrag"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Miranda IM\\miranda32.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\Zattoo\\zattood.exe"=
"c:\\Programme\\Zattoo\\Zattoo2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\SETUP.EXE"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"f:\\Spiele\\Codemasters\\GRID\\GRID.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programme\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programme\\Zattoo\\Zattoo.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Spiele\\EA Games\\Battlefield 2\\BF2.exe"=
"f:\\Spiele\\EA Games\\Battlefield 2\\bf2_w32ded.exe"=
"f:\\Spiele\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"f:\\Spiele\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"f:\\Spiele\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"f:\\Spiele\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"f:\\Spiele\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"f:\\Spiele\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Programme\\Electronic Arts\\EADM\\Core.exe"=
"f:\\Spiele\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"f:\\Spiele\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"f:\\Spiele\\TmUnitedForever\\TmForever.exe"=
"f:\\Spiele\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"f:\\Spiele\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Programme\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programme\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"f:\\Spiele\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\D-Laufwerk\\Spiele\\EA Games\\speed.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"=
"f:\\Spiele\\Empire Interactive\\FlatOut2\\FlatOut2.exe"=
"f:\\Spiele\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\AddonWeb.exe"=
"f:\\Spiele\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Programme\\Steam\\SteamApps\\atomictomcat\\day of defeat source\\hl2.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.07.2009 22:47 108289]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [04.09.2009 19:26 10384]
R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\system32\drivers\avmwan.sys [08.10.2008 22:10 37568]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [21.06.2009 11:52 22784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [08.10.2008 22:23 38176]
S2 AntiVirUpgradeService;Avira Upgrade Service;"c:\dokume~1\user\LOKALE~1\Temp\AVSETUP_4a5f218b\basic\avupgsvc.exe" /TEMPSTART:""c:\dokume~1\user\LOKALE~1\Temp\AVSETUP_4a5f218b\basic\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\dokume~1\user\LOKALE~1\Temp\AVSETUP_4a5f218b\basic\avupgsvc.exe [?]
S2 HDD & SSD access service;HDD & SSD access service;"c:\programme\Gemeinsame Dateien\BinarySense\disksvc.exe" --> c:\programme\Gemeinsame Dateien\BinarySense\disksvc.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.02.2009 23:53 1684736]
S3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI;c:\windows\system32\drivers\fpcibase.sys [08.10.2008 22:10 444416]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [28.12.2009 19:36 13224]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 TIAcxubt;D-Link WLAN USB Boot Device;c:\windows\system32\drivers\tiacxubt.sys [07.10.2009 16:36 58752]
S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;c:\windows\system32\drivers\tiacxusb.sys [07.10.2009 16:37 177792]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.01.2009 20:27 721904]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com?o=15788&l=dis
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: &Download by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programme\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\programme\kikin\ie_kikin.dll
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\programme\Gemeinsame Dateien\BinarySense\hlAPP.dll
FF - ProfilePath - c:\dokumente und einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\dokumente und einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components\kikin_3_0.dll
FF - component: c:\dokumente und einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components\kikin_3_6.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-VeohPlugin - c:\programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-30 19:19
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A7855F0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7ecb8
\Driver\atapi -> 0x8a7855f0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-861567501-1085031214-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-861567501-1085031214-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a5,cd,28,c8,ff,48,f6,11,23,a0,b6,75,d1,eb,c2,28,f3,4d,0c,2c,ad,63,0a,
8f,c2,02,36,eb,ff,4f,16,6a,65,cc,b0,90,94,4a,00,00,d9,bd,20,15,61,fa,75,04,\
"??"=hex:84,ef,96,db,93,44,56,9c,89,fc,a4,96,2e,8f,a4,aa
[HKEY_USERS\S-1-5-21-861567501-1085031214-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:6b,90,94,6f,b1,25,f3,ce,06,41,69,90,91,7f,de,4b,ce,01,1e,ae,32,
b5,dc,7a,4e,c9,19,4e,c5,2e,4b,98,b3,cc,48,0b,5c,3d,97,a6,0f,f0,a0,94,8c,23,\
"rkeysecu"=hex:11,d0,1e,88,7b,7a,a9,88,d6,98,fe,bc,e3,bb,f8,e2
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="B285266C023320150BCEE99544F00C320EBC9A78A1195866F02F1FC1718BB3B01D385FEE299C07AA387F8C678D7D2E6E003B432B3640F8047032F384DA61FEE6BCD722DA75E94B1819ED6F0CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407C9520150EBE880D65593B3D669FBF110D0A75D451C33825C20368200EE049C94CF3EBE8511F488D7B5B0DF80B544F2DE63215F6BB2A0CB6B638126C4E26DF0BF4CF2224F689C2E2C1F2727E42A0E87A4FA48A658B30DD5F098FA346AD956B1E220ECD6CBB7A9B5A24874B22BF073010AC1BBF75CCF06A08C7F022C8B2AD9AEB4C1EA3CFB1B68592C7957DEDC0D142958F6DC4D2A0F982103EBBB47237E96281439F0E44583AAC7E093D73BE8528FB8806FD2D3D949563EBA468C6F9057B1D101A3499972B343237786BD0DA1E90B5F931107ECE6ACD754408B22C11A05D1D59FB3FC54AE430C8050D996CDBECF32C04857A7AE30BBB73444CB6A92E7AF23513A2D5FC68C9FE0EAEB28B2A85856B0737BD128E1F8CB13211A2B18E7855154D5BDE802D28206A360F01EA7FD6DA0BA02AA24BC84E8078D52386123FBE33A9A67B9D63F10670C38D1A980CFE3E128036CF885DFC70BE9CDF53D3CC6BD578B2CFEE376B14BFA1907260223C6A1FAB8C424AD4051914F477EA9679A81CE18BDC589155C3982DC687D370E71ED346275BD12B2B3117B09C4CD041BF09606421AA6694AB27BE9140B0B5382E9EA4C28D030111854E7D36F5CEE8A5FC78EEE58BE92F1243760E989E2A53C3A1EA6CDBD95DFEE1129DD191EDB193B613BB147BB21516EE83B139B0AA9C4A832354F51F8DE976F724D410415640505EF7B9201B585AD99FE228452C7E9E5C18CE8D323951DA4C8B86EA4FD36EB73CC004E02447409F725F4E7E78D570409258F07EA45B117D9A703D25FA2CA3DA568280A176A061804B5FB97B68732AA3465A5730EEA4FE30BA913CF89C4FBF363A7A51B2E02617529E567D32DAA36E6EE89DA23797D54721362515082E85B8475475703E64EDBBAC2413251C917A415C50A629FAE190D80CED8C655EBC8D9B3AC7CC2D522C434D03249F6D9511F23E2C9569189738DA525210824EFAC53D1995B6F8DBA89100A755872F8C94CCB3AD40FCEE311CFDF31476EDEBBC86DA97D26D6BB85EE0610E13D1F279B92875858442FCAF4FD9049A62621C0031C1E9F7B1AF9F119424856238E7144683A12B34FDA469488294935E050278317B770C0CF0C2495DD98C2A81CA33E190B5AC081D299F4680481CBC41C2BF07436FDD9496165B81F09EB2D82FB0B7AEBD51F2B19FDD360F9EF0AB44D7D7074CFC2E815AB7CE29C7AF9C6039257299DF5BDC92E074C"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(2940)
c:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\BinarySense\hldasvc.exe
c:\windows\RTHDCPL.EXE
c:\programme\Gemeinsame Dateien\BinarySense\hldasvc.exe
c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\PnkBstrB.exe
c:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\programme\Razer\DeathAdder\razertra.exe
c:\programme\Razer\DeathAdder\razerofa.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-30 19:23:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-05-30 17:23
Vor Suchlauf: 16 Verzeichnis(se), 16.960.425.984 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 16.805.371.904 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer /numproc=2
Current=8 Default=8 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11
- - End Of File - - FB0E7BC5A70A527B7285275DF92FBB48
|
|
30.05.2010, 18:51
| #4 |
| | TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys OTL: Code:
ATTFilter OTL logfile created on: 30.05.2010 19:39:04 - Run 1 OTL by OldTimer - Version 3.2.5.1 Folder = C:\Dokumente und Einstellungen\user\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free Paging file location(s): c:\pagefile.sys 3070 3070 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 390,63 Gb Total Space | 15,65 Gb Free Space | 4,01% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 2,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 75,13 Gb Total Space | 5,40 Gb Free Space | 7,18% Space Free | Partition Type: NTFS Drive G: | 62,22 Mb Total Space | 54,13 Mb Free Space | 87,00% Space Free | Partition Type: FAT Drive H: | 931,51 Gb Total Space | 0,72 Gb Free Space | 0,08% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Computer Name: USER-ACDD367721 Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.05.30 18:22:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe PRC - [2009.08.25 19:29:50 | 001,369,792 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe PRC - [2009.08.05 14:34:13 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.11.07 16:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2008.11.07 16:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.15 15:17:00 | 000,832,760 | ---- | M] (BinarySense, Inc.) -- C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe PRC - [2007.09.27 03:05:56 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe PRC - [2007.09.07 15:54:54 | 000,159,744 | ---- | M] () -- C:\Programme\Razer\DeathAdder\razerhid.exe PRC - [2007.05.07 15:35:14 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Programme\Razer\DeathAdder\razerofa.exe PRC - [2006.11.24 15:24:16 | 000,143,360 | ---- | M] () -- C:\Programme\Razer\DeathAdder\razertra.exe ========== Modules (SafeList) ========== MOD - [2010.05.30 18:22:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe MOD - [2008.11.07 16:41:46 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\lgscroll.dll MOD - [2008.07.25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (HDD & SSD access service) SRV - File not found [Auto | Stopped] -- -- (AntiVirUpgradeService) SRV - [2009.08.05 14:34:13 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.02.09 19:21:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.11.07 16:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.09.04 07:02:24 | 001,295,616 | ---- | M] (O&O Software GmbH) [Disabled | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag) SRV - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008.02.15 15:17:00 | 000,832,760 | ---- | M] (BinarySense, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe -- (HDDlife HDD Access service) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.07.05 15:02:03 | 000,358,008 | ---- | M] (Protection Technology (StarForce)) [Auto | Stopped] -- C:\WINDOWS\System32\sfrem01.exe -- (sfrem01) SF FrontLine Drivers Auto Removal (v1) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme) DRV - [2010.04.07 04:42:04 | 004,687,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009.12.07 18:48:05 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.08.25 19:29:51 | 000,217,664 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2009.07.10 20:43:35 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009.07.10 20:43:35 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.06.26 19:10:13 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.06 10:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2009.04.06 10:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.25 19:55:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32) DRV - [2009.02.18 19:31:04 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.01.26 19:23:42 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009.01.13 20:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2009.01.13 20:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2009.01.13 20:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2009.01.13 20:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2008.12.25 18:32:32 | 003,721,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService) DRV - [2008.09.26 09:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.09.26 09:52:00 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2008.09.26 09:52:00 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2008.08.05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008.05.21 07:53:36 | 000,093,696 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2008.05.03 06:46:00 | 000,038,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007.08.02 17:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr) DRV - [2007.02.27 03:15:21 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21) DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2006.08.11 15:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x) DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2006.01.04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2003.11.11 13:12:46 | 000,336,800 | ---- | M] (GlobespanVirata, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02) DRV - [2003.09.07 15:07:10 | 000,177,792 | R--- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiacxusb.sys -- (TIACXUSB) DRV - [2003.08.21 11:12:32 | 000,058,752 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiacxubt.sys -- (TIAcxubt) DRV - [2001.08.17 13:14:24 | 000,444,416 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase) DRV - [2001.08.17 13:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15788&l=dis IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21 FF - prefs.js..extensions.enabledItems: {477c4c36-24eb-11da-94d4-00e08161165f}:2.7.6 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.0 FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2 FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.01 FF - prefs.js..extensions.enabledItems: glaze_black@www.theme-oasis.org:3.3 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.04 01:08:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.16 13:14:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.17 20:41:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.04.16 13:14:40 | 000,000,000 | ---D | M] [2008.10.11 17:38:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Extensions [2010.05.30 11:15:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions [2010.04.28 12:38:31 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.04.28 12:38:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.08 13:48:46 | 000,000,000 | ---D | M] (Grab and Drag) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{477c4c36-24eb-11da-94d4-00e08161165f} [2009.08.18 14:11:11 | 000,000,000 | ---D | M] (jDownFF) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66} [2010.03.06 20:59:11 | 000,000,000 | ---D | M] (kikin plugin (JDownloader Edition)) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.05.01 13:15:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.10.13 12:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010.05.11 16:08:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\fsonlinescanner@f-secure.com [2010.02.15 20:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\glaze_black@www.theme-oasis.org [2009.07.26 14:04:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\savesession@noasobi.net [2010.03.31 21:57:20 | 000,002,252 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\searchplugins\askcom.xml [2009.08.26 22:30:43 | 000,002,521 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\searchplugins\yourwirenet-boerse-threadtitel.xml [2009.08.26 22:30:44 | 000,002,415 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\searchplugins\yourwirenet.xml [2010.05.30 11:15:12 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.30 19:19:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DeathAdder] C:\Programme\Razer\DeathAdder\razerhid.exe () O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [XboxStat] C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [TrueCrypt] C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab (Citrix ICA Client) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Programme\Gemeinsame Dateien\BinarySense\hlAPP.dll (BinarySense, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.10.08 21:22:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.05.29 15:44:04 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{c0a0ee72-fffe-11dd-a144-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{c0a0ee72-fffe-11dd-a144-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c0a0ee72-fffe-11dd-a144-806d6172696f}\Shell\AutoRun\command - "" = E:\Launch.exe -- [2004.05.04 01:47:54 | 000,126,976 | R--- | M] (InstallShield Software Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBSsprestrt) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.05.19 17:21:06 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902053519425536) ========== Files/Folders - Created Within 90 Days ========== [2010.05.30 19:38:12 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe [2010.05.30 19:23:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010.05.30 19:02:57 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.05.30 18:43:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.05.30 18:43:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.05.30 18:43:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.05.30 18:43:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.05.30 18:42:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.05.30 18:42:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.05.30 18:36:38 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\TFC.exe [2010.05.30 14:02:51 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\user\Recent [2010.05.29 18:16:02 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.05.25 01:06:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010.05.25 00:51:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010.05.20 13:54:27 | 000,000,000 | ---D | C] -- C:\Programme\UnderCoverXP [2010.05.19 16:24:13 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2010.05.19 16:24:13 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2010.05.19 16:23:19 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2010.05.17 21:36:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes [2010.05.17 21:32:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.05.17 21:32:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.05.17 21:28:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.05.17 21:28:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.05.17 21:28:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.05.17 21:28:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.17 21:03:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\kwildiagt [2010.05.15 15:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\DCIM [2010.05.13 20:47:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Wasserdeck [2010.05.11 17:08:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure [2010.05.04 21:25:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ATI [2010.05.04 18:45:51 | 000,000,000 | ---D | C] -- C:\Programme\ATI [2010.04.22 13:21:10 | 000,000,000 | ---D | C] -- C:\Programme\Medieval Software [2010.04.17 13:07:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Eigene Dateien\CAPCOM [2010.04.17 13:05:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\microsoft [2010.04.17 13:05:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\CAPCOM [2010.04.16 23:13:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive [2010.04.16 23:13:56 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Games for Windows - LIVE [2010.04.06 18:58:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\rockbox.org [2010.03.29 19:51:53 | 000,364,544 | ---- | C] (Matthew T. Ashland) -- C:\WINDOWS\System32\MACDll.dll [2010.03.29 19:51:53 | 000,000,000 | ---D | C] -- C:\Programme\Monkey's Audio [2010.03.07 15:22:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Eigene Dateien\ANNO 1404 Venedig [2010.03.07 15:13:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield ========== Files - Modified Within 90 Days ========== [2010.05.30 19:19:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.30 19:19:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.05.30 19:19:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.05.30 19:18:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.30 19:18:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.30 19:13:44 | 020,709,376 | ---- | M] () -- C:\Dokumente und Einstellungen\user\NTUSER.DAT [2010.05.30 19:13:44 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\user\ntuser.ini [2010.05.30 19:03:00 | 000,000,304 | RHS- | M] () -- C:\boot.ini [2010.05.30 18:47:37 | 2146,783,232 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2010.05.30 18:29:36 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\user\defogger_reenable [2010.05.30 18:27:55 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Defogger.exe [2010.05.30 18:22:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe [2010.05.30 18:22:32 | 003,700,932 | R--- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Combo-Fix.exe [2010.05.30 18:20:56 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\TFC.exe [2010.05.30 11:08:15 | 001,050,826 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.05.30 11:08:15 | 000,451,906 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.05.30 11:08:15 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.05.30 11:08:15 | 000,081,102 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.05.30 11:08:15 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.05.29 18:16:08 | 000,002,429 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\HiJackThis.lnk [2010.05.29 01:05:42 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.05.28 00:43:00 | 000,395,480 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100528-004734.backup [2010.05.27 00:29:28 | 000,004,998 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100527_002926.reg [2010.05.25 16:44:11 | 000,000,704 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PESEdit.com 2010 Patch.lnk [2010.05.25 16:37:27 | 001,580,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.05.25 01:07:10 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010.05.21 20:32:43 | 000,002,389 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\FlatOut2.lnk [2010.05.21 13:04:39 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Miranda IM.lnk [2010.05.20 13:51:35 | 000,000,349 | ---- | M] () -- C:\WINDOWS\ST6UNST.001 [2010.05.20 13:50:48 | 000,000,349 | ---- | M] () -- C:\WINDOWS\ST6UNST.000 [2010.05.19 20:36:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\WININIT.INI [2010.05.19 19:30:45 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ofubwi.dat [2010.05.19 16:44:17 | 000,002,540 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100519_164415.reg [2010.05.19 16:25:46 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2010.05.19 16:22:24 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010.05.19 16:22:24 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010.05.19 16:22:13 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2010.05.19 16:21:27 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2010.05.19 16:21:27 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010.05.19 16:21:10 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini [2010.05.19 16:19:55 | 000,022,880 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.05.19 16:18:25 | 000,000,234 | ---- | M] () -- C:\Boot.bak [2010.05.17 16:14:24 | 000,836,435 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor [2010.05.16 01:13:32 | 000,099,840 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.15 19:47:15 | 005,796,245 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Breezy (English).jpg [2010.05.12 02:56:45 | 000,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe [2010.05.12 02:56:45 | 000,003,700 | ---- | M] () -- C:\WINDOWS\DCEBOOT.CFG [2010.05.12 02:53:18 | 000,000,666 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100512_025314.reg [2010.05.11 16:34:51 | 000,000,036 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache [2010.05.10 00:37:22 | 000,393,250 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100528-004300.backup [2010.05.10 00:36:46 | 000,393,250 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100510-003722.backup [2010.05.05 17:33:29 | 000,393,250 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100510-003646.backup [2010.05.04 18:43:11 | 000,001,521 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\CCleaner.lnk [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010.04.21 17:25:47 | 000,392,890 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100505-173328.backup [2010.04.17 18:05:32 | 000,392,132 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100421-172547.backup [2010.04.15 10:26:14 | 000,076,336 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.04.14 15:59:05 | 000,000,687 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\foobar2000.lnk [2010.04.07 21:09:07 | 000,386,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100417-180532.backup [2010.04.07 03:31:00 | 000,208,896 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll [2010.04.07 03:30:44 | 000,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll [2010.04.07 03:30:32 | 000,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe [2010.04.07 03:30:24 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll [2010.04.07 03:27:44 | 000,471,136 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2010.04.07 03:27:40 | 000,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat [2010.04.07 03:27:40 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat [2010.04.07 03:26:52 | 000,038,400 | ---- | M] () -- C:\WINDOWS\System32\atiapfxx.blb [2010.04.01 11:34:28 | 000,020,862 | ---- | M] () -- C:\WINDOWS\atiogl.xml [2010.03.31 19:53:26 | 000,001,501 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ImgBurn.lnk [2010.03.22 00:18:14 | 000,380,892 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100402-190456.backup [2010.03.22 00:18:14 | 000,380,892 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100407-210906.backup [2010.03.17 17:06:30 | 000,202,234 | ---- | M] () -- C:\WINDOWS\System32\atiicdxx.dat [2010.03.14 16:38:30 | 000,000,317 | ---- | M] () -- C:\WINDOWS\IfoEdit.INI [2010.03.07 19:31:00 | 000,380,441 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100321-231814.backup [2010.03.07 15:11:08 | 000,000,868 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ANNO 1404 - Venedig.lnk [2010.03.06 10:29:33 | 000,255,878 | -H-- | M] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\IconCache.db ========== Files Created - No Company Name ========== [2010.05.30 19:03:00 | 000,000,234 | ---- | C] () -- C:\Boot.bak [2010.05.30 19:02:58 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.05.30 18:43:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.05.30 18:43:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.05.30 18:43:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.05.30 18:43:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.05.30 18:43:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.05.30 18:42:03 | 003,700,932 | R--- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\Combo-Fix.exe [2010.05.30 18:29:22 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\user\defogger_reenable [2010.05.30 18:26:56 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\Defogger.exe [2010.05.29 18:16:02 | 000,002,429 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\HiJackThis.lnk [2010.05.27 00:29:27 | 000,004,998 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100527_002926.reg [2010.05.23 20:58:26 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta [2010.05.23 20:58:26 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css [2010.05.23 20:58:26 | 000,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf [2010.05.23 20:58:26 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js [2010.05.23 20:58:25 | 000,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm [2010.05.23 20:58:25 | 000,076,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm [2010.05.23 20:58:25 | 000,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm [2010.05.23 20:58:24 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav [2010.05.23 20:58:24 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav [2010.05.23 20:58:24 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav [2010.05.23 20:58:24 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav [2010.05.23 20:58:24 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav [2010.05.23 20:58:24 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav [2010.05.23 20:58:24 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav [2010.05.23 20:58:24 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav [2010.05.23 20:58:24 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav [2010.05.23 20:58:24 | 000,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf [2010.05.23 20:58:24 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf [2010.05.23 20:58:24 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif [2010.05.23 20:58:24 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif [2010.05.23 20:58:24 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif [2010.05.23 20:58:24 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif [2010.05.23 20:58:24 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif [2010.05.23 20:58:24 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif [2010.05.23 20:58:24 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif [2010.05.23 20:58:24 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif [2010.05.23 20:58:24 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif [2010.05.23 20:58:23 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv [2010.05.23 20:58:23 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif [2010.05.23 20:58:23 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif [2010.05.23 20:58:21 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif [2010.05.23 20:58:21 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js [2010.05.23 20:58:21 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif [2010.05.23 20:58:21 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif [2010.05.23 20:58:21 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif [2010.05.23 20:58:21 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif [2010.05.23 20:58:21 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif [2010.05.23 20:58:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif [2010.05.23 20:58:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif [2010.05.23 20:58:21 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif [2010.05.23 20:58:18 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv [2010.05.23 20:58:18 | 000,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf [2010.05.23 20:58:18 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm [2010.05.23 20:58:17 | 000,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz [2010.05.23 20:58:16 | 000,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm [2010.05.23 20:58:15 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv [2010.05.23 20:58:15 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip [2010.05.23 20:58:15 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip [2010.05.23 20:58:12 | 000,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf [2010.05.23 20:58:12 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif [2010.05.23 20:58:12 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif [2010.05.23 20:58:10 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv [2010.05.23 20:58:04 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js [2010.05.23 20:57:58 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv [2010.05.23 20:57:58 | 000,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz [2010.05.23 20:57:58 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css [2010.05.23 20:57:58 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm [2010.05.23 20:57:58 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js [2010.05.23 20:57:58 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif [2010.05.23 20:57:58 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif [2010.05.23 20:57:58 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif [2010.05.23 20:57:58 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif [2010.05.23 20:57:58 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif [2010.05.23 20:57:57 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif [2010.05.20 13:51:35 | 000,000,349 | ---- | C] () -- C:\WINDOWS\ST6UNST.001 [2010.05.20 13:50:47 | 002,387,348 | ---- | C] () -- C:\WINDOWS\DVD-Cover.CAB [2010.05.20 13:50:47 | 000,000,349 | ---- | C] () -- C:\WINDOWS\ST6UNST.000 [2010.05.19 19:30:45 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ofubwi.dat [2010.05.19 17:20:21 | 2146,783,232 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP [2010.05.19 16:44:16 | 000,002,540 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100519_164415.reg [2010.05.19 16:24:38 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls [2010.05.19 16:24:09 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls [2010.05.19 16:24:09 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls [2010.05.19 16:24:08 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2010.05.19 16:23:54 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2010.05.19 16:23:54 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls [2010.05.19 16:23:48 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2010.05.19 16:23:47 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2010.05.19 16:23:45 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2010.05.19 16:23:39 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2010.05.19 16:23:34 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2010.05.19 16:23:21 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2010.05.19 16:23:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls [2010.05.19 16:23:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls [2010.05.19 16:23:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls [2010.05.19 16:23:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls [2010.05.19 16:23:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls [2010.05.19 16:23:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls [2010.05.19 16:23:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls [2010.05.19 16:23:17 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls [2010.05.19 16:23:17 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls [2010.05.19 16:23:17 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls [2010.05.19 16:23:15 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls [2010.05.19 16:23:15 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls [2010.05.19 16:23:15 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls [2010.05.19 16:23:15 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls [2010.05.19 16:23:15 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls [2010.05.19 16:23:15 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls [2010.05.19 16:23:15 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls [2010.05.19 16:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls [2010.05.19 16:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls [2010.05.19 16:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls [2010.05.19 16:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls [2010.05.19 16:23:14 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls [2010.05.19 16:23:14 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls [2010.05.19 16:23:13 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls [2010.05.19 16:23:13 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls [2010.05.19 16:23:13 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls [2010.05.19 16:23:13 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls [2010.05.19 16:21:27 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010.05.19 15:26:47 | 001,014,663 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT [2010.05.19 15:26:47 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2010.05.19 15:26:47 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2010.05.19 15:26:47 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2010.05.19 15:26:47 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2010.05.19 15:26:47 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2010.05.19 15:26:47 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2010.05.15 19:47:20 | 005,796,245 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\Breezy (English).jpg [2010.05.12 02:53:17 | 000,000,666 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100512_025314.reg [2010.05.12 02:48:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe [2010.05.12 02:48:28 | 000,003,700 | ---- | C] () -- C:\WINDOWS\DCEBOOT.CFG [2010.05.11 16:34:51 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache [2010.05.04 18:46:54 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb [2010.03.30 20:01:10 | 000,000,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PESEdit.com 2010 Patch.lnk [2010.03.29 20:14:26 | 000,001,501 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ImgBurn.lnk [2010.03.14 16:31:18 | 000,000,317 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI [2010.03.07 15:11:08 | 000,000,868 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ANNO 1404 - Venedig.lnk [2009.09.25 19:23:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.09.25 19:23:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009.07.10 20:43:35 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009.07.10 20:43:35 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2009.02.21 14:17:16 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009.02.08 14:38:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2008.12.31 19:34:00 | 001,526,468 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2008.12.31 19:34:00 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2008.12.27 12:39:23 | 000,000,286 | ---- | C] () -- C:\WINDOWS\DesktopSchneeFree.ini [2008.11.13 15:18:59 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008.10.29 19:54:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.10.13 21:24:31 | 000,003,254 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2008.10.13 21:24:31 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini [2008.10.13 21:24:06 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\agissi.dll [2008.10.13 21:24:02 | 011,206,656 | R--- | C] () -- C:\WINDOWS\System32\zhhp_res.dll [2008.10.13 21:24:01 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\vshp2600.dll [2008.10.13 21:18:53 | 000,000,628 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2008.10.11 19:40:26 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2008.10.11 19:40:26 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2008.10.11 19:40:26 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2008.10.11 19:16:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008.10.11 15:26:21 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2006.11.11 22:52:50 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\mmSQL.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2008.11.08 19:19:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Codemasters [2009.06.26 19:18:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2009.07.30 16:08:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts [2010.05.11 17:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure [2009.10.29 20:36:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI [2009.04.25 20:30:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm [2009.06.11 15:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters [2009.08.04 01:22:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Prism [2010.03.07 15:13:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield [2009.07.10 22:02:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages [2010.05.30 19:19:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009.09.04 13:58:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania [2009.03.01 15:26:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrueCrypt [2009.10.01 21:30:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Any Video Converter [2009.08.06 16:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Auslogics [2009.02.16 00:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\BinarySense [2009.05.07 16:13:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\biu software [2008.10.16 22:57:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Canneverbe_Limited [2009.11.24 20:29:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Canon [2009.06.26 19:19:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\DAEMON Tools [2009.06.26 19:19:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\DAEMON Tools Lite [2010.05.30 18:36:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\foobar2000 [2009.11.02 21:55:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\fretsonfire [2009.10.01 17:23:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\GrabPro [2008.10.13 19:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ICAClient [2009.02.21 13:18:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ImgBurn [2009.12.18 17:48:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Jumping Bytes [2010.03.20 01:02:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\kikin [2009.09.04 19:28:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Leadertech [2009.06.18 18:30:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Miranda [2009.12.28 19:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mobile Master [2009.12.28 19:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\MyPhoneExplorer [2008.12.02 17:28:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\OpenOffice.org [2009.08.07 10:38:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Opera [2009.12.28 19:37:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Orbit [2009.07.12 22:07:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\passport_photo [2010.04.06 18:58:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\rockbox.org [2009.11.24 23:14:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Softland [2009.03.29 00:39:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Thinstall [2008.10.12 19:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Thunderbird [2009.08.25 19:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\TrueCrypt [2010.03.07 15:13:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ubisoft [2009.08.14 16:24:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\uTorrent [2009.04.11 16:23:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Vso [2008.12.21 18:06:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Xilisoft Corporation [2010.02.05 15:58:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Youtube Downloader HD ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2008.10.08 21:22:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010.05.19 16:18:25 | 000,000,234 | ---- | M] () -- C:\Boot.bak [2010.05.30 19:03:00 | 000,000,304 | RHS- | M] () -- C:\boot.ini [2000.09.01 11:39:58 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin [2008.10.11 21:34:46 | 000,000,000 | ---- | M] () -- C:\cideamon_1.1652.0.exe [2008.10.11 21:34:46 | 000,000,000 | ---- | M] () -- C:\client2.exe [2008.10.11 21:34:47 | 000,000,000 | ---- | M] () -- C:\client3.exe [2008.10.11 21:34:26 | 000,000,000 | ---- | M] () -- C:\client4.exe [2004.08.03 23:00:10 | 000,262,448 | ---- | M] () -- C:\cmldr [2008.10.08 21:22:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008.10.12 20:39:55 | 000,010,798 | ---- | M] () -- C:\DPG_Simpsons_S01E01-S06E11.rsdf [2008.09.29 10:20:27 | 000,063,488 | ---- | M] () -- C:\HD4850 BIOS v12.rom [2010.05.28 00:47:30 | 023,100,156 | ---- | M] () -- C:\immudebug.log [2008.10.08 21:22:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008.10.08 21:22:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004.08.03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009.04.30 14:12:07 | 000,251,712 | RHS- | M] () -- C:\ntldr [2010.05.30 19:18:52 | 3219,128,320 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.04.07 03:46:42 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2010.05.19 17:24:45 | 004,718,592 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2010.05.18 01:55:08 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav [2010.05.19 17:24:45 | 037,748,736 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2010.05.19 17:24:45 | 012,320,768 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\system32\drivers\*.sys /90 > [2010.04.07 04:42:04 | 004,687,872 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 @Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:2BE9FEFC < End of report > |
|
30.05.2010, 18:52
| #5 |
| | TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys Extras: Code:
ATTFilter OTL Extras logfile created on: 30.05.2010 19:39:04 - Run 1
OTL by OldTimer - Version 3.2.5.1 Folder = C:\Dokumente und Einstellungen\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): c:\pagefile.sys 3070 3070 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 390,63 Gb Total Space | 15,65 Gb Free Space | 4,01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 2,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 75,13 Gb Total Space | 5,40 Gb Free Space | 7,18% Space Free | Partition Type: NTFS
Drive G: | 62,22 Mb Total Space | 54,13 Mb Free Space | 87,00% Space Free | Partition Type: FAT
Drive H: | 931,51 Gb Total Space | 0,72 Gb Free Space | 0,08% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: USER-ACDD367721
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Miranda IM\miranda32.exe" = C:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- ()
"C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"E:\SETUP.EXE" = E:\SETUP.EXE:*:Enabled:Setup -- ()
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"F:\Spiele\Codemasters\GRID\GRID.exe" = F:\Spiele\Codemasters\GRID\GRID.exe:*:Enabled:GRID -- (Codemasters)
"C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Zattoo\Zattoo.exe" = C:\Programme\Zattoo\Zattoo.exe:*:Enabled: -- ()
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"F:\Spiele\EA Games\Battlefield 2\BF2.exe" = F:\Spiele\EA Games\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"F:\Spiele\EA Games\Battlefield 2\bf2_w32ded.exe" = F:\Spiele\EA Games\Battlefield 2\bf2_w32ded.exe:*:Enabled:bf2_w32ded -- ()
"F:\Spiele\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe" = F:\Spiele\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander -- (Gas Powered Games)
"F:\Spiele\Ubisoft\Prince of Persia\Prince of Persia.exe" = F:\Spiele\Ubisoft\Prince of Persia\Prince of Persia.exe:*:Enabled:Prince of Persia Dx -- (Ubisoft)
"F:\Spiele\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe" = F:\Spiele\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:*:Enabled:Prince of Persia Update -- (Ubisoft)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"F:\Spiele\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe" = F:\Spiele\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"F:\Spiele\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe" = F:\Spiele\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"F:\Spiele\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe" = F:\Spiele\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"F:\Spiele\Ubisoft\Related Designs\ANNO 1404\Anno4.exe" = F:\Spiele\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404 -- (Related Designs)
"F:\Spiele\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = F:\Spiele\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Anno 1404 Web -- ()
"F:\Spiele\TmUnitedForever\TmForever.exe" = F:\Spiele\TmUnitedForever\TmForever.exe:*:Enabled:TmForever -- ()
"F:\Spiele\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe" = F:\Spiele\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance -- (Gas Powered Games)
"F:\Spiele\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe" = F:\Spiele\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance -- (Gas Powered Games)
"C:\Programme\Orbitdownloader\orbitdm.exe" = C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"F:\Spiele\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" = F:\Spiele\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\D-Laufwerk\Spiele\EA Games\speed.exe" = C:\D-Laufwerk\Spiele\EA Games\speed.exe:*:Enabled:speed -- ()
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Sony Ericsson\Update Service\Update Service.exe" = C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"F:\Spiele\Empire Interactive\FlatOut2\FlatOut2.exe" = F:\Spiele\Empire Interactive\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2 -- ()
"F:\Spiele\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe" = F:\Spiele\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe:*:Enabled:AddonWeb -- ()
"F:\Spiele\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe" = F:\Spiele\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)
"C:\Programme\Steam\SteamApps\atomictomcat\day of defeat source\hl2.exe" = C:\Programme\Steam\SteamApps\atomictomcat\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{07070EAB-9349-4F6C-AC13-AEFE436F9775}" = D-link AirPlus G DWL-G120 Wireless USB Adapter
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B25271C-C90B-056F-B4B1-84DFCC905497}" = ATI Catalyst Install Manager
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{141C141A-0DB8-E6E5-59AA-27576C20B75D}" = CCC Help English
"{1648DB98-AE62-6E92-F418-8A9ECCA078A9}" = Catalyst Control Center Graphics Previews Common
"{17200570-C3A0-DAAB-8232-491FEC0C1DF4}" = Catalyst Control Center Graphics Full Existing
"{17E83691-BC8E-BA2A-DE9B-AE845E1C2457}" = Catalyst Control Center Graphics Light
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D74A25E-F4A1-DD65-3327-FEE3C85A2565}" = Catalyst Control Center HydraVision Full
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{605BE2E8-D0D4-C157-68FD-40A318258E54}" = ccc-core-preinstall
"{636A7142-586A-4DF7-9207-191A2AF5610C}_is1" = AusLogics BoostSpeed
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71E8DEC6-8785-B293-FA6D-7A37A3D3E773}" = ccc-core-static
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{88713CAC-8759-6FE4-D577-A823E5865CB9}" = ccc-utility
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9C039633-4B58-4649-B8A5-5E08ABAA0ED7}" = D-Link AirPlus USB
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A93FE10A-42C3-B498-2856-2BBE22481A7A}" = Catalyst Control Center Graphics Full New
"{AB039765-AE63-4BBF-B2E1-7AA14FBE7C16}_is1" = Snej-Mod V6.003
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{B2BAD2AF-A391-4306-96A3-BA1139630D84}" = Catalyst Control Center InstallProxy
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C6CF0029-EF0A-439D-9A68-C5067EBFEA41}" = Mobile Master
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = 1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895}" = O&O Defrag Professional Edition
"{E81D9FF6-B45F-4DD4-9673-86B08AF6F705}" = HDDlife Pro 3.1
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{F029DBBC-FBBD-20CD-7038-6A703578EC79}" = Catalyst Control Center Core Implementation
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"7-Zip" = 7-Zip 9.11 beta
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"Any Video Converter_is1" = Any Video Converter 2.7.7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DA73216D935E3CBA996AFD6E6513ECC587E0C3C1" = Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
"DC-Bass Source" = DC-Bass Source 1.1.1
"Diablo II" = Diablo II
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"foobar2000" = foobar2000 v1.0.2.1
"Frets on Fire" = Frets On Fire
"HaaliMkx" = Haali Media Splitter
"Hamachi" = Hamachi 1.0.3.0
"HD Tune Pro_is1" = HD Tune Pro 3.50
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.5
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.24
"Monkey's Audio_is1" = Monkey's Audio
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MPE" = MyPhoneExplorer
"Nero8Lite_is1" = Nero 8 Micro 8.3.6.0
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"Orbit_is1" = Orbit Downloader
"Pausenkatzen Screensaver" = Pausenkatzen Screensaver
"PunkBusterSvc" = PunkBuster Services
"Puzzle Quest - Challenge of the Warlords" = Puzzle Quest - Challenge of the Warlords
"RealMedia" = RealMedia (remove only)
"RivaTuner" = RivaTuner v2.24
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Sorian AI Mod_is1" = Sorian AI Mod 2.0.0
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = DVD-Cover
"ST6UNST #2" = DVD-Cover 1.5
"Steam App 300" = Day of Defeat: Source
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmUnitedForever_is1" = TmUnitedForever
"TrueCrypt" = TrueCrypt
"UnderCoverXP_is1" = UnderCoverXP 1.23
"Update Service" = Update Service
"V3.2_is1" = File Scavenger 3.2
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9APDMOE" = Windows Media Video 9 Advanced Profile Codec
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 1.8.1
"Zattoo" = Zattoo 3.3.4 Beta
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.05.2010 13:47:09 | Computer Name = USER-ACDD367721 | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 21.05.2010 13:47:09 | Computer Name = USER-ACDD367721 | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 21.05.2010 13:47:09 | Computer Name = USER-ACDD367721 | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 21.05.2010 13:47:09 | Computer Name = USER-ACDD367721 | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 21.05.2010 13:47:09 | Computer Name = USER-ACDD367721 | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 21.05.2010 13:47:09 | Computer Name = USER-ACDD367721 | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 21.05.2010 13:47:09 | Computer Name = USER-ACDD367721 | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 21.05.2010 13:47:09 | Computer Name = USER-ACDD367721 | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 25.05.2010 14:17:14 | Computer Name = USER-ACDD367721 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3743, fehlgeschlagenes
Modul kikin_3_6.dll, Version 2.0.11.0, Fehleradresse 0x0004c794.
Error - 28.05.2010 15:27:51 | Computer Name = USER-ACDD367721 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.com, Version 1.46.0.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 30.05.2010 12:37:03 | Computer Name = USER-ACDD367721 | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrB" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 30.05.2010 12:37:03 | Computer Name = USER-ACDD367721 | Source = Service Control Manager | ID = 7034
Description = Dienst "NMSAccessU" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 30.05.2010 12:47:46 | Computer Name = USER-ACDD367721 | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 000F3D4BA083 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 30.05.2010 12:48:00 | Computer Name = USER-ACDD367721 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Upgrade Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 30.05.2010 12:48:00 | Computer Name = USER-ACDD367721 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HDD & SSD access service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 30.05.2010 13:06:47 | Computer Name = USER-ACDD367721 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Upgrade Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 30.05.2010 13:06:47 | Computer Name = USER-ACDD367721 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HDD & SSD access service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 30.05.2010 13:13:30 | Computer Name = USER-ACDD367721 | Source = PlugPlayManager | ID = 11
Description = Das Gerät "Root\LEGACY_HERBH\0000" wurde ohne vorbereitende Maßnahmen
vom System entfernt.
Error - 30.05.2010 13:19:26 | Computer Name = USER-ACDD367721 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Upgrade Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 30.05.2010 13:19:26 | Computer Name = USER-ACDD367721 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HDD & SSD access service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
|
|
30.05.2010, 19:46
| #6 |
| /// Selecta Jahrusso | TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys Bitte keine CodeTags  schritt 1
Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=15788&l=dis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2010.03.31 21:57:20 | 000,002,252 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\searchplugins\askcom.xml
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2010.05.19 19:30:45 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ofubwi.dat
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[emptyflash]
[reboot]
schritt 2 Starte Malwarebytes, Update es und führe einen QuickScan aus. schritt 3 Java aktualisieren Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).
schritt 4 Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
schritt 5 Starte bitte OTL.exe und klicke auf den Quick Scan Button. Bitte poste in Deiner nächsten Antwort OTL Move File Log von MBAM Log von ESET OTL.txt Berichte wie der Rechner läuft
__________________ --> TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys |
|
31.05.2010, 11:53
| #7 |
| | TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys OK, bis auf Schritt 4 hab ich nun alles machen können. Das Problem ist gerade, dass meine Verbindung wie erwähnt extrem langsam ist, und es daher an diesem Pc fast unmöglich ist etwas herunterzuladen, musste ein Laptop zum Download der Dateien zur Hilfe nehmen, anders geht es momentan nicht. Das langsame Internet liegt aber vermutlich am Router/Repeater. Mein Pc ist zu weit vom Router entfernt, deswegen ist noch ein Repeater dazwischen, aber der sendet das Signal momentan wohl nicht weiter. Hier mal soweit es eben bis jetzt ging, die Ergebnisse: OTL Move File: All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "Ask.com" removed from browser.search.order.1 C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\searchplugins\askcom.xml moved successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. C:\Dokumente und Einstellungen\user\Anwendungsdaten\ofubwi.dat moved successfully. ========== SERVICES/DRIVERS ========== ========== FILES ========== ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: user ->Temp folder emptied: 1031 bytes ->Temporary Internet Files folder emptied: 157694 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 39246644 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 603 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 4422849 bytes Total Files Cleaned = 42,00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default User User: LocalService User: NetworkService ->Flash cache emptied: 0 bytes User: user ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.5.1 log created on 05302010_220321 Files\Folders moved on Reboot... Registry entries deleted on Reboot... MBAM Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 31.05.2010 11:25:52 mbam-log-2010-05-31 (11-25-52).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 124477 Laufzeit: 4 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
31.05.2010, 11:54
| #8 |
| | TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys OTL Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.05.2010 12:37:17 - Run 2 OTL by OldTimer - Version 3.2.5.1 Folder = C:\Dokumente und Einstellungen\user\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): c:\pagefile.sys 3070 3070 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 390,63 Gb Total Space | 15,46 Gb Free Space | 3,96% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 2,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 75,13 Gb Total Space | 5,40 Gb Free Space | 7,18% Space Free | Partition Type: NTFS Drive G: | 62,22 Mb Total Space | 28,98 Mb Free Space | 46,59% Space Free | Partition Type: FAT Drive H: | 931,51 Gb Total Space | 0,72 Gb Free Space | 0,08% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Drive T: | 500,94 Gb Total Space | 254,09 Gb Free Space | 50,72% Space Free | Partition Type: FAT32 Computer Name: USER-ACDD367721 Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.05.31 12:09:04 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\javaws.exe PRC - [2010.05.31 12:09:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\javaw.exe PRC - [2010.05.30 23:01:46 | 016,529,184 | ---- | M] (Sun Microsystems, Inc.) -- G:\jre-6u20-windows-i586-s.exe PRC - [2010.05.30 18:22:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe PRC - [2010.04.03 12:54:39 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.03.17 20:41:05 | 008,319,560 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe PRC - [2009.08.25 19:29:50 | 001,369,792 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe PRC - [2009.08.05 14:34:13 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.11.07 16:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2008.11.07 16:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.15 15:17:00 | 000,832,760 | ---- | M] (BinarySense, Inc.) -- C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe PRC - [2007.09.27 03:05:56 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe PRC - [2007.09.07 15:54:54 | 000,159,744 | ---- | M] () -- C:\Programme\Razer\DeathAdder\razerhid.exe PRC - [2007.05.07 15:35:14 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Programme\Razer\DeathAdder\razerofa.exe PRC - [2006.11.24 15:24:16 | 000,143,360 | ---- | M] () -- C:\Programme\Razer\DeathAdder\razertra.exe ========== Modules (SafeList) ========== MOD - [2010.05.30 18:22:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe MOD - [2008.11.07 16:41:46 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\lgscroll.dll MOD - [2008.07.25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (HDD & SSD access service) SRV - File not found [Auto | Stopped] -- -- (AntiVirUpgradeService) SRV - [2009.08.05 14:34:13 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.02.09 19:21:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.11.07 16:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.09.04 07:02:24 | 001,295,616 | ---- | M] (O&O Software GmbH) [Disabled | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag) SRV - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008.02.15 15:17:00 | 000,832,760 | ---- | M] (BinarySense, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe -- (HDDlife HDD Access service) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.07.05 15:02:03 | 000,358,008 | ---- | M] (Protection Technology (StarForce)) [Auto | Stopped] -- C:\WINDOWS\System32\sfrem01.exe -- (sfrem01) SF FrontLine Drivers Auto Removal (v1) ========== Driver Services (SafeList) ========== DRV - [2010.04.07 04:42:04 | 004,687,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009.12.07 18:48:05 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.08.25 19:29:51 | 000,217,664 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2009.07.10 20:43:35 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009.07.10 20:43:35 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.06.26 19:10:13 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.06 10:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2009.04.06 10:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.25 19:55:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32) DRV - [2009.02.18 19:31:04 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.01.26 19:23:42 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009.01.13 20:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2009.01.13 20:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2009.01.13 20:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2009.01.13 20:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2008.12.25 18:32:32 | 003,721,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService) DRV - [2008.09.26 09:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.09.26 09:52:00 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2008.09.26 09:52:00 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2008.08.05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008.05.21 07:53:36 | 000,093,696 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2008.05.03 06:46:00 | 000,038,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007.08.02 17:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr) DRV - [2007.02.27 03:15:21 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21) DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2006.08.11 15:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x) DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2006.01.04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2003.11.11 13:12:46 | 000,336,800 | ---- | M] (GlobespanVirata, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02) DRV - [2003.09.07 15:07:10 | 000,177,792 | R--- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiacxusb.sys -- (TIACXUSB) DRV - [2003.08.21 11:12:32 | 000,058,752 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiacxubt.sys -- (TIAcxubt) DRV - [2001.08.17 13:14:24 | 000,444,416 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase) DRV - [2001.08.17 13:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21 FF - prefs.js..extensions.enabledItems: {477c4c36-24eb-11da-94d4-00e08161165f}:2.7.6 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.0 FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2 FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.01 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: glaze_black@www.theme-oasis.org:3.3 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.04 01:08:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.31 12:09:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.17 20:41:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.04.16 13:14:40 | 000,000,000 | ---D | M] [2008.10.11 17:38:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Extensions [2010.05.31 12:12:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions [2010.04.28 12:38:31 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.04.28 12:38:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.08 13:48:46 | 000,000,000 | ---D | M] (Grab and Drag) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{477c4c36-24eb-11da-94d4-00e08161165f} [2009.08.18 14:11:11 | 000,000,000 | ---D | M] (jDownFF) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66} [2010.03.06 20:59:11 | 000,000,000 | ---D | M] (kikin plugin (JDownloader Edition)) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.05.01 13:15:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.10.13 12:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010.05.11 16:08:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\fsonlinescanner@f-secure.com [2010.02.15 20:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\glaze_black@www.theme-oasis.org [2009.07.26 14:04:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\savesession@noasobi.net [2009.08.26 22:30:43 | 000,002,521 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\searchplugins\yourwirenet-boerse-threadtitel.xml [2009.08.26 22:30:44 | 000,002,415 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\searchplugins\yourwirenet.xml [2010.05.31 12:12:44 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.31 12:09:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.31 12:09:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.30 19:19:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DeathAdder] C:\Programme\Razer\DeathAdder\razerhid.exe () O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [XboxStat] C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [TrueCrypt] C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab (Citrix ICA Client) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Programme\Gemeinsame Dateien\BinarySense\hlAPP.dll (BinarySense, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.10.08 21:22:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.05.29 15:44:04 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{c0a0ee72-fffe-11dd-a144-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{c0a0ee72-fffe-11dd-a144-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c0a0ee72-fffe-11dd-a144-806d6172696f}\Shell\AutoRun\command - "" = E:\Launch.exe -- [2004.05.04 01:47:54 | 000,126,976 | R--- | M] (InstallShield Software Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBSsprestrt) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.05.31 12:10:23 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2010.05.31 12:09:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.05.31 11:11:26 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Dokumente und Einstellungen\user\Desktop\JavaRa.exe [2010.05.30 22:03:21 | 000,000,000 | ---D | C] -- C:\_OTL [2010.05.30 20:14:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.05.30 19:38:12 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe [2010.05.30 19:23:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010.05.30 19:02:57 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.05.30 18:43:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.05.30 18:43:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.05.30 18:43:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.05.30 18:43:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.05.30 18:42:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.05.30 18:42:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.05.30 14:02:51 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\user\Recent [2010.05.29 18:16:02 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.05.25 01:06:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010.05.25 00:51:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010.05.20 13:54:27 | 000,000,000 | ---D | C] -- C:\Programme\UnderCoverXP [2010.05.19 16:24:13 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2010.05.19 16:24:13 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2010.05.19 16:23:19 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2010.05.17 21:36:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes [2010.05.17 21:32:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.05.17 21:32:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.05.17 21:28:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.05.17 21:28:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.05.17 21:28:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.05.17 21:28:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.17 21:03:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\kwildiagt [2010.05.15 15:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\DCIM [2010.05.13 20:47:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Wasserdeck [2010.05.11 17:08:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure [2010.05.04 21:25:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ATI [2010.05.04 18:45:51 | 000,000,000 | ---D | C] -- C:\Programme\ATI [2010.04.22 13:21:10 | 000,000,000 | ---D | C] -- C:\Programme\Medieval Software [2010.04.17 13:07:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Eigene Dateien\CAPCOM [2010.04.17 13:05:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\microsoft [2010.04.17 13:05:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\CAPCOM [2010.04.16 23:13:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive [2010.04.16 23:13:56 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Games for Windows - LIVE [2010.04.06 18:58:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\rockbox.org [2010.03.29 19:51:53 | 000,364,544 | ---- | C] (Matthew T. Ashland) -- C:\WINDOWS\System32\MACDll.dll [2010.03.29 19:51:53 | 000,000,000 | ---D | C] -- C:\Programme\Monkey's Audio [2010.03.07 15:22:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Eigene Dateien\ANNO 1404 Venedig [2010.03.07 15:13:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield ========== Files - Modified Within 90 Days ========== [2010.05.31 12:06:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.05.31 12:06:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.05.31 12:06:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.31 12:04:44 | 020,709,376 | ---- | M] () -- C:\Dokumente und Einstellungen\user\NTUSER.DAT [2010.05.31 12:04:44 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\user\ntuser.ini [2010.05.31 11:12:23 | 000,000,685 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.30 22:55:14 | 002,672,312 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\esetsmartinstaller_enu.exe [2010.05.30 19:19:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.05.30 19:19:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.05.30 19:03:00 | 000,000,304 | RHS- | M] () -- C:\boot.ini [2010.05.30 18:47:37 | 2146,783,232 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2010.05.30 18:29:36 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\user\defogger_reenable [2010.05.30 18:22:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe [2010.05.30 11:08:15 | 001,050,826 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.05.30 11:08:15 | 000,451,906 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.05.30 11:08:15 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.05.30 11:08:15 | 000,081,102 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.05.30 11:08:15 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.05.29 18:16:08 | 000,002,429 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\HiJackThis.lnk [2010.05.29 01:05:42 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.05.28 00:43:00 | 000,395,480 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100528-004734.backup [2010.05.27 00:29:28 | 000,004,998 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100527_002926.reg [2010.05.25 16:44:11 | 000,000,704 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PESEdit.com 2010 Patch.lnk [2010.05.25 16:37:27 | 001,580,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.05.25 01:07:10 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010.05.21 20:32:43 | 000,002,389 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\FlatOut2.lnk [2010.05.21 13:04:39 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Miranda IM.lnk [2010.05.20 13:51:35 | 000,000,349 | ---- | M] () -- C:\WINDOWS\ST6UNST.001 [2010.05.20 13:50:48 | 000,000,349 | ---- | M] () -- C:\WINDOWS\ST6UNST.000 [2010.05.19 20:36:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\WININIT.INI [2010.05.19 16:44:17 | 000,002,540 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100519_164415.reg [2010.05.19 16:25:46 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2010.05.19 16:22:24 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010.05.19 16:22:24 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010.05.19 16:22:13 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2010.05.19 16:21:27 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2010.05.19 16:21:27 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010.05.19 16:21:10 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini [2010.05.19 16:19:55 | 000,022,880 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.05.19 16:18:25 | 000,000,234 | ---- | M] () -- C:\Boot.bak [2010.05.17 16:14:24 | 000,836,435 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor [2010.05.16 01:13:32 | 000,099,840 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.15 19:47:15 | 005,796,245 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Breezy (English).jpg [2010.05.12 02:56:45 | 000,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe [2010.05.12 02:56:45 | 000,003,700 | ---- | M] () -- C:\WINDOWS\DCEBOOT.CFG [2010.05.12 02:53:18 | 000,000,666 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100512_025314.reg [2010.05.11 16:34:51 | 000,000,036 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache [2010.05.10 00:37:22 | 000,393,250 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100528-004300.backup [2010.05.10 00:36:46 | 000,393,250 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100510-003722.backup [2010.05.05 17:33:29 | 000,393,250 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100510-003646.backup [2010.05.04 18:43:11 | 000,001,521 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\CCleaner.lnk [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010.04.21 17:25:47 | 000,392,890 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100505-173328.backup [2010.04.17 18:05:32 | 000,392,132 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100421-172547.backup [2010.04.15 10:26:14 | 000,076,336 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.04.14 15:59:05 | 000,000,687 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\foobar2000.lnk [2010.04.07 21:09:07 | 000,386,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100417-180532.backup [2010.04.07 03:31:00 | 000,208,896 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll [2010.04.07 03:30:44 | 000,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll [2010.04.07 03:30:32 | 000,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe [2010.04.07 03:30:24 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll [2010.04.07 03:27:44 | 000,471,136 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2010.04.07 03:27:40 | 000,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat [2010.04.07 03:27:40 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat [2010.04.07 03:26:52 | 000,038,400 | ---- | M] () -- C:\WINDOWS\System32\atiapfxx.blb [2010.04.01 11:34:28 | 000,020,862 | ---- | M] () -- C:\WINDOWS\atiogl.xml [2010.03.31 19:53:26 | 000,001,501 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ImgBurn.lnk [2010.03.22 00:18:14 | 000,380,892 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100402-190456.backup [2010.03.22 00:18:14 | 000,380,892 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100407-210906.backup [2010.03.17 17:06:30 | 000,202,234 | ---- | M] () -- C:\WINDOWS\System32\atiicdxx.dat [2010.03.14 16:38:30 | 000,000,317 | ---- | M] () -- C:\WINDOWS\IfoEdit.INI [2010.03.07 19:31:00 | 000,380,441 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100321-231814.backup [2010.03.07 15:11:08 | 000,000,868 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ANNO 1404 - Venedig.lnk [2010.03.06 10:29:33 | 000,255,878 | -H-- | M] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\IconCache.db ========== Files Created - No Company Name ========== [2010.05.31 12:22:14 | 002,672,312 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\esetsmartinstaller_enu.exe [2010.05.31 11:12:23 | 000,000,685 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.31 11:11:26 | 000,245,103 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\JavaRa.def [2010.05.30 19:03:00 | 000,000,234 | ---- | C] () -- C:\Boot.bak [2010.05.30 19:02:58 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.05.30 18:43:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.05.30 18:43:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.05.30 18:43:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.05.30 18:43:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.05.30 18:43:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.05.30 18:29:22 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\user\defogger_reenable [2010.05.29 18:16:02 | 000,002,429 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\HiJackThis.lnk [2010.05.27 00:29:27 | 000,004,998 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100527_002926.reg [2010.05.23 20:58:26 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta [2010.05.23 20:58:26 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css [2010.05.23 20:58:26 | 000,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf [2010.05.23 20:58:26 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js [2010.05.23 20:58:25 | 000,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm [2010.05.23 20:58:25 | 000,076,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm [2010.05.23 20:58:25 | 000,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm [2010.05.23 20:58:24 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav [2010.05.23 20:58:24 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav [2010.05.23 20:58:24 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav [2010.05.23 20:58:24 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav [2010.05.23 20:58:24 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav [2010.05.23 20:58:24 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav [2010.05.23 20:58:24 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav [2010.05.23 20:58:24 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav [2010.05.23 20:58:24 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav [2010.05.23 20:58:24 | 000,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf [2010.05.23 20:58:24 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf [2010.05.23 20:58:24 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif [2010.05.23 20:58:24 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif [2010.05.23 20:58:24 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif [2010.05.23 20:58:24 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif [2010.05.23 20:58:24 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif [2010.05.23 20:58:24 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif [2010.05.23 20:58:24 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif [2010.05.23 20:58:24 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif [2010.05.23 20:58:24 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif [2010.05.23 20:58:23 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv [2010.05.23 20:58:23 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif [2010.05.23 20:58:23 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif [2010.05.23 20:58:21 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif [2010.05.23 20:58:21 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js [2010.05.23 20:58:21 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif [2010.05.23 20:58:21 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif [2010.05.23 20:58:21 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif [2010.05.23 20:58:21 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif [2010.05.23 20:58:21 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif [2010.05.23 20:58:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif [2010.05.23 20:58:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif [2010.05.23 20:58:21 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif [2010.05.23 20:58:18 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv [2010.05.23 20:58:18 | 000,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf [2010.05.23 20:58:18 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm [2010.05.23 20:58:17 | 000,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz [2010.05.23 20:58:16 | 000,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm [2010.05.23 20:58:15 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv [2010.05.23 20:58:15 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip [2010.05.23 20:58:15 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip [2010.05.23 20:58:12 | 000,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf [2010.05.23 20:58:12 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif [2010.05.23 20:58:12 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif [2010.05.23 20:58:10 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv [2010.05.23 20:58:04 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js [2010.05.23 20:57:58 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv [2010.05.23 20:57:58 | 000,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz [2010.05.23 20:57:58 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css [2010.05.23 20:57:58 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm [2010.05.23 20:57:58 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js [2010.05.23 20:57:58 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif [2010.05.23 20:57:58 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif [2010.05.23 20:57:58 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif [2010.05.23 20:57:58 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif [2010.05.23 20:57:58 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif [2010.05.23 20:57:57 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif [2010.05.20 13:51:35 | 000,000,349 | ---- | C] () -- C:\WINDOWS\ST6UNST.001 [2010.05.20 13:50:47 | 002,387,348 | ---- | C] () -- C:\WINDOWS\DVD-Cover.CAB [2010.05.20 13:50:47 | 000,000,349 | ---- | C] () -- C:\WINDOWS\ST6UNST.000 [2010.05.19 17:20:21 | 2146,783,232 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP [2010.05.19 16:44:16 | 000,002,540 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100519_164415.reg [2010.05.19 16:24:38 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls [2010.05.19 16:24:09 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls [2010.05.19 16:24:09 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls [2010.05.19 16:24:08 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2010.05.19 16:23:54 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2010.05.19 16:23:54 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls [2010.05.19 16:23:48 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2010.05.19 16:23:47 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2010.05.19 16:23:45 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2010.05.19 16:23:39 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2010.05.19 16:23:34 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2010.05.19 16:23:21 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2010.05.19 16:23:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls [2010.05.19 16:23:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls [2010.05.19 16:23:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls [2010.05.19 16:23:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls [2010.05.19 16:23:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls [2010.05.19 16:23:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls [2010.05.19 16:23:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls [2010.05.19 16:23:17 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls [2010.05.19 16:23:17 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls [2010.05.19 16:23:17 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls [2010.05.19 16:23:15 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls [2010.05.19 16:23:15 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls [2010.05.19 16:23:15 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls [2010.05.19 16:23:15 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls [2010.05.19 16:23:15 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls [2010.05.19 16:23:15 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls [2010.05.19 16:23:15 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls [2010.05.19 16:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls [2010.05.19 16:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls [2010.05.19 16:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls [2010.05.19 16:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls [2010.05.19 16:23:14 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls [2010.05.19 16:23:14 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls [2010.05.19 16:23:13 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls [2010.05.19 16:23:13 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls [2010.05.19 16:23:13 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls [2010.05.19 16:23:13 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls [2010.05.19 16:21:27 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010.05.19 15:26:47 | 001,014,663 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT [2010.05.19 15:26:47 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2010.05.19 15:26:47 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2010.05.19 15:26:47 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2010.05.19 15:26:47 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2010.05.19 15:26:47 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2010.05.19 15:26:47 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2010.05.15 19:47:20 | 005,796,245 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\Breezy (English).jpg [2010.05.12 02:53:17 | 000,000,666 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100512_025314.reg [2010.05.12 02:48:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe [2010.05.12 02:48:28 | 000,003,700 | ---- | C] () -- C:\WINDOWS\DCEBOOT.CFG [2010.05.11 16:34:51 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache [2010.05.04 18:46:54 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb [2010.03.30 20:01:10 | 000,000,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PESEdit.com 2010 Patch.lnk [2010.03.29 20:14:26 | 000,001,501 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ImgBurn.lnk [2010.03.14 16:31:18 | 000,000,317 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI [2010.03.07 15:11:08 | 000,000,868 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ANNO 1404 - Venedig.lnk [2009.09.25 19:23:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.09.25 19:23:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009.07.10 20:43:35 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009.07.10 20:43:35 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2009.02.21 14:17:16 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009.02.08 14:38:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2008.12.31 19:34:00 | 001,526,468 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2008.12.31 19:34:00 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2008.12.27 12:39:23 | 000,000,286 | ---- | C] () -- C:\WINDOWS\DesktopSchneeFree.ini [2008.11.13 15:18:59 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008.10.29 19:54:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.10.13 21:24:31 | 000,003,254 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2008.10.13 21:24:31 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini [2008.10.13 21:24:06 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\agissi.dll [2008.10.13 21:24:02 | 011,206,656 | R--- | C] () -- C:\WINDOWS\System32\zhhp_res.dll [2008.10.13 21:24:01 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\vshp2600.dll [2008.10.13 21:18:53 | 000,000,628 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2008.10.11 19:40:26 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2008.10.11 19:40:26 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2008.10.11 19:40:26 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2008.10.11 19:16:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008.10.11 15:26:21 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2006.11.11 22:52:50 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\mmSQL.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2008.11.08 19:19:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Codemasters [2009.07.30 16:08:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts [2010.05.11 17:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure [2009.10.29 20:36:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI [2009.04.25 20:30:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm [2009.06.11 15:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters [2009.08.04 01:22:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Prism [2010.03.07 15:13:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield [2009.07.10 22:02:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages [2010.05.31 12:06:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009.09.04 13:58:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania [2009.03.01 15:26:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrueCrypt [2009.10.01 21:30:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Any Video Converter [2009.08.06 16:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Auslogics [2009.02.16 00:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\BinarySense [2009.05.07 16:13:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\biu software [2008.10.16 22:57:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Canneverbe_Limited [2009.11.24 20:29:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Canon [2010.05.31 12:03:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\foobar2000 [2009.11.02 21:55:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\fretsonfire [2009.10.01 17:23:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\GrabPro [2008.10.13 19:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ICAClient [2009.02.21 13:18:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ImgBurn [2009.12.18 17:48:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Jumping Bytes [2010.03.20 01:02:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\kikin [2009.09.04 19:28:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Leadertech [2009.06.18 18:30:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Miranda [2009.12.28 19:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mobile Master [2009.12.28 19:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\MyPhoneExplorer [2008.12.02 17:28:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\OpenOffice.org [2009.08.07 10:38:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Opera [2009.12.28 19:37:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Orbit [2009.07.12 22:07:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\passport_photo [2010.04.06 18:58:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\rockbox.org [2009.11.24 23:14:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Softland [2009.03.29 00:39:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Thinstall [2008.10.12 19:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Thunderbird [2009.08.25 19:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\TrueCrypt [2010.03.07 15:13:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Ubisoft [2009.08.14 16:24:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\uTorrent [2009.04.11 16:23:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Vso [2008.12.21 18:06:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Xilisoft Corporation [2010.02.05 15:58:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Youtube Downloader HD ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 @Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:2BE9FEFC < End of report > --- --- --- --- --- --- Neueste Java-Version müsste ich nun auch haben. ESET lässt sich leider nicht installieren, weil er da während der Installation Komponenten downloaden muss und ich ewig warten kann bis sich mal was tut. Geändert von Gerson (31.05.2010 um 12:51 Uhr) |
|
31.05.2010, 15:07
| #9 |
| /// Selecta Jahrusso | TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys Ich bin leider kein Netzwerk Experte. Aber sehen wir mal was nach. Ping überprüfen start --> ausführen --> cmd (reinschreiben) --> OK Gib nun im dos fenster ipconfig ein. Hier findest Du Deine IP- Adresse. Gib nun ein ping, Deine IP- Adresse, Leerzeichen -t Beispiel: ping xx.xxx.xxx.xx -t Lass das einmal laufen, Ende mit strg +c Wieviel Pakete gingen verloren, oder braucht er manchmal mehr Zeit für ein Paket?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
31.05.2010, 16:15
| #10 |
| | TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys Nein, also da scheint alles in Ordnung zu sein, da geht nix verloren und es dauert immer gleichlang. Ich hab jetzt mal den Repeater ausgemacht und gehe direkt über den Router ins Netz. Das ist zwar sehr langsam, aber immerhin geht es jetzt wieder einigermaßen stabil. Den ESET Online Scanner konnte ich jetzt auch laden, aber nachdem er bei Initialization bei 100% war, kommt da ein "Unexpected Error 2002" und es geht nicht mehr weiter. |
|
31.05.2010, 16:27
| #11 |
| /// Selecta Jahrusso | TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys Besteht das Problem schon länger ? Okay, dann lassen wir das mal mit ESET Versuch es bitte mit http://www.trojaner-board.de/59299-a...eb-cureit.html
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
01.06.2010, 12:03
| #12 |
| | TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys Also, das Problem mit der Verbindung besteht schon ein paar Wochen, ja. Vielleicht hätte ich erwähnen sollen, dass ich da Malware hatte, die sich als Antivirenprogramm getarnt hatte und irgendwann alle anderen Prozesse blockiert hat. Zuletzt hat der PC dann nicht mehr richtig gebootet, und ich habe dann eine Windows Reperaturinstallation gemacht und der PC startete wieder. Wenn ich mich aber recht erinnere wurde die Verbindung erst später so langsam. Naja, hier mal das Log con CureIt: 65965.exe\data018;C:\D-Laufwerk\Externe Festplatte\Dokumente und Einstellungen\***\Eigene Dateien\Dies und Das\65965.exe;Adware.NewDotNet;; 65965.exe\data019;C:\D-Laufwerk\Externe Festplatte\Dokumente und Einstellungen\***\Eigene Dateien\Dies und Das\65965.exe;Adware.NewDotNet;; 65965.exe\data020;C:\D-Laufwerk\Externe Festplatte\Dokumente und Einstellungen\***\Eigene Dateien\Dies und Das\65965.exe;Adware.Gator;; 65965.exe;C:\D-Laufwerk\Externe Festplatte\Dokumente und Einstellungen\***\Eigene Dateien\Dies und Das;Container enthält infizierte Objekte;Verschoben.; MobileMasterInst.exe/data002/MobileMaster.msi/stream000\_A95DA0396C8F4E58876D77745D487353;C:\D-Laufwerk\Externe Festplatte\Dokumente und Einstellungen\***\Eigene Dateien\Dies und Das\Handy\MobileMasterInst.exe/data0;Modifikation von Win32.HLLM.Generic.306;; stream000;C:\D-Laufwerk\Externe Festplatte\Dokumente und Einstellungen\***\Eigene Dateien\Dies und Das\Handy;Archiv enthält infizierte Objekte;; MobileMaster.msi;C:\D-Laufwerk\Externe Festplatte\Dokumente und Einstellungen\***\Eigene Dateien\Dies und Das\Handy;Container enthält infizierte Objekte;; data002;C:\D-Laufwerk\Externe Festplatte\Dokumente und Einstellungen\***\Eigene Dateien\Dies und Das\Handy;Archiv enthält infizierte Objekte;; MobileMasterInst.exe;C:\D-Laufwerk\Externe Festplatte\Dokumente und Einstellungen\***\Eigene Dateien\Dies und Das\Handy;Container enthält infizierte Objekte;Verschoben.; 4854066c.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4854066c.qua;Trojan.DownLoad1.35695;; 4854066c.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 48553e34.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\48553e34.qua;Trojan.DownLoad1.35695;; 48553e34.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 485b2ec4.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\485b2ec4.qua;Trojan.DownLoad1.35695;; 485b2ec4.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4a8d657f.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4a8d657f.qua;BackDoor.Click.953;; 4a8d657f.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4ae431e4.qua/data001\data016;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4ae431e4.qua/data001;Trojan.DownLoader.3945;; 4ae431e4.qua/data001\data017;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4ae431e4.qua/data001;Adware.NewDotNet;; data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;; 4ae431e4.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4ae8de3c.qua/data001\data016;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4ae8de3c.qua/data001;Trojan.DownLoader.3945;; 4ae8de3c.qua/data001\data017;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4ae8de3c.qua/data001;Adware.NewDotNet;; data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;; 4ae8de3c.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4aecff5c.qua/data001\data016;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4aecff5c.qua/data001;Trojan.DownLoader.3945;; 4aecff5c.qua/data001\data017;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4aecff5c.qua/data001;Adware.NewDotNet;; data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;; 4aecff5c.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4aeececc.qua/data001\data016;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4aeececc.qua/data001;Trojan.DownLoader.3945;; 4aeececc.qua/data001\data017;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4aeececc.qua/data001;Adware.NewDotNet;; data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;; 4aeececc.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4aefc694.qua/data001\data018;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4aefc694.qua/data001;Trojan.DownLoader.3945;; 4aefc694.qua/data001\data019;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4aefc694.qua/data001;Adware.NewDotNet;; 4aefc694.qua/data001\data020;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4aefc694.qua/data001;Adware.Shopper;; data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;; 4aefc694.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4b98b945.qua/data001\data018;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b98b945.qua/data001;Trojan.DownLoader.3945;; 4b98b945.qua/data001\data019;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b98b945.qua/data001;Adware.NewDotNet;; 4b98b945.qua/data001\data020;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b98b945.qua/data001;Adware.Shopper;; data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;; 4b98b945.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4b99b945.qua/data001\data016;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b99b945.qua/data001;Trojan.DownLoader.3945;; 4b99b945.qua/data001\data017;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b99b945.qua/data001;Adware.NewDotNet;; data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;; 4b99b945.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4b9ab948.qua/data001\data016;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b9ab948.qua/data001;Trojan.DownLoader.3945;; 4b9ab948.qua/data001\data017;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b9ab948.qua/data001;Adware.NewDotNet;; data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;; 4b9ab948.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4b9bb945.qua/data001\data016;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b9bb945.qua/data001;Trojan.DownLoader.3945;; 4b9bb945.qua/data001\data017;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b9bb945.qua/data001;Adware.NewDotNet;; data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;; 4b9bb945.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4b9cb946.qua/data001\data018;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b9cb946.qua/data001;Trojan.DownLoader.3945;; 4b9cb946.qua/data001\data019;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b9cb946.qua/data001;Adware.NewDotNet;; 4b9cb946.qua/data001\data020;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b9cb946.qua/data001;Adware.Shopper;; data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;; 4b9cb946.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4b9d227b.qua/data001\data018;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b9d227b.qua/data001;Trojan.DownLoader.3945;; 4b9d227b.qua/data001\data019;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b9d227b.qua/data001;Adware.NewDotNet;; 4b9d227b.qua/data001\data020;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4b9d227b.qua/data001;Adware.Shopper;; data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;; 4b9d227b.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4bd422be.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4bd422be.qua;BackDoor.Click.953;; 4bd422be.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4c6902b6.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c6902b6.qua;Trojan.NtRootKit.6929;; 4c6902b6.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4c71a48f.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c71a48f.qua;Trojan.NtRootKit.6929;; 4c71a48f.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4c71bde9.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c71bde9.qua;Trojan.NtRootKit.6929;; 4c71bde9.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4c72fbff.qua\data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4c72fbff.qua;Trojan.NtRootKit.6929;; 4c72fbff.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; 4f14ee0f.qua/data001\data016;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4f14ee0f.qua/data001;Trojan.DownLoader.3945;; 4f14ee0f.qua/data001\data017;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4f14ee0f.qua/data001;Adware.NewDotNet;; data001;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;; 4f14ee0f.qua;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED;Container enthält infizierte Objekte;Verschoben.; RegUBP2b-user.reg;C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Gelöscht.; |
|
01.06.2010, 15:28
| #13 |
| /// Selecta Jahrusso | TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys Das mit der Verbindung sollen die aus dem Netzwerk Bereich mal ansehen. Die haben damit mehr Erfahrung als ich. Starte bitte OTL.exe. Wähle unter Extra Registrierung Benutze Safe List und klicke auf den Scan Button. Poste mir bitte die Extras.txt und OTL.txt Sonst noch auffälligkeiten ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
01.06.2010, 16:12
| #14 |
| | TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys Ok, danke. Nein, sonst ist im Moment nichts auffälliges, läuft eigentlich alles wie es soll. OTL: OTL logfile created on: 01.06.2010 16:54:01 - Run 3 OTL by OldTimer - Version 3.2.5.1 Folder = C:\Dokumente und Einstellungen\user\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 21,00% Memory free 5,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): c:\pagefile.sys 3070 3070 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 390,63 Gb Total Space | 16,95 Gb Free Space | 4,34% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 75,13 Gb Total Space | 5,40 Gb Free Space | 7,18% Space Free | Partition Type: NTFS Drive G: | 244,71 Mb Total Space | 164,63 Mb Free Space | 67,27% Space Free | Partition Type: FAT Drive H: | 931,51 Gb Total Space | 0,72 Gb Free Space | 0,08% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Computer Name: USER-ACDD367721 Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.05.30 18:22:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe PRC - [2010.04.11 01:21:50 | 001,784,320 | ---- | M] () -- C:\Programme\foobar2000\foobar2000.exe PRC - [2010.04.03 12:54:39 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.03.17 20:41:05 | 008,319,560 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.08.25 19:29:50 | 001,369,792 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe PRC - [2009.08.05 14:34:13 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.19 17:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Programme\Last.fm\LastFM.exe PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.11.07 16:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2008.11.07 16:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008.10.16 14:28:42 | 000,801,544 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\LU\LogitechUpdate.exe PRC - [2008.10.16 14:28:28 | 000,300,296 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\LU\LuLnchr.exe PRC - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.15 15:17:00 | 000,832,760 | ---- | M] (BinarySense, Inc.) -- C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe PRC - [2007.09.27 03:05:56 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe PRC - [2007.09.07 15:54:54 | 000,159,744 | ---- | M] () -- C:\Programme\Razer\DeathAdder\razerhid.exe PRC - [2007.05.07 15:35:14 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Programme\Razer\DeathAdder\razerofa.exe PRC - [2006.11.24 15:24:16 | 000,143,360 | ---- | M] () -- C:\Programme\Razer\DeathAdder\razertra.exe ========== Modules (SafeList) ========== MOD - [2010.05.30 18:22:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe MOD - [2008.11.07 16:41:46 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\lgscroll.dll MOD - [2008.07.25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (HDD & SSD access service) SRV - File not found [Auto | Stopped] -- -- (AntiVirUpgradeService) SRV - [2009.08.05 14:34:13 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.02.09 19:21:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.11.07 16:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.09.04 07:02:24 | 001,295,616 | ---- | M] (O&O Software GmbH) [Disabled | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag) SRV - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008.02.15 15:17:00 | 000,832,760 | ---- | M] (BinarySense, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\BinarySense\hldasvc.exe -- (HDDlife HDD Access service) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.07.05 15:02:03 | 000,358,008 | ---- | M] (Protection Technology (StarForce)) [Auto | Stopped] -- C:\WINDOWS\System32\sfrem01.exe -- (sfrem01) SF FrontLine Drivers Auto Removal (v1) ========== Driver Services (SafeList) ========== DRV - [2010.04.07 04:42:04 | 004,687,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009.12.07 18:48:05 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.08.25 19:29:51 | 000,217,664 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2009.07.10 20:43:35 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009.07.10 20:43:35 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.06.26 19:10:13 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.06 10:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2009.04.06 10:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.25 19:55:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32) DRV - [2009.02.18 19:31:04 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.01.26 19:23:42 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009.01.13 20:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2009.01.13 20:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2009.01.13 20:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2009.01.13 20:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2008.12.25 18:32:32 | 003,721,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService) DRV - [2008.09.26 09:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.09.26 09:52:00 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2008.09.26 09:52:00 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2008.08.05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008.05.21 07:53:36 | 000,093,696 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2008.05.03 06:46:00 | 000,038,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007.08.02 17:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr) DRV - [2007.02.27 03:15:21 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21) DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2006.08.11 15:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x) DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2006.01.04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2003.11.11 13:12:46 | 000,336,800 | ---- | M] (GlobespanVirata, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02) DRV - [2003.09.07 15:07:10 | 000,177,792 | R--- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiacxusb.sys -- (TIACXUSB) DRV - [2003.08.21 11:12:32 | 000,058,752 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiacxubt.sys -- (TIAcxubt) DRV - [2001.08.17 13:14:24 | 000,444,416 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase) DRV - [2001.08.17 13:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 61 EE EB BB 00 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21 FF - prefs.js..extensions.enabledItems: {477c4c36-24eb-11da-94d4-00e08161165f}:2.7.6 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.0 FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2 FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.01 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: glaze_black@www.theme-oasis.org:3.3 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.04 01:08:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.31 12:09:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.17 20:41:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.04.16 13:14:40 | 000,000,000 | ---D | M] [2008.10.11 17:38:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Extensions [2010.06.01 12:52:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions [2010.04.28 12:38:31 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.04.28 12:38:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.08 13:48:46 | 000,000,000 | ---D | M] (Grab and Drag) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{477c4c36-24eb-11da-94d4-00e08161165f} [2009.08.18 14:11:11 | 000,000,000 | ---D | M] (jDownFF) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66} [2010.03.06 20:59:11 | 000,000,000 | ---D | M] (kikin plugin (JDownloader Edition)) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.05.01 13:15:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.10.13 12:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010.05.11 16:08:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\fsonlinescanner@f-secure.com [2010.02.15 20:24:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\glaze_black@www.theme-oasis.org [2009.07.26 14:04:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\extensions\savesession@noasobi.net [2009.08.26 22:30:43 | 000,002,521 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\searchplugins\yourwirenet-boerse-threadtitel.xml [2009.08.26 22:30:44 | 000,002,415 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\zwnftlan.default\searchplugins\yourwirenet.xml [2010.06.01 12:52:30 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.31 12:09:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.31 12:09:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.30 19:19:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DeathAdder] C:\Programme\Razer\DeathAdder\razerhid.exe () O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [XboxStat] C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [TrueCrypt] C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab (Citrix ICA Client) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Programme\Gemeinsame Dateien\BinarySense\hlAPP.dll (BinarySense, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.10.08 21:22:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBSsprestrt) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.01 14:55:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\user\Recent [2010.06.01 14:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2010.06.01 13:02:14 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010.06.01 13:02:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010.06.01 13:02:12 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010.05.31 12:10:23 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2010.05.31 12:09:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.05.31 12:09:13 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.05.31 12:09:13 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.05.31 12:09:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.05.31 12:09:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.05.31 12:09:13 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.05.31 11:11:26 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Dokumente und Einstellungen\user\Desktop\JavaRa.exe [2010.05.30 22:03:21 | 000,000,000 | ---D | C] -- C:\_OTL [2010.05.30 20:14:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.05.30 19:38:12 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe [2010.05.30 19:23:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010.05.30 19:02:57 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.05.30 18:43:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.05.30 18:43:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.05.30 18:43:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.05.30 18:43:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.05.30 18:42:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.05.30 18:42:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.05.29 18:16:02 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.05.25 13:29:13 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll [2010.05.25 01:06:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010.05.25 00:51:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010.05.23 20:58:14 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll [2010.05.23 20:58:00 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe [2010.05.22 18:41:30 | 002,192,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2010.05.22 18:41:28 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2010.05.22 18:41:28 | 000,737,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll [2010.05.22 18:41:27 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2010.05.22 16:48:52 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2010.05.22 16:34:07 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll [2010.05.22 16:13:33 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll [2010.05.22 16:13:33 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll [2010.05.22 14:29:16 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys [2010.05.22 14:17:19 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2010.05.21 23:48:13 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2010.05.21 23:44:15 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2010.05.21 23:14:24 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2010.05.20 13:54:27 | 000,000,000 | ---D | C] -- C:\Programme\UnderCoverXP [2010.05.19 16:24:35 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime [2010.05.19 16:24:34 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime [2010.05.19 16:24:34 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime [2010.05.19 16:24:34 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime [2010.05.19 16:24:34 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime [2010.05.19 16:24:34 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime [2010.05.19 16:24:33 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll [2010.05.19 16:24:33 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys [2010.05.19 16:24:32 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll [2010.05.19 16:24:31 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll [2010.05.19 16:24:31 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll [2010.05.19 16:24:31 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll [2010.05.19 16:24:31 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll [2010.05.19 16:24:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll [2010.05.19 16:24:31 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll [2010.05.19 16:24:27 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll [2010.05.19 16:24:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime [2010.05.19 16:24:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe [2010.05.19 16:24:25 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe [2010.05.19 16:24:25 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe [2010.05.19 16:24:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll [2010.05.19 16:24:24 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime [2010.05.19 16:24:24 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll [2010.05.19 16:24:24 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys [2010.05.19 16:24:24 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys [2010.05.19 16:24:24 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys [2010.05.19 16:24:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll [2010.05.19 16:24:21 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll [2010.05.19 16:24:21 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll [2010.05.19 16:24:20 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll [2010.05.19 16:24:20 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll [2010.05.19 16:24:19 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll [2010.05.19 16:24:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll [2010.05.19 16:24:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll [2010.05.19 16:24:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll [2010.05.19 16:24:18 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll [2010.05.19 16:24:18 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll [2010.05.19 16:24:18 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll [2010.05.19 16:24:18 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll [2010.05.19 16:24:18 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll [2010.05.19 16:24:18 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll [2010.05.19 16:24:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll [2010.05.19 16:24:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll [2010.05.19 16:24:18 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll [2010.05.19 16:24:18 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll [2010.05.19 16:24:18 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll [2010.05.19 16:24:18 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll [2010.05.19 16:24:18 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll [2010.05.19 16:24:16 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll [2010.05.19 16:24:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll [2010.05.19 16:24:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll [2010.05.19 16:24:13 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2010.05.19 16:24:13 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2010.05.19 16:24:12 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime [2010.05.19 16:24:11 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe [2010.05.19 16:24:11 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe [2010.05.19 16:24:10 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime [2010.05.19 16:24:10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe [2010.05.19 16:24:10 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe [2010.05.19 16:24:09 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll [2010.05.19 16:24:09 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll [2010.05.19 16:24:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll [2010.05.19 16:24:08 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime [2010.05.19 16:24:08 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime [2010.05.19 16:24:08 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe [2010.05.19 16:24:08 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll [2010.05.19 16:24:08 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll [2010.05.19 16:24:08 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll [2010.05.19 16:24:07 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll [2010.05.19 16:24:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll [2010.05.19 16:24:07 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll [2010.05.19 16:24:07 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll [2010.05.19 16:24:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll [2010.05.19 16:24:05 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll [2010.05.19 16:24:04 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll [2010.05.19 16:24:03 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll [2010.05.19 16:24:00 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex [2010.05.19 16:24:00 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll [2010.05.19 16:23:56 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys [2010.05.19 16:23:56 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll [2010.05.19 16:23:56 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll [2010.05.19 16:23:55 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll [2010.05.19 16:23:55 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll [2010.05.19 16:23:54 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll [2010.05.19 16:23:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll [2010.05.19 16:23:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll [2010.05.19 16:23:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll [2010.05.19 16:23:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll [2010.05.19 16:23:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll [2010.05.19 16:23:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll [2010.05.19 16:23:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll [2010.05.19 16:23:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll [2010.05.19 16:23:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll [2010.05.19 16:23:52 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll [2010.05.19 16:23:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll [2010.05.19 16:23:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll [2010.05.19 16:23:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll [2010.05.19 16:23:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll [2010.05.19 16:23:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll [2010.05.19 16:23:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll [2010.05.19 16:23:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll [2010.05.19 16:23:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll [2010.05.19 16:23:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll [2010.05.19 16:23:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll [2010.05.19 16:23:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll [2010.05.19 16:23:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll [2010.05.19 16:23:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll [2010.05.19 16:23:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll [2010.05.19 16:23:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll [2010.05.19 16:23:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll [2010.05.19 16:23:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll [2010.05.19 16:23:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll [2010.05.19 16:23:50 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll [2010.05.19 16:23:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll [2010.05.19 16:23:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll [2010.05.19 16:23:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll [2010.05.19 16:23:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll [2010.05.19 16:23:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll [2010.05.19 16:23:48 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll [2010.05.19 16:23:48 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll [2010.05.19 16:23:48 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll [2010.05.19 16:23:47 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe [2010.05.19 16:23:47 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll [2010.05.19 16:23:47 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe [2010.05.19 16:23:47 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe [2010.05.19 16:23:47 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe [2010.05.19 16:23:47 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe [2010.05.19 16:23:47 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll [2010.05.19 16:23:47 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll [2010.05.19 16:23:47 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe [2010.05.19 16:23:47 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe [2010.05.19 16:23:46 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll [2010.05.19 16:23:46 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll [2010.05.19 16:23:46 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll [2010.05.19 16:23:46 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime [2010.05.19 16:23:46 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe [2010.05.19 16:23:46 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll [2010.05.19 16:23:46 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll [2010.05.19 16:23:46 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe [2010.05.19 16:23:46 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe [2010.05.19 16:23:45 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll [2010.05.19 16:23:45 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime [2010.05.19 16:23:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll [2010.05.19 16:23:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll [2010.05.19 16:23:45 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe [2010.05.19 16:23:45 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll [2010.05.19 16:23:42 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll [2010.05.19 16:23:36 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll [2010.05.19 16:23:34 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll [2010.05.19 16:23:32 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll [2010.05.19 16:23:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe [2010.05.19 16:23:31 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll [2010.05.19 16:23:31 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll [2010.05.19 16:23:30 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe [2010.05.19 16:23:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll [2010.05.19 16:23:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll [2010.05.19 16:23:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll [2010.05.19 16:23:28 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll [2010.05.19 16:23:28 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll [2010.05.19 16:23:28 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll [2010.05.19 16:23:28 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys [2010.05.19 16:23:25 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime [2010.05.19 16:23:24 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe [2010.05.19 16:23:24 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe [2010.05.19 16:23:23 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe [2010.05.19 16:23:23 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll [2010.05.19 16:23:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll [2010.05.19 16:23:22 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe [2010.05.19 16:23:22 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll [2010.05.19 16:23:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime [2010.05.19 16:23:21 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll [2010.05.19 16:23:21 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll [2010.05.19 16:23:21 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll [2010.05.19 16:23:21 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll [2010.05.19 16:23:20 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime [2010.05.19 16:23:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe [2010.05.19 16:23:20 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe [2010.05.19 16:23:20 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe [2010.05.19 16:23:20 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe [2010.05.19 16:23:19 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2010.05.19 16:23:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll [2010.05.19 16:23:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll [2010.05.19 16:23:13 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll [2010.05.19 16:23:12 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll [2010.05.19 16:23:07 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll [2010.05.19 16:23:07 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll [2010.05.19 16:23:06 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll [2010.05.19 16:23:00 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll [2010.05.19 16:23:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll [2010.05.19 16:23:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll [2010.05.19 16:22:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll [2010.05.19 16:22:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll [2010.05.19 16:22:54 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll [2010.05.19 16:22:54 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll [2010.05.19 16:22:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe [2010.05.19 16:22:53 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll [2010.05.19 16:22:53 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe [2010.05.19 16:22:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll [2010.05.19 16:22:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll [2010.05.19 16:22:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx [2010.05.19 16:21:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe [2010.05.19 15:27:06 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll [2010.05.19 15:27:06 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll [2010.05.19 15:27:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll [2010.05.19 15:27:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll [2010.05.17 21:36:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes [2010.05.17 21:32:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.05.17 21:32:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.05.17 21:28:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.05.17 21:28:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.05.17 21:28:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.05.17 21:28:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.17 21:03:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\kwildiagt [2010.05.15 15:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\DCIM [2010.05.13 20:47:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Wasserdeck [2010.05.11 17:08:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure [2010.05.04 21:25:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ATI [2010.05.04 18:46:50 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe [2010.05.04 18:45:51 | 000,000,000 | ---D | C] -- C:\Programme\ATI [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.01 12:39:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.06.01 12:38:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.06.01 12:38:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.05.31 20:35:21 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\user\ntuser.ini [2010.05.31 20:35:20 | 020,709,376 | ---- | M] () -- C:\Dokumente und Einstellungen\user\NTUSER.DAT [2010.05.31 20:14:32 | 042,374,048 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\drweb-cureit.exe [2010.05.31 18:08:14 | 000,021,343 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\avatar-17002.jpeg [2010.05.31 14:19:00 | 000,006,880 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100531_141854.reg [2010.05.31 12:09:04 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.05.31 12:09:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.05.31 12:09:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.05.31 12:09:04 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.05.31 12:09:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.05.31 11:12:23 | 000,000,685 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.30 19:19:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.05.30 19:19:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.05.30 19:03:00 | 000,000,304 | RHS- | M] () -- C:\boot.ini [2010.05.30 18:29:36 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\user\defogger_reenable [2010.05.30 18:22:56 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe [2010.05.30 11:08:15 | 001,050,826 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.05.30 11:08:15 | 000,451,906 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.05.30 11:08:15 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.05.30 11:08:15 | 000,081,102 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.05.30 11:08:15 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.05.29 18:16:08 | 000,002,429 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\HiJackThis.lnk [2010.05.29 01:05:42 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.05.28 00:43:00 | 000,395,480 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100528-004734.backup [2010.05.27 00:29:28 | 000,004,998 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100527_002926.reg [2010.05.25 16:44:11 | 000,000,704 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PESEdit.com 2010 Patch.lnk [2010.05.25 16:37:27 | 001,580,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.05.25 01:07:10 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010.05.21 20:32:43 | 000,002,389 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\FlatOut2.lnk [2010.05.21 13:04:39 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Miranda IM.lnk [2010.05.20 13:51:35 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE [2010.05.20 13:51:35 | 000,000,349 | ---- | M] () -- C:\WINDOWS\ST6UNST.001 [2010.05.20 13:50:48 | 000,000,349 | ---- | M] () -- C:\WINDOWS\ST6UNST.000 [2010.05.19 20:36:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\WININIT.INI [2010.05.19 16:44:17 | 000,002,540 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100519_164415.reg [2010.05.19 16:25:46 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2010.05.19 16:22:24 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010.05.19 16:22:24 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010.05.19 16:22:13 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2010.05.19 16:21:27 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2010.05.19 16:21:27 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010.05.19 16:21:10 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini [2010.05.19 16:19:55 | 000,022,880 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.05.19 16:18:25 | 000,000,234 | ---- | M] () -- C:\Boot.bak [2010.05.17 16:14:24 | 000,836,435 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor [2010.05.16 01:13:32 | 000,099,840 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.15 19:47:15 | 005,796,245 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Breezy (English).jpg [2010.05.12 02:56:45 | 000,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe [2010.05.12 02:56:45 | 000,003,700 | ---- | M] () -- C:\WINDOWS\DCEBOOT.CFG [2010.05.12 02:53:18 | 000,000,666 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100512_025314.reg [2010.05.11 16:34:51 | 000,000,036 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache [2010.05.10 00:37:22 | 000,393,250 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100528-004300.backup [2010.05.10 00:36:46 | 000,393,250 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100510-003722.backup [2010.05.05 17:33:29 | 000,393,250 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100510-003646.backup [2010.05.04 18:43:11 | 000,001,521 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\CCleaner.lnk [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] |
|
01.06.2010, 16:14
| #15 |
| | TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys ========== Files Created - No Company Name ========== [2010.05.31 20:25:09 | 042,374,048 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\drweb-cureit.exe [2010.05.31 18:08:13 | 000,021,343 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\avatar-17002.jpeg [2010.05.31 14:18:59 | 000,006,880 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100531_141854.reg [2010.05.31 11:12:23 | 000,000,685 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.31 11:11:26 | 000,245,103 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\JavaRa.def [2010.05.30 19:03:00 | 000,000,234 | ---- | C] () -- C:\Boot.bak [2010.05.30 19:02:58 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.05.30 18:43:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.05.30 18:43:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.05.30 18:43:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.05.30 18:43:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.05.30 18:43:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.05.30 18:29:22 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\user\defogger_reenable [2010.05.29 18:16:02 | 000,002,429 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\HiJackThis.lnk [2010.05.27 00:29:27 | 000,004,998 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100527_002926.reg [2010.05.23 20:58:26 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta [2010.05.23 20:58:26 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css [2010.05.23 20:58:26 | 000,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf [2010.05.23 20:58:26 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js [2010.05.23 20:58:25 | 000,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm [2010.05.23 20:58:25 | 000,076,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm [2010.05.23 20:58:25 | 000,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm [2010.05.23 20:58:24 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav [2010.05.23 20:58:24 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav [2010.05.23 20:58:24 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav [2010.05.23 20:58:24 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav [2010.05.23 20:58:24 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav [2010.05.23 20:58:24 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav [2010.05.23 20:58:24 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav [2010.05.23 20:58:24 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav [2010.05.23 20:58:24 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav [2010.05.23 20:58:24 | 000,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf [2010.05.23 20:58:24 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf [2010.05.23 20:58:24 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif [2010.05.23 20:58:24 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif [2010.05.23 20:58:24 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif [2010.05.23 20:58:24 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif [2010.05.23 20:58:24 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif [2010.05.23 20:58:24 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif [2010.05.23 20:58:24 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif [2010.05.23 20:58:24 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif [2010.05.23 20:58:24 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif [2010.05.23 20:58:23 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv [2010.05.23 20:58:23 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif [2010.05.23 20:58:23 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif [2010.05.23 20:58:21 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif [2010.05.23 20:58:21 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js [2010.05.23 20:58:21 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif [2010.05.23 20:58:21 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif [2010.05.23 20:58:21 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif [2010.05.23 20:58:21 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif [2010.05.23 20:58:21 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif [2010.05.23 20:58:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif [2010.05.23 20:58:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif [2010.05.23 20:58:21 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif [2010.05.23 20:58:18 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv [2010.05.23 20:58:18 | 000,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf [2010.05.23 20:58:18 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm [2010.05.23 20:58:17 | 000,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz [2010.05.23 20:58:16 | 000,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm [2010.05.23 20:58:15 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv [2010.05.23 20:58:15 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip [2010.05.23 20:58:15 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip [2010.05.23 20:58:12 | 000,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf [2010.05.23 20:58:12 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif [2010.05.23 20:58:12 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif [2010.05.23 20:58:10 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv [2010.05.23 20:58:04 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js [2010.05.23 20:57:58 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv [2010.05.23 20:57:58 | 000,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz [2010.05.23 20:57:58 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css [2010.05.23 20:57:58 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm [2010.05.23 20:57:58 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js [2010.05.23 20:57:58 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif [2010.05.23 20:57:58 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif [2010.05.23 20:57:58 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif [2010.05.23 20:57:58 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif [2010.05.23 20:57:58 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif [2010.05.23 20:57:57 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif [2010.05.20 13:51:35 | 000,000,349 | ---- | C] () -- C:\WINDOWS\ST6UNST.001 [2010.05.20 13:50:47 | 002,387,348 | ---- | C] () -- C:\WINDOWS\DVD-Cover.CAB [2010.05.20 13:50:47 | 000,000,349 | ---- | C] () -- C:\WINDOWS\ST6UNST.000 [2010.05.19 16:44:16 | 000,002,540 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100519_164415.reg [2010.05.19 16:24:38 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls [2010.05.19 16:24:09 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls [2010.05.19 16:24:09 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls [2010.05.19 16:24:08 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2010.05.19 16:23:54 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2010.05.19 16:23:54 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls [2010.05.19 16:23:48 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2010.05.19 16:23:47 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2010.05.19 16:23:45 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2010.05.19 16:23:39 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2010.05.19 16:23:34 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2010.05.19 16:23:21 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2010.05.19 16:23:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls [2010.05.19 16:23:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls [2010.05.19 16:23:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls [2010.05.19 16:23:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls [2010.05.19 16:23:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls [2010.05.19 16:23:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls [2010.05.19 16:23:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls [2010.05.19 16:23:17 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls [2010.05.19 16:23:17 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls [2010.05.19 16:23:17 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls [2010.05.19 16:23:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls [2010.05.19 16:23:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls [2010.05.19 16:23:15 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls [2010.05.19 16:23:15 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls [2010.05.19 16:23:15 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls [2010.05.19 16:23:15 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls [2010.05.19 16:23:15 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls [2010.05.19 16:23:15 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls [2010.05.19 16:23:15 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls [2010.05.19 16:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls [2010.05.19 16:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls [2010.05.19 16:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls [2010.05.19 16:23:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls [2010.05.19 16:23:14 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls [2010.05.19 16:23:14 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls [2010.05.19 16:23:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls [2010.05.19 16:23:13 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls [2010.05.19 16:23:13 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls [2010.05.19 16:23:13 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls [2010.05.19 16:23:13 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls [2010.05.19 16:21:27 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010.05.19 16:21:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010.05.19 15:26:47 | 001,014,663 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT [2010.05.19 15:26:47 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2010.05.19 15:26:47 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2010.05.19 15:26:47 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2010.05.19 15:26:47 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2010.05.19 15:26:47 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2010.05.19 15:26:47 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2010.05.15 19:47:20 | 005,796,245 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\Breezy (English).jpg [2010.05.12 02:53:17 | 000,000,666 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Eigene Dateien\cc_20100512_025314.reg [2010.05.12 02:48:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe [2010.05.12 02:48:28 | 000,003,700 | ---- | C] () -- C:\WINDOWS\DCEBOOT.CFG [2010.05.11 16:34:51 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache [2010.05.04 18:46:54 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb [2010.03.14 16:31:18 | 000,000,317 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI [2009.09.25 19:23:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.09.25 19:23:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009.07.10 20:43:35 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009.07.10 20:43:35 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2009.02.21 14:17:16 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009.02.08 14:38:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2008.12.31 19:34:00 | 001,526,468 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2008.12.31 19:34:00 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2008.12.27 12:39:23 | 000,000,286 | ---- | C] () -- C:\WINDOWS\DesktopSchneeFree.ini [2008.11.13 15:18:59 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008.10.29 19:54:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.10.13 21:24:31 | 000,003,254 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2008.10.13 21:24:31 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini [2008.10.13 21:24:06 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\agissi.dll [2008.10.13 21:24:02 | 011,206,656 | R--- | C] () -- C:\WINDOWS\System32\zhhp_res.dll [2008.10.13 21:24:01 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\vshp2600.dll [2008.10.13 21:18:53 | 000,000,628 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2008.10.11 19:40:26 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2008.10.11 19:40:26 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2008.10.11 19:40:26 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2008.10.11 19:16:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008.10.11 15:26:21 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2006.11.11 22:52:50 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\mmSQL.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 @Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:2BE9FEFC < End of report > OTL EXTRAS Logfile (macht er immer automatisch im Code-Tag, weiß auch nicht warum): Code:
ATTFilter OTL Extras logfile created on: 01.06.2010 16:54:01 - Run 3
OTL by OldTimer - Version 3.2.5.1 Folder = C:\Dokumente und Einstellungen\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 21,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): c:\pagefile.sys 3070 3070 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 390,63 Gb Total Space | 16,95 Gb Free Space | 4,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 75,13 Gb Total Space | 5,40 Gb Free Space | 7,18% Space Free | Partition Type: NTFS
Drive G: | 244,71 Mb Total Space | 164,63 Mb Free Space | 67,27% Space Free | Partition Type: FAT
Drive H: | 931,51 Gb Total Space | 0,72 Gb Free Space | 0,08% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: USER-ACDD367721
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Miranda IM\miranda32.exe" = C:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- ()
"C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"E:\SETUP.EXE" = E:\SETUP.EXE:*:Enabled:Setup -- File not found
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"F:\Spiele\Codemasters\GRID\GRID.exe" = F:\Spiele\Codemasters\GRID\GRID.exe:*:Enabled:GRID -- (Codemasters)
"C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Zattoo\Zattoo.exe" = C:\Programme\Zattoo\Zattoo.exe:*:Enabled: -- ()
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"F:\Spiele\EA Games\Battlefield 2\BF2.exe" = F:\Spiele\EA Games\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"F:\Spiele\EA Games\Battlefield 2\bf2_w32ded.exe" = F:\Spiele\EA Games\Battlefield 2\bf2_w32ded.exe:*:Enabled:bf2_w32ded -- ()
"F:\Spiele\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe" = F:\Spiele\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander -- (Gas Powered Games)
"F:\Spiele\Ubisoft\Prince of Persia\Prince of Persia.exe" = F:\Spiele\Ubisoft\Prince of Persia\Prince of Persia.exe:*:Enabled:Prince of Persia Dx -- (Ubisoft)
"F:\Spiele\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe" = F:\Spiele\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:*:Enabled:Prince of Persia Update -- (Ubisoft)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"F:\Spiele\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe" = F:\Spiele\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"F:\Spiele\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe" = F:\Spiele\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"F:\Spiele\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe" = F:\Spiele\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"F:\Spiele\Ubisoft\Related Designs\ANNO 1404\Anno4.exe" = F:\Spiele\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404 -- (Related Designs)
"F:\Spiele\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = F:\Spiele\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Anno 1404 Web -- ()
"F:\Spiele\TmUnitedForever\TmForever.exe" = F:\Spiele\TmUnitedForever\TmForever.exe:*:Enabled:TmForever -- ()
"F:\Spiele\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe" = F:\Spiele\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance -- (Gas Powered Games)
"F:\Spiele\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe" = F:\Spiele\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance -- (Gas Powered Games)
"C:\Programme\Orbitdownloader\orbitdm.exe" = C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"F:\Spiele\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" = F:\Spiele\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\D-Laufwerk\Spiele\EA Games\speed.exe" = C:\D-Laufwerk\Spiele\EA Games\speed.exe:*:Enabled:speed -- ()
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Sony Ericsson\Update Service\Update Service.exe" = C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"F:\Spiele\Empire Interactive\FlatOut2\FlatOut2.exe" = F:\Spiele\Empire Interactive\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2 -- ()
"F:\Spiele\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe" = F:\Spiele\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe:*:Enabled:AddonWeb -- ()
"F:\Spiele\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe" = F:\Spiele\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)
"C:\Programme\Steam\SteamApps\atomictomcat\day of defeat source\hl2.exe" = C:\Programme\Steam\SteamApps\atomictomcat\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{07070EAB-9349-4F6C-AC13-AEFE436F9775}" = D-link AirPlus G DWL-G120 Wireless USB Adapter
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B25271C-C90B-056F-B4B1-84DFCC905497}" = ATI Catalyst Install Manager
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{141C141A-0DB8-E6E5-59AA-27576C20B75D}" = CCC Help English
"{1648DB98-AE62-6E92-F418-8A9ECCA078A9}" = Catalyst Control Center Graphics Previews Common
"{17200570-C3A0-DAAB-8232-491FEC0C1DF4}" = Catalyst Control Center Graphics Full Existing
"{17E83691-BC8E-BA2A-DE9B-AE845E1C2457}" = Catalyst Control Center Graphics Light
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D74A25E-F4A1-DD65-3327-FEE3C85A2565}" = Catalyst Control Center HydraVision Full
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{605BE2E8-D0D4-C157-68FD-40A318258E54}" = ccc-core-preinstall
"{636A7142-586A-4DF7-9207-191A2AF5610C}_is1" = AusLogics BoostSpeed
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71E8DEC6-8785-B293-FA6D-7A37A3D3E773}" = ccc-core-static
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{88713CAC-8759-6FE4-D577-A823E5865CB9}" = ccc-utility
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9C039633-4B58-4649-B8A5-5E08ABAA0ED7}" = D-Link AirPlus USB
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A93FE10A-42C3-B498-2856-2BBE22481A7A}" = Catalyst Control Center Graphics Full New
"{AB039765-AE63-4BBF-B2E1-7AA14FBE7C16}_is1" = Snej-Mod V6.003
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{B2BAD2AF-A391-4306-96A3-BA1139630D84}" = Catalyst Control Center InstallProxy
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C6CF0029-EF0A-439D-9A68-C5067EBFEA41}" = Mobile Master
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = 1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895}" = O&O Defrag Professional Edition
"{E81D9FF6-B45F-4DD4-9673-86B08AF6F705}" = HDDlife Pro 3.1
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{F029DBBC-FBBD-20CD-7038-6A703578EC79}" = Catalyst Control Center Core Implementation
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"7-Zip" = 7-Zip 9.11 beta
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"Any Video Converter_is1" = Any Video Converter 2.7.7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DA73216D935E3CBA996AFD6E6513ECC587E0C3C1" = Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
"DC-Bass Source" = DC-Bass Source 1.1.1
"Diablo II" = Diablo II
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"foobar2000" = foobar2000 v1.0.2.1
"Frets on Fire" = Frets On Fire
"HaaliMkx" = Haali Media Splitter
"Hamachi" = Hamachi 1.0.3.0
"HD Tune Pro_is1" = HD Tune Pro 3.50
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.5
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.24
"Monkey's Audio_is1" = Monkey's Audio
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MPE" = MyPhoneExplorer
"Nero8Lite_is1" = Nero 8 Micro 8.3.6.0
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"Orbit_is1" = Orbit Downloader
"Pausenkatzen Screensaver" = Pausenkatzen Screensaver
"PunkBusterSvc" = PunkBuster Services
"Puzzle Quest - Challenge of the Warlords" = Puzzle Quest - Challenge of the Warlords
"RealMedia" = RealMedia (remove only)
"RivaTuner" = RivaTuner v2.24
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Sorian AI Mod_is1" = Sorian AI Mod 2.0.0
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = DVD-Cover
"ST6UNST #2" = DVD-Cover 1.5
"Steam App 300" = Day of Defeat: Source
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmUnitedForever_is1" = TmUnitedForever
"TrueCrypt" = TrueCrypt
"UnderCoverXP_is1" = UnderCoverXP 1.23
"Update Service" = Update Service
"V3.2_is1" = File Scavenger 3.2
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9APDMOE" = Windows Media Video 9 Advanced Profile Codec
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 1.8.1
"Zattoo" = Zattoo 3.3.4 Beta
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.05.2010 13:47:09 | Computer Name = USER-ACDD367721 | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 21.05.2010 13:47:09 | Computer Name = USER-ACDD367721 | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 21.05.2010 13:47:09 | Computer Name = USER-ACDD367721 | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 21.05.2010 13:47:09 | Computer Name = USER-ACDD367721 | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 21.05.2010 13:47:09 | Computer Name = USER-ACDD367721 | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 25.05.2010 14:17:14 | Computer Name = USER-ACDD367721 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3743, fehlgeschlagenes
Modul kikin_3_6.dll, Version 2.0.11.0, Fehleradresse 0x0004c794.
Error - 28.05.2010 15:27:51 | Computer Name = USER-ACDD367721 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.com, Version 1.46.0.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.05.2010 05:36:43 | Computer Name = USER-ACDD367721 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.05.2010 05:40:01 | Computer Name = USER-ACDD367721 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.05.2010 06:08:14 | Computer Name = USER-ACDD367721 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung jre-6u20-windows-i586-iftw-rv.exe, Version
6.0.200.2, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 31.05.2010 08:21:52 | Computer Name = USER-ACDD367721 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Upgrade Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 31.05.2010 08:21:52 | Computer Name = USER-ACDD367721 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HDD & SSD access service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 31.05.2010 15:40:27 | Computer Name = USER-ACDD367721 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 31.05.2010 15:40:32 | Computer Name = USER-ACDD367721 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 31.05.2010 18:38:17 | Computer Name = USER-ACDD367721 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 31.05.2010 18:44:14 | Computer Name = USER-ACDD367721 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 01.06.2010 06:39:17 | Computer Name = USER-ACDD367721 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Upgrade Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 01.06.2010 06:39:17 | Computer Name = USER-ACDD367721 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HDD & SSD access service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 01.06.2010 08:54:50 | Computer Name = USER-ACDD367721 | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.2.100
mit dem Computer mit der Netzwerkhardwareadresse 00:0E:35:D0:30:5F ermittelt. Netzwerkvorgänge
könnten daher auf diesem System unterbrochen werden.
Error - 01.06.2010 08:54:52 | Computer Name = USER-ACDD367721 | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.2.100
mit dem Computer mit der Netzwerkhardwareadresse 00:0E:35:D0:30:5F ermittelt. Netzwerkvorgänge
könnten daher auf diesem System unterbrochen werden.
< End of report >
--- --- --- |
|
| Themen zu TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys |
| adobe, anti malware, antivir guard, avg, avira, bho, browser, browseui preloader, cdburnerxp, controlset002, desktop, downloader, explorer, extrem langsam, firefox, hkus\s-1-5-18, internet explorer, langsam, logfile, mozilla, object, plug-in, problem, registry, rootkit, senden, software, system, temp, trojaner, windows, windows xp |
Textbox.
.
Linear-Darstellung
