| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Gmer meldet: service C:\WINDOWS\system32\svchost.exe? (*** hidden *** ) WSC <-- ROOTKIT !Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.12.2010, 14:19
| #1 |
| |  Gmer meldet: service C:\WINDOWS\system32\svchost.exe? (*** hidden *** ) WSC <-- ROOTKIT ! Hallo, habe seit einiger Zeit ab und zu Schwierigkeiten ins Internet zu kommen, d.h. wenn ich meinen Netzwerkadapter aktiviere zeigt mir NetSpeedMonitor zwar an, daß ich drin bin (bei minimalem Traffic). Wenn ich aber versuche, Eset upzudaten bzw. WinUpdate starten will, rödeln die zwar ewig vor sich hin, aber passieren tut nichts; auch kein Browser oder sonstwas kann ins Netz. Wenn ich dann einen Neustart mache, sehe ich dann den WinUpdateDienst als Blockierer beim runterfahren, so daß ich auch schon mal entnervt "zwangsresette". Das wiederhochfahren klappt dann auch problemlos und dann auch der Netzzugang. Seltsamerweise meldet mir auch die EsetFirewall (auf interaktiv gestellt) daß ein Remote-Computer Zugriff haben will auf den WinHostProzess (müßte ja die svchost.exe sein) was ich erst mal blockiere. Die Remote-Adresse ist manchmal von der primacom (mein Kabel-Anbieter) was aber nichts besagen will, denke ich, was haben die auf meinem Computer zu suchen? Dazu muß ich auch noch sagen, daß ich in meinen Netzwerkeinstellungen die 2 DNS-Server-Adressen der Primacom fest eingestellt habe, so daß da eine Umleitung auch schwieriger sein müßte... Nun hatte ich die Faxen dicke und hab'mir die neueste GMER geholt und siehe da, ein Rootkit soll's sein, auf meinen beiden Systemen (habe auch Win7 x64). Zur Kontrolle den Scan auch auf dem Computer meiner Frau (win7 x64) durchgeführt, sauber... Wäre dankbar, wenn ihr mir helfen könntet ! Grüße, Billy PS: darf ich denn nun meinen SPDT Treiber wieder anstellen ? Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Datenbank Version: 5232
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
02.12.2010 09:31:46
mbam-log-2010-12-02 (09-31-46).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 170156
Laufzeit: 3 Minute(n), 1 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:37 on 02/12/2010 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-02 10:12:06
Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000080 SAMSUNG_ rev.1AG0
Running: 8r6tj3my.exe; Driver: J:\WINDOWS\TEMP\pwryipow.sys
---- System - GMER 1.0.15 ----
Code 9A086BFC ZwTraceEvent
Code 9A086BFB NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!NtTraceEvent 82E41E34 5 Bytes JMP 9A086C00
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E52599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E76F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 83084135 5 Bytes JMP 9A086DE0
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 83085B5D 5 Bytes JMP 9A086D40
PAGE ntkrnlpa.exe!NtRequestPort + 2 83099DC3 5 Bytes JMP 9A086CA0
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9323A000, 0x352E10, 0xE8000020]
.text C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl section is writeable [0xA6564000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl entry point in ".vmp2" section [0xA6587050]
.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xA6564000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xA6587050]
? J:\WINDOWS\TEMP\ALSysIO.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\OO Software\Defrag\oodag.exe[940] kernel32.dll!SetUnhandledExceptionFilter 773D3162 5 Bytes JMP 00402FB0 C:\Program Files\OO Software\Defrag\oodag.exe (O&O Defrag Agent (Win32)/O&O Software GmbH)
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1012] kernel32.dll!SetUnhandledExceptionFilter 773D3162 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2764] ntdll.dll!LdrLoadDll 7728F625 5 Bytes JMP 013713F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3180] USER32.dll!TrackPopupMenu 77084B3B 5 Bytes JMP 66695CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
AttachedDevice tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
Device \Driver\ACPI_HAL \Device\00000070 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device volmgr.sys (Volume Manager Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device amd_sata.sys (AHCI 1.2 Device Driver/Advanced Micro Devices)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\svchost.exe? (*** hidden *** ) WSC <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x04 0x81 0x80 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x57 0x48 0x74 0xC5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x6D 0xF8 0xA0 0x79 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB9 0xAB 0xEF 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8E 0x9F 0x0E 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD3 0x82 0xF9 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite 4.12.4\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x42 0x03 0xF6 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x70 0x0B 0x9A 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE4 0x33 0x14 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x04 0x81 0x80 0x08 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x57 0x48 0x74 0xC5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x6D 0xF8 0xA0 0x79 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB9 0xAB 0xEF 0x09 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8E 0x9F 0x0E 0xAE ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD3 0x82 0xF9 0x53 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite 4.12.4\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x42 0x03 0xF6 0x53 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x70 0x0B 0x9A 0x2C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE4 0x33 0x14 0x71 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 792F8124DF3BC6280C505EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D8EDD5E5BE2F6E6678EDD5E5BE2F6E667045EA2A3A9DE104F148E8756A585C99F03FB73C9B40596F400FC41CDB7BFB06CCF70441D6470E72E1DD67947FA807C6C93FC0636458743614DBA05B4714521E98BB72E1332B7D32BC8C542D0B63D874B11D34EE26B45C3B42F5D37771394206BAB7B215DA518CBFA970019EC0AC7EBE2A51B198B17933EA61E98DB33E96D945B16ACF39A88D91D567BCAC7D8DA0F78DDF29247ADE8A9A6F288C585C8F3F0BA25A3DB122BD725E6FB5B92AF97C266546B8C1DCC8DB825C85ACDE15F5AE4A2A2B9233E79B44208A02E1264C26E1006F83DFA4532338F85431FC30FA5D1256EAF0E56AEBB202EF611AF70F30868C188B489393593E7AD2F8809328F2AD9CEA0991AF3AAFE9A3347D54DB7181CD38F6E280CB73D20BB856CE06558CDD163B36AEC5BA5D3FE141E33DF539FCC2E416319C9045A521D023CE6658265D695A254618852887008C46F597214D3AE7F8759D2E3327A0AE2D02D318533FEDB0310EAFE20032F6A7D225B3CA8E3F10269C243C3935F62A1DD8466BD0450BEB03C6661A0BBF5A050D46C4AC16D9C8D2FD64E26FD4B5553F80EBC2AE6F635B04F75A7D807B73955D21AA25
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL 23036B7CFEDCBE5DD7B29E13B31D77098D3C00067DBEFD808986AC757EB653AB6650D3A09718AF1173FB3F4832A83940EFF82BA5581285560B32EC732B99E0883A116EFE176A7C415A107555617051532CDE3C7588C1EAB20F92FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A9C6AECB7A5D14078EDD5E5BE2F6E667800B6198B29FFBBD6B669E16C3E2127EABFBCD65B0A92B9EE2EF5FA844882D84998A64E91FE12571536DEF8678210C34F5DE3D27AE90596D879B3050A833686034BDA3778432AF5725B501AE195D401429CEAFDFC4B91FD4B1C7D017139EE5E115F64BDEA6E7B737AA802BA6FD2E0B30B320CA3F811BB64F92FBCF67E5C4D98CD20C79E4DC1D113B82163A2A94707B7A5929281C05738AB9353D36CF97622DC55C5740ED923040F31D3FED99DA42514D3045D3EC04C1BAD4F21A7B0031F8FC5873B5A807C6427D54424CF8796886066422554F5149C91947FCA30F4F53CD98F22909AC5D0DBAB733898F05EF626543DEEF3D8F8732952F1A566D53B8AD69062869373B450CC391CCE1DEAECA07C866432A637D76AEEDB83BD5111DD70898FB6D70A8B7B5FE4A5DC00D948377A5E003783934F526C4E6A27A292A3770BC6E689DCDCBF8483680A79121110A8CA2205FCB561FC9448D5
Reg HKLM\SOFTWARE\Classes\CLSID\{D9E97556-7FA1-FFFA-CBD7-2335E2C2746F}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{D9E97556-7FA1-FFFA-CBD7-2335E2C2746F}\InProcServer32@japohjiamdfkannkdjbb 0x6A 0x61 0x61 0x6F ...
Reg HKLM\SOFTWARE\Classes\CLSID\{D9E97556-7FA1-FFFA-CBD7-2335E2C2746F}\InProcServer32@iapobjchlaaieconjk 0x6A 0x61 0x61 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D9E97556-7FA1-FFFA-CBD7-2335E2C2746F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D9E97556-7FA1-FFFA-CBD7-2335E2C2746F}@halpcpeofgopiahk 0x6A 0x61 0x61 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D9E97556-7FA1-FFFA-CBD7-2335E2C2746F}@iabpmfglejjaeodfil 0x6A 0x61 0x61 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D9E97556-7FA1-FFFA-CBD7-2335E2C2746F}@hagihdbgjdkkhiej 0x64 0x63 0x6B 0x6C ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter OTL logfile created on: 02.12.2010 10:44:45 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\***\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 21,69 Gb Free Space | 29,10% Space Free | Partition Type: NTFS Drive D: | 74,53 Gb Total Space | 7,89 Gb Free Space | 10,58% Space Free | Partition Type: NTFS Drive E: | 149,04 Gb Total Space | 75,58 Gb Free Space | 50,71% Space Free | Partition Type: NTFS Drive F: | 218,90 Gb Total Space | 4,09 Gb Free Space | 1,87% Space Free | Partition Type: NTFS Drive G: | 176,53 Gb Total Space | 5,06 Gb Free Space | 2,87% Space Free | Partition Type: NTFS Drive H: | 64,45 Gb Total Space | 3,87 Gb Free Space | 6,01% Space Free | Partition Type: NTFS Drive I: | 5,86 Gb Total Space | 1,36 Gb Free Space | 23,24% Space Free | Partition Type: NTFS Drive J: | 15,00 Gb Total Space | 14,91 Gb Free Space | 99,37% Space Free | Partition Type: NTFS Drive K: | 400,00 Gb Total Space | 15,01 Gb Free Space | 3,75% Space Free | Partition Type: NTFS Drive L: | 65,00 Gb Total Space | 1,73 Gb Free Space | 2,66% Space Free | Partition Type: NTFS Drive M: | 451,51 Gb Total Space | 165,43 Gb Free Space | 36,64% Space Free | Partition Type: NTFS Computer Name: DATENSKLAVE | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.12.02 09:09:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2010.11.29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010.11.04 17:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2010.11.04 17:15:32 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe PRC - [2010.11.02 19:28:50 | 009,808,488 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2010.10.30 11:14:46 | 000,012,288 | ---- | M] (Mr. John aka japamd) -- C:\Program Files\RadeonPro\RadeonProSupport.exe PRC - [2010.10.27 02:51:56 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.10.27 02:51:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.09.30 11:27:24 | 002,397,512 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe PRC - [2010.08.04 16:22:12 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe PRC - [2010.08.04 16:22:12 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE PRC - [2010.07.04 10:49:14 | 000,075,496 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe PRC - [2010.05.25 18:53:50 | 002,155,848 | ---- | M] () -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe PRC - [2010.01.21 14:53:39 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2009.11.12 05:42:56 | 000,362,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2009.11.12 05:42:50 | 000,661,072 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2009.11.12 05:42:20 | 005,140,960 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.05.08 16:28:10 | 000,058,368 | ---- | M] () -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (SafeList) ========== MOD - [2010.12.02 09:09:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2010.05.05 07:46:55 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll MOD - [2010.01.21 13:43:18 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll MOD - [2009.07.14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2009.07.14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll MOD - [2009.07.14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2009.07.14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009.07.14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll MOD - [2009.07.14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll MOD - [2009.07.14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009.07.14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 02:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009.07.14 02:15:33 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL MOD - [2009.07.14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009.07.14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009.07.14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2009.06.10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll ========== Win32 Services (SafeList) ========== SRV - [2010.11.29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.11.04 17:18:10 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV - [2010.11.04 17:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2010.10.30 11:14:46 | 000,012,288 | ---- | M] (Mr. John aka japamd) [Auto | Running] -- C:\Program Files\RadeonPro\RadeonProSupport.exe -- (RadeonPro Support Service) SRV - [2010.10.27 02:51:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.09.30 11:27:24 | 002,397,512 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV - [2010.09.08 08:27:33 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.08.26 13:43:20 | 001,051,968 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.08.26 13:40:24 | 000,030,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2010.08.04 16:22:12 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc) SRV - [2010.08.04 16:22:12 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\ASTSRV.EXE -- (ASTSRV) SRV - [2010.07.18 09:59:18 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2010.07.18 07:53:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.07.04 10:49:14 | 000,075,496 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2010.07.01 03:45:02 | 000,136,616 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService) SRV - [2010.05.28 16:36:18 | 002,052,032 | ---- | M] (SlySoft Inc.) [On_Demand | Stopped] -- C:\Program Files\SlySoft\Game Jackal v4\Server.exe -- (GJService) SRV - [2010.05.25 18:53:50 | 002,155,848 | ---- | M] () [Auto | Running] -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector) SRV - [2010.05.06 10:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator) SRV - [2010.01.21 14:53:39 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [On_Demand | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.11.12 05:42:50 | 000,661,072 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\368A.tmp -- (MEMSWEEP2) DRV - File not found [Kernel | On_Demand | Stopped] -- L:\WINDOWS\TEMP\cpuz130\cpuz_x32.sys -- (cpuz130) DRV - File not found [Kernel | On_Demand | Stopped] -- M:\DATEIEN VON ***\SET-UP-DATEIEN\von A-D\ATI-OC-BIOS\winflash2002\atillk64.sys -- (atillk64) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\amdiox86.sys -- (amdiox86) DRV - File not found [Kernel | On_Demand | Running] -- J:\WINDOWS\TEMP\ALSysIO.sys -- (ALSysIO) DRV - [2010.12.02 08:54:39 | 000,420,920 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.11.02 19:29:14 | 003,228,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010.10.27 03:59:16 | 006,573,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.10.27 02:14:04 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.10.26 11:08:08 | 000,322,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2010.10.08 14:57:54 | 000,143,184 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2010.10.08 14:57:54 | 000,111,568 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2010.10.08 14:57:54 | 000,100,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2010.10.08 14:57:54 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2010.09.24 13:46:24 | 000,102,416 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010.09.03 06:13:46 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2010.08.26 11:18:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/04/21 15:56:54] [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) DRV - [2010.07.29 12:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw) DRV - [2010.07.29 12:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010.07.29 12:31:26 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp) DRV - [2010.07.29 12:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis) DRV - [2010.07.22 12:37:29 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.07.18 09:57:06 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs) DRV - [2010.07.04 10:49:10 | 000,119,016 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2010.06.24 06:06:58 | 000,170,080 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2010.05.27 15:09:52 | 000,045,504 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\maploml.sys -- (MaplomL) DRV - [2010.05.27 15:07:28 | 000,042,944 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\maplom.sys -- (Maplom) DRV - [2010.05.14 23:04:14 | 000,062,592 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amd_sata.sys -- (amd_sata) DRV - [2010.05.14 23:04:14 | 000,024,192 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amd_xata.sys -- (amd_xata) DRV - [2010.05.06 10:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.04.07 19:57:02 | 000,063,032 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2010.04.07 19:57:02 | 000,025,144 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2010.03.18 10:00:56 | 000,020,304 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2010.03.10 16:25:58 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133) DRV - [2010.03.10 03:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2010.02.12 20:34:58 | 000,031,824 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB) DRV - [2010.01.21 14:53:40 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp) DRV - [2010.01.21 14:53:37 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) DRV - [2010.01.21 14:53:35 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2010.01.01 18:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009.12.21 19:39:14 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio) DRV - [2009.12.21 19:39:12 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio) DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.11.18 16:02:24 | 000,014,848 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\system32\drivers\MTiCtwl.sys -- (MagicTune) DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.09.23 02:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2009.09.23 02:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2009.09.23 02:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2009.09.23 02:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM) DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.04.22 14:32:20 | 000,042,552 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2009.03.27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132) DRV - [2009.02.28 19:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/01/21 17:38:50] [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2007.05.31 20:11:04 | 000,013,312 | ---- | M] (Topfield (visit www.topfield.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfBulk.SYS -- (TfBulk) DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3 FF - prefs.js..extensions.enabledItems: {00084897-021a-4361-8423-083407a033e0}:1.4 FF - prefs.js..extensions.enabledItems: cache@status.org:0.7.9 FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4 FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.3 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.11 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.5 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {e4c53690-2060-11da-8cd6-0800200c9a66}:0.9 FF - prefs.js..extensions.enabledItems: {0e10f3d7-07f6-4f12-97b9-9b27e07139a5}:1.4.5.1 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.7 FF - prefs.js..extensions.enabledItems: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.7.2 FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.13 FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: wfx_Versions@firefox.ND:1.0 FF - prefs.js..extensions.enabledItems: viralthreatlevel@serevinus.com:0.54 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://wpad.uni-hamburg.de/wpad.dat" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.02 08:34:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.02 08:34:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.02 08:35:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.11.18 05:55:25 | 000,000,000 | ---D | M] [2010.01.21 18:48:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.01.21 18:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.07.03 07:36:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w32c86hs.Test-Profil\extensions [2010.07.03 07:36:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w32c86hs.Test-Profil\extensions\personas@christopher.beard [2010.12.02 09:04:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions [2010.01.21 18:57:17 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{00084897-021a-4361-8423-083407a033e0} [2010.01.21 22:49:58 | 000,000,000 | ---D | M] (Netcraft Anti-Phishing Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{0e10f3d7-07f6-4f12-97b9-9b27e07139a5} [2010.11.18 07:15:23 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.12.02 09:04:35 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.02.09 08:12:37 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.01.21 18:57:17 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} [2010.01.21 18:57:17 | 000,000,000 | ---D | M] (RefControl) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A} [2010.01.21 18:57:17 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} [2010.12.02 09:04:35 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.01.21 18:57:17 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.01.21 18:57:17 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460} [2010.11.18 07:15:23 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.06.06 10:15:57 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2010.11.18 07:15:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.07.03 07:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [2010.11.18 07:15:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.08.08 10:43:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2010.11.18 07:15:25 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.06.06 10:15:55 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.04.21 20:46:40 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010.12.02 09:04:34 | 000,000,000 | ---D | M] (Greek textbox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{e4c53690-2060-11da-8cd6-0800200c9a66} [2010.04.14 12:39:30 | 000,000,000 | ---D | M] (QuickJava) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66} [2010.11.18 07:15:26 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010.12.02 09:04:31 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2010.01.21 18:57:18 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb} [2010.01.22 07:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\allglassv2@ambroos.neowin.net [2010.01.21 18:57:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\cache@status.org [2010.06.20 10:46:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\piclens@cooliris.com [2010.01.21 18:57:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\viralthreatlevel@serevinus.com [2010.02.23 07:28:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\wjo354xb.default\extensions\wfx_Versions@firefox.ND [2009.12.12 20:32:00 | 000,001,699 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\wjo354xb.default\searchplugins\metager.xml [2009.12.04 22:47:38 | 000,001,127 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\wjo354xb.default\searchplugins\rapidshare-filefinder.xml [2009.12.04 22:47:42 | 000,002,833 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\wjo354xb.default\searchplugins\rapidshare-files-search.xml [2009.12.04 22:47:52 | 000,001,985 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\wjo354xb.default\searchplugins\rapidshare-google-arama.xml [2010.12.02 08:34:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.12.02 08:28:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2004.07.02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\components\np32asw.dll [2004.07.02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32asw.dll [2008.09.10 00:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll [2010.12.02 08:28:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009.08.03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll [2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.19 06:07:25 | 000,418,066 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 14423 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [MagicTuneEngine] C:\Program Files\MagicTune Premium\MagicTuneEngine.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ToggleCommentPosition = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowDriveLettersFirst = 4 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLockedUserId = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowDriveLettersFirst = 4 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\dcsws2.dll (DiamondCS) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\dcsws2.dll (DiamondCS) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\dcsws2.dll (DiamondCS) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ad78753e-065a-11df-b861-001a4d5c66a5}\Shell - "" = AutoRun O33 - MountPoints2\{ad78753e-065a-11df-b861-001a4d5c66a5}\Shell\AutoRun\command - "" = P:\UpdateInstaller.exe -- File not found O33 - MountPoints2\{cd0fb1d9-06e4-11df-9f92-001a4d5c66a5}\Shell - "" = AutoRun O33 - MountPoints2\{cd0fb1d9-06e4-11df-9f92-001a4d5c66a5}\Shell\AutoRun\command - "" = P:\AutoRunCD.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe - () MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe - (Samsung) MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech) MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe_ID0ENQBO - hkey= - key= - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) MsConfig - StartUpReg: BDRegion - hkey= - key= - C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink) MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe File not found MsConfig - StartUpReg: EPSON Stylus DX3800 Series - hkey= - key= - File not found MsConfig - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) MsConfig - StartUpReg: MDS_Menu - hkey= - key= - C:\Program Files\CyberLink\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: OODefragTray - hkey= - key= - C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) MsConfig - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) MsConfig - StartUpReg: Power Monitor - hkey= - key= - C:\Program Files\AMD\AMD Power Monitor\AMD Power Monitor.exe () MsConfig - StartUpReg: Power2GoExpress - hkey= - key= - C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.) MsConfig - StartUpReg: Prime95 - hkey= - key= - L:\DATEIEN VON ***\SET-UP-DATEIEN\von Q-T\TOOLS\PRIME95(x64x86)\p95v2511\prime95.exe () MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RemoteControl10 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) MsConfig - StartUpReg: RemoteControl9 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe () MsConfig - StartUpReg: UpdateLBPShortCut - hkey= - key= - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: UpdatePDRShortCut - hkey= - key= - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2010.12.02 09:27:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.12.02 09:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010.12.02 09:13:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools [2010.12.02 09:13:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.12.02 08:53:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2010.12.02 08:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010.12.02 07:45:12 | 000,322,664 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rt86win7.sys [2010.11.18 08:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.11.18 08:24:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\NPE [2010.11.18 07:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010.11.18 07:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Stream [2010.11.18 05:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2010.11.18 05:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010.11.18 05:53:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen [2010.11.18 05:48:58 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll [2010.11.18 05:48:56 | 001,703,568 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll [2010.11.18 05:48:56 | 001,336,664 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll [2010.11.18 05:48:56 | 000,339,600 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll [2010.11.18 05:48:56 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll [2010.11.18 05:48:56 | 000,094,352 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll [2010.11.18 05:48:56 | 000,078,992 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll [2010.11.18 05:48:56 | 000,059,536 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll [2010.11.18 05:48:50 | 001,558,432 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2010.11.18 05:48:50 | 001,132,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2010.11.18 05:48:50 | 000,962,664 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2010.11.18 05:48:50 | 000,901,224 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2010.11.18 05:48:50 | 000,448,616 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2010.11.18 05:48:50 | 000,429,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2010.11.18 05:48:50 | 000,406,120 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2010.11.18 05:48:50 | 000,291,432 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2010.11.18 05:48:50 | 000,236,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2010.11.18 05:48:50 | 000,224,360 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2010.11.18 05:48:50 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2010.11.18 05:48:50 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2010.11.18 05:48:50 | 000,106,600 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2010.11.18 05:35:22 | 000,020,328 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\cpuz134_x32.sys [2010.11.17 13:44:08 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\***\Eigene Dateien\Games for Windows - LIVE Demos ========== Files - Modified Within 30 Days ========== [2010.12.02 09:45:49 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.02 09:45:49 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.02 09:42:56 | 000,698,006 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.02 09:42:56 | 000,651,988 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.02 09:42:56 | 000,596,316 | ---- | M] () -- C:\Windows\System32\perfh008.dat [2010.12.02 09:42:56 | 000,148,062 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.02 09:42:56 | 000,120,920 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.02 09:42:56 | 000,109,718 | ---- | M] () -- C:\Windows\System32\perfc008.dat [2010.12.02 09:38:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.02 09:38:33 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2010.12.02 09:38:31 | 000,405,768 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2010.12.02 09:37:19 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2010.12.02 09:25:38 | 000,000,866 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.12.02 09:13:40 | 000,288,107 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip [2010.12.02 09:13:40 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\defogger.exe [2010.12.02 09:09:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.12.02 08:54:39 | 000,420,920 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys [2010.12.02 08:53:27 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.12.02 08:03:59 | 000,471,560 | ---- | M] () -- C:\Users\***\Desktop\Load.exe [2010.12.01 08:40:30 | 000,296,448 | ---- | M] () -- C:\Users\***\Desktop\8r6tj3my.exe [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.20 07:18:35 | 000,000,124 | ---- | M] () -- F:\Dokumente und Einstellungen\***\Eigene Dateien\ax_files.xml [2010.11.08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\***\Desktop\gmer.exe [2010.11.02 19:28:28 | 000,406,120 | ---- | M] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2010.11.02 19:28:16 | 001,132,648 | ---- | M] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2010.11.02 19:28:16 | 000,962,664 | ---- | M] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2010.11.02 19:28:16 | 000,429,160 | ---- | M] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2010.11.02 19:28:16 | 000,291,432 | ---- | M] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2010.11.02 19:28:06 | 000,224,360 | ---- | M] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2010.11.02 19:28:06 | 000,107,112 | ---- | M] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2010.11.02 19:28:06 | 000,107,112 | ---- | M] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2010.11.02 19:28:06 | 000,106,600 | ---- | M] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2010.11.02 19:27:54 | 000,901,224 | ---- | M] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2010.11.02 19:27:54 | 000,448,616 | ---- | M] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2010.11.02 19:27:54 | 000,236,648 | ---- | M] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll ========== Files Created - No Company Name ========== [2010.12.02 09:41:22 | 000,296,448 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe [2010.12.02 09:37:09 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2010.12.02 09:25:38 | 000,000,866 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.12.02 09:13:40 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\defogger.exe [2010.12.02 09:13:39 | 000,288,107 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip [2010.12.02 09:13:01 | 000,471,560 | ---- | C] () -- C:\Users\***\Desktop\Load.exe [2010.12.02 08:53:27 | 000,000,996 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.12.02 07:45:12 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010.12.02 07:12:07 | 000,296,448 | ---- | C] () -- C:\Users\***\Desktop\8r6tj3my.exe [2010.10.27 02:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.09.08 07:59:37 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI [2010.06.06 10:13:37 | 000,000,044 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.06.04 20:00:28 | 000,004,608 | ---- | C] () -- C:\Windows\System32\zipfldra.dll [2010.05.24 16:12:04 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI [2010.04.10 06:47:56 | 000,002,172 | ---- | C] () -- C:\Windows\Sandboxie.ini [2010.03.31 09:40:46 | 000,016,456 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys [2010.03.31 09:40:42 | 000,011,088 | ---- | C] () -- C:\Windows\System32\pwdspio.sys [2010.02.11 07:15:08 | 000,006,656 | ---- | C] () -- C:\Windows\System32\lpcio.dll [2010.01.27 09:43:20 | 000,000,136 | ---- | C] () -- C:\Windows\System32\cpuz.ini [2010.01.25 14:06:37 | 000,007,634 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2010.01.22 20:50:30 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.01.21 13:29:01 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys [2010.01.21 09:22:07 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2010.01.21 09:22:07 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2009.12.18 10:58:28 | 000,295,936 | ---- | C] () -- C:\Windows\System32\Viveza2FC32.dll.ORIG [2009.12.18 10:58:28 | 000,003,072 | ---- | C] () -- C:\Windows\System32\Viveza2FC32.dll [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.06.23 15:19:36 | 002,379,776 | ---- | C] () -- C:\Windows\System32\tlvenh23.dll [2007.12.15 13:55:30 | 002,510,848 | ---- | C] () -- C:\Windows\System32\tlpsplib10.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2010.01.21 15:06:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis [2010.07.18 11:50:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alien Skin [2010.08.12 20:06:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2010.08.08 12:21:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus [2010.07.18 10:26:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.01.22 00:37:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools [2010.01.21 08:05:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2010.01.22 00:45:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro [2010.07.18 13:32:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Digital Film Tools [2010.12.02 08:11:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Disk Cleaner [2010.01.21 22:07:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESET [2010.07.18 13:49:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Filter Forge [2010.01.24 14:43:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2010.07.18 20:46:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HD Tune Pro [2010.07.18 15:26:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Imagenomic [2010.09.08 07:46:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2010.06.09 14:10:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.01.24 13:59:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LockHunter [2010.07.18 17:57:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mask Pro 4.0 [2010.02.11 07:36:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON [2010.07.18 14:34:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NeatImage PS [2010.12.02 10:45:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetSpeedMonitor [2010.07.18 17:36:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nik Software [2010.02.01 22:17:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\nod32 updater [2010.07.18 22:49:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\onOne Software [2010.01.21 18:50:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2010.03.31 09:31:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Participatory Culture Foundation [2010.04.14 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCF-VLC [2010.01.21 17:47:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pegasys Inc [2010.10.24 16:33:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RadeonPro [2010.04.22 22:56:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Safer Networking [2010.07.18 14:26:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ThePluginSite [2010.01.21 18:48:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.07.18 22:56:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tiffen [2010.04.21 21:06:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TTHDPlayer [2010.04.21 21:06:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TTPack [2010.01.21 20:41:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2010.01.21 21:26:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\URSoft [2010.01.21 08:53:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinFAQ [2010.07.18 22:59:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zaxwerks [2010.07.19 06:12:40 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.01.27 07:54:56 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\Wise Registry Cleaner 4.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2010.08.19 07:09:53 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2010.08.08 10:46:02 | 000,147,456 | ---- | M] () -- C:\catchme.exe [2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2009.03.21 22:25:16 | 000,002,731 | RH-- | M] () -- C:\DELL.XRM-MS [2010.03.31 11:34:20 | 000,029,623 | ---- | M] () -- C:\energy.html [2010.12.02 09:38:33 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2010.02.01 21:12:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010.08.08 10:46:24 | 000,077,312 | ---- | M] () -- C:\mbr.exe [2010.08.12 19:45:18 | 000,000,195 | ---- | M] () -- C:\mbr.log [2010.08.12 21:07:04 | 000,261,765 | ---- | M] () -- C:\MGlogs.zip [2010.08.08 11:03:41 | 002,396,859 | ---- | M] () -- C:\MGtools.exe [2010.02.01 21:12:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.12.02 09:38:34 | 461,373,440 | -HS- | M] () -- C:\pagefile.sys [2010.02.14 13:00:13 | 000,001,594 | ---- | M] () -- C:\RHDSetup.log [2010.01.27 10:03:06 | 000,000,206 | ---- | M] () -- C:\score32.wps < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2009.07.14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009.07.14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009.07.14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.07.14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009.06.10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2009.07.14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2006.10.26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll [2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll [2009.07.14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2010.09.22 23:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009.07.14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\user32.dll /md5 > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2009.07.14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2010.01.21 09:35:49 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2010.01.21 09:35:49 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-02 07:06:55 ========== Alternate Data Streams ========== @Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:1CE11B51 @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:89EAFAFC < End of report > |
|
02.12.2010, 19:40
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Gmer meldet: service C:\WINDOWS\system32\svchost.exe? (*** hidden *** ) WSC <-- ROOTKIT !Zitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
03.12.2010, 11:06
| #3 |
| | Gmer meldet: service C:\WINDOWS\system32\svchost.exe? (*** hidden *** ) WSC <-- ROOTKIT ! Hallo Arne,
__________________zunächst mal vielen Dank für Deine schnelle Antwort. Anbei nun die mbam_Vollscan_Log_Datei, ein Blick in meinen Giftschrank würd'ich mal sagen... Eigentlich war ich mir sicher, daß ich von den Dingern da drinne nichts ohne Sandboxie bzw. in einer meiner Xp-VM's ausgeführt habe. Aber das gerade der für die Sandboxie zuständige ein Backdoor.Rbot sein soll... Zu den älteren Logs, da sind einige ,weil mbam routinemäßig jede Stunde updatet wenn ich im Netz bin, dann auch gleich einen SpeicherScan macht und einmal pro Tag einen QuickScan. Hab die mir alle angesehen, sind alle sauber. Was mir noch auffällt, auf meiner 64er Win7 installation hab ich nicht so viele Internet Cuts, hoffentlich is'es kein Backdoor...  Bis später, Billy Code:
ATTFilter Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Datenbank Version: 5236
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
03.12.2010 09:52:17
mbam-log-2010-12-03 (09-52-17).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|)
Durchsuchte Objekte: 1020060
Laufzeit: 2 Stunde(n), 8 Minute(n), 14 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 38
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
f:\dokumente und einstellungen\***\downloads\SHARE\KekseUSW\cme5.5_keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
f:\dokumente und einstellungen\***\downloads\SHARE\KekseUSW\avatarkeks\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
f:\dokumente und einstellungen\***\downloads\SHARE\KekseUSW\cyberlinkmediashowespresso5keygen (8_40)\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
f:\dokumente und einstellungen\***\downloads\biosmodding\vista-stuff\antiwpa-v3.4.6 for x64 and x86\IA64\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
h:\c't-software\ctnotw09\Projects\Tools\quickburn.exe (Packer.Suspicious) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\ADOBE\!!!!cs5_mastercollection(aufx64installiert)\medizin_cs5\a.cs5.mc.kg!!!!nurvm!!!!\adobe cs5 master collection keygens\core keygen\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\ADOBE\!!!!cs5_mastercollection(aufx64installiert)\medizin_cs5\cs5_pshopkeygen\emb-kg_pshop.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\ADOBE\!!!!cs5_mastercollection(aufx64installiert)\medizin_cs5\cs5_pshopkeygen\keygencs5.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\ADOBE\!!!!cs5_mastercollection(aufx64installiert)\medizin_cs5\keygen !!!!sanboxie!!!!!\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\ADOBE\adobe photoshop lightroom3\keygen!!!sandboxie!!!.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\ADOBE\cs5_photoshop_plugins\alienskin\eyecandy 5.1 impact\keygen.scotch\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\ADOBE\cs5_photoshop_plugins\topazorig\topaz plugins filterbundle_boerse\topaz clean v3.0.0\topaz_photoshopbundlekg-core\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\ADOBE\cs5_photoshop_plugins\topazorig\topaz plugins filterbundle_boerse\topaz simplify v3.0.0\keymaker-core!!!!!sandboxie!!!!!\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\ADOBE\cs5_photoshop_plugins\topazorig\topazfusionexpress!!!!!!!!!\keymaker-core!!!!!sandboxie!!!!!\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\ADOBE\cs5_photoshop_plugins\topazorig\topazfusionexpress!!!!!!!!!\topaz_photoshopbundlekg-core\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\biosmodding\vista-stuff\antiwpa-v3.4.6 for x64 and x86\IA64\antiwpa.dll (PUP.Wpakill) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\cyberlink\c.p.dvdv.8.ultra.moby_master\cyberlink powerdvd ultra 8.0.1730\tweak pack\auto-resume patch\Data\pdvd8_autoresume_patch.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\cyberlink\c.p.dvdv.8.ultra.moby_master\cyberlink powerdvd ultra 8.0.1730\tweak pack\auto-resume patch\Data\pdvd8_playfrombeginning_patch.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\cyberlink\c.p.dvdv.8.ultra.moby_master\cyberlink powerdvd ultra 8.0.1730\tweak pack\auto-resume patch\Data\pdvd8_playresume_patch.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\cyberlink\cyberlink power2go 7.xx !!!!!!\medicin!!!sandboxie!!!\keygenpowtogo7.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\cyberlink\cyberlink powerdirector 8\!!!!keygen(core)nurvm!!!!\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von A-D\cyberlink\cyberlinkmediashowespresso5!!!!!!!\cyberlink.mediashow.espresso.v5.5.1304.22513.multilingual.incl.keymaker-core\Medizin\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von M-P\NERO\medizin!!!!!giftig!!!!!\keygennero7\EMBRACE\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von M-P\NERO\medizin!!!!!giftig!!!!!\nero.9.4.keygen.v5.55.by.betamaster\keymaker.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von M-P\PEGASYS.INC\tmpgenc authoring works v4.0.11.39 retail\keymaker-embrace (vm!!!!)\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von M-P\PEGASYS.INC\tmpgenc.xpress.v4.7.7.307.retail.incl.keymaker-embrace_2b\keymaker-embrace\!!!vorsicht!!!12_42!!!keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von Q-T\slysoft_anydvd_clonedvd\!!!!clonedvd.2.9.2.8\!!!!!!clonedvd 2.9.2.7 final\Core\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von Q-T\slysoft_anydvd_clonedvd\!!!!clonedvd.2.9.2.8\keygen(core)\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von Q-T\slysoft_anydvd_clonedvd\!!!!clonedvd.2.9.2.8\keygen(dvt)\clonedvd2keygen.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von Q-T\slysoft_anydvd_clonedvd\!slysoft anydvd hd 6.xxx\anydvd & anydvd hd 6.6.8.0\hade668_final\anydvd hd 6.6.8.0 final\anydvd-hd.6.6.8.0.final.patch.r2-jw\anydvd-hd.6.6.8.0.final.patch.r2-jw.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von Q-T\slysoft_anydvd_clonedvd\sorglos27juli10\clonedvd 2.9.2.8\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von Q-T\sandboxie\Keygen\keygen.exe (Backdoor.RBot) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von Q-T\tune-up+serials\tuneuputilities2010\cr-aae5w\!!!!sandbox!!!!keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von U-Z\VSO\!!!!convertxtodvd 4.0.12.327\keygen 22_42!!!sandboxie!!!\moded-keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von U-Z\VSO\!!!!vso copytodvd 4.3.1.11_embrace\keygen-embrace!!!sandboxie!!!.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von U-Z\VSO\medizin!!!sandboxie!!!\keygen-embrace!!!sandboxie!!!.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von U-Z\WINRAR\winrar.3.90+3.91\keygen(fff)\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
l:\dateien von ***\set-up-dateien\von U-Z\WINRAR\winrar.3.90+3.91\winrar v.3.91 final\fixes\KG\FFF\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
Geändert von BillyT.Greek (03.12.2010 um 11:18 Uhr) |
|
03.12.2010, 12:19
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gmer meldet: service C:\WINDOWS\system32\svchost.exe? (*** hidden *** ) WSC <-- ROOTKIT ! Hast ja ne "tolle" Keygen-Warezsammlung da!   Da muss man sich auch nicht wundern, dass der Rechner die Seuche hat!  Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.12.2010, 12:36
| #5 |
| | Gmer meldet: service C:\WINDOWS\system32\svchost.exe? (*** hidden *** ) WSC <-- ROOTKIT ! Na,ja trotzdem Danke, lösch' doch bitte auch meine Registrierung bei Euch...eigentlich wär's ja einfach nur nett zu erfahren, was für ne Seuche...wie gesagt... Gruß, Billy PS: und jetzt kann ich dann auch mein Sptd wieder aktivieren... |
|
| Themen zu Gmer meldet: service C:\WINDOWS\system32\svchost.exe? (*** hidden *** ) WSC <-- ROOTKIT ! |
| .dll, adblock, adobe, alternate, bho, browser, corp./icp, cs4/contributeieplugin.dll, defender, dr.web, ekrn.exe, eset smart security, explorer, firefox, firefox.exe, fontcache, format, hängen, internet, location, logfile, mozilla, mozilla thunderbird, neustart, nodrives, ntdll.dll, nvstor.sys, oldtimer, otl logfile, plug-in, programdata, prozess, realtek, registry, registry cleaner, remote-adresse, required, rootkit, safer networking, scan, searchplugins, security, software, start menu, starten, svchost.exe, system, temp, webcheck, windows |
Linear-Darstellung
