| |
| |||||||
Log-Analyse und Auswertung: Hilfe! Wahrscheinlich schlimmes RootkitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.01.2011, 17:00
| #1 |
 |  Hilfe! Wahrscheinlich schlimmes Rootkit Hallo ihr hilfsbereiten user. Ich habe folgendes Problem: - Windows updates werden blockiert. - Updates von MS Security Essentials auch -> manuell geladen - ständig schlägt die Firewall alarm ("Portüberwachungstool?"...) -> werde von einem Portscanner attackiert - Firefox öffnet ständig tabs mit Werbung oder Suchmaschinen oder leitet mich auf seiten, die von wot als gefährlich eingestuft sind. - Habe schon alle möglichen Programme versucht. Alle können nichts finden (Hijackthis, Avira, MSE, Spybot, Malw.bytes, Rootkitrevealer etc.) - wenn ich cofi starten will, bekomm ich einen bluescreen kurz vor Ende des ersten Ladebalkens. (irq less or equal...) Brauche dringend einen Rat. Danke! |
|
28.01.2011, 17:16
| #2 |
| /// TB-Ausbilder   | Hilfe! Wahrscheinlich schlimmes Rootkit Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Ich möchte dich nun darauf hinweisen, dass ich hier noch in Training bin und jede Antwort zuerst von einem Mitglied des Kompetenzteams freigegeben werden muss. Dies kann eine leichte Verzögerung der Antworten hervorrufen. Ich bedanke mich für deine Geduld. Schritt # 1: Load.exe ausführen Downloade Dir bitte Load.exe
Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten. Wichtig: Falls Du das Tool erneut startest, nutze den CleanUp Button nicht ohne Anweisung. Anleitung: http://www.trojaner-board.de/89918-l...e-larusso.html Schritt # 2: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort die Logfiles von
|
|
28.01.2011, 18:48
| #3 |
| | Hilfe! Wahrscheinlich schlimmes Rootkit Hallo M-K-D-B, erstmal vielen Dank für deine schnelle Hilfe. Ich habe alle Anweisungen befolgt. Das Problem besteht nach wie vor. Gerade wurde ich wieder auf eine Suchmaschine geleitet, die nach "Trojaner auf USB-Stick gesucht hat". Stange! Meine Log-Files findest du im Anhang. Ich hoffe es kommt was raus bei der Analyse.
__________________ |
|
29.01.2011, 13:17
| #4 | |
| /// TB-Ausbilder | Hilfe! Wahrscheinlich schlimmes Rootkit Hi WomTom, Schritt # 1: Fix mit OTL
Code:
ATTFilter :OTL
SRV - File not found [On_Demand | Stopped] -- -- (XKJNLSB)
SRV - File not found [On_Demand | Stopped] -- -- (UZLBKJJ)
SRV - File not found [On_Demand | Stopped] -- -- (MHJHWCDYNE)
SRV - File not found [On_Demand | Stopped] -- -- (JHJXF)
[2011.01.28 16:10:55 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TempFC5A2B2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9B013599
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:FED912DB
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:5FC2B7D7
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TempDB01966
:Commands
[purity]
[emptytemp]
Schritt # 2: TDSS Killer ausführen Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.
Schritt # 3: Rootkitscan mit Rootkit Unhooker Downloade Dir bitte RKUnhookerLE und speichere die Datei auf deinem Desktop.
Zitat:
Schritt # 4: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
29.01.2011, 17:31
| #5 |
| | Hilfe! Wahrscheinlich schlimmes Rootkit So, habe alles gemacht. TDSSKiller hat was gefunden. Allerdings im PowerDVD-Ordner; weiß nicht ob das was echtes war. Ich habe das Gefühl, dass sich die Symptome etwas verbessert haben. Mein Festplatte ackert nicht mehr die ganze Zeit. Mit den relinks im Browser muss mich mal gucken, ob da noch was kommt. Allerdings zeigt meine Firewall immer noch Zugriffversuche wenn ich im Outlook mails abhole und vereinzelt beim surfen. Ist aber weniger geworden (vorher ging das die ganze Zeit). Wenn ich die IPs checke, die mich attackieren, sind die vom japanischen Provider KDDI CORPORATION und dem deutschen Provider Host Europe GmbH aus Köln). Die anderen IPs haben irgendwas mit Google Nameservern zu tun (z.B 209.85.149.101). Anbei findest du meine Logs Vielen Dank! |
|
29.01.2011, 19:53
| #6 | |
| /// TB-Ausbilder | Hilfe! Wahrscheinlich schlimmes Rootkit Hallo WomTom, Schritt # 1: Wichtiger Hinweis
Schritt # 2: Fix mit OTL
Code:
ATTFilter :OTL
SRV - File not found [On_Demand | Stopped] -- -- (XKJNLSB)
SRV - File not found [On_Demand | Stopped] -- -- (UZLBKJJ)
SRV - File not found [On_Demand | Stopped] -- -- (MHJHWCDYNE)
SRV - File not found [On_Demand | Stopped] -- -- (JHJXF)
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TempFC5A2B2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9B013599
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:FED912DB
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:5FC2B7D7
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TempDB01966
:Commands
[purity]
[emptytemp]
Schritt # 3: ComboFix umbenannt ausführen Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Lade ComboFix von dem aufgeführten Link herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop. BleepingComputer - InfoSpywareFirefox User: Bitte folgende Einstellung vornehmen. Extras --> Einstellungen --> Reiter Allgemein und hacke Jedesmal nachfragen wo eine Datei gespeichert werden soll an. Übernehmen --> OK. **NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**  
Schritt # 4: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
29.01.2011, 21:13
| #7 |
| | Hilfe! Wahrscheinlich schlimmes Rootkit So, sorry nochmal. Ich hoffe ich habe jetzt alles richtig gemacht. Da war wohl was schief gelaufen mit dem Kopieren. Combofix hat gemeldet, dass die userinit.exe infiziert ist und versucht sie wiederherzustellen, wie ich das verstanden habe. Anbei meine Logs: |
|
30.01.2011, 19:02
| #8 | |
| /// TB-Ausbilder | Hilfe! Wahrscheinlich schlimmes Rootkit Hallo WomTom, Schritt # 1: Kontrolle mit VirusTotal Bitte lasse die Dateien aus der Code-Box bei Virustotal überprüfen.
Zitat:
Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. Schritt # 2: Benutzerdefinierter Scan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter /md5start
userinit.exe
/md5stop
Schritt # 3: Fragen beantworten Bitte beantworte uns folgende Fragen:
Schritt # 4: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
30.01.2011, 19:49
| #9 |
| | Hilfe! Wahrscheinlich schlimmes Rootkit Re: Schritt 1: hxxp://www.virustotal.com/file-scan/report.html?id=fc2989ae8401219ee189fbdb0ca228c4607d74ab70414a4afb20952180a9befd-1296412991 Meinem System geht es wieder gut. Keine Probleme mehr. Auch wireshark zeigt einen normalen Datenverkehr. Ich werde OTL trotzdem noch machen. |
|
30.01.2011, 20:13
| #10 |
| | Hilfe! Wahrscheinlich schlimmes Rootkit OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.01.2011 19:58:46 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\WomTom\Desktop\MFTools An unknown product Service Pack 1, v.721 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17105) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 64,90 Gb Total Space | 15,32 Gb Free Space | 23,60% Space Free | Partition Type: NTFS Drive D: | 95,00 Gb Total Space | 76,39 Gb Free Space | 80,41% Space Free | Partition Type: NTFS Drive E: | 72,88 Gb Total Space | 46,45 Gb Free Space | 63,74% Space Free | Partition Type: NTFS Drive F: | 60,00 Gb Total Space | 13,24 Gb Free Space | 22,07% Space Free | Partition Type: NTFS Drive G: | 51,79 Gb Total Space | 11,54 Gb Free Space | 22,28% Space Free | Partition Type: NTFS Computer Name: WOMTOM-PC | User Name: WomTom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.28 17:36:37 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\WomTom\Desktop\MFTools\OTL.exe PRC - [2010.11.26 03:54:28 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.11.26 03:54:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.11.11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2010.11.11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe PRC - [2010.10.25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- D:\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2010.10.25 12:59:03 | 000,610,944 | ---- | M] (CM & V) -- d:\DVBViewer\DVBVservice.exe PRC - [2010.09.29 22:47:00 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.09.29 22:46:32 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.09.29 22:46:24 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2010.05.07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe PRC - [2010.05.07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Programme\Common Files\Logishrd\LQCVFX\COCIManager.exe PRC - [2010.05.07 18:34:58 | 000,168,792 | ---- | M] () -- D:\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.12.10 23:04:22 | 000,814,344 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe PRC - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- D:\Spyware Doctor\BDT\BDTUpdateService.exe PRC - [2009.09.19 14:40:54 | 000,122,880 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonServer.exe PRC - [2009.09.19 14:40:48 | 000,139,264 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonClient.exe PRC - [2009.09.19 14:39:06 | 000,122,880 | ---- | M] (AMD) -- C:\Programme\AMD\RAIDXpert\bin\RAIDXpertService.exe PRC - [2009.09.19 14:38:48 | 000,065,536 | ---- | M] () -- C:\Programme\AMD\RAIDXpert\bin\RAIDXpert.exe PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.05.12 02:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) -- D:\Winstep\WsxService.exe PRC - [2005.01.14 16:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe ========== Modules (SafeList) ========== MOD - [2011.01.28 17:36:37 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\WomTom\Desktop\MFTools\OTL.exe MOD - [2010.09.29 22:50:02 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2010.09.29 22:49:40 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2010.09.29 22:49:14 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2010.09.29 22:48:22 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2010.09.29 22:47:24 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2010.09.29 22:26:28 | 001,681,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17105_none_41e580dc2bd7f1b8\comctl32.dll MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll ========== Win32 Services (SafeList) ========== SRV - [2011.01.18 23:42:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service) SRV - [2011.01.18 23:33:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.11.26 03:54:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.11.11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2010.11.11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV - [2010.10.25 12:59:03 | 000,610,944 | ---- | M] (CM & V) [Auto | Running] -- d:\DVBViewer\DVBVservice.exe -- (DVBVRecorder) SRV - [2010.09.29 22:50:10 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2010.09.29 22:50:00 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2010.09.29 22:49:36 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2010.09.29 22:48:26 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2010.09.29 22:48:00 | 000,804,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2010.09.29 22:47:38 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2010.09.29 22:47:20 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2010.09.29 22:46:46 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010.05.07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2010.01.18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- D:\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2009.12.10 23:04:22 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0) SRV - [2009.12.09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- D:\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- D:\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2009.09.19 14:39:06 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert) SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.05.12 02:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- D:\Winstep\WsxService.exe -- (Winstep Xtreme Service) SRV - [2005.01.14 16:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme) DRV - [2011.01.30 03:55:30 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA855124-0237-4A85-A08C-ECDF1184C5C7}\MpKsl117038ec.sys -- (MpKsl117038ec) DRV - [2011.01.13 10:27:06 | 000,035,840 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\csrusb.sys -- (csrusb) DRV - [2011.01.13 10:27:02 | 001,534,464 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CsrBtPort.sys -- (CsrBtPort) DRV - [2010.11.26 05:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2010.11.26 05:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.11.26 03:16:26 | 000,231,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.11.22 16:59:16 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32) DRV - [2010.11.10 02:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC) DRV - [2010.11.10 02:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2010.10.24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010.10.24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.09.29 22:58:50 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.09.29 22:58:50 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.09.29 22:58:50 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.09.29 22:58:48 | 000,160,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vhdmp.sys -- (vhdmp) DRV - [2010.09.29 22:58:42 | 000,173,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2010.09.29 22:58:36 | 000,143,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2010.09.29 22:58:36 | 000,117,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2010.09.29 22:58:26 | 000,332,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\iaStorV.sys -- (iaStorV) DRV - [2010.09.29 22:58:26 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2010.09.29 22:57:10 | 000,080,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\amdsata.sys -- (amdsata) DRV - [2010.09.29 22:57:10 | 000,022,400 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\amdxata.sys -- (amdxata) DRV - [2010.09.29 21:25:48 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.09.29 21:14:42 | 000,164,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\1394ohci.sys -- (1394ohci) DRV - [2010.09.29 21:14:22 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2010.09.29 21:09:24 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2010.09.29 21:00:46 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2010.09.29 20:58:40 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2010.09.29 20:54:32 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.09.29 20:54:26 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.09.29 20:40:22 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\acpipmi.sys -- (AcpiPmi) DRV - [2010.09.22 19:54:56 | 000,048,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RamDiskVE.sys -- (RAMDiskVE) DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2010.05.07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2010.03.19 00:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k) DRV - [2010.03.19 00:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k) DRV - [2010.03.19 00:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2010.03.19 00:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia) DRV - [2010.03.19 00:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2010.03.19 00:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2010.03.19 00:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv) DRV - [2010.03.19 00:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctgame.sys -- (ctgame) DRV - [2010.03.19 00:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2010.03.19 00:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2010.03.19 00:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k) DRV - [2010.03.19 00:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS) DRV - [2010.03.19 00:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.sys -- (CTERFXFX) DRV - [2010.03.19 00:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS) DRV - [2010.03.19 00:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.sys -- (CTSBLFX) DRV - [2010.03.19 00:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS) DRV - [2010.03.19 00:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.sys -- (CTAUDFX) DRV - [2010.03.19 00:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS) DRV - [2010.03.19 00:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COMMONFX.sys -- (COMMONFX) DRV - [2010.03.04 12:42:58 | 000,277,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2010.01.28 14:57:09 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009.12.18 16:19:02 | 003,482,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2009.11.27 09:01:36 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.11.04 12:42:32 | 000,022,592 | ---- | M] (TerraTec Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MtsHID.sys -- (MtsHID) DRV - [2009.11.04 12:42:20 | 000,247,872 | ---- | M] (TerraTec Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MtsBda.sys -- (MTSBDA) DRV - [2009.09.30 15:33:56 | 000,104,976 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.09.23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009.09.23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.09.01 16:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/11/25 19:02:42] [Kernel | Auto | Running] -- D:\CyberLink\PowerDVD9\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009.07.24 23:29:22 | 000,017,584 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinktun4.sys -- (dvblinktun4) DRV - [2009.07.24 23:29:14 | 000,017,584 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinktun3.sys -- (dvblinktun3) DRV - [2009.07.24 23:29:08 | 000,017,584 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinktun2.sys -- (dvblinktun2) DRV - [2009.07.24 23:29:02 | 000,017,584 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinktun.sys -- (dvblinktun) DRV - [2009.07.24 23:28:56 | 000,017,456 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinkcap4.sys -- (dvblinkcap4) DRV - [2009.07.24 23:28:48 | 000,017,456 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinkcap3.sys -- (dvblinkcap3) DRV - [2009.07.24 23:28:42 | 000,017,456 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinkcap2.sys -- (dvblinkcap2) DRV - [2009.07.24 23:28:36 | 000,017,456 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinkcap.sys -- (dvblinkcap) DRV - [2009.07.17 19:52:00 | 000,155,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 17:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.06.17 17:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2009.06.17 17:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2009.03.27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132) DRV - [2008.02.22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2008.02.22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2008.02.22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2008.02.01 17:24:04 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- D:\CyberLink\PowerDVD8\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2007.04.18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL) DRV - [2007.04.12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL) DRV - [2007.04.12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL) DRV - [2007.04.12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL) DRV - [2007.04.12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL) DRV - [2007.04.12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL) DRV - [2007.04.12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL) DRV - [2007.04.12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL) DRV - [2007.04.12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL) DRV - [2007.04.12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL) DRV - [2007.04.12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL) DRV - [2006.10.30 16:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2005.10.18 18:48:38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 93 E1 07 14 93 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.3 FF - prefs.js..extensions.enabledItems: CompactMenuCE@Merci.chao:4.3.2 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.87 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.2.3 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.11.18 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\browserrecord\firefox\ext [2010.01.25 20:05:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010.11.29 00:45:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2010.12.01 13:15:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.16 14:51:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 19:00:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2011.01.27 23:25:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins [2009.11.24 19:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WomTom\AppData\Roaming\mozilla\Extensions [2011.01.30 13:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WomTom\AppData\Roaming\mozilla\Firefox\Profiles\zskd4c4f.default\extensions [2011.01.29 05:44:03 | 000,001,056 | ---- | M] () -- C:\Users\WomTom\AppData\Roaming\Mozilla\Firefox\Profiles\zskd4c4f.default\searchplugins\icqplugin.xml [2011.01.23 15:33:14 | 000,002,306 | ---- | M] () -- C:\Users\WomTom\AppData\Roaming\Mozilla\Firefox\Profiles\zskd4c4f.default\searchplugins\wot-safe-search.xml [2010.12.16 00:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.08.08 17:59:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.21 15:42:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- [2010.12.01 13:15:53 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX () (No name found) -- C:\USERS\WOMTOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZSKD4C4F.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI () (No name found) -- C:\USERS\WOMTOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZSKD4C4F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.21 21:43:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.21 21:43:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.21 21:43:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.21 21:43:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.21 21:43:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.29 20:59:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\rpbrowserrecordplugin.dll File not found O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll (www.flashget.com) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Alles mit FlashGet laden - D:\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Download by Orbit - D:\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - D:\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Mit FlashGet laden - D:\FlashGet\JC_LINK.HTM () O8 - Extra context menu item: Add to &Evernote - D:\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - D:\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\WomTom\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\WomTom\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Expression\Web 2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe (FlashGet.com) O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - D:\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - D:\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.01.21 22:00:36 | 000,000,000 | ---D | M] - D:\AutoHotkey -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.29 21:44:47 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client [2011.01.29 20:59:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2011.01.29 20:58:05 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Local\temp [2011.01.29 20:46:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.01.29 20:46:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.01.29 20:46:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.01.29 20:42:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.01.29 20:13:45 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.01.29 15:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE [2011.01.29 15:12:56 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Desktop\MustBeRandomlyNamed [2011.01.29 15:12:24 | 000,719,574 | ---- | C] (UG North ) -- C:\Users\WomTom\Desktop\RkU3.8.388.590.exe [2011.01.29 14:55:43 | 001,350,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\WomTom\Desktop\tdsskiller.exe [2011.01.29 14:49:09 | 000,000,000 | ---D | C] -- C:\_OTL [2011.01.29 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Wireshark [2011.01.29 09:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2011.01.29 09:19:10 | 000,000,000 | ---D | C] -- C:\Programme\WinPcap [2011.01.28 17:48:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.01.28 17:46:29 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.01.28 17:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.01.28 17:36:33 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Desktop\MFTools [2011.01.28 15:36:18 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\QuickScan [2011.01.28 12:20:30 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2011.01.28 11:53:37 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\KillProcess [2011.01.28 11:53:29 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KillProcess [2011.01.28 11:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KillProcess [2011.01.28 11:53:28 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\KillProcess Kill Lists [2011.01.28 11:53:28 | 000,000,000 | ---D | C] -- C:\Programme\KillProcess [2011.01.27 17:14:50 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live Safety Center [2011.01.27 15:26:24 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2011.01.27 15:26:22 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2011.01.27 15:26:22 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2011.01.27 15:26:09 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2011.01.27 15:26:09 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2011.01.27 15:26:04 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2011.01.27 15:26:04 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2011.01.27 15:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor [2011.01.27 15:25:52 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2011.01.27 15:25:34 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\PC Tools [2011.01.27 15:25:34 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools [2011.01.27 15:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.01.27 15:16:10 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Malwarebytes [2011.01.27 15:15:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.27 15:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.27 15:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.27 15:15:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.27 13:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.01.27 13:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.01.26 20:00:32 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\Stardock [2011.01.26 20:00:32 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Stardock [2011.01.26 20:00:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\{56FC2B0D-3D08-45E7-B370-9A9DACA17E2F} [2011.01.26 20:00:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock [2011.01.26 20:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock [2011.01.26 19:39:18 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 10 [2011.01.26 16:58:05 | 000,000,000 | ---D | C] -- C:\Book01 [2011.01.26 12:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\RL Vision [2011.01.26 12:01:04 | 000,102,400 | ---- | C] (RL Vision) -- C:\Windows\System32\FlashRenHelper.dll [2011.01.26 12:01:04 | 000,028,672 | ---- | C] (UniCont Soft) -- C:\Windows\System32\FolderWatcher.dll [2011.01.26 12:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Renamer [2011.01.26 04:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftLocker [2011.01.26 04:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Quick File Renamer [2011.01.26 04:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\UPS Controller [2011.01.26 04:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SLGlobal [2011.01.26 04:53:04 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Quick File Renamer [2011.01.26 03:24:25 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FHindustries [2011.01.26 03:23:24 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\Downloads [2011.01.26 03:22:50 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\GetRightToGo [2011.01.25 16:19:57 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\Meine empfangenen Dateien [2011.01.24 20:02:45 | 000,000,000 | ---D | C] -- C:\Book02 [2011.01.21 22:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey [2011.01.20 21:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2011.01.20 21:34:33 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software [2011.01.20 01:54:37 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\Videomaskenprojekte [2011.01.20 00:41:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Creative [2011.01.20 00:41:50 | 000,000,000 | -H-D | C] -- C:\Programme\Creative Installation Information [2011.01.19 12:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative [2011.01.18 23:33:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Creative Labs Shared [2011.01.18 23:29:15 | 000,000,000 | ---D | C] -- C:\Programme\Creative [2011.01.18 23:24:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\data [2011.01.18 22:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Powertoys for Windows XP [2011.01.18 20:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atiz [2011.01.18 15:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.01.18 15:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.01.18 15:22:14 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\SightSpeed Recordings [2011.01.18 15:22:13 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Local\LogiShrd [2011.01.18 15:19:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\logishrd [2011.01.18 15:19:29 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\LWS [2011.01.16 14:32:48 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Snapter Images [2011.01.15 22:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.01.15 22:43:55 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2011.01.13 10:27:06 | 000,035,840 | ---- | C] (Cambridge Silicon Radio Limited) -- C:\Windows\System32\drivers\csrusb.sys [2011.01.13 10:27:02 | 001,534,464 | ---- | C] (Cambridge Silicon Radio Limited) -- C:\Windows\System32\drivers\CsrBtPort.sys [2011.01.12 03:46:42 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\vlc [2011.01.12 03:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.01.10 22:44:31 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Local\DVDVideoSoft_Ltd [2011.01.10 20:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.2 [2011.01.10 20:52:25 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2 [2011.01.10 15:05:21 | 000,188,928 | ---- | C] (SONIX) -- C:\Windows\FixCamera.exe [2011.01.10 14:47:36 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\VideoPower [2011.01.10 14:40:59 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\Images [2011.01.07 18:14:46 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\ManyCam [2011.01.07 00:34:28 | 000,000,000 | ---D | C] -- C:\Users\WomTom\f4 [2011.01.07 00:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\f4 [2011.01.04 15:00:41 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Camfrog [2011.01.04 15:00:40 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Local\CrashRpt [2011.01.03 19:13:24 | 000,000,000 | ---D | C] -- C:\Windows\TempDF18C668-4E15-D238-8831-60FA558EB771-Signatures [2011.01.01 13:39:34 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Foxit Software [2011.01.01 13:39:34 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Foxit [2010.12.21 17:43:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\WomTom\AppData\Roaming\pcouffin.sys [2010.11.29 13:18:12 | 000,010,752 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll [2010.01.25 20:05:14 | 000,014,336 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\wmdmhelper.dll [2010.01.25 20:05:13 | 000,712,704 | ---- | C] ( ) -- C:\Programme\dtdr3260.dll [2010.01.25 20:05:12 | 000,651,264 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjbres.dll [2010.01.25 20:05:12 | 000,352,256 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjdlg.dll [2010.01.25 20:05:12 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Programme\DUNZIP32.dll [2010.01.25 20:05:12 | 000,036,352 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\ierjplug.dll [2010.01.25 20:05:12 | 000,019,456 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tnetdtct.dll [2010.01.25 20:05:12 | 000,019,456 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjprog.dll [2010.01.25 20:05:12 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\fixrjb.exe [2010.01.25 20:05:11 | 000,081,920 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tsasdk.dll [2010.01.25 20:05:11 | 000,057,344 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tpasdk.dll [2010.01.25 20:05:11 | 000,041,472 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\mmcdda32.dll [2010.01.25 20:05:10 | 000,032,768 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpwa3260.dll [2010.01.25 20:05:09 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Programme\dbghelp.dll [2010.01.25 20:05:09 | 000,329,312 | ---- | C] (RealPlayer) -- C:\Programme\rpbrowserrecordplugin.dll [2010.01.25 20:05:09 | 000,043,056 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpshellsearch.dll [2010.01.25 20:05:08 | 000,065,536 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjwmapln.dll [2010.01.25 20:05:06 | 000,053,248 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpau3260.dll [2010.01.25 20:05:01 | 000,112,168 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rdsf3260.dll [2010.01.25 20:05:01 | 000,086,016 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpplugprot.dll [2010.01.25 20:05:01 | 000,063,016 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpshell.dll [2010.01.25 20:04:58 | 000,014,888 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rphelperapp.exe [2010.01.25 20:04:58 | 000,007,168 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realjbox.exe [2010.01.25 20:04:40 | 000,222,728 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realplay.exe [2010.01.25 20:04:38 | 000,198,208 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RecordingManager.exe ========== Files - Modified Within 30 Days ========== [2011.01.30 19:38:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.30 16:47:22 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.30 14:28:20 | 000,659,538 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.30 14:28:20 | 000,620,814 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.30 14:28:20 | 000,131,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.30 14:28:20 | 000,108,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.30 14:26:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2011.01.29 21:45:20 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2011.01.29 21:07:58 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.29 21:07:58 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.29 20:59:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.01.29 20:59:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.29 20:58:59 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2011.01.29 20:58:25 | 000,032,592 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.01.29 20:58:25 | 000,032,592 | ---- | M] () -- C:\Windows\System32\BMXState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.01.29 20:58:25 | 000,032,088 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.01.29 20:58:25 | 000,032,088 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.01.29 20:58:25 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.01.29 20:45:17 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.01.29 20:40:50 | 004,262,047 | R--- | M] () -- C:\Users\WomTom\Desktop\Cafi.exe [2011.01.29 15:11:15 | 000,629,057 | ---- | M] () -- C:\Users\WomTom\Desktop\RkU3.8.388.590.rar [2011.01.29 14:55:12 | 001,350,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\WomTom\Desktop\tdsskiller.exe [2011.01.29 14:46:18 | 000,017,305 | ---- | M] () -- C:\Users\WomTom\Desktop\Hallo WomTom.docx [2011.01.28 17:57:39 | 000,000,000 | ---- | M] () -- C:\Users\WomTom\defogger_reenable [2011.01.28 17:46:29 | 000,000,904 | ---- | M] () -- C:\Users\WomTom\Desktop\NTREGOPT.lnk [2011.01.28 11:53:29 | 000,001,011 | ---- | M] () -- C:\Users\WomTom\Desktop\KillProcess.lnk [2011.01.27 15:25:59 | 000,000,667 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2011.01.27 15:15:57 | 000,000,626 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.27 14:18:27 | 000,000,769 | ---- | M] () -- C:\Users\WomTom\Desktop\Spybot - Search & Destroy.lnk [2011.01.26 23:56:56 | 000,005,527 | ---- | M] () -- C:\Windows\System32\sys3Start.lic [2011.01.26 19:39:20 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 10.lnk [2011.01.26 12:01:04 | 000,000,543 | ---- | M] () -- C:\Users\Public\Desktop\Flash Renamer.lnk [2011.01.26 03:24:25 | 000,000,364 | ---- | M] () -- C:\Users\WomTom\Desktop\A+FileRename.appref-ms [2011.01.25 16:56:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_CsrBtPort_01009.Wdf [2011.01.25 16:56:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_csrusb_01009.Wdf [2011.01.21 22:17:08 | 000,000,209 | ---- | M] () -- C:\Users\WomTom\Documents\cam.ahk [2011.01.21 21:20:43 | 000,001,352 | ---- | M] () -- C:\Users\WomTom\Documents\AutoHotkey.ahk [2011.01.21 13:59:29 | 000,005,120 | ---- | M] () -- C:\Users\WomTom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.21 00:19:07 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [2011.01.20 21:34:52 | 000,001,198 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.01.20 01:08:41 | 004,958,588 | ---- | M] () -- C:\Windows\{00000002-00000000-00000007-00001102-00000004-20021102}.CDF [2011.01.20 01:04:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ctzapxx.ini [2011.01.20 00:18:23 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2011.01.19 20:13:39 | 000,001,588 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2011.01.18 23:41:59 | 000,002,157 | ---- | M] () -- C:\Users\Public\Desktop\DDL und DTS Connect-Lizenzaktivierung.lnk [2011.01.18 20:14:48 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\BookDrive Editor Pro.lnk [2011.01.18 16:20:42 | 000,001,041 | ---- | M] () -- C:\Users\WomTom\AppData\Roaming\vso_ts_preview.xml [2011.01.16 14:32:45 | 000,005,500 | ---- | M] () -- C:\Windows\System32\sys5start.lic [2011.01.15 21:05:49 | 000,921,624 | ---- | M] () -- C:\snp2uvc-001.raw [2011.01.14 00:33:40 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt [2011.01.13 10:27:06 | 000,035,840 | ---- | M] (Cambridge Silicon Radio Limited) -- C:\Windows\System32\drivers\csrusb.sys [2011.01.13 10:27:02 | 001,534,464 | ---- | M] (Cambridge Silicon Radio Limited) -- C:\Windows\System32\drivers\CsrBtPort.sys [2011.01.12 03:45:34 | 000,000,613 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.01.02 15:16:49 | 000,165,607 | ---- | M] () -- C:\Users\WomTom\Documents\SU_Doppelbeschluss.docx ========== Files Created - No Company Name ========== [2011.01.29 21:44:49 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011.01.29 20:46:09 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.01.29 20:46:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.01.29 20:46:09 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.01.29 20:46:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.01.29 20:46:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.01.29 20:40:44 | 004,262,047 | R--- | C] () -- C:\Users\WomTom\Desktop\Cafi.exe [2011.01.29 15:11:45 | 000,629,057 | ---- | C] () -- C:\Users\WomTom\Desktop\RkU3.8.388.590.rar [2011.01.29 14:46:17 | 000,017,305 | ---- | C] () -- C:\Users\WomTom\Desktop\Hallo WomTom.docx [2011.01.29 09:15:58 | 000,000,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk [2011.01.28 17:57:39 | 000,000,000 | ---- | C] () -- C:\Users\WomTom\defogger_reenable [2011.01.28 17:46:29 | 000,000,904 | ---- | C] () -- C:\Users\WomTom\Desktop\NTREGOPT.lnk [2011.01.28 11:53:29 | 000,001,011 | ---- | C] () -- C:\Users\WomTom\Desktop\KillProcess.lnk [2011.01.27 15:26:25 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2011.01.27 15:26:24 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip [2011.01.27 15:26:24 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2011.01.27 15:26:24 | 000,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml [2011.01.27 15:26:24 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2011.01.27 15:26:09 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat [2011.01.27 15:26:04 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat [2011.01.27 15:26:04 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat [2011.01.27 15:25:59 | 000,000,667 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2011.01.27 15:25:52 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat [2011.01.27 15:15:57 | 000,000,626 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.27 14:18:27 | 000,000,769 | ---- | C] () -- C:\Users\WomTom\Desktop\Spybot - Search & Destroy.lnk [2011.01.26 19:39:20 | 000,002,103 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 10.lnk [2011.01.26 19:39:20 | 000,002,100 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 10.lnk [2011.01.26 12:01:04 | 000,017,804 | ---- | C] () -- C:\Windows\System32\shlctxmnu.tlb [2011.01.26 12:01:04 | 000,011,012 | ---- | C] () -- C:\Windows\System32\threadapi.tlb [2011.01.26 12:01:04 | 000,000,543 | ---- | C] () -- C:\Users\Public\Desktop\Flash Renamer.lnk [2011.01.26 03:24:25 | 000,000,364 | ---- | C] () -- C:\Users\WomTom\Desktop\A+FileRename.appref-ms [2011.01.25 16:56:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_CsrBtPort_01009.Wdf [2011.01.25 16:56:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_csrusb_01009.Wdf [2011.01.21 22:17:08 | 000,000,209 | ---- | C] () -- C:\Users\WomTom\Documents\cam.ahk [2011.01.21 21:20:43 | 000,001,352 | ---- | C] () -- C:\Users\WomTom\Documents\AutoHotkey.ahk [2011.01.20 01:06:43 | 000,032,088 | ---- | C] () -- C:\Windows\System32\BMXBkpCtrlState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.01.20 00:54:08 | 004,958,588 | ---- | C] () -- C:\Windows\{00000002-00000000-00000007-00001102-00000004-20021102}.CDF [2011.01.20 00:20:55 | 000,032,088 | ---- | C] () -- C:\Windows\System32\BMXCtrlState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.01.20 00:20:55 | 000,011,564 | ---- | C] () -- C:\Windows\System32\DVCState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.01.19 20:13:39 | 000,001,588 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2011.01.18 23:41:35 | 000,006,010 | ---- | C] () -- C:\Windows\System32\CTOPT352.cat [2011.01.18 23:35:25 | 001,746,360 | ---- | C] () -- C:\Windows\System32\CTAA1.DAT [2011.01.18 23:32:41 | 007,572,224 | ---- | C] () -- C:\Windows\System32\CT8MGM.SF2 [2011.01.18 23:32:41 | 004,174,814 | ---- | C] () -- C:\Windows\System32\CT4MGM.SF2 [2011.01.18 23:26:34 | 000,032,592 | ---- | C] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.01.18 23:26:34 | 000,032,592 | ---- | C] () -- C:\Windows\System32\BMXState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx [2011.01.18 20:14:48 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\BookDrive Editor Pro.lnk [2011.01.18 15:18:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\lvuvc.hs [2011.01.16 16:13:06 | 000,005,527 | ---- | C] () -- C:\Windows\System32\sys3Start.lic [2011.01.16 14:32:29 | 000,005,500 | ---- | C] () -- C:\Windows\System32\sys5start.lic [2011.01.15 21:05:49 | 000,921,624 | ---- | C] () -- C:\snp2uvc-001.raw [2011.01.12 03:45:33 | 000,000,613 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.01.10 15:05:23 | 003,482,240 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2011.01.10 15:05:22 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2011.01.03 19:14:27 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2011.01.02 09:48:30 | 000,165,607 | ---- | C] () -- C:\Users\WomTom\Documents\SU_Doppelbeschluss.docx [2011.01.01 13:39:29 | 000,001,198 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.12.21 17:43:49 | 000,000,034 | ---- | C] () -- C:\Users\WomTom\AppData\Roaming\pcouffin.log [2010.12.21 17:43:48 | 000,007,887 | ---- | C] () -- C:\Users\WomTom\AppData\Roaming\pcouffin.cat [2010.12.21 17:43:48 | 000,001,144 | ---- | C] () -- C:\Users\WomTom\AppData\Roaming\pcouffin.inf [2010.12.21 17:36:06 | 000,001,041 | ---- | C] () -- C:\Users\WomTom\AppData\Roaming\vso_ts_preview.xml [2010.12.21 16:54:39 | 000,020,693 | ---- | C] () -- C:\Users\WomTom\AppData\Local\StarPort.log [2010.12.21 15:56:57 | 000,000,228 | ---- | C] () -- C:\Users\WomTom\AppData\Roaming\trueburner.ini [2010.12.20 20:23:42 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.11.29 14:21:31 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI [2010.11.29 13:18:13 | 000,077,824 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll [2010.11.29 13:18:12 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll [2010.11.29 13:18:04 | 000,050,466 | ---- | C] () -- C:\Windows\System32\instwdm.ini [2010.11.10 02:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010.11.10 02:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010.11.10 02:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.09.22 19:54:56 | 000,048,512 | ---- | C] () -- C:\Windows\System32\drivers\RamDiskVE.sys [2010.07.08 12:16:31 | 000,026,427 | ---- | C] () -- C:\Windows\CSTBox.INI [2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2010.05.21 20:28:31 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.05.21 20:28:30 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.05.07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2010.01.28 14:07:31 | 000,007,620 | ---- | C] () -- C:\Users\WomTom\AppData\Local\Resmon.ResmonCfg [2010.01.26 21:45:15 | 000,005,120 | ---- | C] () -- C:\Users\WomTom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.25 20:05:12 | 000,002,851 | ---- | C] () -- C:\Programme\cdroms.cfg [2010.01.25 20:05:10 | 000,119,808 | ---- | C] () -- C:\Programme\waiting.avi [2010.01.25 20:05:10 | 000,027,278 | ---- | C] () -- C:\Programme\frw.bmp [2010.01.25 20:05:10 | 000,016,296 | ---- | C] () -- C:\Programme\realtfon.fon [2010.01.25 20:05:09 | 000,067,473 | ---- | C] () -- C:\Programme\realplay.chm [2010.01.25 20:05:09 | 000,057,762 | ---- | C] () -- C:\Programme\howto.chm [2010.01.25 20:05:09 | 000,001,209 | ---- | C] () -- C:\Programme\flvplay.swf [2010.01.25 20:05:06 | 000,053,098 | ---- | C] () -- C:\Programme\presets.rnx [2010.01.25 20:05:06 | 000,052,829 | ---- | C] () -- C:\Programme\RealNetworks License.html [2010.01.25 20:05:06 | 000,052,829 | ---- | C] () -- C:\Programme\playrlic.html [2010.01.25 20:05:06 | 000,051,355 | ---- | C] () -- C:\Programme\RealNetworks License.txt [2010.01.25 20:05:06 | 000,051,355 | ---- | C] () -- C:\Programme\playrlic.txt [2010.01.25 20:05:05 | 000,000,480 | ---- | C] () -- C:\Programme\keys.dat [2010.01.25 20:05:04 | 000,847,007 | ---- | C] () -- C:\Programme\normal.vs [2010.01.25 20:05:04 | 000,061,495 | ---- | C] () -- C:\Programme\ssimages.vs [2010.01.25 20:05:01 | 000,102,400 | ---- | C] () -- C:\Programme\HXAudioDeviceHook.dll [2010.01.25 20:05:00 | 000,001,161 | ---- | C] () -- C:\Programme\autoplaylist.dat [2010.01.25 20:05:00 | 000,000,043 | ---- | C] () -- C:\Programme\strs23.dat [2010.01.25 20:05:00 | 000,000,013 | ---- | C] () -- C:\Programme\strs26.dat [2010.01.25 20:04:40 | 000,023,558 | ---- | C] () -- C:\Programme\freeoffers.ico [2010.01.25 20:04:40 | 000,017,846 | ---- | C] () -- C:\Programme\videotest.rm [2010.01.25 20:04:40 | 000,000,221 | ---- | C] () -- C:\Programme\subscription.rnx [2010.01.25 20:04:40 | 000,000,177 | ---- | C] () -- C:\Programme\freeoffers.rnx [2010.01.10 14:32:50 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.12.18 15:26:30 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini [2009.12.10 14:39:10 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.11.27 13:45:57 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2009.11.27 09:02:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009.11.27 08:54:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.11.25 02:05:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ctrldll.dll [2009.08.16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2007.04.12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\System32\APOMgrH.dll [2007.04.09 12:55:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.10.02 09:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\System32\kill.ini [2001.05.24 11:20:38 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll [1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2010.08.04 12:52:36 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Academic Software Zurich [2010.12.21 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Ashampoo [2010.10.23 16:44:23 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Bao_Nguyen [2010.11.03 19:58:41 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\BlackBean [2010.12.21 17:29:41 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Broad Intelligence [2011.01.07 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Camfrog [2011.01.23 20:23:55 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Canon [2010.11.21 14:43:54 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\DonationCoder [2011.01.10 19:42:34 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\DVDVideoSoft [2010.08.16 08:16:03 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\DVDVideoSoftIEHelpers [2009.12.23 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Expression Media 2 [2010.12.20 17:23:47 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\FileZilla [2010.07.21 09:07:33 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\FireShot [2010.11.21 16:25:10 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\FlashGet [2011.01.01 13:39:34 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Foxit [2011.01.01 13:39:34 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Foxit Software [2011.01.26 03:24:20 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\GetRightToGo [2010.11.21 15:05:24 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\GrabPro [2011.01.24 03:09:24 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\ICQ [2010.02.12 17:53:36 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\ImgBurn [2011.01.28 11:53:37 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\KillProcess [2009.12.16 13:54:27 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Leadertech [2011.01.07 18:15:09 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\ManyCam [2010.09.21 14:29:34 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Mp3tag [2010.12.20 20:22:34 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Nuance [2010.11.29 12:56:06 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Orbit [2010.11.21 14:58:37 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\ProgSense [2009.12.03 09:26:33 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Quark [2011.01.26 04:54:14 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Quick File Renamer [2011.01.28 16:20:23 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\QuickScan [2009.11.27 09:13:26 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Samsung [2010.12.20 20:24:24 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\ScanSoft [2011.01.18 20:54:59 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Snapter Images [2011.01.26 20:00:32 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Stardock [2010.12.01 13:37:27 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Swiss Academic Software [2009.12.02 01:41:39 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\TerraTec [2010.12.16 18:12:16 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\TuneUp Software [2010.07.31 16:23:19 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Uniblue [2011.01.18 16:20:43 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Vso [2010.01.25 19:45:27 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Win7codecs [2010.10.24 10:40:40 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Windows SideBar [2011.01.29 10:07:26 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Wireshark [2010.11.21 16:16:18 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\xVideoServiceThief [2010.12.20 20:24:26 | 000,000,000 | ---D | M] -- C:\Users\WomTom\AppData\Roaming\Zeon [2011.01.29 11:32:24 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2010.09.29 22:47:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=8C069537269AE8AB3E308B295038ABE6 -- C:\Windows\ERDNT\cache\userinit.exe [2010.09.29 22:47:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=8C069537269AE8AB3E308B295038ABE6 -- C:\Windows\System32\userinit.exe [2010.09.29 22:47:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=8C069537269AE8AB3E308B295038ABE6 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17105_none_de3bec9f2fe919e0\userinit.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DDB01966 < End of report > |
|
30.01.2011, 20:21
| #11 |
| | Hilfe! Wahrscheinlich schlimmes Rootkit nochmal vielen Dank. Es folgt der aktuelle Status Geändert von WomTom (30.01.2011 um 20:33 Uhr) |
|
30.01.2011, 20:26
| #12 |
| | Hilfe! Wahrscheinlich schlimmes Rootkit Stand: - keine relinks im Browser mehr - windows updates funktionieren - keine bluescreens - Datenverkehr o.k - Firewall-Popups beziehen sich auf normale Anwendungen (mit wireshark gechekt) Bin ich das Ding jetzt los? |
|
01.02.2011, 17:42
| #13 |
| /// TB-Ausbilder | Hilfe! Wahrscheinlich schlimmes Rootkit Hallo WomTom, Schritt # 1: Registry Cleaner Ich sehe das Du sogenannte Registry Cleaner am System hast. In deinem Fall CCleaner und TuneUp Software. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Schritt # 2: Fix mit OTL
Code:
ATTFilter :OTL
O6 - HKLM\Software\Policies\Microsot\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DDB01966
:commands
[Emptytemp]
Schritt # 3: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)
Schritt # 4: Systemscan mit OTL
Schritt # 5: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
01.02.2011, 20:23
| #14 |
| | Hilfe! Wahrscheinlich schlimmes Rootkit All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsot\Internet Explorer\Restrictions\ not found. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel @Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp  FC5A2B2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TempDB01966\ not found.========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: WomTom ->Temp folder emptied: 23400757 bytes ->Temporary Internet Files folder emptied: 1973820 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 44526555 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 4321 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 89464 bytes RecycleBin emptied: 46261280 bytes Total Files Cleaned = 111,00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02012011_195049 Files\Folders moved on Reboot... C:\Windows\temp\hsperfdata_WOMTOM-PC$\1820 moved successfully. Registry entries deleted on Reboot... |
|
01.02.2011, 20:24
| #15 |
| | Hilfe! Wahrscheinlich schlimmes Rootkit Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5655 Windows 6.1.7601 Service Pack 1, v.721 Internet Explorer 8.0.7601.17105 01.02.2011 20:01:38 mbam-log-2011-02-01 (20-01-38).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 164123 Laufzeit: 3 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
| Themen zu Hilfe! Wahrscheinlich schlimmes Rootkit |
| avira, bluescreen, dringend, firefox, firewall, gefährlich, hijack, hijackthis, leitet, ms security essentials, problem, programme, revealer, rootkit, scan, security, seite, seiten, starten, suchmaschine, tabs mit werbung, updates, werbung, windows, windows updates, öffnet |
Textbox.
Linear-Darstellung
