|
Log-Analyse und Auswertung: Hilfe! Wahrscheinlich schlimmes RootkitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.02.2011, 20:26 | #16 |
| Hilfe! Wahrscheinlich schlimmes RootkitCode:
ATTFilter OTL logfile created on: 01.02.2011 20:04:46 - Run 3 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\WomTom\Desktop\MFTools An unknown product Service Pack 1, v.721 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17105) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 64,90 Gb Total Space | 37,06 Gb Free Space | 57,10% Space Free | Partition Type: NTFS Drive D: | 95,00 Gb Total Space | 87,52 Gb Free Space | 92,13% Space Free | Partition Type: NTFS Drive E: | 72,88 Gb Total Space | 62,17 Gb Free Space | 85,30% Space Free | Partition Type: NTFS Drive F: | 60,00 Gb Total Space | 42,75 Gb Free Space | 71,25% Space Free | Partition Type: NTFS Drive G: | 51,79 Gb Total Space | 11,54 Gb Free Space | 22,28% Space Free | Partition Type: NTFS Drive H: | 298,09 Gb Total Space | 237,05 Gb Free Space | 79,52% Space Free | Partition Type: NTFS Computer Name: WOMTOM-PC | User Name: WomTom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.28 17:36:37 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\WomTom\Desktop\MFTools\OTL.exe PRC - [2010.11.30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2010.11.26 03:54:28 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.11.26 03:54:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.11.11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2010.11.11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010.11.01 17:09:12 | 000,802,816 | ---- | M] (Sphinx Software) -- C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe PRC - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe PRC - [2010.10.25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- D:\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2010.10.25 12:59:03 | 000,610,944 | ---- | M] (CM & V) -- d:\DVBViewer\DVBVservice.exe PRC - [2010.09.29 22:47:00 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.09.29 22:46:32 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.09.29 22:46:24 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2010.05.07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe PRC - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe PRC - [2009.12.10 23:04:22 | 000,814,344 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe PRC - [2009.09.19 14:40:54 | 000,122,880 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonServer.exe PRC - [2009.09.19 14:40:48 | 000,139,264 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonClient.exe PRC - [2009.09.19 14:39:06 | 000,122,880 | ---- | M] (AMD) -- C:\Programme\AMD\RAIDXpert\bin\RAIDXpertService.exe PRC - [2009.09.19 14:38:48 | 000,065,536 | ---- | M] () -- C:\Programme\AMD\RAIDXpert\bin\RAIDXpert.exe PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.05.12 02:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) -- D:\Winstep\WsxService.exe PRC - [2005.01.14 16:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe ========== Modules (SafeList) ========== MOD - [2011.01.28 17:36:37 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\WomTom\Desktop\MFTools\OTL.exe MOD - [2010.09.29 22:50:02 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2010.09.29 22:49:40 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2010.09.29 22:49:14 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2010.09.29 22:48:22 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2010.09.29 22:47:24 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2010.09.29 22:26:28 | 001,681,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17105_none_41e580dc2bd7f1b8\comctl32.dll MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll ========== Win32 Services (SafeList) ========== SRV - [2011.01.18 23:42:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service) SRV - [2011.01.18 23:33:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.11.26 03:54:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.11.11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2010.11.11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV - [2010.10.25 12:59:03 | 000,610,944 | ---- | M] (CM & V) [Auto | Running] -- d:\DVBViewer\DVBVservice.exe -- (DVBVRecorder) SRV - [2010.09.29 22:50:10 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2010.09.29 22:50:00 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2010.09.29 22:49:36 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2010.09.29 22:48:26 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2010.09.29 22:48:00 | 000,804,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2010.09.29 22:47:38 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2010.09.29 22:47:20 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2010.09.29 22:46:46 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010.05.07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009.12.10 23:04:22 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0) SRV - [2009.09.19 14:39:06 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert) SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.05.12 02:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- D:\Winstep\WsxService.exe -- (Winstep Xtreme Service) SRV - [2005.01.14 16:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator) ========== Driver Services (SafeList) ========== DRV - [2011.02.01 19:52:36 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D8FE798-8DA2-4ED4-9917-BBED6DCF0BEA}\MpKsl77aad118.sys -- (MpKsl77aad118) DRV - [2011.02.01 19:51:12 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D8FE798-8DA2-4ED4-9917-BBED6DCF0BEA}\MpKsl1c7297fb.sys -- (MpKsl1c7297fb) DRV - [2011.02.01 13:21:59 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D8FE798-8DA2-4ED4-9917-BBED6DCF0BEA}\MpKsl68c25858.sys -- (MpKsl68c25858) DRV - [2011.01.13 10:27:06 | 000,035,840 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\csrusb.sys -- (csrusb) DRV - [2011.01.13 10:27:02 | 001,534,464 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CsrBtPort.sys -- (CsrBtPort) DRV - [2010.11.26 05:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2010.11.26 05:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.11.26 03:16:26 | 000,231,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.11.22 16:59:16 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32) DRV - [2010.11.10 02:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC) DRV - [2010.11.10 02:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2010.10.24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010.10.24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.09.29 22:58:50 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.09.29 22:58:50 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.09.29 22:58:50 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.09.29 22:58:48 | 000,160,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vhdmp.sys -- (vhdmp) DRV - [2010.09.29 22:58:42 | 000,173,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2010.09.29 22:58:36 | 000,143,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2010.09.29 22:58:36 | 000,117,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2010.09.29 22:58:26 | 000,332,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\iaStorV.sys -- (iaStorV) DRV - [2010.09.29 22:58:26 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2010.09.29 22:57:10 | 000,080,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\amdsata.sys -- (amdsata) DRV - [2010.09.29 22:57:10 | 000,022,400 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\amdxata.sys -- (amdxata) DRV - [2010.09.29 21:25:48 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.09.29 21:14:42 | 000,164,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\1394ohci.sys -- (1394ohci) DRV - [2010.09.29 21:14:22 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2010.09.29 21:09:24 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2010.09.29 21:00:46 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2010.09.29 20:58:40 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2010.09.29 20:54:32 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.09.29 20:54:26 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.09.29 20:40:22 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\acpipmi.sys -- (AcpiPmi) DRV - [2010.09.22 19:54:56 | 000,048,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RamDiskVE.sys -- (RAMDiskVE) DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2010.05.07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2010.03.19 00:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k) DRV - [2010.03.19 00:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k) DRV - [2010.03.19 00:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2010.03.19 00:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia) DRV - [2010.03.19 00:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2010.03.19 00:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2010.03.19 00:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv) DRV - [2010.03.19 00:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctgame.sys -- (ctgame) DRV - [2010.03.19 00:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2010.03.19 00:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2010.03.19 00:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k) DRV - [2010.03.19 00:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS) DRV - [2010.03.19 00:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.sys -- (CTERFXFX) DRV - [2010.03.19 00:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS) DRV - [2010.03.19 00:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.sys -- (CTSBLFX) DRV - [2010.03.19 00:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS) DRV - [2010.03.19 00:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.sys -- (CTAUDFX) DRV - [2010.03.19 00:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS) DRV - [2010.03.19 00:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COMMONFX.sys -- (COMMONFX) DRV - [2010.03.04 12:42:58 | 000,277,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2010.01.28 14:57:09 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009.12.18 16:19:02 | 003,482,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2009.11.27 09:01:36 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.11.04 12:42:32 | 000,022,592 | ---- | M] (TerraTec Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MtsHID.sys -- (MtsHID) DRV - [2009.11.04 12:42:20 | 000,247,872 | ---- | M] (TerraTec Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MtsBda.sys -- (MTSBDA) DRV - [2009.09.30 15:33:56 | 000,104,976 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.09.23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.09.01 16:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/11/25 19:02:42] [Kernel | Auto | Running] -- D:\CyberLink\PowerDVD9\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009.07.24 23:29:22 | 000,017,584 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinktun4.sys -- (dvblinktun4) DRV - [2009.07.24 23:29:14 | 000,017,584 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinktun3.sys -- (dvblinktun3) DRV - [2009.07.24 23:29:08 | 000,017,584 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinktun2.sys -- (dvblinktun2) DRV - [2009.07.24 23:29:02 | 000,017,584 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinktun.sys -- (dvblinktun) DRV - [2009.07.24 23:28:56 | 000,017,456 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinkcap4.sys -- (dvblinkcap4) DRV - [2009.07.24 23:28:48 | 000,017,456 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinkcap3.sys -- (dvblinkcap3) DRV - [2009.07.24 23:28:42 | 000,017,456 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinkcap2.sys -- (dvblinkcap2) DRV - [2009.07.24 23:28:36 | 000,017,456 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinkcap.sys -- (dvblinkcap) DRV - [2009.07.17 19:52:00 | 000,155,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 17:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.06.17 17:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2009.06.17 17:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2009.03.27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132) DRV - [2008.02.22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2008.02.22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2008.02.22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2008.02.01 17:24:04 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- D:\CyberLink\PowerDVD8\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2007.04.18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL) DRV - [2007.04.12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL) DRV - [2007.04.12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL) DRV - [2007.04.12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL) DRV - [2007.04.12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL) DRV - [2007.04.12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL) DRV - [2007.04.12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL) DRV - [2007.04.12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL) DRV - [2007.04.12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL) DRV - [2007.04.12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL) DRV - [2007.04.12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL) DRV - [2006.10.30 16:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2005.10.18 18:48:38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 93 E1 07 14 93 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.3 FF - prefs.js..extensions.enabledItems: CompactMenuCE@Merci.chao:4.3.2 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.87 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.2.3 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.11.18 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\browserrecord\firefox\ext [2010.01.25 20:05:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010.11.29 00:45:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2010.12.01 13:15:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.16 14:51:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 19:00:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2011.01.27 23:25:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins [2009.11.24 19:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WomTom\AppData\Roaming\mozilla\Extensions [2011.01.30 13:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WomTom\AppData\Roaming\mozilla\Firefox\Profiles\zskd4c4f.default\extensions [2011.01.29 05:44:03 | 000,001,056 | ---- | M] () -- C:\Users\WomTom\AppData\Roaming\Mozilla\Firefox\Profiles\zskd4c4f.default\searchplugins\icqplugin.xml [2011.01.23 15:33:14 | 000,002,306 | ---- | M] () -- C:\Users\WomTom\AppData\Roaming\Mozilla\Firefox\Profiles\zskd4c4f.default\searchplugins\wot-safe-search.xml [2010.12.16 00:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.08.08 17:59:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.21 15:42:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- [2010.12.01 13:15:53 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX () (No name found) -- C:\USERS\WOMTOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZSKD4C4F.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI () (No name found) -- C:\USERS\WOMTOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZSKD4C4F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.21 21:43:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.21 21:43:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.21 21:43:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.21 21:43:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.21 21:43:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.29 20:59:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\rpbrowserrecordplugin.dll File not found O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll (www.flashget.com) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Alles mit FlashGet laden - D:\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Download by Orbit - D:\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - D:\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Mit FlashGet laden - D:\FlashGet\JC_LINK.HTM () O8 - Extra context menu item: Add to &Evernote - D:\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - D:\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\WomTom\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\WomTom\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe (FlashGet.com) O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - D:\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - D:\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.01.21 22:00:36 | 000,000,000 | ---D | M] - D:\AutoHotkey -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.01 18:24:29 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Desktop\PC_Rettung [2011.01.31 17:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2011.01.31 17:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs [2011.01.31 17:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite [2011.01.31 17:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software [2011.01.31 17:52:00 | 000,000,000 | ---D | C] -- C:\Programme\NCH Software [2011.01.31 17:51:59 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\NCH Software [2011.01.29 21:44:47 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client [2011.01.29 20:59:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2011.01.29 20:58:05 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Local\temp [2011.01.29 20:46:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.01.29 20:46:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.01.29 20:46:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.01.29 20:42:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.01.29 20:13:45 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.01.29 15:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE [2011.01.29 15:12:56 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Desktop\MustBeRandomlyNamed [2011.01.29 15:12:24 | 000,719,574 | ---- | C] (UG North ) -- C:\Users\WomTom\Desktop\RkU3.8.388.590.exe [2011.01.29 14:55:43 | 001,350,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\WomTom\Desktop\tdsskiller.exe [2011.01.29 14:49:09 | 000,000,000 | ---D | C] -- C:\_OTL [2011.01.29 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Wireshark [2011.01.29 09:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2011.01.29 09:19:10 | 000,000,000 | ---D | C] -- C:\Programme\WinPcap [2011.01.28 17:48:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.01.28 17:46:29 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.01.28 17:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.01.28 17:36:33 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Desktop\MFTools [2011.01.28 15:36:18 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\QuickScan [2011.01.28 12:20:30 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2011.01.28 11:53:37 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\KillProcess [2011.01.28 11:53:29 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KillProcess [2011.01.28 11:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KillProcess [2011.01.28 11:53:28 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\KillProcess Kill Lists [2011.01.28 11:53:28 | 000,000,000 | ---D | C] -- C:\Programme\KillProcess [2011.01.27 17:14:50 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live Safety Center [2011.01.27 15:16:10 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Malwarebytes [2011.01.27 15:15:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.27 15:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.27 15:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.27 15:15:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.27 13:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.01.27 13:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.01.26 20:00:32 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\Stardock [2011.01.26 20:00:32 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Stardock [2011.01.26 20:00:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\{56FC2B0D-3D08-45E7-B370-9A9DACA17E2F} [2011.01.26 20:00:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock [2011.01.26 20:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock [2011.01.26 19:39:18 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 10 [2011.01.26 12:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\RL Vision [2011.01.26 12:01:04 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMCT232.ocx [2011.01.26 12:01:04 | 000,102,400 | ---- | C] (RL Vision) -- C:\Windows\System32\FlashRenHelper.dll [2011.01.26 12:01:04 | 000,028,672 | ---- | C] (UniCont Soft) -- C:\Windows\System32\FolderWatcher.dll [2011.01.26 12:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Renamer [2011.01.26 04:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftLocker [2011.01.26 04:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Quick File Renamer [2011.01.26 04:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\UPS Controller [2011.01.26 04:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SLGlobal [2011.01.26 04:53:04 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Quick File Renamer [2011.01.26 03:24:25 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FHindustries [2011.01.26 03:22:50 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\GetRightToGo [2011.01.25 16:19:57 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\Meine empfangenen Dateien [2011.01.21 22:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey [2011.01.20 21:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2011.01.20 21:34:33 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software [2011.01.20 01:54:37 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\Videomaskenprojekte [2011.01.20 00:41:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Creative [2011.01.20 00:41:50 | 000,000,000 | -H-D | C] -- C:\Programme\Creative Installation Information [2011.01.19 13:10:14 | 000,011,776 | ---- | C] (Creative Technology Limited) -- C:\Windows\INRES.DLL [2011.01.19 13:10:14 | 000,010,240 | ---- | C] (Creative Technology Ltd) -- C:\Windows\CTDCRES.DLL [2011.01.19 12:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative [2011.01.18 23:41:35 | 000,171,680 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\CTOPT352.dll [2011.01.18 23:41:35 | 000,061,440 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\CTChkAud.dll [2011.01.18 23:35:25 | 000,065,536 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\ctdvda32.dll [2011.01.18 23:33:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Creative Labs Shared [2011.01.18 23:29:15 | 000,000,000 | ---D | C] -- C:\Programme\Creative [2011.01.18 23:25:06 | 000,086,016 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\cttele.dll [2011.01.18 23:24:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\data [2011.01.18 22:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Powertoys for Windows XP [2011.01.18 20:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atiz [2011.01.18 15:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.01.18 15:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.01.18 15:22:14 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\SightSpeed Recordings [2011.01.18 15:22:13 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Local\LogiShrd [2011.01.18 15:19:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\logishrd [2011.01.18 15:19:29 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\LWS [2011.01.16 14:32:48 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Snapter Images [2011.01.15 22:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.01.15 22:43:55 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2011.01.13 10:27:06 | 000,035,840 | ---- | C] (Cambridge Silicon Radio Limited) -- C:\Windows\System32\drivers\csrusb.sys [2011.01.13 10:27:02 | 001,534,464 | ---- | C] (Cambridge Silicon Radio Limited) -- C:\Windows\System32\drivers\CsrBtPort.sys [2011.01.12 23:14:53 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.12 03:46:42 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\vlc [2011.01.12 03:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.01.10 22:44:31 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Local\DVDVideoSoft_Ltd [2011.01.10 20:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.2 [2011.01.10 20:52:25 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2 [2011.01.10 15:05:21 | 000,188,928 | ---- | C] (SONIX) -- C:\Windows\FixCamera.exe [2011.01.08 19:59:34 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\amcap.exe [2011.01.07 18:14:46 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\ManyCam [2011.01.07 00:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\f4 [2011.01.04 15:00:41 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Camfrog [2011.01.04 15:00:40 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Local\CrashRpt [2011.01.03 19:13:24 | 000,000,000 | ---D | C] -- C:\Windows\TempDF18C668-4E15-D238-8831-60FA558EB771-Signatures [2010.12.21 17:43:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\WomTom\AppData\Roaming\pcouffin.sys [2010.11.29 13:18:12 | 000,010,752 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll [2010.01.25 20:05:14 | 000,014,336 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\wmdmhelper.dll [2010.01.25 20:05:13 | 000,712,704 | ---- | C] ( ) -- C:\Programme\dtdr3260.dll [2010.01.25 20:05:12 | 000,651,264 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjbres.dll [2010.01.25 20:05:12 | 000,352,256 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjdlg.dll [2010.01.25 20:05:12 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Programme\DUNZIP32.dll [2010.01.25 20:05:12 | 000,036,352 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\ierjplug.dll [2010.01.25 20:05:12 | 000,019,456 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tnetdtct.dll [2010.01.25 20:05:12 | 000,019,456 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjprog.dll [2010.01.25 20:05:12 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\fixrjb.exe [2010.01.25 20:05:11 | 000,081,920 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tsasdk.dll [2010.01.25 20:05:11 | 000,057,344 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tpasdk.dll [2010.01.25 20:05:11 | 000,041,472 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\mmcdda32.dll [2010.01.25 20:05:10 | 000,032,768 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpwa3260.dll [2010.01.25 20:05:09 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Programme\dbghelp.dll [2010.01.25 20:05:09 | 000,329,312 | ---- | C] (RealPlayer) -- C:\Programme\rpbrowserrecordplugin.dll [2010.01.25 20:05:09 | 000,043,056 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpshellsearch.dll [2010.01.25 20:05:08 | 000,065,536 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjwmapln.dll [2010.01.25 20:05:06 | 000,053,248 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpau3260.dll [2010.01.25 20:05:01 | 000,112,168 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rdsf3260.dll [2010.01.25 20:05:01 | 000,086,016 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpplugprot.dll [2010.01.25 20:05:01 | 000,063,016 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpshell.dll [2010.01.25 20:04:58 | 000,014,888 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rphelperapp.exe [2010.01.25 20:04:58 | 000,007,168 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realjbox.exe [2010.01.25 20:04:40 | 000,222,728 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realplay.exe [2010.01.25 20:04:38 | 000,198,208 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RecordingManager.exe ========== Files - Modified Within 30 Days ========== [2011.02.01 19:59:50 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.01 19:59:50 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.01 19:52:40 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.01 19:52:27 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2011.02.01 19:52:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.01 19:52:16 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2011.02.01 19:51:38 | 000,032,592 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.02.01 19:51:38 | 000,032,592 | ---- | M] () -- C:\Windows\System32\BMXState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.02.01 19:51:38 | 000,032,088 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.02.01 19:51:38 | 000,032,088 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.02.01 19:51:38 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.02.01 19:38:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.01 19:02:01 | 000,659,538 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.01 19:02:01 | 000,620,814 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.01 19:02:01 | 000,131,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.01 19:02:01 | 000,108,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.01 01:35:32 | 000,005,527 | ---- | M] () -- C:\Windows\System32\sys3Start.lic [2011.01.31 17:58:19 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk [2011.01.31 16:19:46 | 000,005,632 | ---- | M] () -- C:\Users\WomTom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.29 21:45:20 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2011.01.29 20:59:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.01.29 20:45:17 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.01.29 20:40:50 | 004,262,047 | R--- | M] () -- C:\Users\WomTom\Desktop\Cafi.exe [2011.01.29 15:11:15 | 000,629,057 | ---- | M] () -- C:\Users\WomTom\Desktop\RkU3.8.388.590.rar [2011.01.29 14:55:12 | 001,350,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\WomTom\Desktop\tdsskiller.exe [2011.01.28 17:57:39 | 000,000,000 | ---- | M] () -- C:\Users\WomTom\defogger_reenable [2011.01.28 17:46:29 | 000,000,904 | ---- | M] () -- C:\Users\WomTom\Desktop\NTREGOPT.lnk [2011.01.28 11:53:29 | 000,001,011 | ---- | M] () -- C:\Users\WomTom\Desktop\KillProcess.lnk [2011.01.27 15:15:57 | 000,000,626 | ---- | M] () -- C:\Users\WomTom\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.27 14:18:27 | 000,000,769 | ---- | M] () -- C:\Users\WomTom\Desktop\Spybot - Search & Destroy.lnk [2011.01.26 19:39:20 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 10.lnk [2011.01.26 12:01:04 | 000,000,543 | ---- | M] () -- C:\Users\Public\Desktop\Flash Renamer.lnk [2011.01.26 03:24:25 | 000,000,364 | ---- | M] () -- C:\Users\WomTom\Desktop\A+FileRename.appref-ms [2011.01.25 16:56:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_CsrBtPort_01009.Wdf [2011.01.25 16:56:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_csrusb_01009.Wdf [2011.01.21 22:17:08 | 000,000,209 | ---- | M] () -- C:\Users\WomTom\Documents\cam.ahk [2011.01.21 21:20:43 | 000,001,352 | ---- | M] () -- C:\Users\WomTom\Documents\AutoHotkey.ahk [2011.01.21 00:19:07 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [2011.01.20 21:34:52 | 000,001,198 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.01.20 01:08:41 | 004,958,588 | ---- | M] () -- C:\Windows\{00000002-00000000-00000007-00001102-00000004-20021102}.CDF [2011.01.20 01:04:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ctzapxx.ini [2011.01.20 00:18:23 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2011.01.20 00:18:23 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2011.01.19 20:13:39 | 000,001,588 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2011.01.18 23:41:59 | 000,002,157 | ---- | M] () -- C:\Users\Public\Desktop\DDL und DTS Connect-Lizenzaktivierung.lnk [2011.01.18 20:14:48 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\BookDrive Editor Pro.lnk [2011.01.18 16:20:42 | 000,001,041 | ---- | M] () -- C:\Users\WomTom\AppData\Roaming\vso_ts_preview.xml [2011.01.16 14:32:45 | 000,005,500 | ---- | M] () -- C:\Windows\System32\sys5start.lic [2011.01.14 00:33:40 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt [2011.01.13 10:27:06 | 000,035,840 | ---- | M] (Cambridge Silicon Radio Limited) -- C:\Windows\System32\drivers\csrusb.sys [2011.01.13 10:27:02 | 001,534,464 | ---- | M] (Cambridge Silicon Radio Limited) -- C:\Windows\System32\drivers\CsrBtPort.sys [2011.01.12 03:45:34 | 000,000,613 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk ========== Files Created - No Company Name ========== [2011.01.31 17:58:19 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk [2011.01.31 17:52:05 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk [2011.01.29 21:44:49 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011.01.29 20:46:09 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.01.29 20:46:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.01.29 20:46:09 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.01.29 20:46:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.01.29 20:46:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.01.29 20:40:44 | 004,262,047 | R--- | C] () -- C:\Users\WomTom\Desktop\Cafi.exe [2011.01.29 15:11:45 | 000,629,057 | ---- | C] () -- C:\Users\WomTom\Desktop\RkU3.8.388.590.rar [2011.01.29 09:15:58 | 000,000,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk [2011.01.28 17:57:39 | 000,000,000 | ---- | C] () -- C:\Users\WomTom\defogger_reenable [2011.01.28 17:46:29 | 000,000,904 | ---- | C] () -- C:\Users\WomTom\Desktop\NTREGOPT.lnk [2011.01.28 11:53:29 | 000,001,011 | ---- | C] () -- C:\Users\WomTom\Desktop\KillProcess.lnk [2011.01.27 15:15:57 | 000,000,626 | ---- | C] () -- C:\Users\WomTom\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.27 14:18:27 | 000,000,769 | ---- | C] () -- C:\Users\WomTom\Desktop\Spybot - Search & Destroy.lnk [2011.01.26 19:39:20 | 000,002,103 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 10.lnk [2011.01.26 19:39:20 | 000,002,100 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 10.lnk [2011.01.26 12:01:04 | 000,017,804 | ---- | C] () -- C:\Windows\System32\shlctxmnu.tlb [2011.01.26 12:01:04 | 000,011,012 | ---- | C] () -- C:\Windows\System32\threadapi.tlb [2011.01.26 12:01:04 | 000,000,543 | ---- | C] () -- C:\Users\Public\Desktop\Flash Renamer.lnk [2011.01.26 03:24:25 | 000,000,364 | ---- | C] () -- C:\Users\WomTom\Desktop\A+FileRename.appref-ms [2011.01.25 16:56:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_CsrBtPort_01009.Wdf [2011.01.25 16:56:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_csrusb_01009.Wdf [2011.01.21 22:17:08 | 000,000,209 | ---- | C] () -- C:\Users\WomTom\Documents\cam.ahk [2011.01.21 21:20:43 | 000,001,352 | ---- | C] () -- C:\Users\WomTom\Documents\AutoHotkey.ahk [2011.01.20 01:06:43 | 000,032,088 | ---- | C] () -- C:\Windows\System32\BMXBkpCtrlState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.01.20 00:54:08 | 004,958,588 | ---- | C] () -- C:\Windows\{00000002-00000000-00000007-00001102-00000004-20021102}.CDF [2011.01.20 00:20:55 | 000,032,088 | ---- | C] () -- C:\Windows\System32\BMXCtrlState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.01.20 00:20:55 | 000,011,564 | ---- | C] () -- C:\Windows\System32\DVCState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.01.19 20:13:39 | 000,001,588 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2011.01.18 23:41:35 | 000,006,010 | ---- | C] () -- C:\Windows\System32\CTOPT352.cat [2011.01.18 23:35:25 | 001,746,360 | ---- | C] () -- C:\Windows\System32\CTAA1.DAT [2011.01.18 23:32:41 | 007,572,224 | ---- | C] () -- C:\Windows\System32\CT8MGM.SF2 [2011.01.18 23:32:41 | 004,174,814 | ---- | C] () -- C:\Windows\System32\CT4MGM.SF2 [2011.01.18 23:26:34 | 000,032,592 | ---- | C] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.01.18 23:26:34 | 000,032,592 | ---- | C] () -- C:\Windows\System32\BMXState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.01.18 20:14:48 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\BookDrive Editor Pro.lnk [2011.01.18 15:18:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\lvuvc.hs [2011.01.16 16:13:06 | 000,005,527 | ---- | C] () -- C:\Windows\System32\sys3Start.lic [2011.01.16 14:32:29 | 000,005,500 | ---- | C] () -- C:\Windows\System32\sys5start.lic [2011.01.12 03:45:33 | 000,000,613 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.01.10 15:05:23 | 003,482,240 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2011.01.10 15:05:22 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2011.01.03 19:14:27 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2010.12.21 17:43:49 | 000,000,034 | ---- | C] () -- C:\Users\WomTom\AppData\Roaming\pcouffin.log [2010.12.21 17:43:48 | 000,007,887 | ---- | C] () -- C:\Users\WomTom\AppData\Roaming\pcouffin.cat [2010.12.21 17:43:48 | 000,001,144 | ---- | C] () -- C:\Users\WomTom\AppData\Roaming\pcouffin.inf [2010.12.21 17:36:06 | 000,001,041 | ---- | C] () -- C:\Users\WomTom\AppData\Roaming\vso_ts_preview.xml [2010.12.21 16:54:39 | 000,020,693 | ---- | C] () -- C:\Users\WomTom\AppData\Local\StarPort.log [2010.12.21 15:56:57 | 000,000,228 | ---- | C] () -- C:\Users\WomTom\AppData\Roaming\trueburner.ini [2010.12.20 20:23:42 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.11.29 14:21:31 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI [2010.11.29 13:18:13 | 000,077,824 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll [2010.11.29 13:18:12 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll [2010.11.29 13:18:04 | 000,050,466 | ---- | C] () -- C:\Windows\System32\instwdm.ini [2010.11.10 02:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010.11.10 02:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010.11.10 02:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.09.22 19:54:56 | 000,048,512 | ---- | C] () -- C:\Windows\System32\drivers\RamDiskVE.sys [2010.07.08 12:16:31 | 000,026,427 | ---- | C] () -- C:\Windows\CSTBox.INI [2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2010.05.21 20:28:31 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.05.21 20:28:30 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.05.07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2010.01.28 14:07:31 | 000,007,620 | ---- | C] () -- C:\Users\WomTom\AppData\Local\Resmon.ResmonCfg [2010.01.26 21:45:15 | 000,005,632 | ---- | C] () -- C:\Users\WomTom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.25 20:05:12 | 000,002,851 | ---- | C] () -- C:\Programme\cdroms.cfg [2010.01.25 20:05:10 | 000,119,808 | ---- | C] () -- C:\Programme\waiting.avi [2010.01.25 20:05:10 | 000,027,278 | ---- | C] () -- C:\Programme\frw.bmp [2010.01.25 20:05:10 | 000,016,296 | ---- | C] () -- C:\Programme\realtfon.fon [2010.01.25 20:05:09 | 000,067,473 | ---- | C] () -- C:\Programme\realplay.chm [2010.01.25 20:05:09 | 000,057,762 | ---- | C] () -- C:\Programme\howto.chm [2010.01.25 20:05:09 | 000,001,209 | ---- | C] () -- C:\Programme\flvplay.swf [2010.01.25 20:05:06 | 000,053,098 | ---- | C] () -- C:\Programme\presets.rnx [2010.01.25 20:05:06 | 000,052,829 | ---- | C] () -- C:\Programme\RealNetworks License.html [2010.01.25 20:05:06 | 000,052,829 | ---- | C] () -- C:\Programme\playrlic.html [2010.01.25 20:05:06 | 000,051,355 | ---- | C] () -- C:\Programme\RealNetworks License.txt [2010.01.25 20:05:06 | 000,051,355 | ---- | C] () -- C:\Programme\playrlic.txt [2010.01.25 20:05:05 | 000,000,480 | ---- | C] () -- C:\Programme\keys.dat [2010.01.25 20:05:04 | 000,847,007 | ---- | C] () -- C:\Programme\normal.vs [2010.01.25 20:05:04 | 000,061,495 | ---- | C] () -- C:\Programme\ssimages.vs [2010.01.25 20:05:01 | 000,102,400 | ---- | C] () -- C:\Programme\HXAudioDeviceHook.dll [2010.01.25 20:05:00 | 000,001,161 | ---- | C] () -- C:\Programme\autoplaylist.dat [2010.01.25 20:05:00 | 000,000,043 | ---- | C] () -- C:\Programme\strs23.dat [2010.01.25 20:05:00 | 000,000,013 | ---- | C] () -- C:\Programme\strs26.dat [2010.01.25 20:04:40 | 000,023,558 | ---- | C] () -- C:\Programme\freeoffers.ico [2010.01.25 20:04:40 | 000,017,846 | ---- | C] () -- C:\Programme\videotest.rm [2010.01.25 20:04:40 | 000,000,221 | ---- | C] () -- C:\Programme\subscription.rnx [2010.01.25 20:04:40 | 000,000,177 | ---- | C] () -- C:\Programme\freeoffers.rnx [2010.01.10 14:32:50 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.12.18 15:26:30 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini [2009.12.10 14:39:10 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.11.27 13:45:57 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2009.11.27 09:02:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009.11.27 08:54:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.11.25 02:05:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ctrldll.dll [2009.08.16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2007.04.12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\System32\APOMgrH.dll [2007.04.09 12:55:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.10.02 09:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\System32\kill.ini [1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DDB01966 < End of report > |
01.02.2011, 20:28 | #17 |
| Hilfe! Wahrscheinlich schlimmes RootkitCode:
ATTFilter OTL Extras logfile created on: 01.02.2011 20:04:46 - Run 3 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\WomTom\Desktop\MFTools An unknown product Service Pack 1, v.721 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17105) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 64,90 Gb Total Space | 37,06 Gb Free Space | 57,10% Space Free | Partition Type: NTFS Drive D: | 95,00 Gb Total Space | 87,52 Gb Free Space | 92,13% Space Free | Partition Type: NTFS Drive E: | 72,88 Gb Total Space | 62,17 Gb Free Space | 85,30% Space Free | Partition Type: NTFS Drive F: | 60,00 Gb Total Space | 42,75 Gb Free Space | 71,25% Space Free | Partition Type: NTFS Drive G: | 51,79 Gb Total Space | 11,54 Gb Free Space | 22,28% Space Free | Partition Type: NTFS Drive H: | 298,09 Gb Total Space | 237,05 Gb Free Space | 79,52% Space Free | Partition Type: NTFS Computer Name: WOMTOM-PC | User Name: WomTom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultOutboundAction" = 1 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Orbitdownloader\orbitdm.exe" = D:\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "D:\Orbitdownloader\orbitnet.exe" = D:\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{0306D1CA-FB52-99A0-2F2D-A753DE6FAAA5}" = Catalyst Control Center Graphics Previews Common "{03851D50-931A-A7B4-C499-83E2D27A6A56}" = WMV9/VC-1 Video Playback "{04FE949D-172D-45B4-ACE6-6BCFAB5EC563}" = Mindjet MindManager 9 "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3 "{12E80513-E131-EEB9-56E1-AAB7850B7151}" = ATI Stream SDK v2 Developer "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = CanoScan Toolbox Ver4.5 "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1A039D69-3A53-4133-995F-85EE25711011}" = Microsoft Expression Media 2 SP2 "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22 "{26E18E78-4CC5-30B2-1ABD-2B5B9063B8F8}" = CCC Help English "{2B301F4D-8CBF-9BFE-C3C3-FF033858C8AC}" = ccc-utility "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32BA25A2-CFD6-4809-A645-254532C90466}" = Microsoft Expression Studio 2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB3F9D4-0020-4A93-A7EB-C931C09ABD29}" = n-tv plus "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 2.7.5 "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1) "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}" = QuarkXPress "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1 "{76737576-1615-4c43-b726-08e8ea284a18}" = Nero 9 Lite "{768DB68F-A366-A1D7-A69F-FC491919296F}" = Catalyst Control Center InstallProxy "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client "{7AA5E78D-BE64-4EA2-9CA7-DE37DCB3009A}" = Microsoft Expression Blend 3 SDK "{7C668763-D786-460C-8921-079B8954C352}" = Microsoft Expression Studio 3 "{81B23FE2-2BD6-3593-51CD-59A52B9B9125}" = ccc-core-static "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{857DA860-472D-483E-AC6E-B9D7DDCDB0BA}" = Microsoft Expression Design 3 "{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}" = Topaz Simplify 3 "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English) "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit "{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3 "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A839F4C2-3C29-07A2-77A7-5C37F4D0432D}" = ATI Catalyst Install Manager "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AABB8DC0-EAD9-AB1A-481D-0780B0277FF7}" = AMD Drag and Drop Transcoding "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.07 "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{BBD363AA-3F9E-4569-8A52-D1DEECCF5121}" = SoundPackager "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{C82185E8-C27B-4EF4-2009-2222BC2C2B6D}" = Microsoft MapPoint Europe 2009 "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322 "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{E1C4F4F3-067B-4E16-87AB-1DF79D287126}" = Microsoft Expression Blend 3 "{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2 "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{E8FC40D9-D7E5-49FC-B58C-D366A3F35874}" = Microsoft Expression Encoder 3 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F30F4040-D69D-4055-81AD-D08BF8138FD0}_is1" = DVBViewer Recording Properties "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4429C5D-CA5D-4408-BBCB-853CF5076886}" = BookDrive Editor Pro "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote "{F7DB6677-661D-4835-AAD8-1B7F4C98D7CE}" = Switcher 2.0.0 "{F9263444-9913-4896-8D7C-E056C4C5FB38}_is1" = MSRSD v4.26 "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.65 "AC3Filter" = AC3Filter (remove only) "AcMgrDDL" = DDL und DTS Connect-Lizenzaktivierung "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALchemy" = Creative ALchemy "Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced "AudioCS" = Creative-Audiokonsole "AutoHotkey" = AutoHotkey 1.0.48.05 "Blend_3.0.1938.0" = Microsoft Expression Blend 3 "CD Bremse_is1" = CD Bremse 1.49 "Citavi" = Citavi 2.5 "CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1 "Creative MediaSource DVD-Audio Player" = Creative MediaSource DVD-Audio Player "Creative Software AutoUpdate" = Creative Software AutoUpdate "Debut" = Debut Video Capture Software "Design_6.0.1739.0" = Microsoft Expression Design 3 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "Dolby Digital Live Pack" = Dolby Digital Live Pack "DriverAgent.exe" = DriverAgent by eSupport.com "DTS Connect Pack" = DTS Connect Pack "DVBViewer Pro_is1" = DVBViewer Pro "DVBViewer Recording Service_is1" = DVBViewer Recording Service "Easy Video Downloader_is1" = Easy Video Downloader v. 2.0 "Encoder_3.0.1332.0" = Microsoft Expression Encoder 3 "Equalizer" = Creative-Grafik-Equalizer "ERUNT_is1" = ERUNT 1.1j "ExpressionStudio_2.0.133.0" = Microsoft Expression Studio 2 "ExpressionStudio_3.0.1064.0" = Microsoft Expression Studio 3 "FileZilla Client" = FileZilla Client 3.3.5 "Flash Renamer_is1" = Flash Renamer 6.31 "FlashGet" = FlashGet 1.9.6.1073 "Foxit Reader" = Foxit Reader "Fraunhofer MP3 Codec Pro 1.263" = Fraunhofer MP3 Codec Pro 1.263 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4.10 "Free Studio_is1" = Free Studio version 4.8 "Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.16 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "HijackThis" = HijackThis 2.0.2 "ImgBurn" = ImgBurn "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert "InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "IsoBuster_is1" = IsoBuster 2.6 "KillProcess" = KillProcess 2.44 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0 "Kyocera Product Library" = Kyocera Product Library "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Movie Studio for Samsung" = Movie Studio for Samsung 2.0 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Mozilla Firefox 4.0b10 (x86 de)" = Mozilla Firefox 4.0b10 (x86 de) "Mp3tag" = Mp3tag v2.46a "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "Orbit_is1" = Orbit Downloader "PDF-XChange 3_is1" = PDF-XChange 3 "RealPlayer 12.0" = RealPlayer "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SDEPRO20_is1" = SDExplorer 2.1 "SFBM" = SoundFont-Bank-Manager "SoundPackager" = SoundPackager "Spdifer_is1" = Spdifer 0.3b "SPEAKER" = Creative Lautsprechereinstellungen "ToonIt PS" = ToonIt! "Topaz Simplify 3" = Topaz Simplify 3 "UltraISO_is1" = UltraISO Premium V9.36 "Uninstall_is1" = Uninstall 1.0.0.1 "URLSnooper 2_is1" = URL Snooper v2.28.01 "VLC media player" = VLC media player 1.1.5 "WaveStudio 7" = Creative WaveStudio 7 "Web_3.0.3813.0" = Microsoft Expression Web 3 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows7FirewallControl_is1" = Windows7FirewallControl (i386) 4.0.144.38 "WinISO_is1" = WinISO 5.3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "WinRAR archiver" = WinRAR Archivierer "Winstep Xtreme_is1" = Nexus 10.1 Update "Wireshark" = Wireshark 1.4.3 "ZDFmediathek_is1" = ZDFmediathek Version 2.0.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f58cbb372ebb2ec8" = Media Center Studio "fc92d19c2b82cf91" = A+FileRename ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 30.11.2010 15:19:02 | Computer Name = WomTom-PC | Source = MsiInstaller | ID = 11706 Description = Error - 30.11.2010 15:19:05 | Computer Name = WomTom-PC | Source = MsiInstaller | ID = 11706 Description = Error - 30.11.2010 15:19:52 | Computer Name = WomTom-PC | Source = MsiInstaller | ID = 11706 Description = Error - 30.11.2010 15:19:55 | Computer Name = WomTom-PC | Source = MsiInstaller | ID = 11706 Description = Error - 01.12.2010 11:10:53 | Computer Name = WomTom-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: dvbviewer.exe, Version: 4.5.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: dvbviewer.exe, Version: 4.5.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00016e39 ID des fehlerhaften Prozesses: 0x16d4 Startzeit der fehlerhaften Anwendung: 0x01cb91635da57ab7 Pfad der fehlerhaften Anwendung: D:\DVBViewer\dvbviewer.exe Pfad des fehlerhaften Moduls: D:\DVBViewer\dvbviewer.exe Berichtskennung: 3062613e-fd5d-11df-99ca-001d7d939171 Error - 01.12.2010 22:30:00 | Computer Name = WomTom-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: dvbviewer.exe, Version: 4.5.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: dvbviewer.exe, Version: 4.5.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00016daf ID des fehlerhaften Prozesses: 0x15bc Startzeit der fehlerhaften Anwendung: 0x01cb91c89ad178cd Pfad der fehlerhaften Anwendung: D:\DVBViewer\dvbviewer.exe Pfad des fehlerhaften Moduls: D:\DVBViewer\dvbviewer.exe Berichtskennung: 0f4fedc3-fdbc-11df-99ca-001d7d939171 Error - 02.12.2010 08:10:03 | Computer Name = WomTom-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TTTVRC.exe, Version: 5.17.0.387, Zeitstempel: 0x4a1bb90b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xeb141c04 ID des fehlerhaften Prozesses: 0xb60 Startzeit der fehlerhaften Anwendung: 0x01cb9217f373d2db Pfad der fehlerhaften Anwendung: C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 1737bf69-fe0d-11df-bd83-001d7d939171 Error - 03.12.2010 10:55:53 | Computer Name = WomTom-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TTTVRC.exe, Version: 5.17.0.387, Zeitstempel: 0x4a1bb90b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xeb141e04 ID des fehlerhaften Prozesses: 0x1e4 Startzeit der fehlerhaften Anwendung: 0x01cb92da62724f75 Pfad der fehlerhaften Anwendung: C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 6cc2a09f-feed-11df-a749-001d7d939171 Error - 04.12.2010 11:01:04 | Computer Name = WomTom-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: dvbviewer.exe, Version: 4.5.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: dvbviewer.exe, Version: 4.5.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00016dfd ID des fehlerhaften Prozesses: 0x1568 Startzeit der fehlerhaften Anwendung: 0x01cb93b1df414f3d Pfad der fehlerhaften Anwendung: D:\DVBViewer\dvbviewer.exe Pfad des fehlerhaften Moduls: D:\DVBViewer\dvbviewer.exe Berichtskennung: 503a14b5-ffb7-11df-8027-001d7d939171 Error - 08.12.2010 07:34:51 | Computer Name = WomTom-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: dvbviewer.exe, Version: 4.5.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: dvbviewer.exe, Version: 4.5.0.0, Zeitstempel: 0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00016df7 ID des fehlerhaften Prozesses: 0x17d8 Startzeit der fehlerhaften Anwendung: 0x01cb96c784e1b0ea Pfad der fehlerhaften Anwendung: D:\DVBViewer\dvbviewer.exe Pfad des fehlerhaften Moduls: D:\DVBViewer\dvbviewer.exe Berichtskennung: 2adc2956-02bf-11e0-acd6-001d7d939171 [ Media Center Events ] Error - 04.01.2010 12:44:42 | Computer Name = WomTom-PC | Source = MCUpdate | ID = 0 Description = 17:44:42 - Fehler beim Herstellen der Internetverbindung. 17:44:42 - Serververbindung konnte nicht hergestellt werden.. Error - 04.01.2010 12:45:13 | Computer Name = WomTom-PC | Source = MCUpdate | ID = 0 Description = 17:44:47 - Fehler beim Herstellen der Internetverbindung. 17:44:47 - Serververbindung konnte nicht hergestellt werden.. Error - 06.03.2010 16:33:09 | Computer Name = WomTom-PC | Source = MCUpdate | ID = 0 Description = 21:33:09 - Fehler beim Herstellen der Internetverbindung. 21:33:09 - Serververbindung konnte nicht hergestellt werden.. Error - 06.03.2010 16:33:50 | Computer Name = WomTom-PC | Source = MCUpdate | ID = 0 Description = 21:33:38 - Fehler beim Herstellen der Internetverbindung. 21:33:38 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 31.01.2011 06:49:55 | Computer Name = WomTom-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: StarRAM TCPZ Error - 01.02.2011 08:22:01 | Computer Name = WomTom-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: StarRAM TCPZ Error - 01.02.2011 11:57:00 | Computer Name = WomTom-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. Error - 01.02.2011 11:57:01 | Computer Name = WomTom-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. Error - 01.02.2011 11:57:01 | Computer Name = WomTom-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. Error - 01.02.2011 11:57:02 | Computer Name = WomTom-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. Error - 01.02.2011 11:57:02 | Computer Name = WomTom-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden. Error - 01.02.2011 14:48:23 | Computer Name = WomTom-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Windows7FirewallService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 01.02.2011 14:50:49 | Computer Name = WomTom-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Microsoft Antimalware Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000 Millisekunden durchgeführt: Neustart des Diensts. Error - 01.02.2011 14:52:37 | Computer Name = WomTom-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: StarRAM TCPZ < End of report > |
02.02.2011, 15:31 | #18 |
/// TB-Ausbilder | Hilfe! Wahrscheinlich schlimmes Rootkit Hallo WomTom,
__________________Dein OTL-Fix hat wieder nicht funktioniert. Also versuchen wir das gleich nochmal. Beachte, dass du alle Zeilen genau wie in der folgenden Code-Box auch bei OTL einfügst. Schritt # 1: Fix mit OTL
Code:
ATTFilter :OTL O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DDB01966 :commands [Emptytemp]
Schritt # 2: Wichtige Updates Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan. Als alternative würde ich dir den schlankeren Foxit Reader empfehlen Schritt # 3: Java deinstallieren/neu installieren Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).
Schritt # 4: ESET Online Scanner Bitte während des Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Schritt # 5: Durchführung einer Sicherheitskontrolle Downloade Dir bitte SecurityCheck
Schritt # 6: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
02.02.2011, 19:43 | #19 |
| Hilfe! Wahrscheinlich schlimmes Rootkit All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsot\Internet Explorer\Restrictions\ not found. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. ADS C:\ProgramData\TempFC5A2B2 deleted successfully. ADS C:\ProgramData\Temp:A8ADE5D8 deleted successfully. ADS C:\ProgramData\TempDB01966 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: WomTom ->Temp folder emptied: 3079852 bytes ->Temporary Internet Files folder emptied: 105958 bytes ->Java cache emptied: 624338 bytes ->FireFox cache emptied: 44970959 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 1689 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 70626 bytes RecycleBin emptied: 778960 bytes Total Files Cleaned = 47,00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02022011_160534 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\hsperfdata_WOMTOM-PC$\1780 not found! Registry entries deleted on Reboot... |
02.02.2011, 19:44 | #20 |
| Hilfe! Wahrscheinlich schlimmes RootkitCode:
ATTFilter JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Feb 02 16:22:10 2011 There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: Applications\java.exe Found and removed: Applications\javaw.exe Found and removed: JavaPlugin.FamilyVersionSupport Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB} Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} Found and removed: JavaScript Found and removed: JavaScript Author Found and removed: JavaScript1.1 Found and removed: JavaScript1.1 Author Found and removed: JavaScript1.2 Found and removed: JavaScript1.2 Author Found and removed: SOFTWARE\Classes\JavaPlugin Found and removed: SOFTWARE\Classes\JavaPlugin.160_22 ------------------------------------ Finished reporting. There was an error removing C:\Users\WomTom\Start Menu\Programs\Sun Download Manager 2.0 (local). The error returned was 124. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Feb 02 16:23:36 2011 There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. ------------------------------------ Finished reporting. |
02.02.2011, 19:45 | #21 |
| Hilfe! Wahrscheinlich schlimmes Rootkit Results of screen317's Security Check version 0.99.8 Windows 7 Service Pack 2 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: ESET Online Scanner v3 Windows7FirewallControl (i386) 4.0.144.38 Microsoft Security Essentials WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 Java(TM) 6 Update 23 Adobe Flash Player 10.1.102.64 ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe Microsoft Security Client Antimalware NisSrv.exe ``````````End of Log```````````` |
02.02.2011, 19:56 | #22 |
| Hilfe! Wahrscheinlich schlimmes Rootkit Mit der Deinstallation von Java gab es Probleme. Das Ausführen des Javara hat zwar geklappt, jedoch war noch ein Java update in Systemsteuerung-> Software vorhanden, das ich nicht deinstallieren konnte (ein Fehler, verursacht durch regutils.dll). Das neue Java Packet lies sich mit dem gleichen Fehler auch erst nicht installieren. Konnte das update jedoch mit einem anderen tool deinstallieren und die Installation des neuen Java-Packets hat dann auch geklappt. Der Eset Onlinescanner hat mit Firefox nicht funktioniert. Er hat vorm updatedownload abgebrochen (Meldung: Proxy configured?). Auf den Seiten von Eset steht jedoch, dass er den Donloadproxy selbst erkennt. Ich bin auch nicht mit Proxy online. Im Internetexplorer hat dem Anschein nach dann alles geklappt. Aber nur dem Anschein nach. Es wurden keine Fehler gemeldet oder Ähnliches. Jedoch hat er nur eine Sekunde gestartet und dann stand gleich beendet da und keine Funde. Antivirus, Firewall, Anti-Malware war alles deaktiviert. Siehe Logfile: |
02.02.2011, 19:57 | #23 |
| Hilfe! Wahrscheinlich schlimmes Rootkit ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=0 # version=7 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=b76ad0d24cf43d409395358721ca7790 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-02-02 05:59:51 # local_time=2011-02-02 06:59:51 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1, v.721 # compatibility_mode=512 16777215 100 0 459561 459561 0 0 # compatibility_mode=5893 16776574 100 94 438599 48300782 0 0 # compatibility_mode=8192 67108863 100 0 4485 4485 0 0 # scanned=0 # found=0 # cleaned=0 # scan_time=0 esets_scanner_update returned -1 esets_gle=0 # version=7 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=b76ad0d24cf43d409395358721ca7790 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-02-02 06:01:13 # local_time=2011-02-02 07:01:13 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1, v.721 # compatibility_mode=512 16777215 100 0 459643 459643 0 0 # compatibility_mode=5893 16776574 100 94 438681 48300864 0 0 # compatibility_mode=8192 67108863 100 0 4567 4567 0 0 # scanned=0 # found=0 # cleaned=0 # scan_time=0 esets_scanner_update returned -1 esets_gle=0 # version=7 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=b76ad0d24cf43d409395358721ca7790 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true |
02.02.2011, 20:50 | #24 |
/// TB-Ausbilder | Hilfe! Wahrscheinlich schlimmes Rootkit Hallo WomTom, folgendes funktioniert nur mit dem Internet Explorer: Schritt # 1: Kaspersky Online ScannerBitte während des Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Schritt # 2: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
03.02.2011, 10:55 | #25 |
| Hilfe! Wahrscheinlich schlimmes Rootkit Also, Kaspersky hat auch nicht funktioniert (Meldung: License expired) -> Bin ich wohl auch nicht der einzige bei dem das so ist... Eset hat dann aber komischer Weise doch funktioniert: |
03.02.2011, 10:57 | #26 |
| Hilfe! Wahrscheinlich schlimmes Rootkit ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetesets_scanner_update returned -1 esets_gle=0 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=b76ad0d24cf43d409395358721ca7790 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-02-03 01:05:36 # local_time=2011-02-03 02:05:36 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1, v.721 # compatibility_mode=512 16777215 100 0 485106 485106 0 0 # compatibility_mode=5893 16776574 100 94 467744 48326327 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=0 # found=0 # cleaned=0 # scan_time=0 ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internet# version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=b76ad0d24cf43d409395358721ca7790 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-02-03 03:26:23 # local_time=2011-02-03 04:26:23 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1, v.721 # compatibility_mode=512 16777215 100 0 485247 485247 0 0 # compatibility_mode=5893 16776574 100 94 467885 48326468 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=190306 # found=9 # cleaned=0 # scan_time=8305 C:\downloads\sdexplorer-formerly-skydrive-explorer-2.1.2.154.exe a variant of Win32/Sefnit.AL trojan (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Win7codecs\Tools\Settings32.exe Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I C:\ProgramData\Win7codecs\{C68B319D-E153-4557-BAEB-0987320636A7}\Win7codecs.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I C:\Users\All Users\Win7codecs\{C68B319D-E153-4557-BAEB-0987320636A7}\Win7codecs.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I C:\Windows\FixCamera.exe a variant of Win32/KillProc.B application (unable to clean) 00000000000000000000000000000000 I C:\Windows\Installer\f23ec.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7c9cd3cb-7cf6756b multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\7d85bff8-2863eb84 multiple threats (unable to clean) 00000000000000000000000000000000 I D:\Spybot - Search & Destroy\HISYUQOMNUNWSWYDQU.scr probably unknown NewHeur_PE virus (unable to clean) 00000000000000000000000000000000 I |
04.02.2011, 19:01 | #27 |
/// TB-Ausbilder | Hilfe! Wahrscheinlich schlimmes Rootkit Hallo WomTom, Schritt # 1: Fragen beantworten Bitte beantworte uns folgende Fragen:
Schritt # 2: Java Cache leeren
Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Dein Rechner ist sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt # 3: ComboFix deinstallieren Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt # 4: Systembereinigung mit OTL Als nächstes müssen wir alle Programme, die zur Malwarebeseitigung notwendig waren, entfernen:
Schritt # 5: Systembereinigung mit Load.exe Als nächstes müssen wir weitere Programme, die zur Malwarebeseitigung notwendig waren, entfernen:
Schritt # 6: Programme deinstallieren
Schritt # 7: Systemwiederherstellungspunkte löschen Es ist nicht auszuschließen, dass durch die Malware auch Wiederherstellungspunkte infiziert sind. Dieses Problem behebst du wie folgt:
Schritt # 8: Windows Update aktivieren Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.
Schritt # 9: Schutz vor weiteren Infektionen Damit du in Zukunft vor ähnlichen Infektionen geschützt bist, empfehle ich dir noch ein paar nützliche Programme inklusive ein paar Tipps.
Schritt # 10: Deine Rückmeldung Bitte gib uns kurz Bescheid, wenn alles erledigt ist und du keine Fragen mehr hast, damit ich das Thema aus meinen Abos löschen kann. |
05.02.2011, 21:04 | #28 |
| Hilfe! Wahrscheinlich schlimmes Rootkit So, alles Ausgeführt. Die besagte Datei stammte aus einer unsicheren Quelle. Wurde aber nicht ausgeführt und gelöscht. Vielen Dank nochmal. Ihr seit echte Helden hier. Threat kann geschlossen werden. |
06.02.2011, 11:16 | #29 |
/// TB-Ausbilder | Hilfe! Wahrscheinlich schlimmes Rootkit Es freut uns, dass wir helfen konnten. Damit ist dieses Thema beendet. |
Themen zu Hilfe! Wahrscheinlich schlimmes Rootkit |
avira, bluescreen, dringend, firefox, firewall, gefährlich, hijack, hijackthis, leitet, ms security essentials, problem, programme, revealer, rootkit, scan, security, seite, seiten, starten, suchmaschine, tabs mit werbung, updates, werbung, windows, windows updates, öffnet |