|
Plagegeister aller Art und deren Bekämpfung: Google leitet mich immer wieder umWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.10.2010, 20:29 | #1 |
| Google leitet mich immer wieder um Hallo ich habe ein Problem und zwar leitet mich Google regelmäßig auf andere Suchmaschinen und andere Seiten um. Ich weiß nicht womit es begonnen hat, also was ich falsch gemacht habe. Hier ist der Malwarebytes log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4862 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 17.10.2010 21:01:57 mbam-log-2010-10-17 (21-01-57).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 174138 Laufzeit: 8 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{c2a9863c-100e-f7ea-934b-b2436973e9a9} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und nun die Logs von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.10.2010 21:14:01 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 911,52 Gb Total Space | 711,74 Gb Free Space | 78,08% Space Free | Partition Type: NTFS Drive D: | 19,98 Gb Total Space | 9,30 Gb Free Space | 46,53% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.com.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Users\***\Program Files\DNA\btdna.exe (BitTorrent, Inc.) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de) PRC - C:\Programme\TCM\TCM COMBO SET\PS2USBKbdDrv.exe () PRC - C:\Programme\TCM\TCM COMBO SET\MouseDrv.exe () PRC - C:\Programme\Free Spyware Scanner\SpyWatcher.exe (Topdownloads Networks) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () ========== Driver Services (SafeList) ========== DRV - (XDva370) -- C:\Windows\System32\XDva370.sys File not found DRV - (XDva362) -- C:\Windows\System32\XDva362.sys File not found DRV - (XDva359) -- C:\Windows\System32\XDva359.sys File not found DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found DRV - (XDva348) -- C:\Windows\System32\XDva348.sys File not found DRV - (XDva347) -- C:\Windows\System32\XDva347.sys File not found DRV - (XDva346) -- C:\Windows\System32\XDva346.sys File not found DRV - (XDva345) -- C:\Windows\System32\XDva345.sys File not found DRV - (XDva344) -- C:\Windows\System32\XDva344.sys File not found DRV - (XDva343) -- C:\Windows\System32\XDva343.sys File not found DRV - (XDva342) -- C:\Windows\System32\XDva342.sys File not found DRV - (XDva337) -- C:\Windows\System32\XDva337.sys File not found DRV - (XDva336) -- C:\Windows\System32\XDva336.sys File not found DRV - (XDva332) -- C:\Windows\System32\XDva332.sys File not found DRV - (XDva327) -- C:\Windows\System32\XDva327.sys File not found DRV - (XDva321) -- C:\Windows\System32\XDva321.sys File not found DRV - (XDva317) -- C:\Windows\System32\XDva317.sys File not found DRV - (XDva315) -- C:\Windows\System32\XDva315.sys File not found DRV - (XDva310) -- C:\Windows\System32\XDva310.sys File not found DRV - (vsdatant7) -- C:\Windows\System32\drivers\vsdatant.win7.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (dsltestSp5) -- C:\Windows\System32\drivers\DslTestSp5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Programme\BS_Player\tbBS_1.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Programme\BS_Player\tbBS_1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.23 16:55:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.23 16:55:07 | 000,000,000 | ---D | M] [2009.03.29 14:48:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.10.17 14:39:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bxgw597k.default\extensions [2010.09.16 18:49:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bxgw597k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.16 18:49:09 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bxgw597k.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010.09.25 11:07:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bxgw597k.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.09.16 18:50:09 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bxgw597k.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.09.16 18:49:08 | 000,000,000 | ---D | M] (BS Player Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bxgw597k.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} [2010.10.11 19:56:45 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\bxgw597k.default\searchplugins\icqplugin-1.xml [2009.06.18 18:57:02 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\bxgw597k.default\searchplugins\icqplugin-2.xml [2009.08.01 13:22:55 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\bxgw597k.default\searchplugins\icqplugin-3.xml [2009.08.12 19:32:37 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\bxgw597k.default\searchplugins\icqplugin-4.xml [2009.09.17 14:21:22 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\bxgw597k.default\searchplugins\icqplugin-5.xml [2009.04.29 17:04:24 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\bxgw597k.default\searchplugins\icqplugin.xml [2009.10.22 13:59:12 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.04.10 21:31:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.06.04 21:08:39 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll [2010.09.21 15:14:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.21 15:14:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.21 15:14:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.21 15:14:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.21 15:14:14 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.10 10:11:29 | 000,411,777 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14233 more lines... O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Programme\BS_Player\tbBS_1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Programme\BS_Player\tbBS_1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Programme\BS_Player\tbBS_1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Spy Watcher] C:\Programme\Free Spyware Scanner\SpyWatcher.exe (Topdownloads Networks) O4 - HKLM..\Run: [WireLessKeyboard ] C:\Programme\TCM\TCM COMBO SET\PS2USBKbdDrv.exe () O4 - HKLM..\Run: [WireLessMouse ] C:\Programme\TCM\TCM COMBO SET\MouseDrv.exe () O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\***\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [Feeds] C:\Windows\feeds.bat.lnk File not found O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Users\***\Desktop\AGBOT~1.PAC\EDXDET~1\detour.dll) - C:\Users\***\Desktop\AGBOT~1.PAC\EDXDET~1\detour.dll File not found O20 - AppInit_DLLs: (C:\Users\***\Desktop\AGBOT~1.PAC\EDXDET~1\detour.dll) - C:\Users\***\Desktop\AGBOT~1.PAC\EDXDET~1\detour.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010.10.17 21:00:21 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.10.17 20:50:01 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.10.17 20:46:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.10.17 20:25:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.17 20:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.17 20:25:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.17 20:25:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.13 18:55:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.13 18:46:51 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.13 18:46:19 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.13 18:45:53 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.13 18:41:14 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.13 18:41:14 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.13 18:40:36 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.13 18:40:34 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.13 18:40:27 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.13 18:40:25 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.13 18:40:25 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.13 18:40:25 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.13 18:40:25 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.13 18:40:25 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.10.13 18:40:25 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.10.13 18:40:25 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.13 18:40:25 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.10.13 18:40:25 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.03 13:06:22 | 000,000,000 | ---D | C] -- C:\Users\Weisel\Documents\Meine Corel-Shows [2010.09.29 14:13:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.09.28 17:26:07 | 000,000,000 | ---D | C] -- C:\Users\Weisel\AppData\Roaming\Avira [2010.09.28 17:21:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.09.28 17:21:54 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.09.28 17:21:54 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.09.28 17:21:54 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.09.28 17:21:54 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.09.28 17:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.09.25 14:22:01 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2009.07.01 18:19:54 | 348,281,957 | ---- | C] (Subagames.com ) -- C:\Programme\CrossFire_Setup_v1011.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.17 21:15:00 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2010.10.17 21:00:13 | 001,062,574 | ---- | M] () -- C:\Users\***\Desktop\7z911.exe [2010.10.17 20:50:01 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Weisel\Desktop\OTL.exe [2010.10.17 20:48:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.17 20:25:05 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.17 19:51:30 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.17 19:49:40 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.17 19:49:40 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.17 19:49:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.17 19:49:19 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys [2010.10.17 17:15:18 | 000,002,623 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Word.lnk [2010.10.17 15:47:19 | 000,029,184 | ---- | M] () -- C:\Users\***\Documents\FolieMINT.doc [2010.10.15 13:20:06 | 003,659,982 | ---- | M] () -- C:\Users\***\Desktop\Usher - DJ Got Us Falling In Love Again.mp3 [2010.10.15 13:20:05 | 000,975,556 | ---- | M] () -- C:\Users\***\Desktop\Gigi D'Agostino - I'll Fly with You.mp3 [2010.10.14 06:20:50 | 000,302,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.13 14:43:15 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2010.10.11 11:49:28 | 000,003,452 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys [2010.10.11 11:49:24 | 000,000,088 | RHS- | M] () -- C:\Windows\System32\B767E94595.sys [2010.10.04 18:10:08 | 008,742,220 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.04 18:10:08 | 003,070,156 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.04 18:10:08 | 002,477,918 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.04 18:10:07 | 002,724,536 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.01 15:07:14 | 004,678,550 | ---- | M] () -- C:\Users\***\Desktop\IYAZ - Solo.MP3 [2010.09.24 20:41:52 | 003,821,696 | ---- | M] () -- C:\Users\***\Desktop\Michael Mind Project - Feel Your Body.mp3 [2010.09.20 11:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.09.18 17:50:21 | 000,165,376 | ---- | M] () -- C:\Users\***\Desktop\bus_portfolio.doc [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.17 21:00:09 | 001,062,574 | ---- | C] () -- C:\Users\***\Desktop\7z911.exe [2010.10.17 20:25:05 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.17 19:53:34 | 004,159,105 | ---- | C] () -- C:\Users\***\Desktop\Lady GaGa - Paparazzi.mp3 [2010.10.17 15:47:19 | 000,029,184 | ---- | C] () -- C:\Users\***\Documents\FolieMINT.doc [2010.10.14 22:41:46 | 003,659,982 | ---- | C] () -- C:\Users\***\Desktop\Usher - DJ Got Us Falling In Love Again.mp3 [2010.10.14 22:39:42 | 000,975,556 | ---- | C] () -- C:\Users\***\Desktop\Gigi D'Agostino - I'll Fly with You.mp3 [2010.10.02 16:40:52 | 004,678,550 | ---- | C] () -- C:\Users\***\Desktop\IYAZ - Solo.MP3 [2010.10.02 16:40:47 | 003,821,696 | ---- | C] () -- C:\Users\***\Desktop\Michael Mind Project - Feel Your Body.mp3 [2010.09.25 14:22:03 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2010.02.26 14:57:18 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.02.03 17:09:53 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat [2009.11.02 15:40:06 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.09.22 20:13:53 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.06.28 15:02:05 | 000,015,872 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.04 16:42:59 | 000,000,009 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdb.bin [2009.04.04 12:46:58 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2009.04.01 20:19:51 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\B767E94595.sys [2009.04.01 20:19:50 | 000,003,452 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.03.27 19:04:39 | 000,001,114 | ---- | C] () -- C:\Users\*** [2009.01.23 16:37:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 72 bytes -> C:\Windows:6710A79750971EC0 @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66B13F37 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6152D44C < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.10.2010 21:14:01 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 911,52 Gb Total Space | 711,74 Gb Free Space | 78,08% Space Free | Partition Type: NTFS Drive D: | 19,98 Gb Total Space | 9,30 Gb Free Space | 46,53% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = Opera.HTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{001BEE00-47B8-4A3C-8796-1C38B49B9D0E}" = lport=2869 | protocol=6 | dir=in | app=system | "{00F890EB-7337-4974-9F81-70B27621B1B4}" = lport=6933 | protocol=17 | dir=in | name=league of legends launcher | "{06FE4955-1E71-4B1F-94DA-5E5EFF1A2C1F}" = lport=6883 | protocol=6 | dir=in | name=league of legends launcher | "{2152B8B3-62D2-4BB0-A463-0E02F8E5A7D8}" = lport=6883 | protocol=17 | dir=in | name=league of legends launcher | "{2AC644EE-1B3C-4482-98B0-60DB0BE60FC7}" = lport=6950 | protocol=6 | dir=in | name=league of legends launcher | "{2EECFA56-1812-4AAD-8D2C-0FF6C1F90630}" = lport=6983 | protocol=6 | dir=in | name=league of legends launcher | "{438EAE9D-BE8B-46D7-ADCD-B9A09C9D35CC}" = lport=6957 | protocol=17 | dir=in | name=league of legends launcher | "{484FEC70-14F8-4A66-81A5-5559D1BD2DBF}" = rport=139 | protocol=6 | dir=out | app=system | "{4DBCA4DC-8416-427C-88BA-2992B76B321A}" = lport=6967 | protocol=6 | dir=in | name=league of legends launcher | "{50CA6076-3748-4E9A-AE09-0A5370BE122A}" = lport=6933 | protocol=6 | dir=in | name=league of legends launcher | "{5605CBE8-E425-4CC8-8650-11E2E54CD410}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | "{6244266C-BA13-411D-8135-B3FE1C593740}" = lport=6957 | protocol=6 | dir=in | name=league of legends launcher | "{8D1DC060-8445-4755-8DFC-E442E25D477F}" = lport=139 | protocol=6 | dir=in | app=system | "{8E09107B-1DCB-445A-B151-E7A8BCE866E4}" = rport=445 | protocol=6 | dir=out | app=system | "{8EC5676F-6E0C-485A-B7D8-CCC0A51902E3}" = rport=137 | protocol=17 | dir=out | app=system | "{924AC7F4-9A89-4298-AFDE-200F2956C1F7}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | "{9FBF1464-4E14-4272-A57F-A6FD097F0D19}" = lport=6983 | protocol=17 | dir=in | name=league of legends launcher | "{A4F0297B-AB98-46AD-948E-10756EBC003D}" = lport=445 | protocol=6 | dir=in | app=system | "{A8FF4D4D-379C-469D-B062-C00D957AB101}" = rport=138 | protocol=17 | dir=out | app=system | "{AC7BBF24-F578-4AE7-AB29-C81FECF2A546}" = lport=137 | protocol=17 | dir=in | app=system | "{B6B8A548-913C-4929-BB5D-74880C413469}" = lport=6905 | protocol=6 | dir=in | name=league of legends launcher | "{BB2252DE-4DCD-451A-9279-124F289E7B3F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C312AB40-B5C5-430B-99BE-184C8ACD417F}" = lport=138 | protocol=17 | dir=in | app=system | "{CC96B6AF-7507-4609-A1B9-BAE5EF391C32}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D24F0E0B-06FC-4321-926F-B05F4749F144}" = lport=6905 | protocol=17 | dir=in | name=league of legends launcher | "{DB8A9A3A-6AC8-4875-B6BB-B3D9FF65324A}" = lport=6967 | protocol=17 | dir=in | name=league of legends launcher | "{E882AAA3-D43C-49CC-A0D5-00E6E2700FE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{F234F8DE-BAB0-4902-B671-8AAF4236D9FE}" = lport=6950 | protocol=17 | dir=in | name=league of legends launcher | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01D02C4C-30B8-487A-9396-1AEB431B5046}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{0EE77DD1-3727-4494-AB7E-F7F415818091}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1164C742-4982-4BA2-99C4-629F9BA91239}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{1CA0FD0C-3709-43AB-81F4-7D7D890C61DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{229EF94A-467D-4741-8DE3-52831E9503F4}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | "{23B11257-ADF8-4D5D-8ED9-AEA05B1B4116}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | "{37B03BCA-A64C-466E-9F47-EBF2A15D6141}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | "{3CF8E98A-12EF-48FB-9497-62664A990DF0}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | "{4392491D-AA22-406F-A122-1D6206FA59D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{660E0E0A-B6BF-4276-9DDA-F508BF97C74D}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | "{69C589FD-CD0E-41B6-BB81-C0ED5530BE75}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{70BBCCD9-5AB9-4083-944F-CC6B4FAD60D7}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{88C0036E-5C9C-4369-900C-6A9F2A39FBC9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{890B1C8D-0EA6-4698-A825-1491AEF15FA3}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | "{92A8BF6C-CBF2-485B-B349-276BFC01BB9F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{9DCB2140-A6D2-4992-95E4-012B0A336508}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{B0F41ADA-0687-40E8-8AC8-F47E120D1EA5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{B8F12969-B93B-4FC6-8076-178821C5E71B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C826975C-2144-4D99-9E20-F82BAAB603CD}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{E7C1F490-5097-4A8A-8895-CC129D132E07}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "TCP Query User{819E694F-27A1-4E3A-BAC7-1BCCCE23F4FA}C:\users\***\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\***\program files\dna\btdna.exe | "TCP Query User{89070301-75C2-4B3F-A372-3AD470095DDB}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{DFC23AA6-A7CB-4E2C-AB39-5D2D4360E872}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{38D239CC-204C-412D-93E6-FC818F69C65B}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{4B12C143-00E2-4F56-B51C-BFD490E0FA17}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{DF3EC06B-E211-4D42-BBD5-97D76CE8DAE0}C:\users\***\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\***\program files\dna\btdna.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas "{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310 "{0ADF1B89-17EA-489C-86DF-6E33DA8520A6}_is1" = flatster "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09 "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12 "{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7 "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6206FD57-3E60-4A52-AD1B-7D9F7BA2777E}" = TCM Combo Set "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help "{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb "{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13 "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.11 beta "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BS_Player Toolbar" = BS_Player Toolbar "CABAL Online_is1" = CABAL Online "CloneCD" = CloneCD "Cross Fire_is1" = Cross Fire En "Defraggler" = Defraggler "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Free Spyware Scanner 9.6" = Free Spyware Scanner 9.6 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "InstallShield_{6206FD57-3E60-4A52-AD1B-7D9F7BA2777E}" = TCM Combo Set "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "League of Legends_is1" = League of Legends "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "MP3 Cutter 1" = MP3 Cutter 1 "Mpeg2Decoder_is1" = Mpeg2Decoder 1.3 "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "StarCraft II" = StarCraft II "VLC media player" = VLC media player 1.0.2 "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "Works2003Setup" = Microsoft Works 2003-Setup-Start "ZoneAlarm" = ZoneAlarm ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 15.10.2010 12:23:36 | Computer Name = ***-PC | Source = System Restore | ID = 8193 Description = Error - 15.10.2010 14:53:37 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 16.10.2010 08:16:40 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 16.10.2010 09:12:16 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 16.10.2010 09:53:37 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 16.10.2010 14:04:56 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 17.10.2010 05:15:29 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 17.10.2010 08:23:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 17.10.2010 13:50:52 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 17.10.2010 14:46:58 | Computer Name = ***-PC | Source = MBAMService | ID = 131073 Description = [ System Events ] Error - 15.10.2010 07:17:53 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 15.10.2010 12:12:18 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 15.10.2010 14:52:19 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 16.10.2010 08:15:18 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 16.10.2010 09:10:54 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 16.10.2010 09:52:21 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 16.10.2010 14:03:33 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 17.10.2010 05:14:06 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 17.10.2010 08:21:42 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 17.10.2010 13:49:43 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = < End of report > Ich hoffe dass ich alles richtig gemacht habe, da dies mein erster Thread ist. Ein vergleichbarer Thread wurde gestern erstellt: http://www.trojaner-board.de/91885-a...ory-co-uk.html Danke schon mal im Voraus |
17.10.2010, 20:48 | #2 |
| Google leitet mich immer wieder um Hi,
__________________OTL:
Code:
ATTFilter :OTL DRV - (XDva370) -- C:\Windows\System32\XDva370.sys File not found DRV - (XDva362) -- C:\Windows\System32\XDva362.sys File not found DRV - (XDva359) -- C:\Windows\System32\XDva359.sys File not found DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found DRV - (XDva348) -- C:\Windows\System32\XDva348.sys File not found DRV - (XDva347) -- C:\Windows\System32\XDva347.sys File not found DRV - (XDva346) -- C:\Windows\System32\XDva346.sys File not found DRV - (XDva345) -- C:\Windows\System32\XDva345.sys File not found DRV - (XDva344) -- C:\Windows\System32\XDva344.sys File not found DRV - (XDva343) -- C:\Windows\System32\XDva343.sys File not found DRV - (XDva342) -- C:\Windows\System32\XDva342.sys File not found DRV - (XDva337) -- C:\Windows\System32\XDva337.sys File not found DRV - (XDva336) -- C:\Windows\System32\XDva336.sys File not found DRV - (XDva332) -- C:\Windows\System32\XDva332.sys File not found DRV - (XDva327) -- C:\Windows\System32\XDva327.sys File not found DRV - (XDva321) -- C:\Windows\System32\XDva321.sys File not found DRV - (XDva317) -- C:\Windows\System32\XDva317.sys File not found DRV - (XDva315) -- C:\Windows\System32\XDva315.sys File not found DRV - (XDva310) -- C:\Windows\System32\XDva310.sys File not found DRV - (vsdatant7) -- C:\Windows\System32\drivers\vsdatant.win7.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKCU..\Run: [Feeds] C:\Windows\feeds.bat.lnk File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O20 - AppInit_DLLs: (C:\Users\***\Desktop\AGBOT~1.PAC\EDXDET~1\detour.dll) - C:\Users\***\Desktop\AGBOT~1.PAC\EDXDET~1\detour.dll File not found @Alternate Data Stream - 72 bytes -> C:\Windows:6710A79750971EC0 @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66B13F37 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6152D44C :Commands [purity] [emptytemp] [CREATERESTOREPOINT] [EMPTYFLASH] [Reboot]
TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... MBR-Check Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris
__________________ |
18.10.2010, 21:33 | #3 |
| Google leitet mich immer wieder um Hier bitte sehr und danke für deine Antwort:
__________________All processes killed ========== OTL ========== Error: No service named XDva370 was found to stop! Service\Driver key XDva370 not found. File C:\Windows\System32\XDva370.sys File not found not found. Error: No service named XDva362 was found to stop! Service\Driver key XDva362 not found. File C:\Windows\System32\XDva362.sys File not found not found. Error: No service named XDva359 was found to stop! Service\Driver key XDva359 not found. File C:\Windows\System32\XDva359.sys File not found not found. Error: No service named XDva352 was found to stop! Service\Driver key XDva352 not found. File C:\Windows\System32\XDva352.sys File not found not found. Error: No service named XDva349 was found to stop! Service\Driver key XDva349 not found. File C:\Windows\System32\XDva349.sys File not found not found. Error: No service named XDva348 was found to stop! Service\Driver key XDva348 not found. File C:\Windows\System32\XDva348.sys File not found not found. Error: No service named XDva347 was found to stop! Service\Driver key XDva347 not found. File C:\Windows\System32\XDva347.sys File not found not found. Error: No service named XDva346 was found to stop! Service\Driver key XDva346 not found. File C:\Windows\System32\XDva346.sys File not found not found. Error: No service named XDva345 was found to stop! Service\Driver key XDva345 not found. File C:\Windows\System32\XDva345.sys File not found not found. Error: No service named XDva344 was found to stop! Service\Driver key XDva344 not found. File C:\Windows\System32\XDva344.sys File not found not found. Error: No service named XDva343 was found to stop! Service\Driver key XDva343 not found. File C:\Windows\System32\XDva343.sys File not found not found. Error: No service named XDva342 was found to stop! Service\Driver key XDva342 not found. File C:\Windows\System32\XDva342.sys File not found not found. Error: No service named XDva337 was found to stop! Service\Driver key XDva337 not found. File C:\Windows\System32\XDva337.sys File not found not found. Error: No service named XDva336 was found to stop! Service\Driver key XDva336 not found. File C:\Windows\System32\XDva336.sys File not found not found. Error: No service named XDva332 was found to stop! Service\Driver key XDva332 not found. File C:\Windows\System32\XDva332.sys File not found not found. Error: No service named XDva327 was found to stop! Service\Driver key XDva327 not found. File C:\Windows\System32\XDva327.sys File not found not found. Error: No service named XDva321 was found to stop! Service\Driver key XDva321 not found. File C:\Windows\System32\XDva321.sys File not found not found. Error: No service named XDva317 was found to stop! Service\Driver key XDva317 not found. File C:\Windows\System32\XDva317.sys File not found not found. Error: No service named XDva315 was found to stop! Service\Driver key XDva315 not found. File C:\Windows\System32\XDva315.sys File not found not found. Error: No service named XDva310 was found to stop! Service\Driver key XDva310 not found. File C:\Windows\System32\XDva310.sys File not found not found. Error: No service named vsdatant7 was found to stop! Service\Driver key vsdatant7 not found. File C:\Windows\System32\drivers\vsdatant.win7.sys File not found not found. Error: No service named NwlnkFwd was found to stop! Service\Driver key NwlnkFwd not found. File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found. Error: No service named NwlnkFlt was found to stop! Service\Driver key NwlnkFlt not found. File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found. Error: No service named IpInIp was found to stop! Service\Driver key IpInIp not found. File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found. Error: No service named EagleNT was found to stop! Service\Driver key EagleNT not found. File C:\Windows\System32\drivers\EagleNT.sys File not found not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Feeds not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ not found. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Users\***\Desktop\AGBOT~1.PAC\EDXDET~1\detour.dll deleted successfully. Unable to delete ADS C:\Windows:6710A79750971EC0 . Unable to delete ADS C:\ProgramData\TEMP:05EE1EEF . Unable to delete ADS C:\ProgramData\TEMP:66B13F37 . Unable to delete ADS C:\ProgramData\TEMP:6152D44C . ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Mädels ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: *** ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 3651602 bytes ->Java cache emptied: 25802225 bytes ->FireFox cache emptied: 83840193 bytes ->Flash cache emptied: 810 bytes User: *** ->Temp folder emptied: 53921079 bytes ->Temporary Internet Files folder emptied: 40602724 bytes ->Java cache emptied: 26462567 bytes ->FireFox cache emptied: 85158514 bytes ->Opera cache emptied: 764931939 bytes ->Flash cache emptied: 386707 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 155648 bytes %systemroot%\System32 .tmp files removed: 675840 bytes %systemroot%\System32\drivers .tmp files removed: 279440 bytes Windows Temp folder emptied: 7877614 bytes RecycleBin emptied: 1181740 bytes Total Files Cleaned = 1.044,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Mädels ->Flash cache emptied: 0 bytes User: Public User: *** ->Flash cache emptied: 0 bytes User: *** ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.15.2 log created on 10182010_063225 Files\Folders moved on Reboot... C:\Users\***\AppData\Local\Temp\~DFC281.tmp moved successfully. File\Folder C:\Windows\temp\ZLT05ace.TMP not found! Registry entries deleted on Reboot... 2010/10/18 21:13:27.0929 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59 2010/10/18 21:13:27.0929 ================================================================================ 2010/10/18 21:13:27.0929 SystemInfo: 2010/10/18 21:13:27.0929 2010/10/18 21:13:27.0929 OS Version: 6.0.6001 ServicePack: 1.0 2010/10/18 21:13:27.0929 Product type: Workstation 2010/10/18 21:13:27.0929 ComputerName: ***-PC 2010/10/18 21:13:27.0930 UserName: *** 2010/10/18 21:13:27.0930 Windows directory: C:\Windows 2010/10/18 21:13:27.0930 System windows directory: C:\Windows 2010/10/18 21:13:27.0930 Processor architecture: Intel x86 2010/10/18 21:13:27.0930 Number of processors: 2 2010/10/18 21:13:27.0930 Page size: 0x1000 2010/10/18 21:13:27.0930 Boot type: Normal boot 2010/10/18 21:13:27.0930 ================================================================================ 2010/10/18 21:13:28.0331 Initialize success 2010/10/18 21:13:31.0767 ================================================================================ 2010/10/18 21:13:31.0767 Scan started 2010/10/18 21:13:31.0767 Mode: Manual; 2010/10/18 21:13:31.0767 ================================================================================ 2010/10/18 21:13:33.0164 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys 2010/10/18 21:13:33.0207 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2010/10/18 21:13:33.0256 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2010/10/18 21:13:33.0285 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2010/10/18 21:13:33.0319 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2010/10/18 21:13:33.0384 AFD (2d53c0705d1235f46f417b41a85cb64b) C:\Windows\system32\drivers\afd.sys 2010/10/18 21:13:33.0392 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 2d53c0705d1235f46f417b41a85cb64b, Fake md5: 763e172a55177e478cb419f88fd0ba03 2010/10/18 21:13:33.0398 AFD - detected Rootkit.Win32.TDSS.tdl3 (0) 2010/10/18 21:13:33.0433 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2010/10/18 21:13:33.0463 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2010/10/18 21:13:33.0494 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2010/10/18 21:13:33.0526 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2010/10/18 21:13:33.0550 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2010/10/18 21:13:33.0586 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2010/10/18 21:13:33.0616 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2010/10/18 21:13:33.0682 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2010/10/18 21:13:33.0716 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2010/10/18 21:13:33.0764 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/10/18 21:13:33.0798 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys 2010/10/18 21:13:33.0851 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\Windows\system32\DRIVERS\avgntflt.sys 2010/10/18 21:13:33.0893 avipbb (524b9e78e396c00968c5629ed5bbfab0) C:\Windows\system32\DRIVERS\avipbb.sys 2010/10/18 21:13:33.0927 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2010/10/18 21:13:33.0966 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2010/10/18 21:13:33.0989 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2010/10/18 21:13:34.0009 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2010/10/18 21:13:34.0027 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2010/10/18 21:13:34.0062 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2010/10/18 21:13:34.0081 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2010/10/18 21:13:34.0097 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2010/10/18 21:13:34.0115 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2010/10/18 21:13:34.0139 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2010/10/18 21:13:34.0169 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2010/10/18 21:13:34.0196 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys 2010/10/18 21:13:34.0227 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2010/10/18 21:13:34.0269 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys 2010/10/18 21:13:34.0300 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2010/10/18 21:13:34.0326 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys 2010/10/18 21:13:34.0348 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2010/10/18 21:13:34.0375 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2010/10/18 21:13:34.0414 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys 2010/10/18 21:13:34.0470 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys 2010/10/18 21:13:34.0510 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 2010/10/18 21:13:34.0532 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 2010/10/18 21:13:34.0559 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 2010/10/18 21:13:34.0592 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2010/10/18 21:13:34.0629 dsltestSp5 (c6b2e10cfe79169c72f0269087b9a603) C:\Windows\system32\Drivers\dsltestSp5.sys 2010/10/18 21:13:34.0670 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys 2010/10/18 21:13:34.0712 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys 2010/10/18 21:13:34.0745 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2010/10/18 21:13:34.0784 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys 2010/10/18 21:13:34.0866 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys 2010/10/18 21:13:34.0908 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys 2010/10/18 21:13:34.0939 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2010/10/18 21:13:34.0974 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2010/10/18 21:13:35.0020 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys 2010/10/18 21:13:35.0048 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys 2010/10/18 21:13:35.0083 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2010/10/18 21:13:35.0112 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2010/10/18 21:13:35.0131 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2010/10/18 21:13:35.0160 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/10/18 21:13:35.0193 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys 2010/10/18 21:13:35.0212 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2010/10/18 21:13:35.0242 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2010/10/18 21:13:35.0310 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys 2010/10/18 21:13:35.0367 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2010/10/18 21:13:35.0402 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/10/18 21:13:35.0439 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2010/10/18 21:13:35.0465 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2010/10/18 21:13:35.0501 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys 2010/10/18 21:13:35.0526 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2010/10/18 21:13:35.0588 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys 2010/10/18 21:13:35.0623 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2010/10/18 21:13:35.0665 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/10/18 21:13:35.0711 iaStor (28aae599496b4930b3f19026f2083bc4) C:\Windows\system32\DRIVERS\iaStor.sys 2010/10/18 21:13:35.0748 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2010/10/18 21:13:35.0823 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2010/10/18 21:13:35.0946 IntcAzAudAddService (2790cc09422b6bedae9825ae289e9bb7) C:\Windows\system32\drivers\RTKVHDA.sys 2010/10/18 21:13:35.0987 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2010/10/18 21:13:36.0012 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2010/10/18 21:13:36.0044 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/10/18 21:13:36.0084 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2010/10/18 21:13:36.0110 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2010/10/18 21:13:36.0133 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2010/10/18 21:13:36.0163 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2010/10/18 21:13:36.0207 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/10/18 21:13:36.0240 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2010/10/18 21:13:36.0268 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2010/10/18 21:13:36.0290 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/10/18 21:13:36.0324 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/10/18 21:13:36.0368 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys 2010/10/18 21:13:36.0437 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2010/10/18 21:13:36.0477 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2010/10/18 21:13:36.0504 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2010/10/18 21:13:36.0532 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2010/10/18 21:13:36.0554 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2010/10/18 21:13:36.0576 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2010/10/18 21:13:36.0604 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2010/10/18 21:13:36.0648 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2010/10/18 21:13:36.0672 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2010/10/18 21:13:36.0692 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2010/10/18 21:13:36.0719 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2010/10/18 21:13:36.0734 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2010/10/18 21:13:36.0761 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2010/10/18 21:13:36.0787 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2010/10/18 21:13:36.0811 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2010/10/18 21:13:36.0830 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys 2010/10/18 21:13:36.0873 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/10/18 21:13:36.0905 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/10/18 21:13:36.0927 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/10/18 21:13:36.0962 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys 2010/10/18 21:13:36.0992 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2010/10/18 21:13:37.0034 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2010/10/18 21:13:37.0056 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2010/10/18 21:13:37.0107 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2010/10/18 21:13:37.0123 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/10/18 21:13:37.0139 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2010/10/18 21:13:37.0158 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys 2010/10/18 21:13:37.0180 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/10/18 21:13:37.0210 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2010/10/18 21:13:37.0270 MTOnlPktAlyX (493138c4f4119e938427da02486f09cb) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS 2010/10/18 21:13:37.0293 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys 2010/10/18 21:13:37.0343 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys 2010/10/18 21:13:37.0380 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys 2010/10/18 21:13:37.0399 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/10/18 21:13:37.0422 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/10/18 21:13:37.0440 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/10/18 21:13:37.0466 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2010/10/18 21:13:37.0489 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2010/10/18 21:13:37.0519 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys 2010/10/18 21:13:37.0584 netr28u (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys 2010/10/18 21:13:37.0641 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2010/10/18 21:13:37.0665 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys 2010/10/18 21:13:37.0691 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2010/10/18 21:13:37.0749 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys 2010/10/18 21:13:37.0818 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2010/10/18 21:13:37.0850 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2010/10/18 21:13:38.0006 nvlddmkm (135b683acfda5a7d2bd3a4743d02edfa) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2010/10/18 21:13:38.0263 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2010/10/18 21:13:38.0288 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2010/10/18 21:13:38.0332 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2010/10/18 21:13:38.0378 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/10/18 21:13:38.0446 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2010/10/18 21:13:38.0471 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys 2010/10/18 21:13:38.0505 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2010/10/18 21:13:38.0544 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys 2010/10/18 21:13:38.0583 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2010/10/18 21:13:38.0615 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2010/10/18 21:13:38.0675 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2010/10/18 21:13:38.0834 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2010/10/18 21:13:38.0864 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2010/10/18 21:13:38.0918 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys 2010/10/18 21:13:38.0972 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2010/10/18 21:13:39.0072 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2010/10/18 21:13:39.0117 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2010/10/18 21:13:39.0467 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2010/10/18 21:13:39.0498 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/10/18 21:13:39.0532 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/10/18 21:13:39.0589 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys 2010/10/18 21:13:39.0633 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys 2010/10/18 21:13:39.0659 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/10/18 21:13:39.0701 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2010/10/18 21:13:39.0729 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2010/10/18 21:13:39.0760 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys 2010/10/18 21:13:39.0815 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2010/10/18 21:13:39.0904 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2010/10/18 21:13:39.0964 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/10/18 21:13:40.0043 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 2010/10/18 21:13:40.0104 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 2010/10/18 21:13:40.0133 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2010/10/18 21:13:40.0184 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2010/10/18 21:13:40.0207 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2010/10/18 21:13:40.0228 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2010/10/18 21:13:40.0259 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2010/10/18 21:13:40.0312 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2010/10/18 21:13:40.0385 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2010/10/18 21:13:40.0408 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2010/10/18 21:13:40.0448 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys 2010/10/18 21:13:40.0484 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2010/10/18 21:13:40.0556 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2010/10/18 21:13:40.0556 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2010/10/18 21:13:40.0560 sptd - detected Locked file (1) 2010/10/18 21:13:40.0632 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys 2010/10/18 21:13:40.0677 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys 2010/10/18 21:13:40.0737 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys 2010/10/18 21:13:40.0803 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2010/10/18 21:13:40.0851 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2010/10/18 21:13:40.0901 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2010/10/18 21:13:40.0920 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2010/10/18 21:13:40.0939 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2010/10/18 21:13:41.0012 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys 2010/10/18 21:13:41.0085 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys 2010/10/18 21:13:41.0133 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys 2010/10/18 21:13:41.0185 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2010/10/18 21:13:41.0209 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2010/10/18 21:13:41.0251 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys 2010/10/18 21:13:41.0302 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys 2010/10/18 21:13:41.0356 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/10/18 21:13:41.0405 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys 2010/10/18 21:13:41.0448 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2010/10/18 21:13:41.0495 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys 2010/10/18 21:13:41.0563 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2010/10/18 21:13:41.0705 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2010/10/18 21:13:41.0746 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2010/10/18 21:13:41.0774 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2010/10/18 21:13:41.0801 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2010/10/18 21:13:41.0845 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/10/18 21:13:41.0870 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2010/10/18 21:13:41.0915 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys 2010/10/18 21:13:41.0954 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys 2010/10/18 21:13:42.0005 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2010/10/18 21:13:42.0087 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2010/10/18 21:13:42.0137 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2010/10/18 21:13:42.0156 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/10/18 21:13:42.0179 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/10/18 21:13:42.0209 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/10/18 21:13:42.0242 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2010/10/18 21:13:42.0264 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2010/10/18 21:13:42.0283 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2010/10/18 21:13:42.0307 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2010/10/18 21:13:42.0336 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2010/10/18 21:13:42.0360 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys 2010/10/18 21:13:42.0399 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys 2010/10/18 21:13:42.0449 Vsdatant (6be75cfce25e42e79c0757c60d88fecb) C:\Windows\system32\DRIVERS\vsdatant.sys 2010/10/18 21:13:42.0498 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2010/10/18 21:13:42.0531 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2010/10/18 21:13:42.0567 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/10/18 21:13:42.0584 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/10/18 21:13:42.0629 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2010/10/18 21:13:42.0654 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2010/10/18 21:13:43.0055 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 2010/10/18 21:13:43.0136 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys 2010/10/18 21:13:43.0157 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2010/10/18 21:13:43.0205 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/10/18 21:13:43.0249 ================================================================================ 2010/10/18 21:13:43.0249 Scan finished 2010/10/18 21:13:43.0249 ================================================================================ 2010/10/18 21:13:43.0260 Detected object count: 2 2010/10/18 21:14:01.0264 AFD (2d53c0705d1235f46f417b41a85cb64b) C:\Windows\system32\drivers\afd.sys 2010/10/18 21:14:01.0266 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 2d53c0705d1235f46f417b41a85cb64b, Fake md5: 763e172a55177e478cb419f88fd0ba03 2010/10/18 21:14:01.0275 C:\Windows\system32\drivers\afd.sys - quarantined 2010/10/18 21:14:01.0276 Rootkit.Win32.TDSS.tdl3(AFD) - User select action: Quarantine 2010/10/18 21:14:01.0603 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2010/10/18 21:14:01.0603 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2010/10/18 21:14:01.0616 C:\Windows\system32\Drivers\sptd.sys - quarantined 2010/10/18 21:14:01.0617 Locked file(sptd) - User select action: Quarantine MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 1 (build 6001), 32-bit Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD BIOS Manufacturer: Phoenix Technologies, LTD System Manufacturer: MEDIONPC System Product Name: MS-7502 Logical Drives Mask: 0x000001ec Kernel Drivers (total 142): 0x82604000 \SystemRoot\system32\ntkrnlpa.exe 0x829BD000 \SystemRoot\system32\hal.dll 0x80605000 \SystemRoot\system32\kdcom.dll 0x8060D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8066D000 \SystemRoot\system32\PSHED.dll 0x8067E000 \SystemRoot\system32\BOOTVID.dll 0x80686000 \SystemRoot\system32\CLFS.SYS 0x806C7000 \SystemRoot\system32\CI.dll 0x8B004000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8B080000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8B08D000 \SystemRoot\System32\Drivers\spcb.sys 0x8B180000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8B189000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x8B1AF000 \SystemRoot\system32\drivers\acpi.sys 0x8B1F5000 \SystemRoot\system32\drivers\msisadrv.sys 0x807A7000 \SystemRoot\system32\drivers\pci.sys 0x807CE000 \SystemRoot\System32\drivers\partmgr.sys 0x807DD000 \SystemRoot\system32\drivers\volmgr.sys 0x8B202000 \SystemRoot\System32\drivers\volmgrx.sys 0x8B24C000 \SystemRoot\System32\drivers\mountmgr.sys 0x8B25C000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8B323000 \SystemRoot\system32\drivers\fltmgr.sys 0x8B355000 \SystemRoot\system32\drivers\fileinfo.sys 0x8B365000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B406000 \SystemRoot\system32\drivers\ndis.sys 0x8B511000 \SystemRoot\system32\drivers\msrpc.sys 0x8B53C000 \SystemRoot\system32\drivers\NETIO.SYS 0x8B605000 \SystemRoot\System32\drivers\tcpip.sys 0x8B6EF000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B805000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B914000 \SystemRoot\system32\drivers\volsnap.sys 0x8B94D000 \SystemRoot\System32\Drivers\spldr.sys 0x8B955000 \SystemRoot\System32\Drivers\mup.sys 0x8B964000 \SystemRoot\System32\drivers\ecache.sys 0x8B98B000 \SystemRoot\system32\drivers\disk.sys 0x8B99C000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8B9BD000 \SystemRoot\system32\drivers\crcdisk.sys 0x8B9DE000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8FA07000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x90169000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x8F00F000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8F0AE000 \SystemRoot\System32\drivers\watchdog.sys 0x8F0BB000 \SystemRoot\system32\DRIVERS\e1e6032.sys 0x8F0F5000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8F100000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8F13E000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8F14D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8F15F000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8F16F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8F17D000 \SystemRoot\system32\DRIVERS\serial.sys 0x8F197000 \SystemRoot\system32\DRIVERS\serenum.sys 0x8F1A1000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8F1B4000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8F1BF000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8F1CA000 \SystemRoot\System32\Drivers\ElbyCDFL.sys 0x8F1D1000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x9016B000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x90199000 \SystemRoot\system32\DRIVERS\storport.sys 0x8F1E9000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x901DA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8F1F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8B7D1000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8F000000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8B576000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8B58A000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8B9ED000 \SystemRoot\system32\DRIVERS\termdd.sys 0x901F1000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8B59F000 \SystemRoot\system32\DRIVERS\ks.sys 0x901F3000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8B5C9000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8F20D000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8F241000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x9040F000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x90645000 \SystemRoot\system32\drivers\portcls.sys 0x90672000 \SystemRoot\system32\drivers\drmk.sys 0x90697000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x906A0000 \SystemRoot\System32\Drivers\Null.SYS 0x906A7000 \SystemRoot\System32\Drivers\Beep.SYS 0x906B7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x906BE000 \SystemRoot\System32\drivers\vga.sys 0x906CA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x906EB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x906FD000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x906FF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x90707000 \SystemRoot\system32\drivers\rdpencdd.sys 0x9070F000 \SystemRoot\System32\Drivers\Msfs.SYS 0x9071A000 \SystemRoot\System32\Drivers\Npfs.SYS 0x90728000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x90731000 \SystemRoot\system32\DRIVERS\tdx.sys 0x90747000 \SystemRoot\system32\DRIVERS\netr28u.sys 0x907D7000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x907EE000 \SystemRoot\system32\DRIVERS\usbscan.sys 0x90400000 \SystemRoot\system32\DRIVERS\usbprint.sys 0x8F252000 \SystemRoot\system32\DRIVERS\dot4usb.sys 0x8F25F000 \SystemRoot\system32\DRIVERS\Dot4.sys 0x906AE000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys 0x8F284000 \SystemRoot\system32\DRIVERS\smb.sys 0x8F298000 \SystemRoot\system32\drivers\afd.sys 0x8F2E0000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8F312000 \SystemRoot\system32\DRIVERS\vsdatant.sys 0x8F39D000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8F3B3000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8F3C1000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8F3D4000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x90A07000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x90A43000 \SystemRoot\system32\drivers\nsiproxy.sys 0x90A4D000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0x90A52000 \SystemRoot\System32\Drivers\dfsc.sys 0x90A69000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x90A8B000 \SystemRoot\System32\Drivers\fastfat.SYS 0x90AB3000 \SystemRoot\System32\Drivers\crashdmp.sys 0x90AC0000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x962C0000 \SystemRoot\System32\win32k.sys 0x90B87000 \SystemRoot\System32\drivers\Dxapi.sys 0x90B91000 \SystemRoot\system32\DRIVERS\monitor.sys 0x964E0000 \SystemRoot\System32\TSDDD.dll 0x96500000 \SystemRoot\System32\cdd.dll 0x90BA0000 \SystemRoot\system32\drivers\luafv.sys 0x8B70A000 \SystemRoot\system32\drivers\spsys.sys 0x90BBB000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x90BCB000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x90BF5000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8F3DA000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA660C000 \SystemRoot\system32\drivers\HTTP.sys 0xA6679000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA6696000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA66AF000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA66C4000 \SystemRoot\system32\drivers\mrxdav.sys 0xA66E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA6703000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA673C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA6754000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA677C000 \SystemRoot\System32\DRIVERS\srv.sys 0xAB608000 \SystemRoot\system32\drivers\peauth.sys 0xAB6E6000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xAB6FB000 \SystemRoot\System32\Drivers\secdrv.SYS 0xAB705000 \SystemRoot\System32\drivers\tcpipreg.sys 0xAB711000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xAB726000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xAB738000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xAB74E000 \??\C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS 0x775A0000 \Windows\System32\ntdll.dll Processes (total 69): 0 System Idle Process 4 System 492 C:\Windows\System32\smss.exe 636 csrss.exe 688 C:\Windows\System32\wininit.exe 696 csrss.exe 732 C:\Windows\System32\services.exe 744 C:\Windows\System32\lsass.exe 752 C:\Windows\System32\lsm.exe 856 C:\Windows\System32\winlogon.exe 948 C:\Windows\System32\svchost.exe 992 C:\Windows\System32\nvvsvc.exe 1020 C:\Windows\System32\svchost.exe 1060 C:\Windows\System32\svchost.exe 1196 C:\Windows\System32\svchost.exe 1232 C:\Windows\System32\svchost.exe 1264 C:\Windows\System32\svchost.exe 1324 C:\Windows\System32\audiodg.exe 1408 C:\Windows\System32\SLsvc.exe 1496 C:\Windows\System32\rundll32.exe 1512 C:\Windows\System32\svchost.exe 1672 C:\Windows\System32\svchost.exe 1764 C:\Windows\System32\ZoneLabs\vsmon.exe 612 C:\Windows\System32\spoolsv.exe 640 C:\Windows\System32\taskeng.exe 888 C:\Program Files\Avira\AntiVir Desktop\sched.exe 940 C:\Windows\System32\dwm.exe 1312 C:\Windows\System32\taskeng.exe 1364 C:\Windows\explorer.exe 1016 C:\Windows\System32\svchost.exe 2368 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2376 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 2384 C:\Program Files\TCM\TCM COMBO SET\MouseDrv.exe 2392 C:\Program Files\TCM\TCM COMBO SET\PS2USBKbdDrv.exe 2400 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 2424 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 2432 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe 2440 C:\Program Files\Free Spyware Scanner\SpyWatcher.exe 2448 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2456 C:\Users\Weisel\Program Files\DNA\btdna.exe 2464 C:\Program Files\Windows Media Player\wmpnscfg.exe 2472 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 2744 C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe 2788 C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe 2888 C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE 3376 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 3428 C:\Windows\System32\svchost.exe 3572 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 3604 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 3632 C:\Windows\System32\svchost.exe 3680 C:\Windows\System32\svchost.exe 3724 C:\Windows\System32\svchost.exe 3760 C:\Windows\System32\PSIService.exe 3796 C:\Windows\System32\svchost.exe 3844 C:\Windows\System32\svchost.exe 3916 C:\Windows\System32\SearchIndexer.exe 4064 WUDFHost.exe 2596 C:\Program Files\Windows Media Player\wmpnetwk.exe 2684 C:\Windows\System32\mobsync.exe 2056 C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe 2156 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe 5140 C:\Program Files\Opera\opera.exe 3308 C:\Windows\System32\wuauclt.exe 3292 C:\Windows\System32\SearchProtocolHost.exe 4308 C:\Windows\System32\SearchFilterHost.exe 4164 C:\Windows\System32\conime.exe 5064 dllhost.exe 4892 dllhost.exe 4832 C:\Users\***\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e3`e1107e00 (FAT32) PhysicalDrive0 Model Number: ST31000333AS, Rev: BD15 Size Device Name MBR Status -------------------------------------------- 931 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! Ich weiß nicht genau was du mit dem rauskopieren von "infiziert" meinst hier alle suchergebnisse des logs wenn du mehr brauchst sag bitte bescheid: [Scanpfad] c:\windows\system32\drivers\afd.sys c:\windows\system32\drivers\afd.sys infiziert mit BackDoor.Tdss.2459 - desinfiziert c:\windows\system32\drivers\afd.sys - OK C:\Windows\system32\drivers\afd.sys infiziert mit BackDoor.Tdss.2459 - desinfiziert [Speicherscannen] Speichervorgang: C:\Windows\System32\svchost.exe:968 infiziert mit BackDoor.Tdss.565 - beseitigt |
19.10.2010, 07:54 | #4 |
| Google leitet mich immer wieder um Hi, TDSS-Rootkit.. Die Umleitungen sollten jetzt weg sein... Zur Sicherheit: Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet! Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
19.10.2010, 17:09 | #5 |
| Google leitet mich immer wieder um Dankeschön ein paar fragen noch zum letzten post was meinst du dass der PC möglicherweise neu aufgesetzt werden muss?? und wie soll ich mich in zukunft gegen solche Schädlinge schützen?? Den report poste ich auch noch da ich momentan etwas stress habe könnte es vllt. noch ein paar tage dauern |
20.10.2010, 06:26 | #6 |
| Google leitet mich immer wieder um Hi, bei einem Backdoor hatte jemand Zugriff auf den Rechner, und was der alles angestellt hat, entzieht sich unserer Kentnis... langer Rede kurzer Sinn. Der Rechner ist daher eingentlich nichtmehr sicher, wenn Du Homebanking machst sollte er Neuaufgesetzt werden... (Sicher ist sicher)... Rechner absichern: Zusätzlich zu Avira und der Windows-Firewall noch Threadfire-free Herunterladen Kostenlos). Zum surfen Firefox mit den PlugIns "WOT" (http://filepony.de/?q=WOT) und "NoScript" (http://filepony.de/download-noscript//)) verwenden, einen "Guest"-Account (keine Adminrechte! XP: (Schritt 6: Eingeschränkte Rechte für Viren - Schritt für Schritt: Windows XP absichern - CHIP Online, Vista/Win7: Windows-7-Anleitung: Benutzerkonten anlegen und verwalten - NETZWELT) anlegen. chris
__________________ --> Google leitet mich immer wieder um |
20.10.2010, 13:24 | #7 |
| Google leitet mich immer wieder um ok danke für die infos meinst du mit neuaufsetzten formatieren, also alles weg und neu machen? als firewall habe ich bereits zone alarm, da aber mein cousin gesagt hatt, dass ZA und die von VISTA installierte Firewall sich gegenseitig "ausschalten" habe ich die von VISTA deaktiviert. kann das selbe problem mit der von Threadfire auch passieren? |
20.10.2010, 13:56 | #8 |
| Google leitet mich immer wieder um Hi, nein, eigentlich nicht (Firewall). Ja alles platt machen und neu installieren... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
20.10.2010, 14:09 | #9 |
| Google leitet mich immer wieder um soll ich dann zone alarm lassen oder deinstallieren? |
Themen zu Google leitet mich immer wieder um |
0x00000001, 32 bit, alternate, antivir, autorun, avira, bho, components, conduit, corp./icp, dsl, error, excel, excel.exe, firefox, flash player, google, grand theft auto, home, home premium, iastor.sys, install.exe, kernel.exe, league of legends, location, logfile, mozilla, nvlddmkm.sys, nvstor.sys, object, officejet, oldtimer, opera.exe, otl logfile, otl.exe, pando media booster, picasa, plug-in, problem, programdata, realtek, registry, saver, sched.exe, searchplugins, security, server, shell32.dll, skype.exe, software, sptd.sys, spyware, studio, suchmaschine, svchost.exe, system restore, teamspeak, trojan.zbotr.gen, vista, vlc media player, xdva337 |