| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.gen in 0070.DLL gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.12.2010, 00:28
| #1 |
| |  TR/ATRAPS.gen in 0070.DLL gefunden Hallo mein AntiVir hat TR/ATRAPS.Gen gefunden, jedoch konnte ich diese Datei nicht löschen. Sie ist unter dem Verzeichnis: C:\Windows\System32\0070.DLL Ich bitte um eure Hilfe! Im vorraus schonmal ein Dankeschön, Gruß Borschti! Logs: MBAM: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5405
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
27/12/2010 23:39:24
mbam-log-2010-12-27 (23-39-24).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 154291
Laufzeit: 3 Minute(n), 14 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{CC0085BC-D667-3CF6-2784-15ACE9DF7E61} (Spyware.Passwords.XGen) -> Value: {CC0085BC-D667-3CF6-2784-15ACE9DF7E61} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\CrntDLL (Trojan.Witkinat) -> Value: CrntDLL -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,,C:\Windows\system32\cfg.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
c:\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\Users\***\AppData\Roaming\Reaf\ezil.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\System32\wupd.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\cleansweep.exe\config.bin (Trojan.Agent) -> Quarantined and deleted successfully.
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:41 on 27/12/2010 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-28 00:06:56
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAJS-22YFA0 rev.12.01C02
Running: gmer.exe; Driver: C:\Users\***\AppData\Local\Temp\pwriqpoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 830518E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830713D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA100B300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA1057300, 0x1BEE, 0xE8000020]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A1209000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A1209123 629 Bytes [45, 20, A1, FE, 05, 34, 45, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A1209399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A12093FF 51 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 53C3 A1209433 96 Bytes [1F, A1, 85, C9, 7C, 18, 8D, ...]
PAGE ...
.text advapi32.dll!CryptEncrypt 770BDD5B 5 Bytes JMP 0EA87374
.text user32.dll!TranslateMessage 7600910F 5 Bytes JMP 0EA85A4D
.text wininet.dll!InternetQueryOptionA 75EF6421 5 Bytes JMP 0EA8FDF0
.text wininet.dll!HttpAddRequestHeadersA 75F09ABA 5 Bytes JMP 0EA8FCE0
.text wininet.dll!InternetCloseHandle 75F0C83E 5 Bytes JMP 0EA94470
.text wininet.dll!HttpQueryInfoA 75F0CBC2 5 Bytes JMP 0EA939E0
.text wininet.dll!InternetReadFile 75F0E264 5 Bytes JMP 0EA94130
.text wininet.dll!HttpSendRequestW 75F0EEB3 5 Bytes JMP 0EA8824D
.text wininet.dll!HttpOpenRequestA 75F103FA 5 Bytes JMP 0EA8FBC0
.text wininet.dll!InternetQueryDataAvailable 75F141CB 5 Bytes JMP 0EA93FD0
.text wininet.dll!InternetWriteFile 75F290FC 5 Bytes JMP 0EA883AD
.text wininet.dll!InternetReadFileExA 75F312F9 5 Bytes JMP 0EA942E0
.text wininet.dll!HttpSendRequestA 75F802E0 5 Bytes JMP 0EA880ED
.text ws2_32.dll!send 759CC4C8 5 Bytes JMP 0EA8F46B
.text crypt32.dll!PFXImportCertStore 75690D60 5 Bytes JMP 0EA823AF
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\winlogon.exe[584] ntdll.dll!NtEnumerateValueKey 77474D80 5 Bytes JMP 0EA09BD6
.text C:\Windows\system32\winlogon.exe[584] ntdll.dll!NtQueryDirectoryFile 77475400 5 Bytes JMP 0EA0A1D7
.text C:\Windows\system32\winlogon.exe[584] ntdll.dll!NtResumeThread 77475910 5 Bytes JMP 0EA0A38D
.text C:\Windows\system32\winlogon.exe[584] ntdll.dll!NtVdmControl 77475E30 5 Bytes JMP 0EA0A28F
.text C:\Windows\system32\winlogon.exe[584] ntdll.dll!LdrLoadDll 7748F625 5 Bytes JMP 0EA0354B
.text C:\Windows\system32\winlogon.exe[584] USER32.dll!TranslateMessage 7600910F 5 Bytes JMP 0EA05A4D
.text C:\Windows\system32\winlogon.exe[584] ADVAPI32.dll!CryptEncrypt 770BDD5B 5 Bytes JMP 0EA07374
.text C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetQueryOptionA 75EF6421 5 Bytes JMP 0EA0FDF0
.text C:\Windows\system32\winlogon.exe[584] wininet.dll!HttpAddRequestHeadersA 75F09ABA 5 Bytes JMP 0EA0FCE0
.text C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetCloseHandle 75F0C83E 5 Bytes JMP 0EA14470
.text C:\Windows\system32\winlogon.exe[584] wininet.dll!HttpQueryInfoA 75F0CBC2 5 Bytes JMP 0EA139E0
.text C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetReadFile 75F0E264 5 Bytes JMP 0EA14130
.text C:\Windows\system32\winlogon.exe[584] wininet.dll!HttpSendRequestW 75F0EEB3 5 Bytes JMP 0EA0824D
.text C:\Windows\system32\winlogon.exe[584] wininet.dll!HttpOpenRequestA 75F103FA 5 Bytes JMP 0EA0FBC0
.text C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetQueryDataAvailable 75F141CB 5 Bytes JMP 0EA13FD0
.text C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetWriteFile 75F290FC 5 Bytes JMP 0EA083AD
.text C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetReadFileExA 75F312F9 5 Bytes JMP 0EA142E0
.text C:\Windows\system32\winlogon.exe[584] wininet.dll!HttpSendRequestA 75F802E0 5 Bytes JMP 0EA080ED
.text C:\Windows\system32\winlogon.exe[584] CRYPT32.dll!PFXImportCertStore 75690D60 5 Bytes JMP 0EA023AF
.text C:\Windows\system32\winlogon.exe[584] ws2_32.dll!send 759CC4C8 5 Bytes JMP 0EA0F46B
.text C:\Windows\system32\nvvsvc.exe[1388] ntdll.dll!NtEnumerateValueKey 77474D80 5 Bytes JMP 0EA09BD6
.text C:\Windows\system32\nvvsvc.exe[1388] ntdll.dll!NtQueryDirectoryFile 77475400 5 Bytes JMP 0EA0A1D7
.text C:\Windows\system32\nvvsvc.exe[1388] ntdll.dll!NtResumeThread 77475910 5 Bytes JMP 0EA0A38D
.text C:\Windows\system32\nvvsvc.exe[1388] ntdll.dll!NtVdmControl 77475E30 5 Bytes JMP 0EA0A28F
.text C:\Windows\system32\nvvsvc.exe[1388] ntdll.dll!LdrLoadDll 7748F625 5 Bytes JMP 0EA0354B
.text C:\Windows\system32\nvvsvc.exe[1388] USER32.dll!TranslateMessage 7600910F 5 Bytes JMP 0EA05A4D
.text C:\Windows\system32\nvvsvc.exe[1388] ADVAPI32.dll!CryptEncrypt 770BDD5B 5 Bytes JMP 0EA07374
.text C:\Windows\system32\nvvsvc.exe[1388] CRYPT32.dll!PFXImportCertStore 75690D60 5 Bytes JMP 0EA023AF
.text C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetQueryOptionA 75EF6421 5 Bytes JMP 0EA0FDF0
.text C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!HttpAddRequestHeadersA 75F09ABA 5 Bytes JMP 0EA0FCE0
.text C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetCloseHandle 75F0C83E 5 Bytes JMP 0EA14470
.text C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!HttpQueryInfoA 75F0CBC2 5 Bytes JMP 0EA139E0
.text C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetReadFile 75F0E264 5 Bytes JMP 0EA14130
.text C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!HttpSendRequestW 75F0EEB3 5 Bytes JMP 0EA0824D
.text C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!HttpOpenRequestA 75F103FA 5 Bytes JMP 0EA0FBC0
.text C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetQueryDataAvailable 75F141CB 5 Bytes JMP 0EA13FD0
.text C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetWriteFile 75F290FC 5 Bytes JMP 0EA083AD
.text C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetReadFileExA 75F312F9 5 Bytes JMP 0EA142E0
.text C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!HttpSendRequestA 75F802E0 5 Bytes JMP 0EA080ED
.text C:\Windows\system32\nvvsvc.exe[1388] ws2_32.dll!send 759CC4C8 5 Bytes JMP 0EA0F46B
.text C:\Windows\system32\taskhost.exe[1744] ntdll.dll!NtEnumerateValueKey 77474D80 5 Bytes JMP 0EA09BD6
.text C:\Windows\system32\taskhost.exe[1744] ntdll.dll!NtQueryDirectoryFile 77475400 5 Bytes JMP 0EA0A1D7
.text C:\Windows\system32\taskhost.exe[1744] ntdll.dll!NtResumeThread 77475910 5 Bytes JMP 0EA0A38D
.text C:\Windows\system32\taskhost.exe[1744] ntdll.dll!NtVdmControl 77475E30 5 Bytes JMP 0EA0A28F
.text C:\Windows\system32\taskhost.exe[1744] ntdll.dll!LdrLoadDll 7748F625 5 Bytes JMP 0EA0354B
.text C:\Windows\system32\taskhost.exe[1744] USER32.dll!TranslateMessage 7600910F 5 Bytes JMP 0EA05A4D
.text C:\Windows\system32\taskhost.exe[1744] ADVAPI32.dll!CryptEncrypt 770BDD5B 5 Bytes JMP 0EA07374
.text C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetQueryOptionA 75EF6421 5 Bytes JMP 0EA0FDF0
.text C:\Windows\system32\taskhost.exe[1744] wininet.dll!HttpAddRequestHeadersA 75F09ABA 5 Bytes JMP 0EA0FCE0
.text C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetCloseHandle 75F0C83E 5 Bytes JMP 0EA14470
.text C:\Windows\system32\taskhost.exe[1744] wininet.dll!HttpQueryInfoA 75F0CBC2 5 Bytes JMP 0EA139E0
.text C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetReadFile 75F0E264 5 Bytes JMP 0EA14130
.text C:\Windows\system32\taskhost.exe[1744] wininet.dll!HttpSendRequestW 75F0EEB3 5 Bytes JMP 0EA0824D
.text C:\Windows\system32\taskhost.exe[1744] wininet.dll!HttpOpenRequestA 75F103FA 5 Bytes JMP 0EA0FBC0
.text C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetQueryDataAvailable 75F141CB 5 Bytes JMP 0EA13FD0
.text C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetWriteFile 75F290FC 5 Bytes JMP 0EA083AD
.text C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetReadFileExA 75F312F9 5 Bytes JMP 0EA142E0
.text C:\Windows\system32\taskhost.exe[1744] wininet.dll!HttpSendRequestA 75F802E0 5 Bytes JMP 0EA080ED
.text C:\Windows\system32\taskhost.exe[1744] CRYPT32.dll!PFXImportCertStore 75690D60 5 Bytes JMP 0EA023AF
.text C:\Windows\system32\taskhost.exe[1744] ws2_32.dll!send 759CC4C8 5 Bytes JMP 0EA0F46B
.text C:\Windows\system32\Dwm.exe[1828] ntdll.dll!NtEnumerateValueKey 77474D80 5 Bytes JMP 0EA09BD6
.text C:\Windows\system32\Dwm.exe[1828] ntdll.dll!NtQueryDirectoryFile 77475400 5 Bytes JMP 0EA0A1D7
.text C:\Windows\system32\Dwm.exe[1828] ntdll.dll!NtResumeThread 77475910 5 Bytes JMP 0EA0A38D
.text C:\Windows\system32\Dwm.exe[1828] ntdll.dll!NtVdmControl 77475E30 5 Bytes JMP 0EA0A28F
.text C:\Windows\system32\Dwm.exe[1828] ntdll.dll!LdrLoadDll 7748F625 5 Bytes JMP 0EA0354B
.text C:\Windows\system32\Dwm.exe[1828] USER32.dll!TranslateMessage 7600910F 5 Bytes JMP 0EA05A4D
.text C:\Windows\system32\Dwm.exe[1828] ADVAPI32.dll!CryptEncrypt 770BDD5B 5 Bytes JMP 0EA07374
.text C:\Windows\system32\Dwm.exe[1828] CRYPT32.dll!PFXImportCertStore 75690D60 5 Bytes JMP 0EA023AF
.text C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetQueryOptionA 75EF6421 5 Bytes JMP 0EA0FDF0
.text C:\Windows\system32\Dwm.exe[1828] wininet.dll!HttpAddRequestHeadersA 75F09ABA 5 Bytes JMP 0EA0FCE0
.text C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetCloseHandle 75F0C83E 5 Bytes JMP 0EA14470
.text C:\Windows\system32\Dwm.exe[1828] wininet.dll!HttpQueryInfoA 75F0CBC2 5 Bytes JMP 0EA139E0
.text C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetReadFile 75F0E264 5 Bytes JMP 0EA14130
.text C:\Windows\system32\Dwm.exe[1828] wininet.dll!HttpSendRequestW 75F0EEB3 5 Bytes JMP 0EA0824D
.text C:\Windows\system32\Dwm.exe[1828] wininet.dll!HttpOpenRequestA 75F103FA 5 Bytes JMP 0EA0FBC0
.text C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetQueryDataAvailable 75F141CB 5 Bytes JMP 0EA13FD0
.text C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetWriteFile 75F290FC 5 Bytes JMP 0EA083AD
.text C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetReadFileExA 75F312F9 5 Bytes JMP 0EA142E0
.text C:\Windows\system32\Dwm.exe[1828] wininet.dll!HttpSendRequestA 75F802E0 5 Bytes JMP 0EA080ED
.text C:\Windows\system32\Dwm.exe[1828] ws2_32.dll!send 759CC4C8 5 Bytes JMP 0EA0F46B
.text C:\Windows\Explorer.EXE[1904] ntdll.dll!NtEnumerateValueKey 77474D80 5 Bytes JMP 0EA89BD6
.text C:\Windows\Explorer.EXE[1904] ntdll.dll!NtQueryDirectoryFile 77475400 5 Bytes JMP 0EA8A1D7
.text C:\Windows\Explorer.EXE[1904] ntdll.dll!NtResumeThread 77475910 5 Bytes JMP 0EA8A38D
.text C:\Windows\Explorer.EXE[1904] ntdll.dll!NtVdmControl 77475E30 5 Bytes JMP 0EA8A28F
.text C:\Windows\Explorer.EXE[1904] ntdll.dll!LdrLoadDll 7748F625 5 Bytes JMP 0EA8354B
.text C:\Windows\Explorer.EXE[1904] ADVAPI32.dll!CryptEncrypt 770BDD5B 5 Bytes JMP 0EA87374
.text C:\Windows\Explorer.EXE[1904] USER32.dll!TranslateMessage 7600910F 5 Bytes JMP 0EA85A4D
.text C:\Windows\Explorer.EXE[1904] CRYPT32.dll!PFXImportCertStore 75690D60 5 Bytes JMP 0EA823AF
.text C:\Windows\Explorer.EXE[1904] wininet.dll!InternetCloseHandle 75F0C83E 5 Bytes JMP 0EA94470
.text C:\Windows\Explorer.EXE[1904] wininet.dll!HttpSendRequestW 75F0EEB3 5 Bytes JMP 0EA8824D
.text C:\Windows\Explorer.EXE[1904] wininet.dll!InternetWriteFile 75F290FC 5 Bytes JMP 0EA883AD
.text C:\Windows\Explorer.EXE[1904] wininet.dll!HttpSendRequestA 75F802E0 5 Bytes JMP 0EA880ED
.text C:\Windows\Explorer.EXE[1904] ws2_32.dll!send 759CC4C8 5 Bytes JMP 0EA8F46B
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ntdll.dll!NtEnumerateValueKey 77474D80 5 Bytes JMP 0EA09BD6
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ntdll.dll!NtQueryDirectoryFile 77475400 5 Bytes JMP 0EA0A1D7
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ntdll.dll!NtResumeThread 77475910 5 Bytes JMP 0EA0A38D
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ntdll.dll!NtVdmControl 77475E30 5 Bytes JMP 0EA0A28F
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ntdll.dll!LdrLoadDll 7748F625 5 Bytes JMP 0EA0354B
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ADVAPI32.dll!CryptEncrypt 770BDD5B 5 Bytes JMP 0EA07374
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] USER32.dll!TranslateMessage 7600910F 5 Bytes JMP 0EA05A4D
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] CRYPT32.dll!PFXImportCertStore 75690D60 5 Bytes JMP 0EA023AF
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] WS2_32.dll!send 759CC4C8 5 Bytes JMP 0EA0F46B
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetQueryOptionA 75EF6421 5 Bytes JMP 0EA0FDF0
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!HttpAddRequestHeadersA 75F09ABA 5 Bytes JMP 0EA0FCE0
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetCloseHandle 75F0C83E 5 Bytes JMP 0EA14470
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!HttpQueryInfoA 75F0CBC2 5 Bytes JMP 0EA139E0
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetReadFile 75F0E264 5 Bytes JMP 0EA14130
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!HttpSendRequestW 75F0EEB3 5 Bytes JMP 0EA0824D
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!HttpOpenRequestA 75F103FA 5 Bytes JMP 0EA0FBC0
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetQueryDataAvailable 75F141CB 5 Bytes JMP 0EA13FD0
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetWriteFile 75F290FC 5 Bytes JMP 0EA083AD
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetReadFileExA 75F312F9 5 Bytes JMP 0EA142E0
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!HttpSendRequestA 75F802E0 5 Bytes JMP 0EA080ED
.text C:\Program Files\Mozilla Firefox\firefox.exe[4332] ntdll.dll!LdrLoadDll 7748F625 5 Bytes JMP 011B13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Users\***\Desktop\gmer.exe[4488] ntdll.dll!NtEnumerateValueKey 77474D80 5 Bytes JMP 0EA89BD6
.text C:\Users\***\Desktop\gmer.exe[4488] ntdll.dll!NtQueryDirectoryFile 77475400 5 Bytes JMP 0EA8A1D7
.text C:\Users\***\Desktop\gmer.exe[4488] ntdll.dll!NtResumeThread 77475910 5 Bytes JMP 0EA8A38D
.text C:\Users\***\Desktop\gmer.exe[4488] ntdll.dll!NtVdmControl 77475E30 5 Bytes JMP 0EA8A28F
.text C:\Users\***\Desktop\gmer.exe[4488] ntdll.dll!LdrLoadDll 7748F625 5 Bytes JMP 0EA8354B
.text C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetQueryOptionA 75EF6421 5 Bytes JMP 0EA8FDF0
.text C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!HttpAddRequestHeadersA 75F09ABA 5 Bytes JMP 0EA8FCE0
.text C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetCloseHandle 75F0C83E 5 Bytes JMP 0EA94470
.text C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!HttpQueryInfoA 75F0CBC2 5 Bytes JMP 0EA939E0
.text C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetReadFile 75F0E264 5 Bytes JMP 0EA94130
.text C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!HttpSendRequestW 75F0EEB3 5 Bytes JMP 0EA8824D
.text C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!HttpOpenRequestA 75F103FA 5 Bytes JMP 0EA8FBC0
.text C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetQueryDataAvailable 75F141CB 5 Bytes JMP 0EA93FD0
.text C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetWriteFile 75F290FC 5 Bytes JMP 0EA883AD
.text C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetReadFileExA 75F312F9 5 Bytes JMP 0EA942E0
.text C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!HttpSendRequestA 75F802E0 5 Bytes JMP 0EA880ED
.text C:\Users\***\Desktop\gmer.exe[4488] USER32.dll!TranslateMessage 7600910F 5 Bytes JMP 0EA85A4D
.text C:\Users\***\Desktop\gmer.exe[4488] ADVAPI32.dll!CryptEncrypt 770BDD5B 5 Bytes JMP 0EA87374
.text C:\Users\***\Desktop\gmer.exe[4488] CRYPT32.dll!PFXImportCertStore 75690D60 5 Bytes JMP 0EA823AF
.text C:\Users\***\Desktop\gmer.exe[4488] ws2_32.dll!send 759CC4C8 5 Bytes JMP 0EA8F46B
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4560] USER32.dll!TrackPopupMenu 76024B3B 4 Bytes JMP 629A2342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs OODrvled.sys (O&O DriveLED Filter Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC5 0xD4 0xC1 0xDD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x91 0xBA 0xFD 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9D 0x91 0xAC 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC5 0xD4 0xC1 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x91 0xBA 0xFD 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9D 0x91 0xAC 0xFF ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@sjdfnhsjfk.exe C:\sjdfnhsjfk.exe\sjdfnhsjfk.exe
---- Files - GMER 1.0.15 ----
File C:\sjdfnhsjfk.exe 0 bytes
File C:\sjdfnhsjfk.exe\config.bin 74194 bytes
File C:\sjdfnhsjfk.exe\sjdfnhsjfk.exe 272896 bytes executable
File C:\Users\***\AppData\Local\Microsoft\XLive\Titles\434307f7\config.bin 20480 bytes
File C:\Users\***\AppData\Local\Microsoft\XLive\Titles\534307ff\config.bin 20480 bytes
File C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5451082D\config.bin 20480 bytes
File C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5454083b\config.bin 20480 bytes
File C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5454085c\config.bin 20480 bytes
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter OTL logfile created on: 28/12/2010 00:09:13 - Run 1 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Public\Desktop\MFtools Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 14,48 Gb Free Space | 14,83% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 20,23 Gb Free Space | 2,17% Space Free | Partition Type: NTFS Drive J: | 368,10 Gb Total Space | 56,58 Gb Free Space | 15,37% Space Free | Partition Type: NTFS Drive M: | 465,76 Gb Total Space | 279,51 Gb Free Space | 60,01% Space Free | Partition Type: NTFS Computer Name: BORSCHTI | User Name: Borschti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/12/27 23:27:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe PRC - [2010/12/10 19:58:26 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe PRC - [2010/12/10 19:58:25 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010/12/10 14:53:49 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010/11/21 10:30:39 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/11/21 10:30:39 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010/02/08 18:46:10 | 008,505,888 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2010/01/03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/09/28 15:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DriveLED\oodlag.exe PRC - [2009/07/14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2005/01/14 16:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe ========== Modules (SafeList) ========== MOD - [2010/12/27 23:27:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009/07/14 02:16:20 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll MOD - [2009/07/14 02:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/12/10 14:53:49 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/12/08 12:24:46 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_aeec0f0.dll -- (Akamai) SRV - [2010/11/21 10:30:39 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/11/05 13:22:20 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010/01/03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009/09/28 15:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED) SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2006/06/01 19:56:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2005/01/14 16:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva343.sys -- (XDva343) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Borschti\AppData\Local\Temp\HIF7FBF.tmp -- (GarenaPEngine) DRV - [2010/12/27 16:41:48 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010/12/07 14:48:55 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/09/10 12:39:23 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010/09/10 12:39:22 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/03/10 16:25:58 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133) DRV - [2010/02/21 16:58:33 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/02/08 18:17:58 | 003,019,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009/09/28 15:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\OODrvled.sys -- (OODrvled) DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009/07/14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex) DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM) DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2009/03/01 22:05:32 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2007/10/12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007/10/12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2007/02/12 16:55:56 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2005/10/18 18:48:38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311) DRV - [2005/01/14 17:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2004/12/03 11:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2004/10/28 11:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 BB 60 30 0C B3 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005210720\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/08 06:34:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/27 00:02:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/27 00:02:32 | 000,000,000 | ---D | M] [2010/02/21 16:54:34 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mozilla\Extensions [2010/12/27 23:53:51 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mozilla\Firefox\Profiles\grpdhaue.default\extensions [2010/12/18 15:42:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Borschti\AppData\Roaming\mozilla\Firefox\Profiles\grpdhaue.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010/03/14 17:52:22 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mozilla\Firefox\Profiles\grpdhaue.default\extensions\battlefieldheroespatcher@ea.com [2010/02/21 16:58:44 | 000,002,055 | ---- | M] () -- C:\Users\Borschti\AppData\Roaming\Mozilla\FireFox\Profiles\grpdhaue.default\searchplugins\daemon-search.xml [2010/12/27 23:53:51 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010/09/17 14:05:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010/09/17 14:05:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010/09/17 14:05:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010/09/17 14:05:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010/09/17 14:05:42 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005210720\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [AdobeBridge] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Borschti\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010/02/21 13:48:46 | 000,000,000 | ---- | M] () - J:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{bc884b39-5455-11df-a460-0019dbe7e8ec}\Shell - "" = AutoRun O33 - MountPoints2\{bc884b39-5455-11df-a460-0019dbe7e8ec}\Shell\AutoRun\command - "" = L:\Startme.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/12/27 23:34:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/12/27 23:33:30 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010/12/27 23:29:09 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Roaming\Malwarebytes [2010/12/27 23:29:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/12/27 23:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/12/27 23:28:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/12/27 23:28:58 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010/12/27 23:27:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools [2010/12/27 00:04:04 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010/12/27 00:02:18 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010/12/24 13:11:08 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Documents\Downloads [2010/12/18 15:42:36 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Roaming\DVDVideoSoftIEHelpers [2010/12/18 15:42:24 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2010/12/16 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Documents\Bioshock2 [2010/12/16 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Roaming\Bioshock2 [2010/12/14 19:12:17 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Documents\Heroes of Newerth [2010/12/09 14:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm [2010/12/09 14:40:51 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Local\Last.fm [2010/12/09 14:40:48 | 000,000,000 | ---D | C] -- C:\Programme\Last.fm [2010/12/02 15:22:07 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010/12/02 15:22:05 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010/11/30 22:00:16 | 000,000,000 | ---D | C] -- C:\Programme\Red Kawa ========== Files - Modified Within 30 Days ========== [2010/12/27 23:59:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/12/27 23:50:13 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/12/27 23:50:13 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/12/27 23:42:58 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/12/27 23:42:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/12/27 23:42:46 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys [2010/12/27 23:42:01 | 000,000,020 | ---- | M] () -- C:\Users\Borschti\defogger_reenable [2010/12/27 23:33:31 | 000,000,894 | ---- | M] () -- C:\Users\Borschti\Desktop\NTREGOPT.lnk [2010/12/27 23:33:31 | 000,000,875 | ---- | M] () -- C:\Users\Borschti\Desktop\ERUNT.lnk [2010/12/27 23:29:01 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/12/27 23:27:50 | 000,288,107 | ---- | M] () -- C:\Users\Borschti\Desktop\Gmer.zip [2010/12/27 23:27:50 | 000,050,477 | ---- | M] () -- C:\Users\Borschti\Desktop\defogger.exe [2010/12/27 23:26:18 | 000,472,152 | ---- | M] () -- C:\Users\Borschti\Desktop\Load.exe [2010/12/27 16:41:48 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010/12/27 11:20:33 | 000,664,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/12/27 11:20:33 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/12/27 11:20:33 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/12/27 11:20:33 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/12/27 00:13:44 | 002,726,124 | ---- | M] () -- C:\Users\Borschti\Desktop\kleines Mädchen 299.JPG [2010/12/27 00:04:34 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/12/24 14:13:12 | 000,001,903 | ---- | M] () -- C:\Users\Borschti\Desktop\Mozilla Firefox.lnk [2010/12/23 15:11:20 | 000,103,382 | ---- | M] () -- C:\Users\Borschti\Desktop\Getraenkekarte 2011.pdf [2010/12/22 14:12:18 | 089,798,376 | ---- | M] () -- C:\Users\Borschti\Desktop\I Just Had Sex (feat. Akon)(1080p_H.264-AAC).mp4 [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/12/09 14:40:50 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk [2010/12/08 20:56:18 | 000,029,969 | ---- | M] () -- C:\Users\Borschti\Desktop\Effe.png [2010/12/08 20:51:02 | 000,754,873 | ---- | M] () -- C:\Users\Borschti\Desktop\test.jpg [2010/12/07 18:14:28 | 000,099,415 | ---- | M] () -- C:\Users\Borschti\Desktop\Fuehrerschein.PDF [2010/12/07 14:48:55 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010/12/05 22:00:30 | 000,120,320 | ---- | M] () -- C:\Users\Borschti\Desktop\Win7-Shutdown-Timer.exe [2010/12/02 15:22:07 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010/12/01 21:22:53 | 004,042,906 | ---- | M] () -- C:\Users\Borschti\Desktop\Ellie Goulding - Starry Eyed (Jakwob Remix).mp3 [2010/11/30 22:00:16 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Videora iPod touch Converter.lnk ========== Files Created - No Company Name ========== [2010/12/27 23:45:07 | 000,296,448 | ---- | C] () -- C:\Users\Borschti\Desktop\gmer.exe [2010/12/27 23:41:46 | 000,000,020 | ---- | C] () -- C:\Users\Borschti\defogger_reenable [2010/12/27 23:33:31 | 000,000,894 | ---- | C] () -- C:\Users\Borschti\Desktop\NTREGOPT.lnk [2010/12/27 23:33:31 | 000,000,875 | ---- | C] () -- C:\Users\Borschti\Desktop\ERUNT.lnk [2010/12/27 23:29:01 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/12/27 23:27:50 | 000,050,477 | ---- | C] () -- C:\Users\Borschti\Desktop\defogger.exe [2010/12/27 23:27:49 | 000,288,107 | ---- | C] () -- C:\Users\Borschti\Desktop\Gmer.zip [2010/12/27 23:26:17 | 000,472,152 | ---- | C] () -- C:\Users\Borschti\Desktop\Load.exe [2010/12/27 00:10:52 | 002,726,124 | ---- | C] () -- C:\Users\Borschti\Desktop\kleines Mädchen 299.JPG [2010/12/27 00:04:34 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/12/26 12:54:50 | 000,099,415 | ---- | C] () -- C:\Users\Borschti\Desktop\Fuehrerschein.PDF [2010/12/24 14:13:12 | 000,001,903 | ---- | C] () -- C:\Users\Borschti\Desktop\Mozilla Firefox.lnk [2010/12/22 14:11:26 | 089,798,376 | ---- | C] () -- C:\Users\Borschti\Desktop\I Just Had Sex (feat. Akon)(1080p_H.264-AAC).mp4 [2010/12/15 20:03:05 | 000,103,382 | ---- | C] () -- C:\Users\Borschti\Desktop\Getraenkekarte 2011.pdf [2010/12/09 14:40:50 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk [2010/12/08 20:56:01 | 000,029,969 | ---- | C] () -- C:\Users\Borschti\Desktop\Effe.png [2010/12/08 20:50:39 | 000,754,873 | ---- | C] () -- C:\Users\Borschti\Desktop\test.jpg [2010/12/05 22:00:29 | 000,120,320 | ---- | C] () -- C:\Users\Borschti\Desktop\Win7-Shutdown-Timer.exe [2010/12/02 15:22:07 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010/12/01 20:58:10 | 004,042,906 | ---- | C] () -- C:\Users\Borschti\Desktop\Ellie Goulding - Starry Eyed (Jakwob Remix).mp3 [2010/11/30 22:00:16 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Videora iPod touch Converter.lnk [2010/11/15 17:24:11 | 000,000,096 | ---- | C] () -- C:\Users\Borschti\AppData\Local\fusioncache.dat [2010/10/17 18:27:55 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI [2010/09/30 16:49:45 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2010/09/29 17:03:23 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010/09/23 17:53:53 | 000,000,565 | ---- | C] () -- C:\Users\Borschti\AppData\Roaming\myMPQ.ini [2010/09/09 12:28:59 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010/09/09 12:28:58 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010/08/02 15:10:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010/07/21 14:31:48 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010/06/13 19:52:30 | 000,017,408 | ---- | C] () -- C:\Users\Borschti\AppData\Local\WebpageIcons.db [2010/05/31 21:50:17 | 000,001,611 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010/05/29 15:55:07 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2010/05/29 15:55:07 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010/05/29 09:51:04 | 000,603,648 | R--- | C] () -- C:\Windows\System32\1911.dll [2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010/03/14 17:57:57 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010/03/14 17:57:56 | 000,138,056 | ---- | C] () -- C:\Users\Borschti\AppData\Roaming\PnkBstrK.sys [2010/03/09 17:26:51 | 000,000,092 | ---- | C] () -- C:\Users\Borschti\AppData\Roaming\default.pls [2009/11/16 14:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2007/10/12 00:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini ========== LOP Check ========== [2010/08/16 02:33:07 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\acccore [2010/06/17 17:40:45 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Audacity [2010/12/17 13:52:12 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Bioshock2 [2010/06/10 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\BitDefender [2010/03/08 20:11:42 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\DAEMON Tools Lite [2010/12/18 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\DVDVideoSoftIEHelpers [2010/12/27 23:29:09 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Ecwoul [2010/10/17 21:02:44 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\gtk-2.0 [2010/10/23 19:45:41 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Hardcore [2010/08/08 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\HLSW [2010/12/27 21:55:44 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\ICQ [2010/08/11 21:18:38 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Leadertech [2010/05/18 14:39:59 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\LolClient [2010/04/17 22:01:39 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2010/07/09 18:54:44 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\MAXON [2010/07/04 22:42:20 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mp3DirectCut [2010/10/30 21:32:56 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Mp3tag [2010/12/27 18:46:53 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Mumble [2010/10/23 15:16:39 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\PACE Anti-Piracy [2010/07/04 16:05:19 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Publish Providers [2010/12/27 23:39:23 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Reaf [2010/07/06 14:27:28 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Sony [2010/08/05 21:55:52 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Sony Creative Software [2010/04/30 14:34:57 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Sony Setup [2010/04/29 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Teleca [2010/05/18 14:34:48 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\TS3Client [2010/02/21 17:57:15 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\TuneUp Software [2010/10/16 14:09:00 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Ubisoft [2010/05/25 15:04:57 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Wuala [2010/11/21 10:46:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1362 bytes -> C:\ProgramData\Microsoft:tQSggL5NNsEWjfkn381qrbh @Alternate Data Stream - 1298 bytes -> C:\ProgramData\Microsoft:QJqAcGcqbqH46UIf8X @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 1209 bytes -> C:\ProgramData\Microsoft:iSqKuAZJnohUs9DMNi6MlbuW < End of report > Code:
ATTFilter OTL Extras logfile created on: 28/12/2010 00:09:13 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Public\Desktop\MFtools
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 14,48 Gb Free Space | 14,83% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 20,23 Gb Free Space | 2,17% Space Free | Partition Type: NTFS
Drive J: | 368,10 Gb Total Space | 56,58 Gb Free Space | 15,37% Space Free | Partition Type: NTFS
Drive M: | 465,76 Gb Total Space | 279,51 Gb Free Space | 60,01% Space Free | Partition Type: NTFS
Computer Name: BORSCHTI | User Name: Borschti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C3AE9EB-2F0A-451E-A5E4-2BF6AFF21FB9}" = PC Suite for Sony Ericsson
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}" = Tom Clancy's Splinter Cell Chaos Theory
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCAF3D46-3BDA-441F-97B9-3878ACD0CD4F}_is1" = Half-Life 2 (Addon) DZ
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3C80E77-E549-4F76-BC07-61DDBD950345}" = Silent Hill 2 - Directors Cut
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EDB32FFB-FC1C-414B-BF8E-4645217E9AF2}" = League of Legends
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F61DD673-0030-4BB2-A382-7E57E97F1031}" = Nero 7 Essentials
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"43390D7CA42BD8A4396797BE668489DD178C15E4" = Windows-Treiberpaket - Parallax Inc CDM Driver Package (02/17/2009 2.04.16)
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"7C647F24829963C4E203822A80E734EACA726FD7" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"7-Zip" = 7-Zip 9.15 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CINEMA 4D Release 11" = CINEMA 4D Release 11
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Drumaxx" = Drumaxx
"EA Download Manager" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"F.E.A.R. 2 Project Origin_is1" = F.E.A.R. 2 Project Origin
"Fallout New Vegas_is1" = Fallout New Vegas
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Garena" = Garena 2010
"GCFScape_is1" = GCFScape 1.8.0
"Hardcore" = Hardcore
"HLSW_is1" = HLSW v1.3.3.7b
"hon" = Heroes of Newerth
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.27091
"League of Legends_is1" = League of Legends
"Magic Bullet Looks Vegas" = Magic Bullet Looks Vegas
"Magic Bullet LooksBuilder" = Magic Bullet LooksBuilder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP3-Cutter" = MP3-Cutter
"Mp3tag" = Mp3tag v2.46a
"Mumble" = Mumble and Murmur
"NET Render Release 11" = NET Render Release 11
"NewBlue 3D Explosions for Vegas" = NewBlue 3D Explosions for Vegas
"NewBlue 3D Transformations for Vegas" = NewBlue 3D Transformations for Vegas
"NewBlue Art Blends 2.0 for Vegas" = NewBlue Art Blends 2.0 for Vegas
"NewBlue Art Effects 2.0 for Vegas" = NewBlue Art Effects 2.0 for Vegas
"NewBlue Film Effects for Vegas" = NewBlue Film Effects for Vegas
"NewBlue Motion Blends 2.0 for Vegas" = NewBlue Motion Blends 2.0 for Vegas
"NewBlue Motion Effects 2.0 for Vegas" = NewBlue Motion Effects 2.0 for Vegas
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PluginPac" = DebugMode PluginPac (remove only)
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"Sakura" = Sakura
"Sawer" = Sawer
"Shop for HP Supplies" = Shop for HP Supplies
"SpiceMASTER 2.5 PRO for Vegas" = SpiceMASTER 2.5 PRO for Vegas
"STANDARD" = Microsoft Office Standard 2007
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"StarCraft II" = StarCraft II
"Steam App 205" = Source Dedicated Server
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 400" = Portal
"Steam App 630" = Alien Swarm
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Toxic Biohazard" = Toxic Biohazard
"Trapcode Particular v2" = Trapcode Particular v2
"Trapcode Shine" = Trapcode Shine
"Trapcode Starglow" = Trapcode Starglow
"Uninstall_is1" = Uninstall 1.0.0.1
"Videora iPod touch Converter" = Videora iPod touch Converter 6
"VLC media player" = VLC media player 1.1.0
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Zattoo4" = Zattoo4 4.0.5
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20/09/2010 13:28:38 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 21/09/2010 12:03:12 | Computer Name = Borschti | Source = VSS | ID = 8194
Description =
Error - 22/09/2010 16:18:20 | Computer Name = Borschti | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Installer.exe, Version: 0.0.0.0,
Zeitstempel: 0x4c99a19c Name des fehlerhaften Moduls: Installer.exe, Version: 0.0.0.0,
Zeitstempel: 0x4c99a19c Ausnahmecode: 0xc0000006 Fehleroffset: 0x001383e2 ID des fehlerhaften
Prozesses: 0x46c Startzeit der fehlerhaften Anwendung: 0x01cb5a9139f41bae Pfad der
fehlerhaften Anwendung: K:\Installer.exe Pfad des fehlerhaften Moduls: K:\Installer.exe
Berichtskennung:
8a804f98-c686-11df-884d-0019dbe7e8ec
Error - 22/09/2010 16:18:20 | Computer Name = Borschti | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
der Datenträger fehlt. Das Programm Installer.exe wurde wegen dieses Fehlers geschlossen.
Programm:
Installer.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: C0000102 Datenträgertyp: 0
Error - 23/09/2010 13:14:30 | Computer Name = Borschti | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.0.0.16117 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ea0 Startzeit:
01cb5b3ffdba54fd Endzeit: 86 Anwendungspfad: J:\StarCraft II\Versions\Base15405\SC2.exe
Berichts-ID:
Error - 24/09/2010 11:02:16 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 196: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 24/09/2010 11:21:28 | Computer Name = Borschti | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 24/09/2010 13:17:29 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 24/09/2010 13:18:49 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 24/09/2010 17:13:12 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
[ System Events ]
Error - 27/12/2010 18:29:58 | Computer Name = Borschti | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 27/12/2010 18:30:50 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
Error - 27/12/2010 18:30:53 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 27/12/2010 18:31:20 | Computer Name = Borschti | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01 sfsync02
Error - 27/12/2010 18:40:07 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
Error - 27/12/2010 18:40:10 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 27/12/2010 18:40:36 | Computer Name = Borschti | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01 sfsync02
Error - 27/12/2010 18:42:40 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
Error - 27/12/2010 18:42:43 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 27/12/2010 18:43:09 | Computer Name = Borschti | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01 sfsync02
< End of report >
 |
|
28.12.2010, 18:27
| #2 |
| /// Helfer-Team  | TR/ATRAPS.gen in 0070.DLL gefunden Hallo Borschti und willkommen am Trojaner Board!
__________________Vorweg ein paar Hinweise (Bitte beachten!):
Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung: Avira Antivir - Was wurde gefunden? Damit wir uns die Funde deines Antivirenprogrammes mal genau ansehen können, gehe bitte wie folgt vor:
Ich schau mir in der Zwischenzeit deine Logfiles durch 
__________________ |
|
28.12.2010, 21:56
| #3 |
| /// Helfer-Team | TR/ATRAPS.gen in 0070.DLL gefunden So geht es dann weiter:
__________________1.) Software deinstallieren
Deinstalliere bitte jede Software aus dieser Liste, die vorhanden ist. 2.) Fixen mit OTL
3.) Einstellungen prüfen unter Windows 7 Stelle sicher, dass bei dir alle Ordner, Dateien und Laufwerke angezeigt werden:
Sobald wir fertig sind mit der Bereinigung kannst du die Einstellungen wieder zurücksetzen. 4.) Dateiüberprüfung auf Virustotal Besuche Virustotal Suche dort nacheinander folgende Dateien und lade sie über den Button "Send file" hoch. Code:
ATTFilter C:\Windows\System32\1911.dll
C:\Users\***\AppData\Local\Microsoft\XLive\Titles\434307f7\config.bin
C:\Users\***\AppData\Local\Microsoft\XLive\Titles\534307ff\config.bin
C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5451082D\config.bin
C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5454083b\config.bin
C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5454085c\config.bin
Wenn eine Datei nicht zu finden ist, sag mir bitte Bescheid. 5.) Systemscan mit OTL
Poste bitte in deiner nächsten Antwort:
__________________ |
|
29.12.2010, 02:35
| #4 |
| | TR/ATRAPS.gen in 0070.DLL gefunden Guten Abend oder eher guten Morgen? Naja wie auch immer. Ich habe deine Anweisungen gefolgt und bin auch sehr froh über deine Antworten und Ratschläge. Ich poste jetzt einfach mal die besagten logs 1. Avira Antivir - Was wurde gefunden? Code:
ATTFilter Exportierte Ereignisse:
27/12/2010 23:27 [Guard] Malware gefunden
In der Datei 'C:\Windows\System32\0070.DLL'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter All processes killed
========== OTL ==========
Service XDva343 stopped successfully!
Service XDva343 deleted successfully!
File C:\Windows\System32\XDva343.sys not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc884b39-5455-11df-a460-0019dbe7e8ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc884b39-5455-11df-a460-0019dbe7e8ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc884b39-5455-11df-a460-0019dbe7e8ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc884b39-5455-11df-a460-0019dbe7e8ec}\ not found.
File L:\Startme.exe not found.
ADS C:\ProgramData\Microsoft:tQSggL5NNsEWjfkn381qrbh deleted successfully.
ADS C:\ProgramData\Microsoft:QJqAcGcqbqH46UIf8X deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Microsoft:iSqKuAZJnohUs9DMNi6MlbuW deleted successfully.
========== FILES ==========
File\Folder C:\Windows\System32\0070.DLL not found.
File\Folder C:\sjdfnhsjfk.exe\sjdfnhsjfk.exe not found.
C:\sjdfnhsjfk.exe\config.bin moved successfully.
C:\sjdfnhsjfk.exe folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\sjdfnhsjfk.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Borschti
->Temp folder emptied: 28009 bytes
->Temporary Internet Files folder emptied: 1913657 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55190805 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1598 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38251 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 55,00 mb
OTL by OldTimer - Version 3.2.18.0 log created on 12292010_015220
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
3.1 C:\Windows\System32\1911.dll Code:
ATTFilter Antivirus Version Last update Result
AhnLab-V3 2010.12.29.00 2010.12.28 -
AntiVir 7.11.0.211 2010.12.28 -
Antiy-AVL 2.0.3.7 2010.12.29 -
Avast 4.8.1351.0 2010.12.28 -
Avast5 5.0.677.0 2010.12.28 -
AVG 9.0.0.851 2010.12.29 -
BitDefender 7.2 2010.12.29 -
CAT-QuickHeal 11.00 2010.12.28 -
ClamAV 0.96.4.0 2010.12.29 -
Command 5.2.11.5 2010.12.28 -
Comodo 7220 2010.12.28 -
DrWeb 5.0.2.03300 2010.12.29 -
Emsisoft 5.1.0.1 2010.12.28 -
eSafe 7.0.17.0 2010.12.28 -
eTrust-Vet 36.1.8067 2010.12.28 -
F-Prot 4.6.2.117 2010.12.28 -
F-Secure 9.0.16160.0 2010.12.29 -
Fortinet 4.2.254.0 2010.12.28 -
GData 21 2010.12.29 -
Ikarus T3.1.1.90.0 2010.12.28 -
Jiangmin 13.0.900 2010.12.28 -
K7AntiVirus 9.75.3372 2010.12.28 -
Kaspersky 7.0.0.125 2010.12.28 -
McAfee 5.400.0.1158 2010.12.29 -
McAfee-GW-Edition 2010.1C 2010.12.28 -
Microsoft 1.6402 2010.12.28 -
NOD32 5740 2010.12.28 -
Norman 6.06.12 2010.12.28 -
nProtect 2010-12-28.01 2010.12.28 -
Panda 10.0.2.7 2010.12.28 -
PCTools 7.0.3.5 2010.12.29 -
Prevx 3.0 2010.12.29 -
Rising 22.80.01.03 2010.12.28 -
Sophos 4.60.0 2010.12.29 -
SUPERAntiSpyware 4.40.0.1006 2010.12.29 -
Symantec 20101.3.0.103 2010.12.28 -
TheHacker 6.7.0.1.106 2010.12.27 -
TrendMicro 9.120.0.1004 2010.12.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.29 -
VBA32 3.12.14.2 2010.12.28 -
VIPRE 7867 2010.12.29 -
ViRobot 2010.12.28.4225 2010.12.28 -
VirusBuster 13.6.117.0 2010.12.28 -
MD5: 2607990427fe13e1da9e512e5df92d5e
SHA1: 419caccb0527411f2576fd4806b714e74299ea10
SHA256: c18b4262f334c6a56b5f01e81601a0c45a69277b8eeef7ede8a6f8f632eb36cd
File size: 603648 bytes
Scan date: 2010-12-29 01:02:52 (UTC)
Code:
ATTFilter Antivirus Version Last update Result
AhnLab-V3 2010.12.29.00 2010.12.28 -
AntiVir 7.11.0.211 2010.12.28 -
Antiy-AVL 2.0.3.7 2010.12.29 -
Avast 4.8.1351.0 2010.12.28 -
Avast5 5.0.677.0 2010.12.28 -
BitDefender 7.2 2010.12.29 -
CAT-QuickHeal 11.00 2010.12.28 -
ClamAV 0.96.4.0 2010.12.29 -
Command 5.2.11.5 2010.12.28 -
Comodo 7220 2010.12.28 -
DrWeb 5.0.2.03300 2010.12.29 -
Emsisoft 5.1.0.1 2010.12.28 -
eSafe 7.0.17.0 2010.12.28 -
eTrust-Vet 36.1.8067 2010.12.28 -
F-Prot 4.6.2.117 2010.12.28 -
F-Secure 9.0.16160.0 2010.12.29 -
Fortinet 4.2.254.0 2010.12.28 -
GData 21 2010.12.29 -
Ikarus T3.1.1.90.0 2010.12.28 -
Jiangmin 13.0.900 2010.12.28 -
K7AntiVirus 9.75.3372 2010.12.28 -
Microsoft 1.6402 2010.12.28 -
NOD32 5740 2010.12.28 -
Norman 6.06.12 2010.12.28 -
nProtect 2010-12-28.01 2010.12.28 -
Panda 10.0.2.7 2010.12.28 -
PCTools 7.0.3.5 2010.12.29 -
Prevx 3.0 2010.12.29 -
Rising 22.80.01.03 2010.12.28 -
Sophos 4.60.0 2010.12.29 -
SUPERAntiSpyware 4.40.0.1006 2010.12.29 -
Symantec 20101.3.0.103 2010.12.28 -
TheHacker 6.7.0.1.106 2010.12.27 -
TrendMicro 9.120.0.1004 2010.12.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.29 -
VBA32 3.12.14.2 2010.12.28 -
VIPRE 7867 2010.12.29 -
ViRobot 2010.12.28.4225 2010.12.28 -
VirusBuster 13.6.117.0 2010.12.28 -
MD5: 76a43013dd1dfdedfdbc928b8360026b
SHA1: 4e29b07134c4528d13ab1f9ea41900a36e45f638
SHA256: aff466c79aa8bd06c4953db64b987df1a4819474d8fff676612e877d8aba71a7
File size: 20480 bytes
Scan date: 2010-12-29 01:05:24 (UTC)
Code:
ATTFilter Antivirus Version Last update Result
AhnLab-V3 2010.12.29.00 2010.12.28 -
AntiVir 7.11.0.211 2010.12.28 -
Antiy-AVL 2.0.3.7 2010.12.29 -
Avast 4.8.1351.0 2010.12.28 -
Avast5 5.0.677.0 2010.12.28 -
AVG 9.0.0.851 2010.12.29 -
BitDefender 7.2 2010.12.29 -
CAT-QuickHeal 11.00 2010.12.28 -
ClamAV 0.96.4.0 2010.12.29 -
Command 5.2.11.5 2010.12.28 -
Comodo 7220 2010.12.28 -
DrWeb 5.0.2.03300 2010.12.29 -
Emsisoft 5.1.0.1 2010.12.28 -
eSafe 7.0.17.0 2010.12.28 -
eTrust-Vet 36.1.8067 2010.12.28 -
F-Prot 4.6.2.117 2010.12.28 -
F-Secure 9.0.16160.0 2010.12.29 -
Fortinet 4.2.254.0 2010.12.28 -
GData 21 2010.12.29 -
Ikarus T3.1.1.90.0 2010.12.28 -
Jiangmin 13.0.900 2010.12.28 -
K7AntiVirus 9.75.3372 2010.12.28 -
Kaspersky 7.0.0.125 2010.12.28 -
McAfee 5.400.0.1158 2010.12.29 -
McAfee-GW-Edition 2010.1C 2010.12.28 -
Microsoft 1.6402 2010.12.28 -
NOD32 5740 2010.12.28 -
Norman 6.06.12 2010.12.28 -
nProtect 2010-12-28.01 2010.12.28 -
Panda 10.0.2.7 2010.12.28 -
PCTools 7.0.3.5 2010.12.29 -
Prevx 3.0 2010.12.29 -
Rising 22.80.01.03 2010.12.28 -
Sophos 4.60.0 2010.12.29 -
SUPERAntiSpyware 4.40.0.1006 2010.12.29 -
Symantec 20101.3.0.103 2010.12.28 -
TheHacker 6.7.0.1.106 2010.12.27 -
TrendMicro 9.120.0.1004 2010.12.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.29 -
VBA32 3.12.14.2 2010.12.28 -
VIPRE 7867 2010.12.29 -
ViRobot 2010.12.28.4225 2010.12.28 -
VirusBuster 13.6.117.0 2010.12.28 -
MD5: 07e9d5c14af87babe183bdf391df98bf
SHA1: 2b9ac26330fa2030c506145dbb17dc77e2c3822f
SHA256: 69b208dbd3a4ae1b110f772b54c65b718f3f652478e29969bcf5ce3ed0f10c10
File size: 20480 bytes
Scan date: 2010-12-29 01:12:47 (UTC)
Code:
ATTFilter Antivirus Version Last update Result
AhnLab-V3 2010.12.29.00 2010.12.28 -
AntiVir 7.11.0.211 2010.12.28 -
Antiy-AVL 2.0.3.7 2010.12.29 -
Avast 4.8.1351.0 2010.12.28 -
Avast5 5.0.677.0 2010.12.28 -
AVG 9.0.0.851 2010.12.29 -
BitDefender 7.2 2010.12.29 -
CAT-QuickHeal 11.00 2010.12.28 -
ClamAV 0.96.4.0 2010.12.29 -
Command 5.2.11.5 2010.12.28 -
Comodo 7220 2010.12.28 -
DrWeb 5.0.2.03300 2010.12.29 -
Emsisoft 5.1.0.1 2010.12.28 -
eSafe 7.0.17.0 2010.12.28 -
eTrust-Vet 36.1.8067 2010.12.28 -
F-Prot 4.6.2.117 2010.12.28 -
F-Secure 9.0.16160.0 2010.12.29 -
Fortinet 4.2.254.0 2010.12.28 -
GData 21 2010.12.29 -
Ikarus T3.1.1.90.0 2010.12.28 -
Jiangmin 13.0.900 2010.12.28 -
K7AntiVirus 9.75.3372 2010.12.28 -
Kaspersky 7.0.0.125 2010.12.28 -
McAfee 5.400.0.1158 2010.12.29 -
McAfee-GW-Edition 2010.1C 2010.12.28 -
Microsoft 1.6402 2010.12.28 -
NOD32 5740 2010.12.28 -
Norman 6.06.12 2010.12.28 -
nProtect 2010-12-28.01 2010.12.28 -
Panda 10.0.2.7 2010.12.28 -
PCTools 7.0.3.5 2010.12.29 -
Prevx 3.0 2010.12.29 -
Rising 22.80.01.03 2010.12.28 -
Sophos 4.60.0 2010.12.29 -
SUPERAntiSpyware 4.40.0.1006 2010.12.29 -
Symantec 20101.3.0.103 2010.12.28 -
TheHacker 6.7.0.1.106 2010.12.27 -
TrendMicro 9.120.0.1004 2010.12.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.29 -
VBA32 3.12.14.2 2010.12.28 -
VIPRE 7867 2010.12.29 -
ViRobot 2010.12.28.4225 2010.12.28 -
VirusBuster 13.6.117.0 2010.12.28 -
MD5: 07e9d5c14af87babe183bdf391df98bf
SHA1: 2b9ac26330fa2030c506145dbb17dc77e2c3822f
SHA256: 69b208dbd3a4ae1b110f772b54c65b718f3f652478e29969bcf5ce3ed0f10c10
File size: 20480 bytes
Scan date: 2010-12-29 01:16:03 (UTC)
Code:
ATTFilter Antivirus Version Last update Result
AhnLab-V3 2010.12.29.00 2010.12.28 -
AntiVir 7.11.0.211 2010.12.28 -
Antiy-AVL 2.0.3.7 2010.12.29 -
Avast 4.8.1351.0 2010.12.28 -
Avast5 5.0.677.0 2010.12.28 -
AVG 9.0.0.851 2010.12.29 -
BitDefender 7.2 2010.12.29 -
CAT-QuickHeal 11.00 2010.12.28 -
ClamAV 0.96.4.0 2010.12.29 -
Command 5.2.11.5 2010.12.28 -
Comodo 7220 2010.12.28 -
DrWeb 5.0.2.03300 2010.12.29 -
Emsisoft 5.1.0.1 2010.12.28 -
eSafe 7.0.17.0 2010.12.28 -
eTrust-Vet 36.1.8067 2010.12.28 -
F-Prot 4.6.2.117 2010.12.28 -
F-Secure 9.0.16160.0 2010.12.29 -
Fortinet 4.2.254.0 2010.12.28 -
GData 21 2010.12.29 -
Ikarus T3.1.1.90.0 2010.12.28 -
Jiangmin 13.0.900 2010.12.28 -
K7AntiVirus 9.75.3372 2010.12.28 -
Kaspersky 7.0.0.125 2010.12.28 -
McAfee 5.400.0.1158 2010.12.29 -
McAfee-GW-Edition 2010.1C 2010.12.28 -
Microsoft 1.6402 2010.12.28 -
NOD32 5740 2010.12.28 -
Norman 6.06.12 2010.12.28 -
nProtect 2010-12-28.01 2010.12.28 -
Panda 10.0.2.7 2010.12.28 -
PCTools 7.0.3.5 2010.12.29 -
Prevx 3.0 2010.12.29 -
Rising 22.80.01.03 2010.12.28 -
Sophos 4.60.0 2010.12.29 -
SUPERAntiSpyware 4.40.0.1006 2010.12.29 -
Symantec 20101.3.0.103 2010.12.28 -
TheHacker 6.7.0.1.106 2010.12.27 -
TrendMicro 9.120.0.1004 2010.12.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.29 -
VBA32 3.12.14.2 2010.12.28 -
VIPRE 7867 2010.12.29 -
ViRobot 2010.12.28.4225 2010.12.28 -
VirusBuster 13.6.117.0 2010.12.28 -
MD5: 20ca8f701c78f240a80053e5fe6c5a9a
SHA1: 2a3886ab2a5484eb0d6062b29bcedd645cdebe98
SHA256: 027a4e22fd471c0af9cdc63c26bda32f9c73fdacf64eb714fbe7039e1bd799df
File size: 20480 bytes
Scan date: 2010-12-29 01:18:43 (UTC)
Code:
ATTFilter Antivirus Version Last update Result
AhnLab-V3 2010.12.29.00 2010.12.28 -
AntiVir 7.11.0.211 2010.12.28 -
Antiy-AVL 2.0.3.7 2010.12.29 -
Avast 4.8.1351.0 2010.12.28 -
Avast5 5.0.677.0 2010.12.28 -
AVG 9.0.0.851 2010.12.29 -
BitDefender 7.2 2010.12.29 -
CAT-QuickHeal 11.00 2010.12.28 -
ClamAV 0.96.4.0 2010.12.29 -
Command 5.2.11.5 2010.12.29 -
Comodo 7220 2010.12.28 -
DrWeb 5.0.2.03300 2010.12.29 -
Emsisoft 5.1.0.1 2010.12.28 -
eSafe 7.0.17.0 2010.12.28 -
eTrust-Vet 36.1.8067 2010.12.28 -
F-Prot 4.6.2.117 2010.12.28 -
F-Secure 9.0.16160.0 2010.12.29 -
Fortinet 4.2.254.0 2010.12.28 -
GData 21 2010.12.29 -
Ikarus T3.1.1.90.0 2010.12.28 -
Jiangmin 13.0.900 2010.12.28 -
K7AntiVirus 9.75.3372 2010.12.28 -
Kaspersky 7.0.0.125 2010.12.28 -
McAfee 5.400.0.1158 2010.12.29 -
McAfee-GW-Edition 2010.1C 2010.12.28 -
Microsoft 1.6402 2010.12.28 -
NOD32 5740 2010.12.28 -
Norman 6.06.12 2010.12.28 -
nProtect 2010-12-28.01 2010.12.28 -
Panda 10.0.2.7 2010.12.28 -
PCTools 7.0.3.5 2010.12.29 -
Prevx 3.0 2010.12.29 -
Rising 22.80.01.03 2010.12.28 -
Sophos 4.60.0 2010.12.29 -
SUPERAntiSpyware 4.40.0.1006 2010.12.29 -
Symantec 20101.3.0.103 2010.12.28 -
TheHacker 6.7.0.1.106 2010.12.27 -
TrendMicro 9.120.0.1004 2010.12.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.29 -
VBA32 3.12.14.2 2010.12.28 -
VIPRE 7867 2010.12.29 -
ViRobot 2010.12.28.4225 2010.12.28 -
VirusBuster 13.6.117.0 2010.12.28 -
MD5: 42961f45b0d402ad9cd9b2a66476b761
SHA1: a50aa9c4e3b3135229561c2357901abef1fdaf10
SHA256: 9561b107673e44dd973ec090c773f2d6bbc4fbfc4dfc120fb89160c9bff0f9df
File size: 20480 bytes
Scan date: 2010-12-29 01:20:37 (UTC)
4.1 Otl.txt Code:
ATTFilter OTL logfile created on: 29/12/2010 02:25:24 - Run 2 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Borschti\Desktop\trojaner-board tools\MFtools Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 24,59 Gb Free Space | 25,18% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 10,10 Gb Free Space | 1,08% Space Free | Partition Type: NTFS Drive J: | 368,10 Gb Total Space | 56,50 Gb Free Space | 15,35% Space Free | Partition Type: NTFS Drive M: | 465,76 Gb Total Space | 279,51 Gb Free Space | 60,01% Space Free | Partition Type: NTFS Computer Name: BORSCHTI | User Name: Borschti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/12/27 23:27:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Borschti\Desktop\trojaner-board tools\MFtools\OTL.exe PRC - [2010/12/10 19:58:26 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe PRC - [2010/12/10 19:58:25 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010/12/10 14:53:49 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010/11/21 10:30:39 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/11/21 10:30:39 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2010/02/08 18:46:10 | 008,505,888 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/09/28 15:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DriveLED\oodlag.exe PRC - [2009/07/14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2005/01/14 16:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe ========== Modules (SafeList) ========== MOD - [2010/12/27 23:27:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Borschti\Desktop\trojaner-board tools\MFtools\OTL.exe MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/12/10 14:53:49 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/12/08 12:24:46 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_aeec0f0.dll -- (Akamai) SRV - [2010/11/21 10:30:39 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/11/05 13:22:20 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/09/28 15:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED) SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2006/06/01 19:56:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2005/01/14 16:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Borschti\AppData\Local\Temp\HIF7FBF.tmp -- (GarenaPEngine) DRV - [2010/12/27 16:41:48 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010/12/07 14:48:55 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/09/10 12:39:23 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010/09/10 12:39:22 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/03/10 16:25:58 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133) DRV - [2010/02/21 16:58:33 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/02/08 18:17:58 | 003,019,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009/09/28 15:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\OODrvled.sys -- (OODrvled) DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009/07/14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex) DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM) DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2009/03/01 22:05:32 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2007/10/12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007/10/12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2007/02/12 16:55:56 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2005/10/18 18:48:38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311) DRV - [2005/01/14 17:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2004/12/03 11:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2004/10/28 11:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 BB 60 30 0C B3 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/08 06:34:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/27 00:02:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/27 00:02:32 | 000,000,000 | ---D | M] [2010/02/21 16:54:34 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mozilla\Extensions [2010/12/29 02:03:54 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mozilla\Firefox\Profiles\grpdhaue.default\extensions [2010/12/18 15:42:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Borschti\AppData\Roaming\mozilla\Firefox\Profiles\grpdhaue.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010/03/14 17:52:22 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mozilla\Firefox\Profiles\grpdhaue.default\extensions\battlefieldheroespatcher@ea.com [2010/02/21 16:58:44 | 000,002,055 | ---- | M] () -- C:\Users\Borschti\AppData\Roaming\Mozilla\FireFox\Profiles\grpdhaue.default\searchplugins\daemon-search.xml [2010/12/29 02:03:54 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010/09/17 14:05:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010/09/17 14:05:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010/09/17 14:05:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010/09/17 14:05:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010/09/17 14:05:42 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Borschti\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010/02/21 13:48:46 | 000,000,000 | ---- | M] () - J:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/12/29 01:52:20 | 000,000,000 | ---D | C] -- C:\_OTL [2010/12/29 01:50:20 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Desktop\Trojaner Board 2 [2010/12/28 11:57:59 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Desktop\trojaner-board tools [2010/12/27 23:34:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/12/27 23:33:30 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010/12/27 23:29:09 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Roaming\Malwarebytes [2010/12/27 23:29:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/12/27 23:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/12/27 23:28:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/12/27 23:28:58 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010/12/27 00:04:04 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010/12/27 00:02:18 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010/12/24 13:11:08 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Documents\Downloads [2010/12/18 15:42:36 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Roaming\DVDVideoSoftIEHelpers [2010/12/18 15:42:24 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2010/12/16 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Documents\Bioshock2 [2010/12/16 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Roaming\Bioshock2 [2010/12/14 19:12:17 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Documents\Heroes of Newerth [2010/12/09 14:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm [2010/12/09 14:40:51 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Local\Last.fm [2010/12/09 14:40:48 | 000,000,000 | ---D | C] -- C:\Programme\Last.fm [2010/12/02 15:22:07 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010/12/02 15:22:05 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010/11/30 22:00:16 | 000,000,000 | ---D | C] -- C:\Programme\Red Kawa [2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx [2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts ========== Files - Modified Within 30 Days ========== [2010/12/29 02:00:30 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/12/29 02:00:30 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/12/29 01:59:22 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/12/29 01:53:17 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/12/29 01:53:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/12/29 01:53:06 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys [2010/12/27 23:42:01 | 000,000,020 | ---- | M] () -- C:\Users\Borschti\defogger_reenable [2010/12/27 16:41:48 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010/12/27 11:20:33 | 000,664,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/12/27 11:20:33 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/12/27 11:20:33 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/12/27 11:20:33 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/12/27 00:13:44 | 002,726,124 | ---- | M] () -- C:\Users\Borschti\Desktop\kleines Mädchen 299.JPG [2010/12/27 00:04:34 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/12/24 14:13:12 | 000,001,903 | ---- | M] () -- C:\Users\Borschti\Desktop\Mozilla Firefox.lnk [2010/12/23 15:11:20 | 000,103,382 | ---- | M] () -- C:\Users\Borschti\Desktop\Getraenkekarte 2011.pdf [2010/12/22 14:12:18 | 089,798,376 | ---- | M] () -- C:\Users\Borschti\Desktop\I Just Had Sex (feat. Akon)(1080p_H.264-AAC).mp4 [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/12/09 14:40:50 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk [2010/12/08 20:56:18 | 000,029,969 | ---- | M] () -- C:\Users\Borschti\Desktop\Effe.png [2010/12/08 20:51:02 | 000,754,873 | ---- | M] () -- C:\Users\Borschti\Desktop\test.jpg [2010/12/07 18:14:28 | 000,099,415 | ---- | M] () -- C:\Users\Borschti\Desktop\Fuehrerschein.PDF [2010/12/07 14:48:55 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010/12/05 22:00:30 | 000,120,320 | ---- | M] () -- C:\Users\Borschti\Desktop\Win7-Shutdown-Timer.exe [2010/12/02 15:22:07 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010/12/01 21:22:53 | 004,042,906 | ---- | M] () -- C:\Users\Borschti\Desktop\Ellie Goulding - Starry Eyed (Jakwob Remix).mp3 [2010/11/30 22:00:16 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Videora iPod touch Converter.lnk [2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx [2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts ========== Files Created - No Company Name ========== [2010/12/27 23:41:46 | 000,000,020 | ---- | C] () -- C:\Users\Borschti\defogger_reenable [2010/12/27 00:10:52 | 002,726,124 | ---- | C] () -- C:\Users\Borschti\Desktop\kleines Mädchen 299.JPG [2010/12/27 00:04:34 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/12/26 12:54:50 | 000,099,415 | ---- | C] () -- C:\Users\Borschti\Desktop\Fuehrerschein.PDF [2010/12/24 14:13:12 | 000,001,903 | ---- | C] () -- C:\Users\Borschti\Desktop\Mozilla Firefox.lnk [2010/12/22 14:11:26 | 089,798,376 | ---- | C] () -- C:\Users\Borschti\Desktop\I Just Had Sex (feat. Akon)(1080p_H.264-AAC).mp4 [2010/12/15 20:03:05 | 000,103,382 | ---- | C] () -- C:\Users\Borschti\Desktop\Getraenkekarte 2011.pdf [2010/12/09 14:40:50 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk [2010/12/08 20:56:01 | 000,029,969 | ---- | C] () -- C:\Users\Borschti\Desktop\Effe.png [2010/12/08 20:50:39 | 000,754,873 | ---- | C] () -- C:\Users\Borschti\Desktop\test.jpg [2010/12/05 22:00:29 | 000,120,320 | ---- | C] () -- C:\Users\Borschti\Desktop\Win7-Shutdown-Timer.exe [2010/12/02 15:22:07 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010/12/01 20:58:10 | 004,042,906 | ---- | C] () -- C:\Users\Borschti\Desktop\Ellie Goulding - Starry Eyed (Jakwob Remix).mp3 [2010/11/30 22:00:16 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Videora iPod touch Converter.lnk [2010/11/15 17:24:11 | 000,000,096 | ---- | C] () -- C:\Users\Borschti\AppData\Local\fusioncache.dat [2010/10/17 18:27:55 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI [2010/09/30 16:49:45 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2010/09/29 17:03:23 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010/09/23 17:53:53 | 000,000,565 | ---- | C] () -- C:\Users\Borschti\AppData\Roaming\myMPQ.ini [2010/09/09 12:28:59 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010/09/09 12:28:58 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010/08/02 15:10:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010/07/21 14:31:48 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010/06/13 19:52:30 | 000,017,408 | ---- | C] () -- C:\Users\Borschti\AppData\Local\WebpageIcons.db [2010/05/31 21:50:17 | 000,001,611 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010/05/29 15:55:07 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2010/05/29 15:55:07 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010/05/29 09:51:04 | 000,603,648 | R--- | C] () -- C:\Windows\System32\1911.dll [2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010/03/14 17:57:57 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010/03/14 17:57:56 | 000,138,056 | ---- | C] () -- C:\Users\Borschti\AppData\Roaming\PnkBstrK.sys [2010/03/09 17:26:51 | 000,000,092 | ---- | C] () -- C:\Users\Borschti\AppData\Roaming\default.pls [2009/11/16 14:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2007/10/12 00:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini ========== LOP Check ========== [2010/08/16 02:33:07 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\acccore [2010/06/17 17:40:45 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Audacity [2010/12/17 13:52:12 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Bioshock2 [2010/06/10 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\BitDefender [2010/03/08 20:11:42 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\DAEMON Tools Lite [2010/12/18 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\DVDVideoSoftIEHelpers [2010/12/27 23:29:09 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Ecwoul [2010/10/17 21:02:44 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\gtk-2.0 [2010/10/23 19:45:41 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Hardcore [2010/08/08 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\HLSW [2010/12/28 16:18:23 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\ICQ [2010/08/11 21:18:38 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Leadertech [2010/05/18 14:39:59 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\LolClient [2010/04/17 22:01:39 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2010/07/09 18:54:44 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\MAXON [2010/07/04 22:42:20 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mp3DirectCut [2010/10/30 21:32:56 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Mp3tag [2010/12/27 18:46:53 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Mumble [2010/10/23 15:16:39 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\PACE Anti-Piracy [2010/07/04 16:05:19 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Publish Providers [2010/12/27 23:39:23 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Reaf [2010/07/06 14:27:28 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Sony [2010/08/05 21:55:52 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Sony Creative Software [2010/04/30 14:34:57 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Sony Setup [2010/04/29 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Teleca [2010/05/18 14:34:48 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\TS3Client [2010/02/21 17:57:15 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\TuneUp Software [2010/10/16 14:09:00 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Ubisoft [2010/05/25 15:04:57 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Wuala [2010/11/21 10:46:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT < End of report > Code:
ATTFilter OTL Extras logfile created on: 29/12/2010 02:25:24 - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Borschti\Desktop\trojaner-board tools\MFtools
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 24,59 Gb Free Space | 25,18% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 10,10 Gb Free Space | 1,08% Space Free | Partition Type: NTFS
Drive J: | 368,10 Gb Total Space | 56,50 Gb Free Space | 15,35% Space Free | Partition Type: NTFS
Drive M: | 465,76 Gb Total Space | 279,51 Gb Free Space | 60,01% Space Free | Partition Type: NTFS
Computer Name: BORSCHTI | User Name: Borschti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C3AE9EB-2F0A-451E-A5E4-2BF6AFF21FB9}" = PC Suite for Sony Ericsson
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}" = Tom Clancy's Splinter Cell Chaos Theory
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCAF3D46-3BDA-441F-97B9-3878ACD0CD4F}_is1" = Half-Life 2 (Addon) DZ
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3C80E77-E549-4F76-BC07-61DDBD950345}" = Silent Hill 2 - Directors Cut
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EDB32FFB-FC1C-414B-BF8E-4645217E9AF2}" = League of Legends
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F61DD673-0030-4BB2-A382-7E57E97F1031}" = Nero 7 Essentials
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"43390D7CA42BD8A4396797BE668489DD178C15E4" = Windows-Treiberpaket - Parallax Inc CDM Driver Package (02/17/2009 2.04.16)
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"7C647F24829963C4E203822A80E734EACA726FD7" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"7-Zip" = 7-Zip 9.15 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CINEMA 4D Release 11" = CINEMA 4D Release 11
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Drumaxx" = Drumaxx
"EA Download Manager" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"F.E.A.R. 2 Project Origin_is1" = F.E.A.R. 2 Project Origin
"Fallout New Vegas_is1" = Fallout New Vegas
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Garena" = Garena 2010
"GCFScape_is1" = GCFScape 1.8.0
"Hardcore" = Hardcore
"HLSW_is1" = HLSW v1.3.3.7b
"hon" = Heroes of Newerth
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IL Download Manager" = IL Download Manager
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.27091
"League of Legends_is1" = League of Legends
"Magic Bullet Looks Vegas" = Magic Bullet Looks Vegas
"Magic Bullet LooksBuilder" = Magic Bullet LooksBuilder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP3-Cutter" = MP3-Cutter
"Mp3tag" = Mp3tag v2.46a
"Mumble" = Mumble and Murmur
"NET Render Release 11" = NET Render Release 11
"NewBlue 3D Explosions for Vegas" = NewBlue 3D Explosions for Vegas
"NewBlue 3D Transformations for Vegas" = NewBlue 3D Transformations for Vegas
"NewBlue Art Blends 2.0 for Vegas" = NewBlue Art Blends 2.0 for Vegas
"NewBlue Art Effects 2.0 for Vegas" = NewBlue Art Effects 2.0 for Vegas
"NewBlue Film Effects for Vegas" = NewBlue Film Effects for Vegas
"NewBlue Motion Blends 2.0 for Vegas" = NewBlue Motion Blends 2.0 for Vegas
"NewBlue Motion Effects 2.0 for Vegas" = NewBlue Motion Effects 2.0 for Vegas
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PluginPac" = DebugMode PluginPac (remove only)
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"Sakura" = Sakura
"Sawer" = Sawer
"Shop for HP Supplies" = Shop for HP Supplies
"SpiceMASTER 2.5 PRO for Vegas" = SpiceMASTER 2.5 PRO for Vegas
"STANDARD" = Microsoft Office Standard 2007
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"StarCraft II" = StarCraft II
"Steam App 205" = Source Dedicated Server
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 400" = Portal
"Steam App 630" = Alien Swarm
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Toxic Biohazard" = Toxic Biohazard
"Trapcode Particular v2" = Trapcode Particular v2
"Trapcode Shine" = Trapcode Shine
"Trapcode Starglow" = Trapcode Starglow
"Uninstall_is1" = Uninstall 1.0.0.1
"Videora iPod touch Converter" = Videora iPod touch Converter 6
"VLC media player" = VLC media player 1.1.0
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Zattoo4" = Zattoo4 4.0.5
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23/09/2010 13:14:30 | Computer Name = Borschti | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.0.0.16117 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ea0 Startzeit:
01cb5b3ffdba54fd Endzeit: 86 Anwendungspfad: J:\StarCraft II\Versions\Base15405\SC2.exe
Berichts-ID:
Error - 24/09/2010 11:02:16 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 196: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 24/09/2010 11:21:28 | Computer Name = Borschti | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 24/09/2010 13:17:29 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 24/09/2010 13:18:49 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 24/09/2010 17:13:12 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 25/09/2010 04:27:33 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 332: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 25/09/2010 04:27:33 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 25/09/2010 04:27:33 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 456: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 25/09/2010 04:27:33 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 464: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
[ System Events ]
Error - 28/12/2010 13:16:39 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
Error - 28/12/2010 13:16:42 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 28/12/2010 13:17:08 | Computer Name = Borschti | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01 sfsync02
Error - 28/12/2010 20:42:17 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
Error - 28/12/2010 20:42:20 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 28/12/2010 20:42:45 | Computer Name = Borschti | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01 sfsync02
Error - 28/12/2010 20:52:20 | Computer Name = Borschti | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 28/12/2010 20:52:59 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
Error - 28/12/2010 20:53:02 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 28/12/2010 20:53:27 | Computer Name = Borschti | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01 sfsync02
< End of report >
Gruß Borschti! |
|
29.12.2010, 11:54
| #5 |
| /// Helfer-Team | TR/ATRAPS.gen in 0070.DLL gefunden Okay, kannst du mir bitte auch noch ein neues Logfile mit GMER erstellen: Rootkitscan mit Gmer Was sind Rootkits? Wichtig: Bei jedem Rootkit-Scans soll/en:
Nun das Logfile in Code-Tags posten.
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte!  |
|
29.12.2010, 13:25
| #6 |
| | TR/ATRAPS.gen in 0070.DLL gefunden Gmer Log: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-29 13:23:22
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAJS-22YFA0 rev.12.01C02
Running: in3r5b12.exe; Driver: C:\Users\Borschti\AppData\Local\Temp\pwriqpoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8306D8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8308D3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA101F300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA106B300, 0x1BEE, 0xE8000020]
.text autochk.exe 002111D4 2 Bytes [24, 0B] {AND AL, 0xb}
.text autochk.exe 002111D8 2 Bytes [50, 0B]
.text autochk.exe 002111DC 1 Byte [36]
.text autochk.exe 002111E0 2 Bytes [88, 0B] {MOV [EBX], CL}
.text autochk.exe 002111E4 2 Bytes [9C, 0B]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1212] ntdll.dll!LdrLoadDll 7750F625 5 Bytes JMP 002213F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2876] USER32.dll!TrackPopupMenu 77644B3B 5 Bytes JMP 62B82342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs OODrvled.sys (O&O DriveLED Filter Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC5 0xD4 0xC1 0xDD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x91 0xBA 0xFD 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9D 0x91 0xAC 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC5 0xD4 0xC1 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x91 0xBA 0xFD 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9D 0x91 0xAC 0xFF ...
---- EOF - GMER 1.0.15 ----
|
|
29.12.2010, 18:38
| #7 |
| /// Helfer-Team | TR/ATRAPS.gen in 0070.DLL gefunden 1.) Malwarebytes Antimalware Downloade Malwarebytes Anti-Malware von einem dieser Downloadspiegel: Malwarebytes - MajorGeeks.com - BestTechie
2.) Eset Online Scan ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Poste bitte in deiner nächsten Antwort:
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
03.01.2011, 14:10
| #8 |
| /// Helfer-Team | TR/ATRAPS.gen in 0070.DLL gefunden Hi Borschti, gehts hier noch weiter? Ansonsten lösche ich diesen Thread in einer Woche aus meinen Abos, damit ich wieder Platz für einen neuen User habe. 
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
| Themen zu TR/ATRAPS.gen in 0070.DLL gefunden |
| 0xc0000006, 32 bit, 7-zip, adobe after effects, akamai, alternate, antivir, avgntflt.sys, avira, bho, black, bonjour, call of duty, chkdsk /f, converter, corp./icp, counter-strike source, cpu-z, dateisystem, desktop, dll -, dwm.exe, encrypt, error, excel.exe, festplatte, firefox, firefox.exe, flash player, fontcache, grand theft auto, helper, install.exe, jdownloader, langs, location, locker, logfile, microsoft office word, mp3, nicht möglich, ntdll.dll, nvlddmkm.sys, nvstor.sys, object, oldtimer, origin, pixel, plug-in, problem, programdata, realtek, registry, required, richtlinie, saver, searchplugins, security, security update, shell32.dll, software, system, taskhost.exe, teamspeak, third party, vlc media player, webcheck, windows |
Button.
Linear-Darstellung
