| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Gozi-Trojaner Online Banking gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.11.2010, 22:48
| #1 |
| |  Gozi-Trojaner Online Banking gesperrt Hallo zusammen, gestern habe ich bemerkt, dass mein Online-Banking Zugang gesperrt wurde. Nach einem Anruf bei meiner Bank wurde ich informiert, dass mein PC vermutlich durch den Gozi-Trojaner infiziert wurde. Wie ich bemerkt hab, scheinen sich diese "Vorfälle" auch hier im Forum in letzter Zeit zu häufen. Habe bis jetzt AntiVir(hat nichts gefunden), OTL und Malwarebytes durchgeführt und bin für jede Hilfe dankbar. Die Logs folgen: Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5025
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
02.11.2010 22:25:16
mbam-log-2010-11-02 (22-25-16).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142707
Laufzeit: 7 Minute(n), 31 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4045j272-y0x4-26i5-562h-nr608yx1f86l} (Generic.Bot.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> No action taken.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
Infizierte Verzeichnisse:
C:\Windows\System32\win32GI (Backdoor.Bot) -> No action taken.
Infizierte Dateien:
C:\Windows\System32\win32GI\plugin.dat (Backdoor.Bot) -> No action taken.
C:\Windows\System32\win32GI\svchost (Backdoor.Bot) -> No action taken.
OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.11.2010 22:28:34 - Run 1 OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Admin\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 55,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 156,15 Gb Total Space | 31,71 Gb Free Space | 20,30% Space Free | Partition Type: NTFS Drive D: | 216,26 Gb Total Space | 41,88 Gb Free Space | 19,36% Space Free | Partition Type: NTFS Drive F: | 124,02 Gb Total Space | 18,33 Gb Free Space | 14,78% Space Free | Partition Type: NTFS Drive G: | 108,86 Gb Total Space | 6,72 Gb Free Space | 6,17% Space Free | Partition Type: NTFS Computer Name: PCSPC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Programme\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe (Sony Ericsson Mobile Communications) PRC - C:\Programme\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe (Sony Ericsson Mobile Communications) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.) PRC - C:\Programme\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe (Philips) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\VideoLAN\VLC\vlc.exe () PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\RocketDock\RocketDock.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\chguecab.dll () MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation) MOD - C:\Programme\RocketDock\RocketDock.dll () ========== Win32 Services (SafeList) ========== SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe File not found SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found SRV - (EmmaDevMgmtSvc) -- C:\Programme\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe (Sony Ericsson Mobile Communications) SRV - (EmmaUpdMgmtSvc) -- C:\Programme\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe (Sony Ericsson Mobile Communications) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (ufad-ws60) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe (SiSoftware) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found DRV - (hwdatacard) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys File not found DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.) DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.) DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.) DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.) DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (vstor2-ws60) -- C:\Programme\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (SANDRA) -- C:\Programme\SiSoftware Sandra Lite 2010.SP3\WNt500x86\sandra.sys (SiSoftware) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation) DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation) DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation) DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation) DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation) DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation) DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation) DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 74 B5 1D 67 43 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.5 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.30 17:08:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.30 17:08:33 | 000,000,000 | ---D | M] [2010.03.12 21:54:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2010.01.16 10:11:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.11.01 18:14:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\on2mhh8f.default\extensions [2010.07.25 09:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\on2mhh8f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.11 17:31:57 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\on2mhh8f.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010.10.25 17:36:40 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\on2mhh8f.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010.03.12 22:20:10 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\on2mhh8f.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010.09.11 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\on2mhh8f.default\extensions\piclens@cooliris.com [2010.09.11 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\on2mhh8f.default\extensions\pierre.krafft@hotmail.com [2010.09.11 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\on2mhh8f.default\extensions\scrapbookplus@addons.mozilla.org [2010.03.12 21:54:16 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.10.30 17:08:30 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.30 17:08:30 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.30 17:08:30 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.30 17:08:30 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.30 17:08:30 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.17 19:56:13 | 000,001,536 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 adobe.activate.com O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} hxxp://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{054d788e-b0c3-11de-abe8-001b38543b6f}\Shell - "" = AutoRun O33 - MountPoints2\{054d788e-b0c3-11de-abe8-001b38543b6f}\Shell\AutoRun\command - "" = J:\machinarium_install.exe -- File not found O33 - MountPoints2\{296da17e-43f4-11df-9dbc-001b38543b6f}\Shell - "" = AutoRun O33 - MountPoints2\{296da17e-43f4-11df-9dbc-001b38543b6f}\Shell\AutoRun\command - "" = I:\Startme.exe -- File not found O33 - MountPoints2\{79f82546-b032-11de-b9cd-001b38543b6f}\Shell - "" = AutoRun O33 - MountPoints2\{79f82546-b032-11de-b9cd-001b38543b6f}\Shell\AutoRun\command - "" = H:\AlterEgoDESetup.exe -- File not found O33 - MountPoints2\{842dab3e-04ea-11df-95e3-001b38543b6f}\Shell - "" = AutoRun O33 - MountPoints2\{842dab3e-04ea-11df-95e3-001b38543b6f}\Shell\AutoRun\command - "" = I:\autorun.exe -- File not found O33 - MountPoints2\{a710c1d1-d5a9-11de-bb96-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{a710c1d1-d5a9-11de-bb96-005056c00008}\Shell\AutoRun\command - "" = L:\AUTOSTARTER.EXE -- File not found O33 - MountPoints2\{ae796ac2-502c-11df-b283-001b38543b6f}\Shell - "" = AutoRun O33 - MountPoints2\{ae796ac2-502c-11df-b283-001b38543b6f}\Shell\AutoRun\command - "" = H:\baldur.exe -- File not found O33 - MountPoints2\{c54ab67d-dab1-11de-8def-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{c54ab67d-dab1-11de-8def-005056c00008}\Shell\AutoRun\command - "" = I:\setup.exe -- File not found O33 - MountPoints2\{d4a2ae14-6185-11df-b37d-001b38543b6f}\Shell - "" = AutoRun O33 - MountPoints2\{d4a2ae14-6185-11df-b37d-001b38543b6f}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{d4a2ae17-6185-11df-b37d-001b38543b6f}\Shell - "" = AutoRun O33 - MountPoints2\{d4a2ae17-6185-11df-b37d-001b38543b6f}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{e0a809fc-42f2-11df-a7d5-001b38543b6f}\Shell - "" = AutoRun O33 - MountPoints2\{e0a809fc-42f2-11df-a7d5-001b38543b6f}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found O33 - MountPoints2\{f1386bcb-e036-11de-9bfc-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{f1386bcb-e036-11de-9bfc-005056c00008}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{f1386be9-e036-11de-9bfc-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{f1386be9-e036-11de-9bfc-005056c00008}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{fb6fb42b-6665-11df-8cb1-001b38543b6f}\Shell - "" = AutoRun O33 - MountPoints2\{fb6fb42b-6665-11df-8cb1-001b38543b6f}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found O33 - MountPoints2\{fb6fb436-6665-11df-8cb1-001b38543b6f}\Shell - "" = AutoRun O33 - MountPoints2\{fb6fb436-6665-11df-8cb1-001b38543b6f}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{fb6fb44c-6665-11df-8cb1-001b38543b6f}\Shell - "" = AutoRun O33 - MountPoints2\{fb6fb44c-6665-11df-8cb1-001b38543b6f}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O33 - MountPoints2\{fb6fb44e-6665-11df-8cb1-001b38543b6f}\Shell - "" = AutoRun O33 - MountPoints2\{fb6fb44e-6665-11df-8cb1-001b38543b6f}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: fvepsync - (C:\Windows\system32\chguecab.dll) - C:\Windows\System32\chguecab.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.02 22:12:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2010.11.02 22:10:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.02 22:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.02 22:10:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.02 22:10:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.02 22:09:55 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Admin\Desktop\mbam-setup-1.46.exe [2010.11.02 22:08:35 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2010.11.01 08:46:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Psycho [2010.10.31 09:27:48 | 000,209,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabctl32.ocx [2010.10.31 09:27:48 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mswinsck.ocx [2010.10.31 09:27:48 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabctde.dll [2010.10.31 09:27:48 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winskde.dll [2010.10.31 09:27:48 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stdftde.dll [2010.10.31 09:27:44 | 000,000,000 | ---D | C] -- C:\Programme\Biet-O-Matic [2010.10.30 17:50:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mp3tag [2010.10.30 17:50:11 | 000,000,000 | ---D | C] -- C:\Programme\Mp3tag [2010.10.27 16:08:27 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio .NET 2003 [2010.10.27 15:59:36 | 000,954,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudioD2_7.dll [2010.10.27 15:59:36 | 000,349,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XactEngineD3_7.dll [2010.10.27 15:59:36 | 000,131,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFXD1_5.dll [2010.10.27 15:59:35 | 002,261,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3dx9d_43.dll [2010.10.27 15:59:35 | 000,435,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XactEngineA3_7.dll [2010.10.27 15:59:35 | 000,045,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudioD1_7.dll [2010.10.27 15:59:34 | 003,795,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9d_33.dll [2010.10.27 15:59:33 | 000,268,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX11d_43.dll [2010.10.27 15:59:32 | 001,883,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCSXd_43.dll [2010.10.27 15:59:32 | 000,514,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX10d_43.dll [2010.10.27 15:59:32 | 000,348,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dref9.dll [2010.10.27 15:59:30 | 002,719,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9d.dll [2010.10.27 15:59:29 | 000,496,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D11SDKLayers.dll [2010.10.27 15:59:28 | 000,525,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D11Ref.dll [2010.10.27 15:59:28 | 000,442,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D10SDKLayers.DLL [2010.10.27 15:59:27 | 000,367,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D10Ref.DLL [2010.10.27 15:54:20 | 000,111,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\dxsdkuninst.exe [2010.10.27 15:33:06 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2010.10.27 15:33:01 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Merge Modules [2010.10.23 23:42:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft Corporation [2010.10.23 09:10:54 | 000,000,000 | ---D | C] -- C:\Programme\Application Verifier [2010.10.22 15:54:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\FalloutNV [2010.10.22 07:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2010.10.12 14:56:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.10.11 16:52:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2010.10.09 17:09:05 | 000,000,000 | ---D | C] -- C:\Programme\lame3.98.4 [2010.10.09 16:54:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\foobar2000 [2010.10.08 19:08:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.10.08 19:08:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe Mini Bridge CS5 [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.02 22:10:57 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.02 22:10:37 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Admin\Desktop\mbam-setup-1.46.exe [2010.11.02 22:09:46 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2010.11.02 22:09:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.02 20:55:03 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.02 20:54:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.01 12:06:55 | 000,768,466 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.01 12:06:55 | 000,723,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.01 12:06:55 | 000,174,846 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.01 12:06:55 | 000,147,626 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.01 11:46:23 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.11.01 08:53:47 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.01 08:53:47 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.31 09:20:51 | 1609,764,864 | -HS- | M] () -- C:\hiberfil.sys [2010.10.30 09:21:27 | 019,733,191 | ---- | M] () -- C:\Users\Admin\Desktop\TM_GHS_MY09_D_RevA.pdf [2010.10.28 09:55:49 | 000,052,224 | -H-- | M] () -- C:\Windows\System32\chguecab.dll [2010.10.27 21:21:50 | 010,128,158 | ---- | M] () -- C:\Users\Admin\Desktop\RPGuide02_Baldurs_Gate2.pdf [2010.10.27 15:52:56 | 000,111,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\dxsdkuninst.exe [2010.10.26 22:12:05 | 000,032,530 | ---- | M] () -- C:\Users\Admin\Desktop\ant99neu.pdf [2010.10.24 13:39:50 | 000,039,534 | ---- | M] () -- C:\Users\Admin\Desktop\Unvollständige FF_REW-Funktion.pdf [2010.10.24 11:25:00 | 001,746,555 | ---- | M] () -- C:\Users\Admin\Desktop\SLV-SE35,50,60,70,80_SX60,70,80 alim.pdf [2010.10.23 23:57:47 | 000,000,212 | ---- | M] () -- C:\Windows\ildasmfnt.bin [2010.10.22 17:20:33 | 000,150,069 | ---- | M] () -- C:\Users\Admin\Desktop\XBOX_360_POT_CALIBRATION_V1.0_by_Moda.pdf [2010.10.22 07:29:27 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib [2010.10.04 18:31:00 | 000,462,581 | ---- | M] () -- C:\Users\Admin\Desktop\ZNASWM.pdf [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.02 22:10:57 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.31 09:27:48 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2010.10.30 09:21:26 | 019,733,191 | ---- | C] () -- C:\Users\Admin\Desktop\TM_GHS_MY09_D_RevA.pdf [2010.10.28 09:55:49 | 000,052,224 | -H-- | C] () -- C:\Windows\System32\chguecab.dll [2010.10.27 21:21:50 | 010,128,158 | ---- | C] () -- C:\Users\Admin\Desktop\RPGuide02_Baldurs_Gate2.pdf [2010.10.27 09:48:05 | 000,142,848 | ---- | C] () -- C:\Windows\System32\sfml-system-d.dll [2010.10.27 09:48:05 | 000,034,304 | ---- | C] () -- C:\Windows\System32\sfml-system.dll [2010.10.26 22:12:05 | 000,032,530 | ---- | C] () -- C:\Users\Admin\Desktop\ant99neu.pdf [2010.10.24 13:39:50 | 000,039,534 | ---- | C] () -- C:\Users\Admin\Desktop\Unvollständige FF_REW-Funktion.pdf [2010.10.24 11:25:00 | 001,746,555 | ---- | C] () -- C:\Users\Admin\Desktop\SLV-SE35,50,60,70,80_SX60,70,80 alim.pdf [2010.10.23 23:44:54 | 000,000,212 | ---- | C] () -- C:\Windows\ildasmfnt.bin [2010.10.22 17:20:33 | 000,150,069 | ---- | C] () -- C:\Users\Admin\Desktop\XBOX_360_POT_CALIBRATION_V1.0_by_Moda.pdf [2010.10.04 18:31:00 | 000,462,581 | ---- | C] () -- C:\Users\Admin\Desktop\ZNASWM.pdf [2010.09.25 17:21:19 | 013,803,520 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.09.18 22:18:09 | 000,000,004 | ---- | C] () -- C:\Windows\storedt.ini [2010.09.05 16:37:58 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.06.27 14:17:06 | 000,000,020 | -HS- | C] () -- C:\Users\Admin\AppData\Roaming\System2583.Data.DB.dat [2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.03.11 14:49:07 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.03.01 17:13:04 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2010.03.01 17:13:04 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010.02.14 20:18:49 | 000,000,196 | ---- | C] () -- C:\Windows\QTW.ini [2010.02.08 06:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\System32\vfprintpthelper.dll [2010.02.07 13:56:40 | 000,000,037 | ---- | C] () -- C:\Windows\ipixActivex.ini [2010.01.09 20:27:49 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010.01.09 20:27:49 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll [2010.01.09 20:27:49 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll [2010.01.02 12:44:40 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2010.01.02 10:28:46 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll [2009.12.19 10:06:32 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2009.12.18 16:49:57 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.11.17 19:49:40 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2009.10.04 10:03:39 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.10.04 10:03:39 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.10.04 09:49:04 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.10.03 17:04:51 | 000,007,602 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg [2009.10.02 15:28:29 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2009.07.14 01:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2002.08.13 17:04:12 | 000,217,088 | R--- | C] () -- C:\Users\Admin\AppData\Roaming\MafiaSetup.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:0C7CD59E230C9998 < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.11.2010 22:28:34 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Admin\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 55,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 156,15 Gb Total Space | 31,71 Gb Free Space | 20,30% Space Free | Partition Type: NTFS
Drive D: | 216,26 Gb Total Space | 41,88 Gb Free Space | 19,36% Space Free | Partition Type: NTFS
Drive F: | 124,02 Gb Total Space | 18,33 Gb Free Space | 14,78% Space Free | Partition Type: NTFS
Drive G: | 108,86 Gb Total Space | 6,72 Gb Free Space | 6,17% Space Free | Partition Type: NTFS
Computer Name: PCSPC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{302AC480-43D2-11D5-A818-00500435FC18}" = Gothic_Patch
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34BDF3BF-AA61-42E7-8818-C16A304910FC}" = Emma Core
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}" = Media Go
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5B09F344-4406-11D5-96E8-0050BA84F5F7}" = Baldurs Gate(TM) II - Thron des Bhaal (TM)
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A0ED01E-FD18-457A-AB9C-0835DCDB17BB}" = Microsoft Platform SDK (R2) (3790.2075)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B808FD6B-3C3A-450A-83EB-E2DAD602E433}" = Rad.RoutenPlaner.7.0
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F3FB33E7-6058-4C95-8FCE-9C0E01EAF946}" = M3 SAKURA V1.47 Global (GAME PATCH V4.8c)
"{F6CCD38C-8298-4F7B-91C5-C8DED0B24E5A}" = Fritz 12
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8B43173-DC55-4616-B750-CB113A76C773}" = Atheros USB Wireless LAN Driver Installer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"1947ed9c549f680a9ed3f1fdbb9337a4" = Myst V End Of Ages
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneCD" = CloneCD
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crusaders of Might and Magic" = Crusaders of Might and Magic(TM)
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fallout New Vegas_is1" = Fallout New Vegas
"Free YouTube Download_is1" = Free YouTube Download 2.8
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"GPS-Track-Analyse.NET_is1" = 5.0.1
"HijackThis" = HijackThis 1.99.1
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"IrfanView" = IrfanView (remove only)
"King's Bounty - Armored Princess_is1" = King's Bounty - Armored Princess
"Mafia" = Mafia
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mp3tag" = Mp3tag v2.46a
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PSP Video 9" = PSP Video 9 5.03
"QuickTime32" = QuickTime for Windows (32-bit)
"Ricochet Infinity_is1" = Ricochet Infinity
"RocketDock_is1" = RocketDock 1.3.5
"SEMC OMSI Module" = SEMC OMSI Module
"Steam App 400" = Portal
"Steam App 630" = Alien Swarm
"Stellarium_is1" = Stellarium 0.10.5
"Superfrog for Windows" = Superfrog for Windows
"SystemRequirementsLab" = System Requirements Lab
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"VMware_Workstation" = VMware Workstation
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"WinSetupFromUSB" = WinSetupFromUSB
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.10.2010 14:39:17 | Computer Name = PCsPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 29.10.2010 14:19:40 | Computer Name = PCsPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.10.2010 05:54:47 | Computer Name = PCsPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: mshtml.dll, Version: 8.0.7600.16625,
Zeitstempel: 0x4c2ae0bb Ausnahmecode: 0xc0000005 Fehleroffset: 0x00396579 ID des fehlerhaften
Prozesses: 0x6abc Startzeit der fehlerhaften Anwendung: 0x01cb7818517cc230 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\system32\mshtml.dll Berichtskennung: ba722460-e40b-11df-96d7-9bfd8ca143c4
Error - 30.10.2010 11:47:20 | Computer Name = PCsPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: RocketDock.dll, Version: 0.0.0.0,
Zeitstempel: 0x46db07a0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000004 ID des fehlerhaften
Prozesses: 0x5a0 Startzeit der fehlerhaften Anwendung: 0x01cb767e03668b80 Pfad der
fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Program
Files\RocketDock\RocketDock.dll Berichtskennung: fa8dc550-e43c-11df-96d7-9bfd8ca143c4
Error - 31.10.2010 04:21:17 | Computer Name = PCsPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.10.2010 04:21:17 | Computer Name = PCsPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.10.2010 10:43:07 | Computer Name = PCsPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 31.10.2010 10:45:22 | Computer Name = PCsPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft
Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 31.10.2010 11:26:22 | Computer Name = PCsPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 31.10.2010 11:27:53 | Computer Name = PCsPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft
Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ Media Center Events ]
Error - 18.05.2010 15:04:47 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 21:04:46 - Fehler beim Herstellen der Internetverbindung. 21:04:47
- Serververbindung konnte nicht hergestellt werden..
Error - 18.05.2010 15:05:03 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 21:04:52 - Fehler beim Herstellen der Internetverbindung. 21:04:52
- Serververbindung konnte nicht hergestellt werden..
Error - 18.05.2010 16:05:39 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 22:05:38 - Fehler beim Herstellen der Internetverbindung. 22:05:38
- Serververbindung konnte nicht hergestellt werden..
Error - 18.05.2010 16:05:51 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 22:05:44 - Fehler beim Herstellen der Internetverbindung. 22:05:44
- Serververbindung konnte nicht hergestellt werden..
Error - 18.05.2010 17:06:15 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 23:06:15 - Fehler beim Herstellen der Internetverbindung. 23:06:15
- Serververbindung konnte nicht hergestellt werden..
Error - 18.05.2010 17:06:26 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 23:06:20 - Fehler beim Herstellen der Internetverbindung. 23:06:20
- Serververbindung konnte nicht hergestellt werden..
Error - 19.05.2010 13:43:41 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 19:43:41 - Fehler beim Herstellen der Internetverbindung. 19:43:41
- Serververbindung konnte nicht hergestellt werden..
Error - 19.05.2010 13:43:55 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 19:43:46 - Fehler beim Herstellen der Internetverbindung. 19:43:46
- Serververbindung konnte nicht hergestellt werden..
Error - 20.05.2010 10:47:57 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 16:47:56 - Fehler beim Herstellen der Internetverbindung. 16:47:56
- Serververbindung konnte nicht hergestellt werden..
Error - 20.05.2010 10:48:10 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 16:48:02 - Fehler beim Herstellen der Internetverbindung. 16:48:02
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 16.11.2009 03:48:34 | Computer Name = PCsPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 308
seconds with 60 seconds of active time. This session ended with a crash.
Error - 16.01.2010 17:09:32 | Computer Name = PCsPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.
Error - 25.06.2010 13:14:32 | Computer Name = PCsPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 50
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.10.2010 10:15:10 | Computer Name = PCsPC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 31.10.2010 04:21:11 | Computer Name = PCsPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 31.10.2010 04:21:12 | Computer Name = PCsPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 31.10.2010 04:21:27 | Computer Name = PCsPC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 31.10.2010 04:21:27 | Computer Name = PCsPC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 11 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 31.10.2010 04:21:27 | Computer Name = PCsPC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 9 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 31.10.2010 04:21:27 | Computer Name = PCsPC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 31.10.2010 04:26:32 | Computer Name = PCsPC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 31.10.2010 07:10:52 | Computer Name = PCsPC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 01.11.2010 07:02:44 | Computer Name = PCsPC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden.
< End of report >
Nochmals Danke im Voraus. Geändert von corvuscorax (02.11.2010 um 22:55 Uhr) |
|
03.11.2010, 09:41
| #2 |
  | Gozi-Trojaner Online Banking gesperrt Hi,
__________________JAVA Deine Javasoftware ist veraltet! Download Java-Downloads für alle Betriebssysteme Schliesse alle Programme auch Deinen Webbrowser Über "Start -> Einstellungen -> Systemsteuerung -> Software entferne alle älteren Versionen von Java Runtime Environment (JRE of J2SE) Auch auf C:\Programme\Java entfernen! Nachdem alles entfernt wurde --->Rechner neu starten Installiere jetzt vom Desktop aus die neue Version! OTL:
 Code:
ATTFilter :OTL
O36 - AppCertDlls: fvepsync - (C:\Windows\system32\chguecab.dll) - C:\Windows\System32\chguecab.dll ()
O33 - MountPoints2\{054d788e-b0c3-11de-abe8-001b38543b6f}\Shell - "" = AutoRun
O33 - MountPoints2\{054d788e-b0c3-11de-abe8-001b38543b6f}\Shell\AutoRun\command - "" = J:\machinarium_install.exe -- File not found
O33 - MountPoints2\{296da17e-43f4-11df-9dbc-001b38543b6f}\Shell - "" = AutoRun
O33 - MountPoints2\{296da17e-43f4-11df-9dbc-001b38543b6f}\Shell\AutoRun\command - "" = I:\Startme.exe -- File not found
O33 - MountPoints2\{79f82546-b032-11de-b9cd-001b38543b6f}\Shell - "" = AutoRun
O33 - MountPoints2\{79f82546-b032-11de-b9cd-001b38543b6f}\Shell\AutoRun\command - "" = H:\AlterEgoDESetup.exe -- File not found
O33 - MountPoints2\{842dab3e-04ea-11df-95e3-001b38543b6f}\Shell - "" = AutoRun
O33 - MountPoints2\{842dab3e-04ea-11df-95e3-001b38543b6f}\Shell\AutoRun\command - "" = I:\autorun.exe -- File not found
O33 - MountPoints2\{a710c1d1-d5a9-11de-bb96-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{a710c1d1-d5a9-11de-bb96-005056c00008}\Shell\AutoRun\command - "" = L:\AUTOSTARTER.EXE -- File not found
O33 - MountPoints2\{ae796ac2-502c-11df-b283-001b38543b6f}\Shell - "" = AutoRun
O33 - MountPoints2\{ae796ac2-502c-11df-b283-001b38543b6f}\Shell\AutoRun\command - "" = H:\baldur.exe -- File not found
O33 - MountPoints2\{c54ab67d-dab1-11de-8def-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{c54ab67d-dab1-11de-8def-005056c00008}\Shell\AutoRun\command - "" = I:\setup.exe -- File not found
O33 - MountPoints2\{d4a2ae14-6185-11df-b37d-001b38543b6f}\Shell - "" = AutoRun
O33 - MountPoints2\{d4a2ae14-6185-11df-b37d-001b38543b6f}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{d4a2ae17-6185-11df-b37d-001b38543b6f}\Shell - "" = AutoRun
O33 - MountPoints2\{d4a2ae17-6185-11df-b37d-001b38543b6f}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{e0a809fc-42f2-11df-a7d5-001b38543b6f}\Shell - "" = AutoRun
O33 - MountPoints2\{e0a809fc-42f2-11df-a7d5-001b38543b6f}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{f1386bcb-e036-11de-9bfc-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{f1386bcb-e036-11de-9bfc-005056c00008}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{f1386be9-e036-11de-9bfc-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{f1386be9-e036-11de-9bfc-005056c00008}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{fb6fb42b-6665-11df-8cb1-001b38543b6f}\Shell - "" = AutoRun
O33 - MountPoints2\{fb6fb42b-6665-11df-8cb1-001b38543b6f}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{fb6fb436-6665-11df-8cb1-001b38543b6f}\Shell - "" = AutoRun
O33 - MountPoints2\{fb6fb436-6665-11df-8cb1-001b38543b6f}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{fb6fb44c-6665-11df-8cb1-001b38543b6f}\Shell - "" = AutoRun
O33 - MountPoints2\{fb6fb44c-6665-11df-8cb1-001b38543b6f}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{fb6fb44e-6665-11df-8cb1-001b38543b6f}\Shell - "" = AutoRun
O33 - MountPoints2\{fb6fb44e-6665-11df-8cb1-001b38543b6f}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
@Alternate Data Stream - 24 bytes -> C:\Windows:0C7CD59E230C9998
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris
__________________ |
|
04.11.2010, 08:01
| #3 |
| | Gozi-Trojaner Online Banking gesperrt Danke für die schnelle Antwort.
__________________Es hat ca. 7 Stunden gedauert bis er die C-Platte durchsucht hat. Muss noch drei andere Partitionen durchsuchen. Hier ist schon mal die Result-Log von OTL: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\fvepsync not found.
File C:\Windows\System32\chguecab.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{054d788e-b0c3-11de-abe8-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{054d788e-b0c3-11de-abe8-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{054d788e-b0c3-11de-abe8-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{054d788e-b0c3-11de-abe8-001b38543b6f}\ not found.
File J:\machinarium_install.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{296da17e-43f4-11df-9dbc-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{296da17e-43f4-11df-9dbc-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{296da17e-43f4-11df-9dbc-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{296da17e-43f4-11df-9dbc-001b38543b6f}\ not found.
File I:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79f82546-b032-11de-b9cd-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79f82546-b032-11de-b9cd-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79f82546-b032-11de-b9cd-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79f82546-b032-11de-b9cd-001b38543b6f}\ not found.
File H:\AlterEgoDESetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{842dab3e-04ea-11df-95e3-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{842dab3e-04ea-11df-95e3-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{842dab3e-04ea-11df-95e3-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{842dab3e-04ea-11df-95e3-001b38543b6f}\ not found.
File I:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a710c1d1-d5a9-11de-bb96-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a710c1d1-d5a9-11de-bb96-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a710c1d1-d5a9-11de-bb96-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a710c1d1-d5a9-11de-bb96-005056c00008}\ not found.
File L:\AUTOSTARTER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae796ac2-502c-11df-b283-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae796ac2-502c-11df-b283-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae796ac2-502c-11df-b283-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae796ac2-502c-11df-b283-001b38543b6f}\ not found.
File H:\baldur.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c54ab67d-dab1-11de-8def-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c54ab67d-dab1-11de-8def-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c54ab67d-dab1-11de-8def-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c54ab67d-dab1-11de-8def-005056c00008}\ not found.
File I:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4a2ae14-6185-11df-b37d-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4a2ae14-6185-11df-b37d-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4a2ae14-6185-11df-b37d-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4a2ae14-6185-11df-b37d-001b38543b6f}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4a2ae17-6185-11df-b37d-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4a2ae17-6185-11df-b37d-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4a2ae17-6185-11df-b37d-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4a2ae17-6185-11df-b37d-001b38543b6f}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0a809fc-42f2-11df-a7d5-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0a809fc-42f2-11df-a7d5-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0a809fc-42f2-11df-a7d5-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0a809fc-42f2-11df-a7d5-001b38543b6f}\ not found.
File H:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1386bcb-e036-11de-9bfc-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1386bcb-e036-11de-9bfc-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1386bcb-e036-11de-9bfc-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1386bcb-e036-11de-9bfc-005056c00008}\ not found.
File I:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1386be9-e036-11de-9bfc-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1386be9-e036-11de-9bfc-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1386be9-e036-11de-9bfc-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1386be9-e036-11de-9bfc-005056c00008}\ not found.
File I:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb42b-6665-11df-8cb1-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6fb42b-6665-11df-8cb1-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb42b-6665-11df-8cb1-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6fb42b-6665-11df-8cb1-001b38543b6f}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb436-6665-11df-8cb1-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6fb436-6665-11df-8cb1-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb436-6665-11df-8cb1-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6fb436-6665-11df-8cb1-001b38543b6f}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb44c-6665-11df-8cb1-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6fb44c-6665-11df-8cb1-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb44c-6665-11df-8cb1-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6fb44c-6665-11df-8cb1-001b38543b6f}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb44e-6665-11df-8cb1-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6fb44e-6665-11df-8cb1-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb44e-6665-11df-8cb1-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6fb44e-6665-11df-8cb1-001b38543b6f}\ not found.
File I:\AutoRun.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Code:
ATTFilter C:\Documents and Settings\Admin\Documents\DriverGenius\Backup\Driver Backup 2-7-2010-11596\Microsoft USB Sync\setup.exe infiziert mit Trojan.PWS.Stealer.121 - Desinfektion vom Benutzer abgelehnt
C:\Documents and Settings\Admin\Documents\DriverGenius\Backup\Driver Backup 2-7-2010-11596\Microsoft USB Sync#1\setup.exe infiziert mit Trojan.PWS.Stealer.121 - Desinfektion vom Benutzer abgelehnt
C:\Documents and Settings\Admin\Eigene Dateien\DriverGenius\Backup\Driver Backup 2-7-2010-11596\Microsoft USB Sync\setup.exe infiziert mit Trojan.PWS.Stealer.121 - Desinfektion vom Benutzer abgelehnt
C:\Documents and Settings\Admin\Eigene Dateien\DriverGenius\Backup\Driver Backup 2-7-2010-11596\Microsoft USB Sync#1\setup.exe infiziert mit Trojan.PWS.Stealer.121 - Desinfektion vom Benutzer abgelehnt
C:\Documents and Settings\Admin\Eigene Musik\Schiller\Schiller - Atemlose Klangwelten\06. Klangwelt Sechs.mp3 infiziert mit einer Modifikation von Trojan.Satanic.235 - Verschieben vom Benutzer abgelehnt
>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\483eec4c.qua/data001 infiziert mit BackDoor.Spy.657
>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\483eec4c.qua - Archiv enthält infizierte Objekte - Verschieben vom Benutzer abgelehnt
>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4959f0cb.qua/data001 infiziert mit BackDoor.Spy.657
>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4959f0cb.qua - Archiv enthält infizierte Objekte - Verschieben vom Benutzer abgelehnt
>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4e9193a8.qua/data001 infiziert mit Trojan.PWS.Dybalom
>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4e9193a8.qua - Archiv enthält infizierte Objekte - Verschieben vom Benutzer abgelehnt
>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4efbec0c.qua/data001 infiziert mit BackDoor.Spy.657
>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4efbec0c.qua - Archiv enthält infizierte Objekte - Verschieben vom Benutzer abgelehnt
>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4faf5e53.qua/data001 infiziert mit BackDoor.Poison.685
>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4faf5e53.qua - Archiv enthält infizierte Objekte - Verschieben vom Benutzer abgelehnt
>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\50a9c987.qua/data001 infiziert mit BackDoor.Spy.657
>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\50a9c987.qua - Archiv enthält infizierte Objekte - Verschieben vom Benutzer abgelehnt
>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\566cc9c7.qua/data001 infiziert mit BackDoor.Spy.657
>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\566cc9c7.qua - Archiv enthält infizierte Objekte - Verschieben vom Benutzer abgelehnt
|
|
04.11.2010, 08:07
| #4 |
| | Gozi-Trojaner Online Banking gesperrt Hi, so wie es aussieht ist der Banker vor dem Fix von OTL bereits entfernt worden! Code:
ATTFilter Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\fvepsync not found.
File C:\Windows\System32\chguecab.dll not found.
Poste noch ein mal ein neues OLT-Log und wir prüfen noch auf TDSS... TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
04.11.2010, 09:00
| #5 |
| | Gozi-Trojaner Online Banking gesperrt Wow, das ging ja schnell: Hier die OTL-Logs: Code:
ATTFilter OTL logfile created on: 04.11.2010 08:33:40 - Run 2 OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Admin\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 156,15 Gb Total Space | 28,24 Gb Free Space | 18,09% Space Free | Partition Type: NTFS Drive D: | 216,26 Gb Total Space | 41,88 Gb Free Space | 19,36% Space Free | Partition Type: NTFS Drive F: | 124,02 Gb Total Space | 24,86 Gb Free Space | 20,05% Space Free | Partition Type: NTFS Drive G: | 108,86 Gb Total Space | 6,72 Gb Free Space | 6,17% Space Free | Partition Type: NTFS Computer Name: PCSPC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Programme\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe (Sony Ericsson Mobile Communications) PRC - C:\Programme\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe (Sony Ericsson Mobile Communications) PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.) PRC - C:\Programme\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe (Philips) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\RocketDock\RocketDock.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation) MOD - C:\Programme\RocketDock\RocketDock.dll () ========== Win32 Services (SafeList) ========== SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe File not found SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (EmmaDevMgmtSvc) -- C:\Programme\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe (Sony Ericsson Mobile Communications) SRV - (EmmaUpdMgmtSvc) -- C:\Programme\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe (Sony Ericsson Mobile Communications) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (ufad-ws60) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe (SiSoftware) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found DRV - (hwdatacard) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.) DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.) DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.) DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.) DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (vstor2-ws60) -- C:\Programme\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (SANDRA) -- C:\Programme\SiSoftware Sandra Lite 2010.SP3\WNt500x86\sandra.sys (SiSoftware) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation) DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation) DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation) DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation) DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation) DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation) DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation) DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 74 B5 1D 67 43 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.5 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.30 17:08:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.03 12:54:28 | 000,000,000 | ---D | M] [2010.03.12 21:54:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2010.01.16 10:11:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.11.01 18:14:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\on2mhh8f.default\extensions [2010.07.25 09:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\on2mhh8f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.11 17:31:57 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\on2mhh8f.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010.10.25 17:36:40 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\on2mhh8f.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010.03.12 22:20:10 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\on2mhh8f.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010.09.11 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\on2mhh8f.default\extensions\piclens@cooliris.com [2010.09.11 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\on2mhh8f.default\extensions\pierre.krafft@hotmail.com [2010.09.11 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\on2mhh8f.default\extensions\scrapbookplus@addons.mozilla.org [2010.11.03 13:12:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.11.03 13:12:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.11.03 13:11:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.30 17:08:30 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.30 17:08:30 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.30 17:08:30 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.30 17:08:30 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.30 17:08:30 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.11.03 13:12:25 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} hxxp://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.03 13:33:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\DoctorWeb [2010.11.03 13:12:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.11.03 13:12:23 | 000,000,000 | ---D | C] -- C:\_OTL [2010.11.03 13:12:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.11.03 13:12:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.11.03 13:12:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.11.03 13:11:43 | 000,000,000 | ---D | C] -- C:\Programme\Java [2010.11.03 12:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.11.03 12:54:28 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.11.03 12:53:25 | 016,308,000 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Admin\Desktop\jre-6u22-windows-i586-s.exe [2010.11.02 22:12:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2010.11.02 22:10:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.02 22:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.02 22:10:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.02 22:10:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.02 22:09:55 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Admin\Desktop\mbam-setup-1.46.exe [2010.11.02 22:08:35 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2010.11.01 08:46:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Psycho [2010.10.31 09:27:48 | 000,209,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabctl32.ocx [2010.10.31 09:27:48 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mswinsck.ocx [2010.10.31 09:27:48 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabctde.dll [2010.10.31 09:27:48 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winskde.dll [2010.10.31 09:27:48 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stdftde.dll [2010.10.31 09:27:44 | 000,000,000 | ---D | C] -- C:\Programme\Biet-O-Matic [2010.10.30 17:50:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mp3tag [2010.10.30 17:50:11 | 000,000,000 | ---D | C] -- C:\Programme\Mp3tag [2010.10.27 16:08:27 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio .NET 2003 [2010.10.27 15:59:36 | 000,954,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudioD2_7.dll [2010.10.27 15:59:36 | 000,349,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XactEngineD3_7.dll [2010.10.27 15:59:36 | 000,131,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFXD1_5.dll [2010.10.27 15:59:35 | 002,261,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3dx9d_43.dll [2010.10.27 15:59:35 | 000,435,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XactEngineA3_7.dll [2010.10.27 15:59:35 | 000,045,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudioD1_7.dll [2010.10.27 15:59:34 | 003,795,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9d_33.dll [2010.10.27 15:59:33 | 000,268,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX11d_43.dll [2010.10.27 15:59:32 | 001,883,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCSXd_43.dll [2010.10.27 15:59:32 | 000,514,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX10d_43.dll [2010.10.27 15:59:32 | 000,348,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dref9.dll [2010.10.27 15:59:30 | 002,719,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9d.dll [2010.10.27 15:59:29 | 000,496,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D11SDKLayers.dll [2010.10.27 15:59:28 | 000,525,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D11Ref.dll [2010.10.27 15:59:28 | 000,442,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D10SDKLayers.DLL [2010.10.27 15:59:27 | 000,367,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D10Ref.DLL [2010.10.27 15:54:20 | 000,111,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\dxsdkuninst.exe [2010.10.27 15:33:06 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2010.10.27 15:33:01 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Merge Modules [2010.10.23 23:42:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft Corporation [2010.10.23 09:10:54 | 000,000,000 | ---D | C] -- C:\Programme\Application Verifier [2010.10.22 15:54:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\FalloutNV [2010.10.22 07:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2010.10.12 14:56:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.10.11 16:52:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2010.10.09 17:09:05 | 000,000,000 | ---D | C] -- C:\Programme\lame3.98.4 [2010.10.09 16:54:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\foobar2000 [2010.10.08 19:08:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.10.08 19:08:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe Mini Bridge CS5 [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.04 08:09:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.04 07:52:32 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.04 07:52:32 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.04 07:51:52 | 000,768,466 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.04 07:51:52 | 000,723,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.04 07:51:52 | 000,174,846 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.04 07:51:52 | 000,147,626 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.04 07:47:40 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.04 07:47:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.04 07:47:16 | 1609,764,864 | -HS- | M] () -- C:\hiberfil.sys [2010.11.03 23:02:15 | 320,142,518 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.11.03 14:23:10 | 000,754,985 | ---- | M] () -- C:\Users\Admin\Desktop\Anleitung DrWeb - CureIt - Trojaner-Board.mht [2010.11.03 14:17:58 | 000,000,260 | ---- | M] () -- C:\Users\Admin\Desktop\DrWeb.csv [2010.11.03 13:26:35 | 051,519,432 | ---- | M] () -- C:\Users\Admin\Desktop\drweb-cureit.exe [2010.11.03 13:12:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2010.11.03 13:11:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.11.03 13:11:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.11.03 13:11:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.11.03 13:11:46 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.11.03 12:53:52 | 016,308,000 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Admin\Desktop\jre-6u22-windows-i586-s.exe [2010.11.03 12:49:13 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.11.03 12:49:13 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.02 22:10:57 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.02 22:10:37 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Admin\Desktop\mbam-setup-1.46.exe [2010.11.02 22:09:46 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2010.11.01 11:46:23 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.10.30 09:21:27 | 019,733,191 | ---- | M] () -- C:\Users\Admin\Desktop\TM_GHS_MY09_D_RevA.pdf [2010.10.27 21:21:50 | 010,128,158 | ---- | M] () -- C:\Users\Admin\Desktop\RPGuide02_Baldurs_Gate2.pdf [2010.10.27 15:52:56 | 000,111,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\dxsdkuninst.exe [2010.10.26 22:12:05 | 000,032,530 | ---- | M] () -- C:\Users\Admin\Desktop\ant99neu.pdf [2010.10.24 13:39:50 | 000,039,534 | ---- | M] () -- C:\Users\Admin\Desktop\Unvollständige FF_REW-Funktion.pdf [2010.10.24 11:25:00 | 001,746,555 | ---- | M] () -- C:\Users\Admin\Desktop\SLV-SE35,50,60,70,80_SX60,70,80 alim.pdf [2010.10.23 23:57:47 | 000,000,212 | ---- | M] () -- C:\Windows\ildasmfnt.bin [2010.10.22 17:20:33 | 000,150,069 | ---- | M] () -- C:\Users\Admin\Desktop\XBOX_360_POT_CALIBRATION_V1.0_by_Moda.pdf [2010.10.22 07:29:27 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.03 23:02:15 | 320,142,518 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.11.03 14:23:08 | 000,754,985 | ---- | C] () -- C:\Users\Admin\Desktop\Anleitung DrWeb - CureIt - Trojaner-Board.mht [2010.11.03 14:17:58 | 000,000,260 | ---- | C] () -- C:\Users\Admin\Desktop\DrWeb.csv [2010.11.03 13:26:07 | 051,519,432 | ---- | C] () -- C:\Users\Admin\Desktop\drweb-cureit.exe [2010.11.02 22:10:57 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.31 09:27:48 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2010.10.30 09:21:26 | 019,733,191 | ---- | C] () -- C:\Users\Admin\Desktop\TM_GHS_MY09_D_RevA.pdf [2010.10.27 21:21:50 | 010,128,158 | ---- | C] () -- C:\Users\Admin\Desktop\RPGuide02_Baldurs_Gate2.pdf [2010.10.27 09:48:05 | 000,142,848 | ---- | C] () -- C:\Windows\System32\sfml-system-d.dll [2010.10.27 09:48:05 | 000,034,304 | ---- | C] () -- C:\Windows\System32\sfml-system.dll [2010.10.26 22:12:05 | 000,032,530 | ---- | C] () -- C:\Users\Admin\Desktop\ant99neu.pdf [2010.10.24 13:39:50 | 000,039,534 | ---- | C] () -- C:\Users\Admin\Desktop\Unvollständige FF_REW-Funktion.pdf [2010.10.24 11:25:00 | 001,746,555 | ---- | C] () -- C:\Users\Admin\Desktop\SLV-SE35,50,60,70,80_SX60,70,80 alim.pdf [2010.10.23 23:44:54 | 000,000,212 | ---- | C] () -- C:\Windows\ildasmfnt.bin [2010.10.22 17:20:33 | 000,150,069 | ---- | C] () -- C:\Users\Admin\Desktop\XBOX_360_POT_CALIBRATION_V1.0_by_Moda.pdf [2010.09.25 17:21:19 | 013,803,520 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.09.18 22:18:09 | 000,000,004 | ---- | C] () -- C:\Windows\storedt.ini [2010.09.05 16:37:58 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.06.27 14:17:06 | 000,000,020 | -HS- | C] () -- C:\Users\Admin\AppData\Roaming\System2583.Data.DB.dat [2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.03.11 14:49:07 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.03.01 17:13:04 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2010.03.01 17:13:04 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010.02.14 20:18:49 | 000,000,196 | ---- | C] () -- C:\Windows\QTW.ini [2010.02.08 06:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\System32\vfprintpthelper.dll [2010.02.07 13:56:40 | 000,000,037 | ---- | C] () -- C:\Windows\ipixActivex.ini [2010.01.09 20:27:49 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010.01.09 20:27:49 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll [2010.01.09 20:27:49 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll [2010.01.02 12:44:40 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2010.01.02 10:28:46 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll [2009.12.19 10:06:32 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2009.12.18 16:49:57 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.11.17 19:49:40 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2009.10.04 10:03:39 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.10.04 10:03:39 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.10.04 09:49:04 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.10.03 17:04:51 | 000,007,602 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg [2009.10.02 15:28:29 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2009.07.14 01:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2002.08.13 17:04:12 | 000,217,088 | R--- | C] () -- C:\Users\Admin\AppData\Roaming\MafiaSetup.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:0C7CD59E230C9998 < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.11.2010 08:33:40 - Run 2
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Admin\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 156,15 Gb Total Space | 28,24 Gb Free Space | 18,09% Space Free | Partition Type: NTFS
Drive D: | 216,26 Gb Total Space | 41,88 Gb Free Space | 19,36% Space Free | Partition Type: NTFS
Drive F: | 124,02 Gb Total Space | 24,86 Gb Free Space | 20,05% Space Free | Partition Type: NTFS
Drive G: | 108,86 Gb Total Space | 6,72 Gb Free Space | 6,17% Space Free | Partition Type: NTFS
Computer Name: PCSPC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{302AC480-43D2-11D5-A818-00500435FC18}" = Gothic_Patch
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34BDF3BF-AA61-42E7-8818-C16A304910FC}" = Emma Core
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}" = Media Go
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5B09F344-4406-11D5-96E8-0050BA84F5F7}" = Baldurs Gate(TM) II - Thron des Bhaal (TM)
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A0ED01E-FD18-457A-AB9C-0835DCDB17BB}" = Microsoft Platform SDK (R2) (3790.2075)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B808FD6B-3C3A-450A-83EB-E2DAD602E433}" = Rad.RoutenPlaner.7.0
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F3FB33E7-6058-4C95-8FCE-9C0E01EAF946}" = M3 SAKURA V1.47 Global (GAME PATCH V4.8c)
"{F6CCD38C-8298-4F7B-91C5-C8DED0B24E5A}" = Fritz 12
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8B43173-DC55-4616-B750-CB113A76C773}" = Atheros USB Wireless LAN Driver Installer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"1947ed9c549f680a9ed3f1fdbb9337a4" = Myst V End Of Ages
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneCD" = CloneCD
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crusaders of Might and Magic" = Crusaders of Might and Magic(TM)
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fallout New Vegas_is1" = Fallout New Vegas
"Free YouTube Download_is1" = Free YouTube Download 2.8
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"GPS-Track-Analyse.NET_is1" = 5.0.1
"HijackThis" = HijackThis 1.99.1
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"IrfanView" = IrfanView (remove only)
"King's Bounty - Armored Princess_is1" = King's Bounty - Armored Princess
"Mafia" = Mafia
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mp3tag" = Mp3tag v2.46a
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PSP Video 9" = PSP Video 9 5.03
"QuickTime32" = QuickTime for Windows (32-bit)
"Ricochet Infinity_is1" = Ricochet Infinity
"RocketDock_is1" = RocketDock 1.3.5
"SEMC OMSI Module" = SEMC OMSI Module
"Steam App 400" = Portal
"Steam App 630" = Alien Swarm
"Steamless Half-Life 2 Episode Two Stand-Alone" = Steamless Half-Life 2 Episode Two Stand-Alone
"Stellarium_is1" = Stellarium 0.10.5
"Superfrog for Windows" = Superfrog for Windows
"SystemRequirementsLab" = System Requirements Lab
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"VMware_Workstation" = VMware Workstation
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Worms Reloaded Update 1_is1" = Worms Reloaded Update 1
"Worms Reloaded_is1" = Worms Reloaded
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"WinSetupFromUSB" = WinSetupFromUSB
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.11.2010 08:30:53 | Computer Name = PCsPC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
Error - 03.11.2010 08:30:53 | Computer Name = PCsPC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x8007043c).
Error - 03.11.2010 09:20:11 | Computer Name = PCsPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 03.11.2010 09:20:11 | Computer Name = PCsPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 03.11.2010 18:02:36 | Computer Name = PCsPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 03.11.2010 18:02:36 | Computer Name = PCsPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 04.11.2010 02:47:37 | Computer Name = PCsPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 04.11.2010 02:47:37 | Computer Name = PCsPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 04.11.2010 03:23:30 | Computer Name = PCsPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 04.11.2010 03:25:24 | Computer Name = PCsPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft
Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ Media Center Events ]
Error - 18.05.2010 15:04:47 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 21:04:46 - Fehler beim Herstellen der Internetverbindung. 21:04:47
- Serververbindung konnte nicht hergestellt werden..
Error - 18.05.2010 15:05:03 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 21:04:52 - Fehler beim Herstellen der Internetverbindung. 21:04:52
- Serververbindung konnte nicht hergestellt werden..
Error - 18.05.2010 16:05:39 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 22:05:38 - Fehler beim Herstellen der Internetverbindung. 22:05:38
- Serververbindung konnte nicht hergestellt werden..
Error - 18.05.2010 16:05:51 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 22:05:44 - Fehler beim Herstellen der Internetverbindung. 22:05:44
- Serververbindung konnte nicht hergestellt werden..
Error - 18.05.2010 17:06:15 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 23:06:15 - Fehler beim Herstellen der Internetverbindung. 23:06:15
- Serververbindung konnte nicht hergestellt werden..
Error - 18.05.2010 17:06:26 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 23:06:20 - Fehler beim Herstellen der Internetverbindung. 23:06:20
- Serververbindung konnte nicht hergestellt werden..
Error - 19.05.2010 13:43:41 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 19:43:41 - Fehler beim Herstellen der Internetverbindung. 19:43:41
- Serververbindung konnte nicht hergestellt werden..
Error - 19.05.2010 13:43:55 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 19:43:46 - Fehler beim Herstellen der Internetverbindung. 19:43:46
- Serververbindung konnte nicht hergestellt werden..
Error - 20.05.2010 10:47:57 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 16:47:56 - Fehler beim Herstellen der Internetverbindung. 16:47:56
- Serververbindung konnte nicht hergestellt werden..
Error - 20.05.2010 10:48:10 | Computer Name = PCsPC | Source = MCUpdate | ID = 0
Description = 16:48:02 - Fehler beim Herstellen der Internetverbindung. 16:48:02
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 16.11.2009 03:48:34 | Computer Name = PCsPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 308
seconds with 60 seconds of active time. This session ended with a crash.
Error - 16.01.2010 17:09:32 | Computer Name = PCsPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.
Error - 25.06.2010 13:14:32 | Computer Name = PCsPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 50
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 03.11.2010 18:02:22 | Computer Name = PCsPC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?11.?2010 um 23:00:38 unerwartet heruntergefahren.
Error - 03.11.2010 18:02:25 | Computer Name = PCSPC | Source = BugCheck | ID = 1001
Description =
Error - 03.11.2010 18:02:29 | Computer Name = PCsPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 03.11.2010 18:02:31 | Computer Name = PCsPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 04.11.2010 02:47:29 | Computer Name = PCsPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 04.11.2010 02:47:31 | Computer Name = PCsPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 04.11.2010 02:47:46 | Computer Name = PCsPC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 04.11.2010 02:47:46 | Computer Name = PCsPC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 11 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 04.11.2010 02:47:47 | Computer Name = PCsPC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 9 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 04.11.2010 02:47:47 | Computer Name = PCsPC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
< End of report >
|
|
04.11.2010, 09:00
| #6 |
| | Gozi-Trojaner Online Banking gesperrt TDSSKiller: Code:
ATTFilter 2010/11/04 08:36:39.0833 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43
2010/11/04 08:36:39.0833 ================================================================================
2010/11/04 08:36:39.0834 SystemInfo:
2010/11/04 08:36:39.0834
2010/11/04 08:36:39.0834 OS Version: 6.1.7600 ServicePack: 0.0
2010/11/04 08:36:39.0834 Product type: Workstation
2010/11/04 08:36:39.0834 ComputerName: PCSPC
2010/11/04 08:36:39.0837 UserName: Admin
2010/11/04 08:36:39.0837 Windows directory: C:\Windows
2010/11/04 08:36:39.0837 System windows directory: C:\Windows
2010/11/04 08:36:39.0837 Processor architecture: Intel x86
2010/11/04 08:36:39.0837 Number of processors: 2
2010/11/04 08:36:39.0837 Page size: 0x1000
2010/11/04 08:36:39.0837 Boot type: Normal boot
2010/11/04 08:36:39.0837 ================================================================================
2010/11/04 08:36:40.0925 Initialize success
2010/11/04 08:36:51.0020 ================================================================================
2010/11/04 08:36:51.0020 Scan started
2010/11/04 08:36:51.0020 Mode: Manual;
2010/11/04 08:36:51.0020 ================================================================================
2010/11/04 08:36:54.0965 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/11/04 08:36:55.0189 acedrv11 (da115c33158e4ed1cce74221f320b6b3) C:\Windows\system32\drivers\acedrv11.sys
2010/11/04 08:36:55.0251 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/11/04 08:36:55.0348 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/11/04 08:36:55.0526 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/11/04 08:36:55.0704 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/11/04 08:36:55.0756 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/11/04 08:36:55.0853 AF15BDA (639a9c2dab390769be8fa23854435876) C:\Windows\system32\Drivers\AF15BDA.sys
2010/11/04 08:36:55.0912 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/11/04 08:36:55.0969 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/11/04 08:36:56.0044 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/11/04 08:36:56.0147 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/11/04 08:36:56.0202 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/11/04 08:36:56.0258 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/11/04 08:36:56.0339 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/04 08:36:56.0407 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/11/04 08:36:56.0485 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/11/04 08:36:56.0565 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/11/04 08:36:56.0605 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/11/04 08:36:56.0756 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/11/04 08:36:56.0865 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/11/04 08:36:56.0898 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/11/04 08:36:57.0033 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/04 08:36:57.0106 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/11/04 08:36:57.0260 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
2010/11/04 08:36:57.0426 athrusb (9dab3b4d046d88d14c2aa3ba79ca0570) C:\Windows\system32\DRIVERS\athrusb.sys
2010/11/04 08:36:57.0569 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2010/11/04 08:36:57.0779 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/11/04 08:36:57.0920 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/11/04 08:36:58.0013 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\Windows\system32\DRIVERS\avipbb.sys
2010/11/04 08:36:58.0105 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/11/04 08:36:58.0229 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/11/04 08:36:58.0437 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/11/04 08:36:58.0522 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/11/04 08:36:58.0556 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/04 08:36:58.0596 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/11/04 08:36:58.0639 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/11/04 08:36:58.0708 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
2010/11/04 08:36:58.0747 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
2010/11/04 08:36:58.0867 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/11/04 08:36:58.0909 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/11/04 08:36:58.0950 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/11/04 08:36:58.0977 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/11/04 08:36:59.0041 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/11/04 08:36:59.0069 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/11/04 08:36:59.0117 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2010/11/04 08:36:59.0210 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2010/11/04 08:36:59.0258 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2010/11/04 08:36:59.0335 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/04 08:36:59.0453 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/04 08:36:59.0506 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/04 08:36:59.0558 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/11/04 08:36:59.0683 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/04 08:36:59.0725 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/11/04 08:36:59.0784 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/11/04 08:36:59.0828 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/04 08:36:59.0910 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/11/04 08:36:59.0984 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/11/04 08:37:00.0057 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/11/04 08:37:00.0140 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/11/04 08:37:00.0179 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/11/04 08:37:00.0322 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/11/04 08:37:00.0421 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/11/04 08:37:00.0540 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/04 08:37:01.0016 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/11/04 08:37:01.0273 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
2010/11/04 08:37:01.0354 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/11/04 08:37:01.0442 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/11/04 08:37:01.0590 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/11/04 08:37:01.0670 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/11/04 08:37:01.0775 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/11/04 08:37:01.0827 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/04 08:37:01.0891 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/11/04 08:37:01.0930 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/11/04 08:37:01.0990 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/04 08:37:02.0056 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/11/04 08:37:02.0120 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/11/04 08:37:02.0153 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/04 08:37:02.0211 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/04 08:37:02.0270 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/11/04 08:37:02.0433 hcmon (1db5002c16f4df11fd062bd4a277aa24) C:\Windows\system32\drivers\hcmon.sys
2010/11/04 08:37:02.0485 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/11/04 08:37:02.0548 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/11/04 08:37:02.0594 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/04 08:37:02.0628 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/11/04 08:37:02.0680 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/11/04 08:37:02.0725 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/04 08:37:02.0812 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/04 08:37:02.0912 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/11/04 08:37:02.0969 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/11/04 08:37:03.0104 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/11/04 08:37:03.0188 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/04 08:37:03.0277 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/11/04 08:37:03.0340 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/11/04 08:37:03.0479 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/11/04 08:37:03.0517 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/04 08:37:03.0592 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/04 08:37:03.0665 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/11/04 08:37:03.0695 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/11/04 08:37:03.0728 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/11/04 08:37:03.0764 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/11/04 08:37:03.0869 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/04 08:37:03.0921 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/04 08:37:03.0959 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/04 08:37:04.0009 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/04 08:37:04.0092 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/11/04 08:37:04.0210 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/11/04 08:37:04.0387 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2010/11/04 08:37:04.0454 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/04 08:37:04.0510 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/11/04 08:37:04.0574 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/11/04 08:37:04.0601 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/11/04 08:37:04.0650 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/11/04 08:37:04.0691 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/11/04 08:37:04.0750 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/11/04 08:37:04.0876 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
2010/11/04 08:37:05.0041 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/11/04 08:37:05.0147 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/11/04 08:37:05.0214 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/11/04 08:37:05.0269 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/04 08:37:05.0322 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/04 08:37:05.0430 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/04 08:37:05.0462 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/11/04 08:37:05.0523 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/11/04 08:37:05.0548 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/04 08:37:05.0594 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/11/04 08:37:05.0675 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/04 08:37:05.0737 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/04 08:37:05.0782 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/04 08:37:05.0830 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/11/04 08:37:05.0867 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/11/04 08:37:05.0924 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/11/04 08:37:05.0965 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/11/04 08:37:06.0026 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/11/04 08:37:06.0077 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/04 08:37:06.0184 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/04 08:37:06.0245 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/11/04 08:37:06.0277 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/11/04 08:37:06.0338 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/04 08:37:06.0439 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/11/04 08:37:06.0495 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/11/04 08:37:06.0528 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/11/04 08:37:06.0634 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/04 08:37:06.0727 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/11/04 08:37:06.0774 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/11/04 08:37:06.0821 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/04 08:37:06.0876 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/04 08:37:07.0009 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/04 08:37:07.0041 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/11/04 08:37:07.0094 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/04 08:37:07.0147 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/04 08:37:07.0354 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/11/04 08:37:07.0450 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/11/04 08:37:07.0527 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/04 08:37:07.0637 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/11/04 08:37:07.0680 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/11/04 08:37:07.0791 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2010/11/04 08:37:08.0504 nvlddmkm (747ab0334b95e5cf91b7cf63f9005530) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/11/04 08:37:08.0901 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/11/04 08:37:08.0965 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2010/11/04 08:37:09.0014 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/11/04 08:37:09.0076 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/11/04 08:37:09.0118 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/04 08:37:09.0323 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/11/04 08:37:09.0430 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/11/04 08:37:09.0456 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/11/04 08:37:09.0490 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/11/04 08:37:09.0527 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/11/04 08:37:09.0565 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/11/04 08:37:09.0619 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/11/04 08:37:09.0658 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/11/04 08:37:09.0801 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/04 08:37:09.0835 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/11/04 08:37:09.0925 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/04 08:37:10.0190 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/11/04 08:37:10.0246 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/11/04 08:37:10.0309 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/04 08:37:10.0404 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/04 08:37:10.0486 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/11/04 08:37:10.0527 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/04 08:37:10.0563 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/04 08:37:10.0604 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/04 08:37:10.0634 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/04 08:37:10.0659 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/11/04 08:37:10.0726 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/04 08:37:10.0781 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/11/04 08:37:10.0822 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/04 08:37:10.0882 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/11/04 08:37:10.0955 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/11/04 08:37:11.0035 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/11/04 08:37:11.0128 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/11/04 08:37:11.0186 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/11/04 08:37:11.0242 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/11/04 08:37:11.0275 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/11/04 08:37:11.0363 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
2010/11/04 08:37:11.0477 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/04 08:37:11.0537 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
2010/11/04 08:37:11.0624 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2010/11/04 08:37:11.0661 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
2010/11/04 08:37:11.0707 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2010/11/04 08:37:11.0831 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
2010/11/04 08:37:12.0011 s1018obex (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
2010/11/04 08:37:12.0098 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
2010/11/04 08:37:12.0149 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/11/04 08:37:12.0371 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware Sandra Lite 2010.SP3\WNt500x86\Sandra.sys
2010/11/04 08:37:12.0473 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/11/04 08:37:12.0521 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/11/04 08:37:12.0603 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2010/11/04 08:37:12.0683 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/04 08:37:12.0745 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/04 08:37:12.0779 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/11/04 08:37:12.0821 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/11/04 08:37:12.0993 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/04 08:37:13.0023 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/11/04 08:37:13.0161 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/04 08:37:13.0269 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/11/04 08:37:13.0320 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/11/04 08:37:13.0389 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/11/04 08:37:13.0451 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/11/04 08:37:13.0513 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/11/04 08:37:13.0590 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/11/04 08:37:13.0846 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/11/04 08:37:13.0847 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/11/04 08:37:13.0855 sptd - detected Locked file (1)
2010/11/04 08:37:13.0941 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
2010/11/04 08:37:14.0040 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/04 08:37:14.0128 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/11/04 08:37:14.0200 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/11/04 08:37:14.0271 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/11/04 08:37:14.0351 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/04 08:37:14.0437 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/11/04 08:37:14.0558 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/11/04 08:37:14.0619 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/11/04 08:37:14.0651 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/11/04 08:37:14.0714 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/04 08:37:14.0982 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/11/04 08:37:15.0073 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/04 08:37:15.0117 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/04 08:37:15.0154 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/11/04 08:37:15.0217 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/11/04 08:37:15.0249 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/04 08:37:15.0281 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/04 08:37:15.0435 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/04 08:37:15.0703 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
2010/11/04 08:37:15.0878 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/04 08:37:15.0969 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/11/04 08:37:16.0043 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/04 08:37:16.0159 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/11/04 08:37:16.0217 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/04 08:37:16.0243 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/11/04 08:37:16.0320 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/04 08:37:16.0364 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/11/04 08:37:16.0457 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/04 08:37:16.0565 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/04 08:37:16.0642 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/04 08:37:16.0715 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/04 08:37:16.0791 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/04 08:37:16.0843 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/04 08:37:16.0899 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/04 08:37:17.0002 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/11/04 08:37:17.0149 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
2010/11/04 08:37:17.0224 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/11/04 08:37:17.0290 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/04 08:37:17.0335 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/11/04 08:37:17.0387 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/11/04 08:37:17.0452 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/11/04 08:37:17.0519 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/11/04 08:37:17.0572 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/11/04 08:37:17.0657 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/11/04 08:37:17.0727 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/11/04 08:37:17.0776 vmci (318aad60e0ee10cb899041382a546c32) C:\Windows\system32\Drivers\vmci.sys
2010/11/04 08:37:17.0886 vmkbd (c9d3a12ed2f0134e84463dfcd60dedf5) C:\Windows\system32\drivers\VMkbd.sys
2010/11/04 08:37:17.0994 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2010/11/04 08:37:18.0051 VMnetBridge (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2010/11/04 08:37:18.0087 VMnetuserif (70f85975832b1ce320cd0b0621141b18) C:\Windows\system32\drivers\vmnetuserif.sys
2010/11/04 08:37:18.0217 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\Windows\system32\Drivers\vmusb.sys
2010/11/04 08:37:18.0417 vmx86 (414cc8cc3f3b76e12c47f9e955c3de06) C:\Windows\system32\Drivers\vmx86.sys
2010/11/04 08:37:18.0491 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/11/04 08:37:18.0550 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/11/04 08:37:18.0576 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/11/04 08:37:18.0668 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/11/04 08:37:18.0814 vstor2-ws60 (476a052b3ce506ed63a94018f3e979d5) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
2010/11/04 08:37:18.0848 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/11/04 08:37:19.0224 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/11/04 08:37:19.0407 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/11/04 08:37:19.0474 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/11/04 08:37:19.0530 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/04 08:37:19.0559 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/04 08:37:19.0682 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/11/04 08:37:19.0760 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/04 08:37:19.0855 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/11/04 08:37:19.0914 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/11/04 08:37:20.0036 WINUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.SYS
2010/11/04 08:37:20.0113 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/04 08:37:20.0200 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/04 08:37:20.0265 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/11/04 08:37:20.0331 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/04 08:37:21.0072 ================================================================================
2010/11/04 08:37:21.0072 Scan finished
2010/11/04 08:37:21.0072 ================================================================================
2010/11/04 08:37:21.0092 Detected object count: 1
2010/11/04 08:37:32.0175 Locked file(sptd) - User select action: Skip
2010/11/04 08:39:40.0385 ================================================================================
2010/11/04 08:39:40.0385 Scan started
2010/11/04 08:39:40.0385 Mode: Manual;
2010/11/04 08:39:40.0385 ================================================================================
2010/11/04 08:39:40.0996 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/11/04 08:39:41.0041 acedrv11 (da115c33158e4ed1cce74221f320b6b3) C:\Windows\system32\drivers\acedrv11.sys
2010/11/04 08:39:41.0071 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/11/04 08:39:41.0108 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/11/04 08:39:41.0168 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/11/04 08:39:41.0202 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/11/04 08:39:41.0231 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/11/04 08:39:41.0295 AF15BDA (639a9c2dab390769be8fa23854435876) C:\Windows\system32\Drivers\AF15BDA.sys
2010/11/04 08:39:41.0332 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/11/04 08:39:41.0378 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/11/04 08:39:41.0408 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/11/04 08:39:41.0444 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/11/04 08:39:41.0477 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/11/04 08:39:41.0511 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/11/04 08:39:41.0536 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/04 08:39:41.0560 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/11/04 08:39:41.0594 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/11/04 08:39:41.0613 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/11/04 08:39:41.0647 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/11/04 08:39:41.0698 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/11/04 08:39:41.0751 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/11/04 08:39:41.0785 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/11/04 08:39:41.0842 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/04 08:39:41.0874 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/11/04 08:39:41.0935 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
2010/11/04 08:39:42.0045 athrusb (9dab3b4d046d88d14c2aa3ba79ca0570) C:\Windows\system32\DRIVERS\athrusb.sys
2010/11/04 08:39:42.0100 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2010/11/04 08:39:42.0187 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/11/04 08:39:42.0229 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/11/04 08:39:42.0277 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\Windows\system32\DRIVERS\avipbb.sys
2010/11/04 08:39:42.0336 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/11/04 08:39:42.0383 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/11/04 08:39:42.0424 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/11/04 08:39:42.0455 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/11/04 08:39:42.0479 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/04 08:39:42.0516 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/11/04 08:39:42.0548 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/11/04 08:39:42.0584 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
2010/11/04 08:39:42.0601 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
2010/11/04 08:39:42.0635 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/11/04 08:39:42.0663 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/11/04 08:39:42.0692 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/11/04 08:39:42.0710 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/11/04 08:39:42.0749 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/11/04 08:39:42.0788 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/11/04 08:39:42.0825 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2010/11/04 08:39:42.0875 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2010/11/04 08:39:42.0911 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2010/11/04 08:39:42.0943 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/04 08:39:42.0984 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/04 08:39:43.0015 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/04 08:39:43.0056 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/11/04 08:39:43.0092 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/04 08:39:43.0123 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/11/04 08:39:43.0145 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/11/04 08:39:43.0166 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/04 08:39:43.0196 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/11/04 08:39:43.0237 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/11/04 08:39:43.0288 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/11/04 08:39:43.0348 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/11/04 08:39:43.0382 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/11/04 08:39:43.0400 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/11/04 08:39:43.0464 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/11/04 08:39:43.0515 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/04 08:39:43.0625 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/11/04 08:39:43.0782 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
2010/11/04 08:39:43.0919 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/11/04 08:39:43.0973 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/11/04 08:39:44.0021 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/11/04 08:39:44.0079 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/11/04 08:39:44.0117 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/11/04 08:39:44.0147 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/04 08:39:44.0189 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/11/04 08:39:44.0216 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/11/04 08:39:44.0244 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/04 08:39:44.0276 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/11/04 08:39:44.0329 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/11/04 08:39:44.0362 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/04 08:39:44.0409 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/04 08:39:44.0457 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/11/04 08:39:44.0520 hcmon (1db5002c16f4df11fd062bd4a277aa24) C:\Windows\system32\drivers\hcmon.sys
2010/11/04 08:39:44.0550 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/11/04 08:39:44.0602 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/11/04 08:39:44.0636 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/04 08:39:44.0663 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/11/04 08:39:44.0700 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/11/04 08:39:44.0734 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/04 08:39:44.0788 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/04 08:39:44.0843 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/11/04 08:39:44.0889 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/11/04 08:39:44.0957 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/11/04 08:39:45.0019 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/04 08:39:45.0053 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/11/04 08:39:45.0105 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/11/04 08:39:45.0177 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/11/04 08:39:45.0214 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/04 08:39:45.0246 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/04 08:39:45.0285 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/11/04 08:39:45.0315 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/11/04 08:39:45.0348 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/11/04 08:39:45.0373 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/11/04 08:39:45.0410 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/04 08:39:45.0475 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/04 08:39:45.0557 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/04 08:39:45.0640 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/04 08:39:45.0692 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/11/04 08:39:45.0752 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/11/04 08:39:45.0797 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2010/11/04 08:39:45.0819 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/04 08:39:45.0875 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/11/04 08:39:45.0928 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/11/04 08:39:45.0964 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/11/04 08:39:45.0993 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/11/04 08:39:46.0013 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/11/04 08:39:46.0048 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/11/04 08:39:46.0085 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
2010/11/04 08:39:46.0128 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/11/04 08:39:46.0157 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/11/04 08:39:46.0234 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/11/04 08:39:46.0267 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/04 08:39:46.0297 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/04 08:39:46.0339 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/04 08:39:46.0383 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/11/04 08:39:46.0421 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/11/04 08:39:46.0457 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/04 08:39:46.0503 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/11/04 08:39:46.0532 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/04 08:39:46.0569 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/04 08:39:46.0589 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/04 08:39:46.0628 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/11/04 08:39:46.0665 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/11/04 08:39:46.0705 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/11/04 08:39:46.0741 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/11/04 08:39:46.0775 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/11/04 08:39:46.0819 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/04 08:39:46.0848 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/04 08:39:46.0876 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/11/04 08:39:46.0908 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/11/04 08:39:46.0948 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/04 08:39:46.0993 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/11/04 08:39:47.0027 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/11/04 08:39:47.0084 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/11/04 08:39:47.0132 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/04 08:39:47.0181 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/11/04 08:39:47.0217 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/11/04 08:39:47.0253 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/04 08:39:47.0285 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/04 08:39:47.0306 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/04 08:39:47.0340 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/11/04 08:39:47.0359 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/04 08:39:47.0411 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/04 08:39:47.0497 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/11/04 08:39:47.0530 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/11/04 08:39:47.0561 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/04 08:39:47.0625 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/11/04 08:39:47.0667 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/11/04 08:39:47.0723 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2010/11/04 08:39:48.0011 nvlddmkm (747ab0334b95e5cf91b7cf63f9005530) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/11/04 08:39:48.0310 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/11/04 08:39:48.0353 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2010/11/04 08:39:48.0372 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/11/04 08:39:48.0419 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/11/04 08:39:48.0461 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/04 08:39:48.0533 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/11/04 08:39:48.0562 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/11/04 08:39:48.0587 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/11/04 08:39:48.0620 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/11/04 08:39:48.0638 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/11/04 08:39:48.0674 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/11/04 08:39:48.0713 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/11/04 08:39:48.0757 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/11/04 08:39:48.0889 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/04 08:39:48.0934 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/11/04 08:39:48.0979 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/04 08:39:49.0044 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/11/04 08:39:49.0088 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/11/04 08:39:49.0130 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/04 08:39:49.0202 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/04 08:39:49.0240 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/11/04 08:39:49.0277 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/04 08:39:49.0315 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/04 08:39:49.0347 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/04 08:39:49.0388 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/04 08:39:49.0409 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/11/04 08:39:49.0436 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/04 08:39:49.0480 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/11/04 08:39:49.0509 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/04 08:39:49.0539 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/11/04 08:39:49.0587 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/11/04 08:39:49.0633 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/11/04 08:39:49.0693 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/11/04 08:39:49.0740 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/11/04 08:39:49.0765 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/11/04 08:39:49.0797 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/11/04 08:39:49.0872 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
2010/11/04 08:39:49.0909 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/04 08:39:49.0958 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
2010/11/04 08:39:50.0000 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2010/11/04 08:39:50.0026 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
2010/11/04 08:39:50.0046 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2010/11/04 08:39:50.0085 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
2010/11/04 08:39:50.0132 s1018obex (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
2010/11/04 08:39:50.0163 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
2010/11/04 08:39:50.0203 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/11/04 08:39:50.0314 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware Sandra Lite 2010.SP3\WNt500x86\Sandra.sys
2010/11/04 08:39:50.0372 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/11/04 08:39:50.0420 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/11/04 08:39:50.0491 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2010/11/04 08:39:50.0537 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/04 08:39:50.0610 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/04 08:39:50.0644 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/11/04 08:39:50.0675 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/11/04 08:39:50.0747 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/04 08:39:50.0777 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/11/04 08:39:50.0827 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/04 08:39:50.0857 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/11/04 08:39:50.0918 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/11/04 08:39:50.0954 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/11/04 08:39:50.0994 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/11/04 08:39:51.0034 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/11/04 08:39:51.0088 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/11/04 08:39:51.0156 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/11/04 08:39:51.0156 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/11/04 08:39:51.0164 sptd - detected Locked file (1)
2010/11/04 08:39:51.0228 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
2010/11/04 08:39:51.0272 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/04 08:39:51.0316 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/11/04 08:39:51.0366 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/11/04 08:39:51.0412 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/11/04 08:39:51.0461 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/04 08:39:51.0513 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/11/04 08:39:51.0579 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/11/04 08:39:51.0617 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/11/04 08:39:51.0649 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/11/04 08:39:51.0680 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/04 08:39:51.0803 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/11/04 08:39:51.0852 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/04 08:39:51.0894 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/04 08:39:51.0942 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/11/04 08:39:51.0971 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/11/04 08:39:52.0003 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/04 08:39:52.0035 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/04 08:39:52.0112 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/04 08:39:52.0212 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
2010/11/04 08:39:52.0243 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/04 08:39:52.0279 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/11/04 08:39:52.0319 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/04 08:39:52.0380 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/11/04 08:39:52.0426 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/04 08:39:52.0453 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/11/04 08:39:52.0507 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/04 08:39:52.0540 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/11/04 08:39:52.0589 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/04 08:39:52.0629 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/04 08:39:52.0674 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/04 08:39:52.0713 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/04 08:39:52.0756 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/04 08:39:52.0787 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/04 08:39:52.0831 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/04 08:39:52.0880 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/11/04 08:39:52.0948 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
2010/11/04 08:39:52.0989 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/11/04 08:39:53.0044 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/04 08:39:53.0078 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/11/04 08:39:53.0119 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/11/04 08:39:53.0150 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/11/04 08:39:53.0172 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/11/04 08:39:53.0214 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/11/04 08:39:53.0245 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/11/04 08:39:53.0271 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/11/04 08:39:53.0308 vmci (318aad60e0ee10cb899041382a546c32) C:\Windows\system32\Drivers\vmci.sys
2010/11/04 08:39:53.0340 vmkbd (c9d3a12ed2f0134e84463dfcd60dedf5) C:\Windows\system32\drivers\VMkbd.sys
2010/11/04 08:39:53.0371 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2010/11/04 08:39:53.0405 VMnetBridge (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2010/11/04 08:39:53.0442 VMnetuserif (70f85975832b1ce320cd0b0621141b18) C:\Windows\system32\drivers\vmnetuserif.sys
2010/11/04 08:39:53.0483 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\Windows\system32\Drivers\vmusb.sys
2010/11/04 08:39:53.0561 vmx86 (414cc8cc3f3b76e12c47f9e955c3de06) C:\Windows\system32\Drivers\vmx86.sys
2010/11/04 08:39:53.0623 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/11/04 08:39:53.0646 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/11/04 08:39:53.0687 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/11/04 08:39:53.0723 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/11/04 08:39:53.0835 vstor2-ws60 (476a052b3ce506ed63a94018f3e979d5) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
2010/11/04 08:39:53.0869 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/11/04 08:39:53.0901 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/11/04 08:39:54.0039 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/11/04 08:39:54.0096 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/11/04 08:39:54.0115 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/04 08:39:54.0140 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/04 08:39:54.0225 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/11/04 08:39:54.0270 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/04 08:39:54.0338 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/11/04 08:39:54.0369 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/11/04 08:39:54.0469 WINUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.SYS
2010/11/04 08:39:54.0523 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/04 08:39:54.0588 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/04 08:39:54.0642 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/11/04 08:39:54.0674 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/04 08:39:55.0195 ================================================================================
2010/11/04 08:39:55.0195 Scan finished
2010/11/04 08:39:55.0195 ================================================================================
2010/11/04 08:39:55.0216 Detected object count: 1
2010/11/04 08:40:39.0157 Locked file(sptd) - User select action: Skip
|
|
04.11.2010, 09:24
| #7 | |
| | Gozi-Trojaner Online Banking gesperrt Hi, Du solltest mal Deine CPU im Auge behalten, voerclockt? Zitat:
SPTD.SYS entfernen Normalerweise gehört die Datei sptd.sys zu Daemontools bzw. Alcohol180, wird aber bei deren deinstallation nicht mit entfernt, daher: Zur vollautomatischen Deinstallation von SPTD.SYS kannst Du ein SPTD Entfernungstool (DuplexSecure - Downloads) nutzen. Beachte die unterschiedlichen Versionen für 32bit und 64bit Systeme. Starte die Datei und wählen Uninstall aus. Anschließend neu booten. Eventuell muss dann Nero neu installiert bzw. repariert werden. Sonst sieht es soweit gut aus... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
04.11.2010, 09:36
| #8 |
| | Gozi-Trojaner Online Banking gesperrt Nein, habe nie den Prozessor übertaktet. Also nochmal vielen Dank für die Bekämpfung dieses Trojaners. Habe aber noch ein paar Fragen: 1. Woher wusste die Bank, dass mein PC infiziert ist? 2. Wie wurde meine PC infiziert? (ich musste dafür doch eine infizierte Datei ausführen) 3. Sollte mein PC durch eine ausgeführte Datei infiziert worden sein, warum hat mein AntiVirenprogramm nichts gemeldet (sollte ich sicherheitshalber noch ein zweites Antivirenprogramm installieren?) 4. ich benutze nur die Hardware-Firewall meines Routers. (ich habe irgendwo gelesen, dass das reicht und dass Desktopfirewalls ineffektiv wären) Achja, die Sachen die Malwarebytes gefunden hat, müssen die nicht gefixt werden? Geändert von corvuscorax (04.11.2010 um 10:31 Uhr) |
|
04.11.2010, 14:39
| #9 |
| | Gozi-Trojaner Online Banking gesperrt Hi, dann solltest Du den Prozessorkühler mal überprüfen ob er staubfrei ist und noch "dreht"... zu 1.) Deine Kontodaten sind auf einem HackerServer aufgetaucht bzw. wurden bereits in den entsprechenden Kreisen "gehandelt".. zu 2.) Mit hoher Wahrscheinlichkeit durch einen drive-by-download und das ausnutzen von Sichheitslücken zu 3.)-.- Signatur muss bekannt sein, oder ein HIPS installiert sein (gibt aber auch kein 100% Schutz (HIPS=HostIntrutionDetection) -> ThreatFire-AntiVirus - Verhaltensorientierter Schutz gegen Viren und Spyware) zu 4.) Das ist i. O. so, das ist ein "Philosophen"-Streit... Und: Natürlich die Funde von MAM sofort fixen lassen, am Besten vorher ein Update durchführen und Fullscan... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Gozi-Trojaner Online Banking gesperrt |
| 32-bit, alternate, antivir, avgntflt.sys, avira, backdoor.trace, bho, components, conhost.exe, corp./icp, downloader, e-banking, error, excel.exe, firefox, flash player, fontcache, generic.bot.h, google, gozi-infektion, helper, hijack, hijackthis, home, iexplore.exe, install.exe, langs, location, logfile, media center, microsoft office word, mp3, msvcr80.dll, nicht gefunden, nvlddmkm.sys, nvstor.sys, object, office 2007, oldtimer, otl.exe, plug-in, programdata, realtek, registry, richtlinie, saver, sched.exe, searchplugins, security, security update, server, shell32.dll, software, sptd.sys, static, studio, svchost, system, taskhost.exe, tower, updates, visual studio, vlc media player, webcheck |
Linear-Darstellung
