Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys

TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys


Plagegeister aller Art und deren Bekämpfung: TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 13.06.2010, 10:30   #1
souleater
 
TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard

TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys


Seit einiger Zeit hab ich immer die Fehlermeldung das die Datei

C:\Windows\System32\drivers\taunpo.sys

in meinem PC infiziert ist mit dem trjonaischen Pferd TR/Rootkin.gen

Ich habe die ANleitung befolgt und poste denn mal alle Reports

Zitat:
Zitat von Malwarebytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4192

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.06.2010 11:00:19
mbam-log-2010-06-13 (11-00-19).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129006
Laufzeit: 4 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\windows\system32\Drivers\taunpo.sys (Trojan.Rootkit) -> Quarantined and deleted successfully.
[QUOTE=OTL]OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/13/2010 11:03:03 AM - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\***\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 198.29 Gb Total Space | 149.09 Gb Free Space | 75.19% Space Free | Partition Type: NTFS
Drive D: | 252.37 Gb Total Space | 252.28 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 391.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 7.45 Gb Total Space | 7.44 Gb Free Space | 99.88% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\drivers\WTSrv.exe (Tablet Driver)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) --  File not found
SRV - (Akamai) -- c:\program files\common files\akamai\rswin_3697.dll ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (WinTabService) -- C:\windows\System32\Drivers\WTSRV.EXE (Tablet Driver)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (Tablet2k) -- C:\Windows\System32\Tablet2k.cat ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (UCTblHid) -- C:\Windows\System32\drivers\UCTblHid.sys (Tablet Driver)
DRV - (TClass2k) -- C:\Windows\System32\drivers\TClass2k.sys (Tablet Driver)
DRV - (PTSimHid) -- C:\Windows\System32\drivers\PTSimHid.sys (PenTablet Driver)
DRV - (PTSimBus) -- C:\Windows\System32\drivers\PTSimBus.sys (PenTablet Driver)
DRV - (SAVRKBootTasks) -- C:\Windows\System32\SAVRKBootTasks.sys (Sophos Plc)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SABI) -- C:\Windows\System32\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ***://***.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ***=127.0.0.1:6860
 
========== FireFox ==========
 
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 20:39:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/09 20:39:01 | 000,000,000 | ---D | M]
 
[2009/12/08 21:21:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010/06/12 21:49:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions
[2010/04/11 10:24:15 | 000,000,000 | ---D | M] (LinkChecker) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}
[2010/04/26 20:15:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/08 07:10:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\illimitux@illimitux.net
[2010/04/26 20:15:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\personas@christopher.beard
[2010/03/18 22:29:15 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/03/14 23:24:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/03/14 23:24:50 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/03/14 23:24:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/03/14 23:24:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/03/14 23:24:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Users\***\Documents\Installieren\MBAM\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WTClient] C:\windows\System32\WTClient.exe (Tablet Driver)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} ***://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ***://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} ***://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/11/25 15:05:10 | 000,000,046 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{15596053-cdae-11de-b148-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{15596053-cdae-11de-b148-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe -- [2009/11/03 22:36:04 | 000,509,034 | R--- | M] (Adobe Systems, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/06/13 10:44:22 | 003,387,040 | ---- | C] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup232.exe
[2010/06/13 10:33:23 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010/06/11 19:43:18 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Roaming\lowsec
[2010/06/11 13:24:16 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010/06/11 13:24:15 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll
[2010/06/11 13:24:11 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010/06/11 13:24:10 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/06/11 13:24:10 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/06/11 13:24:10 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010/06/11 13:23:56 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010/06/11 13:23:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010/06/09 19:42:11 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\windows\System32\SAVRKBootTasks.sys
[2010/06/08 21:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2010/06/08 21:00:19 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\System32\GEARAspi.dll
[2010/06/08 20:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/08 20:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/06 21:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/06/06 21:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/06 21:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/01 20:40:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WTablet
[2010/06/01 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WTouch
[2010/06/01 20:40:31 | 000,245,032 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\System32\Touch_Tablet.dll
[2010/06/01 20:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2010/06/01 20:40:06 | 006,393,640 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\System32\PenTablet.cpl
[2010/06/01 20:39:41 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\windows\System32\drivers\wacommousefilter.sys
[2010/06/01 20:39:33 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\windows\System32\drivers\wacomvhid.sys
[2010/06/01 20:39:29 | 000,000,000 | ---D | C] -- C:\windows\System32\WTablet
[2010/06/01 20:39:25 | 004,497,704 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\System32\Pen_Tablet.exe
[2010/06/01 20:39:25 | 000,416,040 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\System32\Pen_Tablet.dll
[2010/06/01 20:39:25 | 000,284,160 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\System32\Wintab32.dll
[2010/06/01 20:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010/05/31 19:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2010/05/31 19:20:12 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\windows\System32\drivers\wacmoumonitor.sys
[2010/05/30 19:04:17 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Wiederhergestellt
[2010/05/30 13:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2010/05/30 12:58:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Corel
[2010/05/30 12:14:49 | 000,261,120 | ---- | C] (InstallShield Corporation, Inc.) -- C:\windows\UN160407.EXE
[2010/05/30 12:14:49 | 000,026,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System\CTL3D.DLL
[2010/05/26 21:03:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010/05/25 19:24:33 | 000,000,000 | ---D | C] -- C:\Users\***\Neuer Ordner (2)
[2010/05/25 12:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/05/24 22:27:06 | 000,578,456 | ---- | C] (Innovasys) -- C:\windows\System32\ExpBar1.ocx
[2010/05/24 22:27:06 | 000,458,752 | ---- | C] (Variad Corporation) -- C:\windows\System32\varOSButton.ocx
[2010/05/24 22:27:06 | 000,118,272 | ---- | C] (Crescent Division of Progress Software Corporation) -- C:\windows\System32\qpro32.dll
[2010/05/24 22:27:06 | 000,045,056 | ---- | C] (Gamesman Inc.) -- C:\windows\System32\ctfile.ocx
[2010/05/24 22:27:06 | 000,012,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SCRRNDE.DLL
[2010/05/24 22:27:05 | 001,846,784 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\System32\crpe32.dll
[2010/05/24 22:27:05 | 001,007,616 | ---- | C] (ProWorks Corp.) -- C:\windows\System32\FlpGrf.ocx
[2010/05/24 22:27:05 | 000,823,784 | ---- | C] (APEX Software Corporation) -- C:\windows\System32\TDBG6.OCX
[2010/05/24 22:27:05 | 000,250,336 | ---- | C] (Apex Software Corporation) -- C:\windows\System32\TDBGPP.DLL
[2010/05/24 22:27:05 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSFLXGRD.OCX
[2010/05/24 22:27:05 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TABCTL32.OCX
[2010/05/24 22:27:05 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RICHTX32.OCX
[2010/05/24 22:27:05 | 000,187,664 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\System32\crystl32.ocx
[2010/05/24 22:27:05 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\COMDLG32.OCX
[2010/05/24 22:27:05 | 000,126,976 | ---- | C] (Gamesman Inc.) -- C:\windows\System32\ctmonth.ocx
[2010/05/24 22:27:05 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VB6DE.DLL
[2010/05/24 22:27:05 | 000,110,080 | ---- | C] (Crescent Division of Progress Software Corporation.) -- C:\windows\System32\cscomb32.ocx
[2010/05/24 22:27:05 | 000,098,304 | ---- | C] (dbi Technologies Inc.) -- C:\windows\System32\ctdedit.ocx
[2010/05/24 22:27:05 | 000,094,208 | ---- | C] (Personal) -- C:\windows\System32\ColorPicker.ocx
[2010/05/24 22:27:05 | 000,090,112 | ---- | C] (Gamesman Inc.) -- C:\windows\System32\ctdate.ocx
[2010/05/24 22:27:05 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VB5DB.DLL
[2010/05/24 22:27:05 | 000,079,872 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\System32\p2bdao.dll
[2010/05/24 22:27:05 | 000,079,872 | ---- | C] (Crescent Division of Progress Software Corporation.) -- C:\windows\System32\csspin32.ocx
[2010/05/24 22:27:05 | 000,077,824 | ---- | C] (DBI Technologies Inc.) -- C:\windows\System32\ctimage.ocx
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] (Gamesman Inc.) -- C:\windows\System32\ctmeter.ocx
[2010/05/24 22:27:05 | 000,050,688 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\System32\p2irdao.dll
[2010/05/24 22:27:05 | 000,036,352 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\System32\p2ctdao.dll
[2010/05/24 22:27:05 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RCHTXDE.DLL
[2010/05/24 22:27:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CMDLGDE.DLL
[2010/05/24 22:27:05 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TABCTDE.DLL
[2010/05/24 22:27:05 | 000,018,944 | ---- | C] ( ) -- C:\windows\System32\implode.dll
[2010/05/24 22:27:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\STDFTDE.DLL
[2010/05/23 12:26:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010/05/23 12:25:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/05/23 12:25:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/05/23 12:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/23 11:53:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2010/05/23 11:52:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2010/05/23 11:52:53 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2010/05/23 11:52:53 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntdd.sys
[2010/05/23 11:52:53 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntmgr.sys
[2010/05/23 11:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/05/23 11:13:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\dbhhjefoq
[2010/05/22 23:06:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\KaLoMa
[2010/05/16 12:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/06/13 11:05:19 | 000,823,808 | ---- | M] () -- C:\windows\System32\drivers\taunpo.sys
[2010/06/13 11:01:56 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/06/13 11:01:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/06/13 11:01:47 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/13 11:01:06 | 002,097,152 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2010/06/13 11:01:05 | 005,463,956 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010/06/13 10:52:59 | 000,000,206 | ---- | M] () -- C:\Users\***\Desktop\cc_20100613_105244.reg
[2010/06/13 10:51:34 | 000,000,312 | ---- | M] () -- C:\Users\***\Desktop\cc_20100613_105130.reg
[2010/06/13 10:50:36 | 000,003,436 | ---- | M] () -- C:\Users\***\Desktop\cc_20100613_105030.reg
[2010/06/13 10:49:48 | 000,180,572 | ---- | M] () -- C:\Users\***\Desktop\cc_20100613_104918.reg
[2010/06/13 10:45:26 | 002,281,378 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010/06/13 10:45:26 | 001,129,130 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/06/13 10:45:26 | 000,654,470 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010/06/13 10:45:26 | 000,575,778 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/06/13 10:45:26 | 000,004,762 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/06/13 10:45:17 | 000,001,945 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010/06/13 10:33:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010/06/13 10:29:48 | 003,387,040 | ---- | M] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup232.exe
[2010/06/13 10:21:04 | 000,231,390 | ---- | M] () -- C:\Users\***\Desktop\RootkitRevealer.zip
[2010/06/13 09:19:59 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/13 09:19:59 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/11 22:41:53 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/06/11 20:04:57 | 003,791,192 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/08 21:06:24 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010/06/08 21:00:26 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/06 21:55:52 | 000,113,416 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/06 21:43:16 | 000,001,389 | ---- | M] () -- C:\Users\***\Desktop\Adobe Photoshop CS5.lnk
[2010/05/30 18:20:45 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/30 12:58:15 | 000,000,008 | RHS- | M] () -- C:\ProgramData\C96FFE052E.sys
[2010/05/27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010/05/27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010/05/25 13:54:54 | 000,000,145 | --S- | M] () -- C:\Users\***\AppData\Local\1714199777.dat
[2010/05/25 13:53:34 | 000,000,004 | ---- | M] () -- C:\Users\***\AppData\Roaming\ovczpx.dat
[2010/05/23 12:25:28 | 000,001,116 | ---- | M] () -- C:\Users\***\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/23 11:53:00 | 000,002,012 | ---- | M] () -- C:\Users\***\Desktop\Avira AntiVir Control Center.lnk
[2010/05/23 11:21:25 | 000,003,321 | -HS- | M] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922P.manifest
[2010/05/23 11:13:47 | 000,000,013 | -HS- | M] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922C.manifest
[2010/05/23 11:13:47 | 000,000,011 | -HS- | M] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922S.manifest
[2010/05/23 11:13:47 | 000,000,011 | -HS- | M] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922O.manifest
[2010/05/21 07:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/06/13 10:52:47 | 000,000,206 | ---- | C] () -- C:\Users\***\Desktop\cc_20100613_105244.reg
[2010/06/13 10:51:32 | 000,000,312 | ---- | C] () -- C:\Users\***\Desktop\cc_20100613_105130.reg
[2010/06/13 10:50:33 | 000,003,436 | ---- | C] () -- C:\Users\***\Desktop\cc_20100613_105030.reg
[2010/06/13 10:49:29 | 000,180,572 | ---- | C] () -- C:\Users\***\Desktop\cc_20100613_104918.reg
[2010/06/13 10:41:27 | 000,231,390 | ---- | C] () -- C:\Users\***\Desktop\RootkitRevealer.zip
[2010/06/08 21:06:24 | 000,001,043 | ---- | C] () -- C:\Users\***\Desktop\Last.fm.lnk
[2010/06/08 21:00:26 | 000,002,429 | ---- | C] () -- C:\Users\***\Desktop\iTunes.lnk
[2010/06/06 22:31:24 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/06/06 21:43:16 | 000,001,389 | ---- | C] () -- C:\Users\***\Desktop\Adobe Photoshop CS5.lnk
[2010/06/01 20:46:54 | 000,000,488 | ---- | C] () -- C:\windows\System32\TouchTabletUserDefaults.xml
[2010/06/01 20:46:54 | 000,000,488 | ---- | C] () -- C:\windows\System32\PenTabletUserDefaults.xml
[2010/06/01 20:40:06 | 001,595,175 | ---- | C] () -- C:\windows\System32\PenTablet.znc
[2010/05/30 12:58:15 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/30 12:58:15 | 000,000,008 | RHS- | C] () -- C:\ProgramData\C96FFE052E.sys
[2010/05/25 13:53:35 | 000,000,145 | --S- | C] () -- C:\Users\***\AppData\Local\1714199777.dat
[2010/05/25 13:53:34 | 000,000,004 | ---- | C] () -- C:\Users\***\AppData\Roaming\ovczpx.dat
[2010/05/24 22:27:05 | 000,748,160 | ---- | C] () -- C:\windows\System32\CO2C40EN.DLL
[2010/05/24 22:27:05 | 000,153,761 | ---- | C] () -- C:\windows\System32\u2frtf.dll
[2010/05/24 22:27:05 | 000,124,256 | ---- | C] () -- C:\windows\System32\u2dmapi.dll
[2010/05/24 22:27:05 | 000,109,568 | ---- | C] () -- C:\windows\System32\u2fhtml.dll
[2010/05/24 22:27:05 | 000,097,489 | ---- | C] () -- C:\windows\System32\u2fcr.dll
[2010/05/24 22:27:05 | 000,069,632 | ---- | C] () -- C:\windows\System32\u2fxls.dll
[2010/05/24 22:27:05 | 000,069,632 | ---- | C] () -- C:\windows\System32\u2fwordw.dll
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] () -- C:\windows\System32\u2fwks.dll
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] () -- C:\windows\System32\u2ftext.dll
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] () -- C:\windows\System32\u2fsepv.dll
[2010/05/24 22:27:05 | 000,049,152 | ---- | C] () -- C:\windows\System32\u2frec.dll
[2010/05/24 22:27:05 | 000,049,152 | ---- | C] () -- C:\windows\System32\u2fdif.dll
[2010/05/24 22:27:05 | 000,045,056 | ---- | C] () -- C:\windows\System32\u2ddisk.dll
[2010/05/23 12:25:28 | 000,001,116 | ---- | C] () -- C:\Users\***\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/23 11:53:00 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/05/23 11:14:54 | 000,823,808 | ---- | C] () -- C:\windows\System32\drivers\taunpo.sys
[2010/05/23 11:13:47 | 000,003,321 | -HS- | C] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922P.manifest
[2010/05/23 11:13:47 | 000,000,013 | -HS- | C] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922C.manifest
[2010/05/23 11:13:47 | 000,000,011 | -HS- | C] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922S.manifest
[2010/05/23 11:13:47 | 000,000,011 | -HS- | C] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922O.manifest
[2009/12/26 22:36:22 | 000,000,248 | ---- | C] () -- C:\windows\Tablet8000x6000M.ini
[2009/12/26 22:23:07 | 000,010,240 | ---- | C] () -- C:\windows\System32\ucinst32.dll
[2009/12/07 21:08:01 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/09/22 07:21:26 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
 
========== LOP Check ==========
 
[2010/04/21 20:47:34 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2009/12/10 19:12:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010/05/29 22:28:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ezaloz
[2010/04/21 20:47:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GameConsole
[2010/02/02 16:23:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Go Go Gourmet
[2010/02/19 21:38:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hdbADS
[2010/05/22 23:06:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KaLoMa
[2010/06/11 20:05:54 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec
[2010/04/19 23:17:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON
[2010/01/10 16:05:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon
[2010/05/29 22:05:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ogcit
[2010/02/07 15:31:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010/02/20 12:44:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SYSTEMAX Software Development
[2010/06/01 20:40:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WTouch
[2010/05/15 09:46:04 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2010/04/23 10:35:24 | 000,035,922 | ---- | M] ()(C:\Users\***\Documents\Letter Bee ?.rtf) -- C:\Users\***\Documents\Letter Bee ♥.rtf
[2010/01/24 16:54:12 | 000,035,922 | ---- | C] ()(C:\Users\***\Documents\Letter Bee ?.rtf) -- C:\Users\***\Documents\Letter Bee ♥.rtf
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
< End of report >
--- --- ---


[QUOTE=Extras]OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 6/13/2010 11:03:03 AM - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\***\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 198.29 Gb Total Space | 149.09 Gb Free Space | 75.19% Space Free | Partition Type: NTFS
Drive D: | 252.37 Gb Total Space | 252.28 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 391.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 7.45 Gb Total Space | 7.44 Gb Free Space | 99.88% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Users\***\Documents\Installieren\ADOBE Photoshop CS5 2\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller  Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{938DB54D-B302-4594-A782-32219F1734AB}" = Canon Camera WIA Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ClearProg" = ClearProg 1.6.0 Final
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Defraggler" = Defraggler
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GOM Player" = GOM Player
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{938DB54D-B302-4594-A782-32219F1734AB}" = Canon PowerShot S45 WIA-Treiber
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"PROHYBRIDR" = 2007 Microsoft Office system
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrainingsplanV3.0_is1" = Trainingsplan V3.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 6/8/2010 3:55:21 PM | Computer Name = ***-*** | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 6/9/2010 5:07:34 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 452: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/9/2010 5:07:34 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 200: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/9/2010 5:07:34 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 336: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/9/2010 5:07:34 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 196: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/9/2010 5:07:34 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 204: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/10/2010 5:33:39 PM | Computer Name = ***-*** | Source = TabletServicePen | ID = 0
Description = 
 
Error - 6/10/2010 6:04:43 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 368: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/10/2010 6:04:43 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 452: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/10/2010 6:04:43 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 476: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
[ System Events ]
Error - 5/21/2010 12:47:07 PM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/22/2010 4:34:13 PM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/23/2010 4:36:15 AM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/23/2010 5:14:54 AM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "1394 OHCI Compliant Host Controller" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%31
 
Error - 5/23/2010 5:53:12 AM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 5/23/2010 6:39:19 AM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/23/2010 6:10:55 PM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/23/2010 7:26:38 PM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/24/2010 6:28:56 AM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/24/2010 1:25:07 PM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
--- --- ---
 

Themen zu TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys
0 bytes, 32-bit, akamai, alternate, antivir, autorun, avgntflt.sys, avira, bho, bonjour, canon, ccsetup, components, conhost.exe, converter, corp./icp, error, excel, firefox, firefox.exe, flash player, fontcache, home, home premium, iastor.sys, install.exe, installation, location, logfile, malwarebytes' anti-malware, menu.exe, microsoft office 2003, microsoft office word, mozilla, mp3, mssql, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl logfile, otl.exe, pc infiziert, plug-in, programdata, realtek, registry, rundll, saver, sched.exe, searchplugins, security, security update, server, shell32.dll, software, sophos anti-rootkit, system, taskhost.exe, usb, webcheck, windows


« Dateien erstellen sich selbst | Antimalware Doctor ist weg oder doch nicht? »


Ähnliche Themen: TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys


  1. Avira meldet TR/Rootkit.Gen in C:windows/system32/drivers....was ist zu tun?
    Plagegeister aller Art und deren Bekämpfung - 19.07.2014 (22)
  2. C:\Windows\System32\Drivers\spxi.sys
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (2)
  3. C:\Windows\System32\drivers\Wdf01000.sys - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (3)
  4. Rootkit C:\windows\system32\drivers\volmgr.sys
    Plagegeister aller Art und deren Bekämpfung - 01.02.2011 (8)
  5. TR/Rootkit.Gen in C:\Windows\System32\drivers\ghldywj.sys
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (9)
  6. Rootkit in C:\Windows\system32\drivers\afkw4fu9.sys ?
    Log-Analyse und Auswertung - 08.08.2010 (4)
  7. Datei aus windows/system32/drivers entfernen
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (21)
  8. Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys
    Plagegeister aller Art und deren Bekämpfung - 21.06.2010 (10)
  9. TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (16)
  10. Win32/PATCHED.DO in C:\WINDOWS\system32\drivers\ftdisk.sys
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (1)
  11. TR/Rootkit.Gen in C:\Windows\System32\drivers\ezokdc.sys
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (6)
  12. Datei C:\Windows\System32\drivers\mhpccj.sys
    Plagegeister aller Art und deren Bekämpfung - 28.05.2010 (19)
  13. virus in windows/system32/drivers und svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 29.04.2010 (1)
  14. C:\WINDOWS\system32\drivers\**; befürchte Rootkit
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (18)
  15. TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys
    Plagegeister aller Art und deren Bekämpfung - 09.04.2010 (8)
  16. TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts
    Plagegeister aller Art und deren Bekämpfung - 12.09.2009 (15)
  17. Hosts Datei in windows/system32/drivers
    Plagegeister aller Art und deren Bekämpfung - 19.09.2006 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Seit einiger Zeit hab ich immer die Fehlermeldung das die Datei C:\Windows\System32\drivers\taunpo.sys in meinem PC infiziert ist mit dem trjonaischen Pferd TR/Rootkin.gen Ich habe die ANleitung befolgt und poste denn - TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys...
Archiv
Du betrachtest: TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19