| |
| |||||||
Log-Analyse und Auswertung: Rootkit Patched TDSS GEn entfernt?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.04.2011, 06:56
| #1 |
 |  Rootkit Patched TDSS GEn entfernt? Hallo Leute, mein Firefox hat sich in letzter Zeit komisch verhalten (Google Serveranfragen wurden umgeleitet und Werbepopups wurden eingeblendet). Nachdem ich mal Routinemäßig mein G-Data 2011 den Rechner Scannen lassen wollte ist mir aufgefallen das seit 02.04. keine Updates mehr geladen wurden (was er eigentlich stündlich macht). Nach Anruf beim Support wurde mir gesagt ich sollte die neueste Version installieren und den 2011er deinstallieren (Das Updateproblem könnte an einem Bluescreen liegen den ich vor ein paar Tagen mal hatte). So dann ging es los; ich konnte nicht auf den G-Data Server zugreifen (Server nicht gefunden - mit keinem Browser). Bei Chip ging dann der Download. Danach Spybot versucht zu starten - keine Chance. Ich habe dann mit der G-Data Boot CD 2012 und der neuesten Virendatenbank meinen Rechner gestartet und gescannt. Er fand Rootkit.Patched.TDSS.Gen in C:/Windows/System32/Drivers/Atapi.sys (Atapi oder so ähnlich) Ich habe ihn löschen lassen und mit einer Windowsdatei aus einem sauberen Backup ersetzt. Nun meine Frage ob der Rechner wieder sauber ist: OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.04.2011 20:29:56 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Marco\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): c:\pagefile.sys 5000 10000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 180,18 Gb Free Space | 38,69% Space Free | Partition Type: NTFS Drive E: | 292,80 Gb Total Space | 219,79 Gb Free Space | 75,07% Space Free | Partition Type: NTFS Drive F: | 5,29 Gb Total Space | 0,88 Gb Free Space | 16,60% Space Free | Partition Type: NTFS Drive G: | 930,86 Gb Total Space | 25,40 Gb Free Space | 2,73% Space Free | Partition Type: NTFS Drive I: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ***-PC | User Name: Marco | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.05 20:21:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe PRC - [2011.04.01 08:44:49 | 001,537,544 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2011.04.01 08:44:44 | 001,430,024 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G DATA\AVKProxy\AVKProxy.exe PRC - [2011.04.01 08:44:30 | 000,922,120 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\AVKTray\AVKTray.exe PRC - [2011.03.18 19:56:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.03.04 19:56:38 | 000,353,288 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G DATA\GDScan\GDScan.exe PRC - [2011.03.04 19:56:14 | 000,381,448 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\AVK\AVKService.exe PRC - [2011.03.04 03:31:36 | 001,606,048 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe PRC - [2011.03.04 03:22:12 | 001,368,648 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe PRC - [2011.01.07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.10.20 12:22:24 | 000,630,272 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2010.10.20 12:20:46 | 000,149,504 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010.07.25 08:26:02 | 000,884,736 | ---- | M] () -- C:\Users\Marco\AppData\Local\TVersity\Media Server\MediaServer.exe PRC - [2010.01.27 14:38:30 | 003,557,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe PRC - [2009.12.08 21:10:24 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe PRC - [2009.10.27 11:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009.10.23 14:53:26 | 000,834,888 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2009.10.23 14:51:02 | 001,011,528 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.14 22:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\Ralink\Common\RaRegistry.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:43 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe PRC - [2009.07.14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2009.02.27 00:30:54 | 002,106,624 | ---- | M] () -- C:\Programme\OO Software\DiskImage\oodiag.exe PRC - [2008.05.07 17:48:12 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE ========== Modules (SafeList) ========== MOD - [2011.04.05 20:21:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe MOD - [2010.12.18 07:29:18 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009.02.27 00:31:30 | 000,111,872 | ---- | M] () -- C:\Programme\OO Software\DiskImage\oodishi.dll MOD - [2009.02.27 00:30:06 | 000,353,536 | ---- | M] () -- C:\Programme\OO Software\DiskImage\oodishrs.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.01 08:44:44 | 001,430,024 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2011.03.19 20:22:39 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.03.04 19:56:38 | 000,353,288 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2011.03.04 19:56:14 | 000,381,448 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2011.03.04 03:31:36 | 001,606,048 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc) SRV - [2011.03.04 03:22:12 | 001,368,648 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.10.25 09:04:43 | 000,435,528 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.10.20 12:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.07.25 08:26:02 | 000,884,736 | ---- | M] () [Auto | Start_Pending] -- C:\Users\Marco\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer) SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.12.08 21:10:24 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc) SRV - [2009.10.23 14:51:02 | 001,011,528 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.10.23 14:45:20 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) TuneUp Designerweiterung (beta) SRV - [2009.10.19 20:54:05 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.07.14 22:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.02.27 00:30:54 | 002,106,624 | ---- | M] () [Auto | Running] -- C:\Program Files\OO Software\DiskImage\oodiag.exe -- (O&O DiskImage) SRV - [2008.05.07 17:48:12 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\ASTSRV.EXE -- (astcc) ========== Driver Services (SafeList) ========== DRV - [2011.04.05 19:24:44 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD) DRV - [2011.04.05 18:53:38 | 000,048,344 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt) DRV - [2011.04.05 18:53:06 | 000,073,432 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2011.04.05 18:53:06 | 000,039,640 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre) DRV - [2011.04.05 18:53:05 | 000,037,720 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\GDBehave.sys -- (GDBehave) DRV - [2011.04.05 18:53:05 | 000,029,400 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GdNetMon32.sys -- (GdNetMon) DRV - [2011.04.05 18:53:04 | 000,052,440 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd) DRV - [2011.01.08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.02.26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.10.21 17:56:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.08.22 20:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32) DRV - [2009.07.29 18:18:20 | 000,553,472 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.02.27 00:35:08 | 000,031,240 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\oodivdh.sys -- (oodivdh) DRV - [2009.02.27 00:35:06 | 000,133,640 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\oodivd.sys -- (oodivd) DRV - [2009.02.27 00:35:04 | 000,028,680 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\oodisrh.sys -- (oodisrh) DRV - [2009.02.27 00:35:02 | 000,095,752 | ---- | M] (O&O Software GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\oodisr.sys -- (oodisr) DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.02.20 14:47:34 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2007.09.25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MediaCoder\SysInfo.sys -- (CrystalSysInfo) DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2003.02.18 09:38:04 | 000,017,504 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt680x.sys -- (GT680x) DRV - [2002.05.06 20:01:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 6C 45 72 91 F3 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.02.07 11:19:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.16 02:37:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.16 02:37:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.05 19:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.05 14:41:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.03.06 09:13:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.16 02:37:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.03.06 09:13:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.16 02:37:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.03.06 09:13:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.16 02:37:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.03.06 09:13:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.16 02:37:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.03.06 09:13:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.16 02:37:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.06 09:13:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.03.06 09:13:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.16 02:37:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.03.06 09:13:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.16 02:37:25 | 000,000,000 | ---D | M] [2010.11.27 16:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Extensions [2010.08.19 15:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.11.27 16:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2009.10.19 14:43:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\43tdf2dy.default\extensions [2011.04.05 19:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (Abstract Classic) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (own) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{35f30c40-35d4-11d9-8dbc-000c6e787ef7} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (GrApple (Eos)) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{39cba7fd-64f8-4757-91f5-5586a78555fd} [2011.04.05 14:41:39 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (GrApple Delicious (blue)) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{472be34c-9688-fd8a-227e-f32eabb78c1c} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (iSafari) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{506622a4-fb54-11db-8314-0800200c9a66} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (Browse Images) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{62b958b4-9962-4fc2-9983-01a9a42d6f2d} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (iFox) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2011.04.05 14:41:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (SearchStatus) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2011.04.05 14:41:40 | 000,000,000 | ---D | M] ("oneview Tools") -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{E9A4B2C3-9857-4873-BA67-FB4271257B20} [2011.04.05 14:41:12 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2011.04.05 14:41:22 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\multilinks@plugin [2011.04.05 14:41:38 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\piclens@cooliris.com [2011.04.05 14:41:22 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\smarterwiki@wikiatic.com [2011.04.05 14:41:38 | 000,000,000 | ---D | M] (Splash) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\splash@aldreneo.com [2011.04.05 14:41:38 | 000,000,000 | ---D | M] ("Alexa Sparky") -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\toolbar@alexa.com [2011.04.05 14:41:38 | 000,000,000 | ---D | M] (Firefox ClickOnce Erweiterung) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\webmaster@meamod.com [2011.04.05 08:50:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\5hsn79je.default\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}\chrome\mozapps\extensions [2009.10.19 15:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\twpdu6fu.default\extensions [2009.10.19 15:49:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\y292rhh4.default\extensions [2011.04.05 19:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.04.05 18:53:12 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2011.04.05 14:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.04.05 14:41:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [RK Launcher] C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe (RaduKing) O4 - HKLM..\Run: [System Files Updater] C:\Windows\FlyakiteOSX\Tools\System Files Updater.exe () O4 - HKCU..\Run: [Alt+Q Hotkey Tool] C:\Windows\Alt+Q Hotkey.exe () O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe (RapidSolution Software AG) O4 - HKCU..\Run: [UberIcon] C:\Program Files\UberIcon\UberIcon Manager.exe () O4 - HKCU..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe () O4 - HKCU..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe (Y'z@Home) O4 - Startup: C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BeratungsNavigator Quickstarter.lnk = C:\Stuttgarter_Versicherungsgruppe\Stuttgarter\.kevuSSLV\SAS\kqstarter.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\excel.exe (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab (CKAVWebScan Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.177 217.0.43.161 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.06.18 23:12:18 | 000,000,088 | ---- | M] () - I:\autorun.inf -- [ UDF ] O33 - MountPoints2\{5acc1b3f-688c-11df-a204-cf16305673b9}\Shell - "" = AutoRun O33 - MountPoints2\{5acc1b3f-688c-11df-a204-cf16305673b9}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- [2009.11.13 21:25:22 | 003,280,672 | ---- | M] (Western Digital) O33 - MountPoints2\{a162abee-f23b-11de-9e5b-0023542551c7}\Shell - "" = AutoRun O33 - MountPoints2\{a162abee-f23b-11de-9e5b-0023542551c7}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\{c33a2fa5-d1b7-11de-8f30-0023542551c7}\Shell - "" = AutoRun O33 - MountPoints2\{c33a2fa5-d1b7-11de-8f30-0023542551c7}\Shell\AutoRun\command - "" = H:\Setup\rsrc\Autorun.exe O33 - MountPoints2\{c33a2fa5-d1b7-11de-8f30-0023542551c7}\Shell\dinstall\command - "" = H:\Directx\dxsetup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe - () MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk - C:\Programme\Ralink\Common\RaUI.exe - (Ralink Technology, Corp.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Register Mask Pro 3.0.lnk - - File not found MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - File not found MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: EADM - hkey= - key= - C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUI.exe (Electronic Arts) MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - State: "bootini" - 2 MsConfig - State: "startup" - 2 ========== Files/Folders - Created Within 30 Days ========== [2011.04.05 20:29:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.05 20:28:28 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.04.05 20:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.05 20:22:04 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Marco\Desktop\Erunt-setup.exe [2011.04.05 20:21:32 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe [2011.04.05 20:21:30 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Marco\Desktop\TFC.exe [2011.04.05 19:24:44 | 000,030,256 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2011.04.05 18:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2012 [2011.04.05 18:53:06 | 000,073,432 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2011.04.05 18:53:06 | 000,039,640 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2011.04.05 18:53:05 | 000,037,720 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2011.04.05 18:53:05 | 000,029,400 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GdNetMon32.sys [2011.04.05 18:53:04 | 000,052,440 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2011.04.05 15:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.04.05 15:41:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\Kaspersky Lab [2011.04.05 13:31:04 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2011.04.05 13:30:09 | 000,000,000 | ---D | C] -- C:\Programme\Sun [2011.03.29 15:22:59 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\MySEOSolution_DB_Dir [2011.03.29 15:22:36 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Local\MySEOSolution [2011.03.29 15:21:58 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Article Wizard [2011.03.29 15:21:58 | 000,000,000 | ---D | C] -- C:\Programme\Article Wizard [2011.03.28 20:58:45 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NÜRNBERGER BTplus 01.2011 [2011.03.28 20:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.03.28 20:56:12 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2011.03.27 17:03:25 | 000,000,000 | ---D | C] -- C:\Users\Marco\Desktop\mein_hpl_2009 [2011.03.26 20:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D [2011.03.26 20:35:23 | 000,000,000 | ---D | C] -- C:\Programme\Sweet Home 3D [2011.03.24 15:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird [2011.03.23 16:33:29 | 000,000,000 | ---D | C] -- C:\Programme\SomePDF [2011.03.23 16:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SomePDF [2011.03.15 22:09:40 | 000,000,000 | ---D | C] -- C:\Users\Marco\Desktop\zeitler angebot [2011.03.13 10:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.03.13 10:27:17 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.03.12 16:59:47 | 000,000,000 | --SD | C] -- C:\Users\Marco\AppData\Roaming\Brother [2011.03.10 19:41:22 | 000,000,000 | ---D | C] -- C:\Users\Marco\Desktop\Backlinkspeed [2011.03.09 14:25:28 | 000,000,000 | ---D | C] -- C:\PCWELT [2010.07.13 14:55:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Marco\AppData\Roaming\pcouffin.sys [2010.07.02 19:22:49 | 000,017,504 | ---- | C] ( ) -- C:\Windows\System32\drivers\gt680x.sys ========== Files - Modified Within 30 Days ========== [2011.04.05 20:28:29 | 000,000,894 | ---- | M] () -- C:\Users\Marco\Desktop\NTREGOPT.lnk [2011.04.05 20:28:29 | 000,000,875 | ---- | M] () -- C:\Users\Marco\Desktop\ERUNT.lnk [2011.04.05 20:22:14 | 000,301,568 | ---- | M] () -- C:\Users\Marco\Desktop\g2m3e4r.exe [2011.04.05 20:22:05 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Marco\Desktop\Erunt-setup.exe [2011.04.05 20:21:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe [2011.04.05 20:21:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\TFC.exe [2011.04.05 20:15:41 | 000,377,280 | ---- | M] () -- C:\Users\Marco\Desktop\Load.exe [2011.04.05 20:08:05 | 004,272,474 | ---- | M] () -- C:\Users\Marco\Desktop\osam_autorun_manager_5_0_portable.rar [2011.04.05 19:47:00 | 000,701,762 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.05 19:47:00 | 000,656,076 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.05 19:47:00 | 000,149,656 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.05 19:47:00 | 000,122,464 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.05 19:45:17 | 000,001,216 | ---- | M] () -- C:\Users\Marco\Desktop\Spybot - Search & Destroy.lnk [2011.04.05 19:36:17 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.05 19:36:17 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.05 19:24:44 | 000,030,256 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2011.04.05 19:24:04 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2011.04.05 19:21:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.05 19:21:41 | 2616,500,224 | -HS- | M] () -- C:\hiberfil.sys [2011.04.05 19:12:31 | 000,258,786 | ---- | M] () -- C:\Windows\System32\sig.bin [2011.04.05 19:12:31 | 000,028,071 | ---- | M] () -- C:\Windows\System32\nmp.map [2011.04.05 18:57:25 | 000,000,044 | ---- | M] () -- C:\unconfirm.ini [2011.04.05 18:53:38 | 000,048,344 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2011.04.05 18:53:06 | 000,073,432 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2011.04.05 18:53:06 | 000,039,640 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2011.04.05 18:53:05 | 000,037,720 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2011.04.05 18:53:05 | 000,029,400 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GdNetMon32.sys [2011.04.05 18:53:04 | 000,052,440 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2011.04.05 15:13:42 | 000,000,036 | ---- | M] () -- C:\Users\Marco\AppData\Local\housecall.guid.cache [2011.04.05 08:46:11 | 058,851,542 | ---- | M] () -- C:\Users\Marco\Documents\Firefox 3.6.16 (de) - 2011-04-05.pcv [2011.04.04 14:24:36 | 058,198,443 | ---- | M] () -- C:\Users\Marco\Documents\Firefox 4.0 (de) - 2011-04-04.pcv [2011.03.31 09:36:59 | 000,016,904 | ---- | M] () -- C:\Windows\VFRAME32.INI [2011.03.31 09:17:45 | 000,000,848 | ---- | M] () -- C:\Windows\VFORTSCH.INI [2011.03.31 09:17:33 | 000,000,590 | ---- | M] () -- C:\Windows\VPMS.INI [2011.03.29 08:23:53 | 002,114,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.03.28 21:01:18 | 000,017,482 | ---- | M] () -- C:\Windows\System32\drivers\etc\services [2011.03.28 18:13:02 | 000,001,277 | ---- | M] () -- C:\Windows\CAF.INI [2011.03.28 18:13:02 | 000,000,996 | ---- | M] () -- C:\Windows\DOCS.INI [2011.03.24 12:40:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2011.03.22 19:57:21 | 000,001,254 | ---- | M] () -- C:\Users\Marco\Desktop\Scan - Verknüpfung.lnk [2011.03.22 16:55:52 | 000,000,182 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.03.22 11:51:18 | 000,000,003 | ---- | M] () -- C:\Windows\VMAPO.DAT [2011.03.18 19:31:58 | 000,000,691 | ---- | M] () -- C:\Windows\cdplayer.ini [2011.03.18 18:20:04 | 000,376,684 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2011.03.13 13:36:01 | 000,009,241 | ---- | M] () -- C:\Users\Marco\Desktop\Anleitung.html [2011.03.12 01:23:19 | 000,026,624 | ---- | M] () -- C:\Users\Marco\Desktop\FreeBlogCommenter.exe [2011.03.10 19:49:24 | 000,632,037 | ---- | M] () -- C:\Users\Marco\Desktop\backlinks5k.php [2011.03.10 19:40:48 | 062,030,246 | ---- | M] () -- C:\Users\Marco\Desktop\Top 20 Premium Wordpress Theme - HOT 2010.rar [2011.03.08 15:13:01 | 000,151,581 | ---- | M] () -- C:\Users\Marco\Desktop\Abmahnung - Fiebel.pdf [2011.03.07 09:03:02 | 000,000,465 | ---- | M] () -- C:\Windows\System32\test ========== Files Created - No Company Name ========== [2011.04.05 20:28:29 | 000,000,894 | ---- | C] () -- C:\Users\Marco\Desktop\NTREGOPT.lnk [2011.04.05 20:28:29 | 000,000,875 | ---- | C] () -- C:\Users\Marco\Desktop\ERUNT.lnk [2011.04.05 20:21:16 | 000,301,568 | ---- | C] () -- C:\Users\Marco\Desktop\g2m3e4r.exe [2011.04.05 20:15:38 | 000,377,280 | ---- | C] () -- C:\Users\Marco\Desktop\Load.exe [2011.04.05 20:05:45 | 004,272,474 | ---- | C] () -- C:\Users\Marco\Desktop\osam_autorun_manager_5_0_portable.rar [2011.04.05 19:45:17 | 000,001,216 | ---- | C] () -- C:\Users\Marco\Desktop\Spybot - Search & Destroy.lnk [2011.04.05 19:12:23 | 000,258,786 | ---- | C] () -- C:\Windows\System32\sig.bin [2011.04.05 19:12:23 | 000,028,071 | ---- | C] () -- C:\Windows\System32\nmp.map [2011.04.05 18:57:25 | 000,000,044 | ---- | C] () -- C:\unconfirm.ini [2011.04.05 15:13:42 | 000,000,036 | ---- | C] () -- C:\Users\Marco\AppData\Local\housecall.guid.cache [2011.04.05 08:45:11 | 058,851,542 | ---- | C] () -- C:\Users\Marco\Documents\Firefox 3.6.16 (de) - 2011-04-05.pcv [2011.04.04 14:23:42 | 058,198,443 | ---- | C] () -- C:\Users\Marco\Documents\Firefox 4.0 (de) - 2011-04-04.pcv [2011.03.24 12:40:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2011.03.23 12:09:29 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.03.22 19:57:21 | 000,001,254 | ---- | C] () -- C:\Users\Marco\Desktop\Scan - Verknüpfung.lnk [2011.03.13 13:41:20 | 000,009,241 | ---- | C] () -- C:\Users\Marco\Desktop\Anleitung.html [2011.03.12 01:23:18 | 000,026,624 | ---- | C] () -- C:\Users\Marco\Desktop\FreeBlogCommenter.exe [2011.03.10 19:49:24 | 000,632,037 | ---- | C] () -- C:\Users\Marco\Desktop\backlinks5k.php [2011.03.10 19:15:35 | 062,030,246 | ---- | C] () -- C:\Users\Marco\Desktop\Top 20 Premium Wordpress Theme - HOT 2010.rar [2011.03.08 15:13:01 | 000,151,581 | ---- | C] () -- C:\Users\Marco\Desktop\Abmahnung - Fiebel.pdf [2011.03.07 09:03:02 | 000,000,465 | ---- | C] () -- C:\Windows\System32\test [2011.02.13 13:17:29 | 000,000,101 | ---- | C] () -- C:\Users\Marco\AppData\Local\fusioncache.dat [2011.02.07 13:05:08 | 000,000,244 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2011.02.07 13:05:08 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2011.02.07 13:03:01 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.02.07 13:03:01 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.02.07 12:59:31 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2011.02.07 12:58:45 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2011.02.07 12:58:45 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2011.02.07 12:58:44 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2011.02.07 12:50:52 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2011.01.04 20:24:09 | 000,000,000 | ---- | C] () -- C:\Windows\Hatchery.INI [2011.01.04 20:19:38 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe [2010.12.20 12:08:53 | 000,000,065 | ---- | C] () -- C:\Windows\BADENIA.INI [2010.10.30 11:32:43 | 000,000,331 | ---- | C] () -- C:\Windows\doom3.ini [2010.10.21 16:30:24 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.09.30 16:24:35 | 000,017,900 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.09.18 23:28:21 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.09.18 10:49:32 | 000,005,095 | ---- | C] () -- C:\ProgramData\xpbthzbm.qqq [2010.09.03 15:45:22 | 000,376,684 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.07.13 14:55:47 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll [2010.07.13 14:55:07 | 000,081,920 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\ezpinst.exe [2010.07.13 14:55:07 | 000,007,176 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\pcouffin.cat [2010.07.13 14:55:07 | 000,001,144 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\pcouffin.inf [2010.07.02 19:22:49 | 000,118,784 | ---- | C] () -- C:\Windows\System32\MKCoInstaller.dll [2010.06.21 20:48:20 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.04.20 16:08:17 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2010.02.07 19:43:30 | 000,000,026 | ---- | C] () -- C:\Windows\PhatMan.INI [2010.01.21 16:36:14 | 000,000,417 | ---- | C] () -- C:\Windows\BSC.ini [2009.12.26 20:43:15 | 000,000,248 | ---- | C] () -- C:\Windows\emug3.ini [2009.12.26 19:10:04 | 000,000,099 | ---- | C] () -- C:\Windows\RealFlight.INI [2009.12.26 19:06:50 | 000,000,008 | ---- | C] () -- C:\Windows\System32\PROTOCOL.INI [2009.12.26 18:57:59 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2009.12.08 21:10:24 | 000,003,072 | ---- | C] () -- C:\Windows\System32\Viveza2FC32.dll [2009.11.06 20:26:25 | 000,000,182 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.10.24 20:33:05 | 000,045,056 | ---- | C] () -- C:\Programme\leftsider.dll [2009.10.21 12:26:05 | 000,000,003 | ---- | C] () -- C:\Windows\VMAPO.DAT [2009.10.21 12:23:58 | 000,016,904 | ---- | C] () -- C:\Windows\VFRAME32.INI [2009.10.21 12:12:01 | 000,000,848 | ---- | C] () -- C:\Windows\VFORTSCH.INI [2009.10.21 12:08:42 | 000,001,277 | ---- | C] () -- C:\Windows\CAF.INI [2009.10.21 12:08:42 | 000,000,996 | ---- | C] () -- C:\Windows\DOCS.INI [2009.10.21 12:08:40 | 000,000,590 | ---- | C] () -- C:\Windows\VPMS.INI [2009.10.21 12:08:35 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.10.21 11:23:40 | 000,000,691 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.10.19 23:06:58 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI [2009.10.19 20:49:20 | 000,118,784 | ---- | C] () -- C:\Windows\bwUnin-7.2.0.137-8876480SL.exe [2009.10.19 19:50:57 | 000,001,179 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.19 14:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.07.14 10:47:43 | 000,701,762 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,149,656 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 002,114,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,656,076 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,122,464 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.05.17 23:02:42 | 000,000,012 | RHS- | C] () -- C:\Windows\msmkctrl.dll [2008.02.15 16:08:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\f7129022-a000-4847-db07-470265a73c4f [2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2007.08.23 19:30:00 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.06.28 18:54:10 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007.06.28 18:52:18 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2005.12.18 21:14:24 | 000,027,648 | ---- | C] () -- C:\Windows\Alt+Q Hotkey.exe [2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [1995.11.16 18:31:36 | 000,000,127 | ---- | C] () -- C:\Windows\KPCMS.INI [1995.10.24 20:28:53 | 000,210,944 | ---- | C] () -- C:\Windows\System32\msvcrt10.dll ========== LOP Check ========== [2009.10.20 22:34:56 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Alien Skin [2010.11.16 12:26:42 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Broad Intelligence [2011.04.05 14:41:38 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Free Monitor for Google [2010.08.25 21:52:51 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\GHISLER [2010.05.10 18:49:25 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\gnupg [2009.10.26 09:34:42 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\invers [2009.10.20 08:49:20 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Leadertech [2011.01.16 02:37:33 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Local [2009.12.05 23:39:25 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Mask Pro 4.0 [2011.03.29 15:29:21 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\MySEOSolution_DB_Dir [2010.09.07 22:55:28 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Nik Software [2009.10.27 09:48:54 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Nokia [2010.07.26 14:32:52 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\onOne Software [2010.10.21 18:45:25 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\PC Suite [2010.08.27 17:33:58 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\RTPlayer [2009.11.15 15:28:08 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\runic games [2011.01.11 17:28:00 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TeamViewer [2009.10.19 18:04:47 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Temp [2010.12.29 13:54:27 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Thunderbird [2010.11.27 16:17:41 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TomTom [2011.04.04 08:02:28 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Tunebite [2009.10.24 14:37:40 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\TuneUp Software [2011.02.13 13:19:48 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Turbine [2010.04.16 12:40:20 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\uTorrent [2011.03.07 13:43:50 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Vso [2011.04.05 16:36:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.10.19 23:24:56 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.10.19 20:52:17 | 000,000,000 | ---D | M] -- C:\KPCMS [2009.10.19 19:47:26 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.02.07 19:10:31 | 000,000,000 | ---D | M] -- C:\My Music [2011.03.28 21:01:27 | 000,000,000 | ---D | M] -- C:\NBG_DFUE [2009.10.19 14:01:53 | 000,000,000 | ---D | M] -- C:\NVIDIA [2011.03.09 14:25:41 | 000,000,000 | ---D | M] -- C:\PCWELT [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2009.10.19 20:52:18 | 000,000,000 | ---D | M] -- C:\PM6 [2010.12.20 11:53:28 | 000,000,000 | ---D | M] -- C:\Prog [2011.04.05 20:28:28 | 000,000,000 | R--D | M] -- C:\Programme [2011.04.05 15:41:03 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.10.19 13:45:25 | 000,000,000 | -HSD | M] -- C:\Programme [2009.10.19 13:45:26 | 000,000,000 | -HSD | M] -- C:\Recovery [2009.10.19 19:34:43 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2010.12.09 10:53:47 | 000,000,000 | ---D | M] -- C:\StepOver [2010.10.21 16:33:01 | 000,000,000 | ---D | M] -- C:\Stuttgarter_Versicherungsgruppe [2011.04.05 19:39:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.03.28 21:29:28 | 000,000,000 | ---D | M] -- C:\Temp [2010.08.25 21:53:03 | 000,000,000 | ---D | M] -- C:\totalcmd [2009.10.19 14:36:24 | 000,000,000 | R--D | M] -- C:\Users [2009.10.21 12:22:19 | 000,000,000 | ---D | M] -- C:\VHV [2011.04.05 20:29:13 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2010.01.27 14:38:30 | 003,557,376 | ---- | M] (Microsoft Corporation) MD5=104E4B0F551667FA026DF09C34187C63 -- C:\Windows\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2010.01.27 14:38:30 | 005,435,392 | ---- | M] (Microsoft Corporation) MD5=CAAAD7610368785CD8366B5F7B87B5E0 -- C:\Windows\FlyakiteOSX\Backup\explorer.exe < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-05 13:25:23 ========== Alternate Data Streams ========== @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:60466E88 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.04.2011 20:29:56 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Marco\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): c:\pagefile.sys 5000 10000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 180,18 Gb Free Space | 38,69% Space Free | Partition Type: NTFS
Drive E: | 292,80 Gb Total Space | 219,79 Gb Free Space | 75,07% Space Free | Partition Type: NTFS
Drive F: | 5,29 Gb Total Space | 0,88 Gb Free Space | 16,60% Space Free | Partition Type: NTFS
Drive G: | 930,86 Gb Total Space | 25,40 Gb Free Space | 2,73% Space Free | Partition Type: NTFS
Drive I: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ***-PC | User Name: Marco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Directory [TVersity] -- "C:\Users\Marco\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D6DBAB-7C8E-4AC8-8B54-561286B50FEB}" = NÜRNBERGER Beratungstechnologie BTplus 01.2011 Aktualisierung
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D565ABB-F689-4B08-AA2A-F24BF7543B90}" = Baufi Kurz Gev
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{11C4C376-7A39-456B-AF24-142C9408CC68}" = Advocard RS Formulare
"{12F8958F-CD7F-434D-B598-277EF446FE9C}" = Beratungsprotokolle
"{1454A1AD-E923-4E9C-9DC6-F173B5249A62}" = CD-Brennservice
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1CED7D61-9A4A-4D2B-8FB7-4DA1E5AEA7B1}" = TransSELEKT
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{24C152B6-544C-4B64-A4CA-575843C0CFE6}" = Article Wizard
"{25A09361-CF09-4351-8B91-FED52FA9F4E6}" = AIS Gev
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{27237DBF-81A7-4569-908C-48427460B7BA}" = The Panorama Factory V5 m32 Edition
"{281626C2-282A-4574-B19C-E1611CC8C604}" = GEV Excelloesungen
"{2853590B-752C-4F78-A4D0-8CA11A3C70C8}" = CAP GEV Child
"{2866D47D-EFE6-40A3-BA38-F88A865960FB}" = Moreba GEV
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2D147449-82F7-4603-9BBA-A7999BA648B5}" = NAFI Gev
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2DFAC810-6DD8-4E23-96A4-BEB118408203}" = Mask Pro 4.1
"{3092F28A-F757-4119-9B32-8DC7EEFC357A}" = AMBLebenStartHH
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32C7FDDF-8D18-4B29-B81A-CDA512093274}" = Intellihance Pro 4.2
"{35249233-B3B6-47D2-8D91-64BE6968F24E}" = BeratungsNavigator April 2010
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{3706193A-737E-4AE1-A23B-3B0124C9D7EC}" = SUH-FK mit RS und GDV-Viewer
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39955D0F-633E-4C9C-9E0C-67B8DFC4D04A}" = VIT LV Gev
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{416483BC-C2B1-46D4-91F2-6ECB36C95295}" = PDF-Formular_Makler
"{4666A1CE-C9B4-4840-ADE4-2D86E2058551}" = Tunebite
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-5490CN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7C2FD-CEE4-4CE4-9846-A932C54D3170}" = RK Launcher iVista Leopard
"{4CFB67CB-E8FF-4EA4-9DCA-6659D1D4EAD5}" = FIT GEV
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{515D3E4C-ADC5-4DB4-A497-ADCF3007522E}" = Bookmark Submitter Pro 1.2
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{534806D0-9B0B-41FA-A7BE-C294AAB7B31F}" = O&O DiskImage Professional
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{584267B8-0BB0-4D18-9FFA-726576619E9A}" = Doom 3
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F073685-ADDB-4D5A-98E9-0F795989A57F}" = PhotoFrame Pro 3.1
"{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{6273DF6A-FAFB-4C1E-8ABC-7EB581ECA09C}" = Generali BAV Prof GEV
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{68EAA7CE-63F0-4C5A-8163-3961F70FBD7C}" = Beraterplatz GEV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E176203-DE71-454F-A735-73DE95853CEE}" = NÜRNBERGER Beratungstechnologie BTplus 01/2011
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C723788-585C-4537-92AC-CF616209197C}" = PhotoTune 2
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86D22899-0876-4D36-8B74-8A2061D85C66}" = Abgeltungsteuer GEV
"{873BDAD5-C967-4DAA-9E2A-B890D886E18D}" = Brainforce
"{87D9045F-5DE3-4AED-B56E-3A2927F2AF91}" = Fujitsu NetCOBOL Free Run-time
"{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.0.53
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FBA5944-95EA-4153-89A4-9AE16DB5E6AD}" = Generali Tarifierungen Gev
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{91130407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95264FE1-B52C-4F32-9382-9B0923F61383}" = Jdk GEV
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{959A4711-CD64-4552-9E70-7BDB4F72336B}" = Updateservice GEV
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EB46587-4354-411C-BBAC-A9BBB2131F3D}" = FocalPoint 1.0
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A470C94F-4F66-42E5-8D85-D4C2D2C1154F}" = PoA-MathBasis
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution
"{A5D861EC-419E-42F6-87DD-E02996244441}" = Angebots Msi
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}" = Microsoft Image Composite Editor
"{AA259E30-3918-4AE2-A969-3D155A5112A8}" = NÜRNBERGER Beratungstechnologie Version 03.2010 Einzelplatz
"{AC38B36B-90F8-4C1F-8AC9-236B851B8871}" = Genuine Fractals 5.0
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AD77394E-0107-4C2A-BF86-E633DFD09E33}" = Vera Kompas GEV
"{AE5AB508-545C-4291-B9DC-7FAEEDC6624E}" = Stufenmodell GEV
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B01DD5B7-9862-43D7-BCA3-7882A17E4328}" = PhotoTools 1.0 Professional Edition
"{B213E1A6-ACB3-4488-8221-0403F8B5EAC3}" = Konzept und Marketing Tarifrechner
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BC561EA3-69C7-4CDA-87CB-DB6B4311F16C}" = VIT LV Basis
"{BF6685DC-50F9-48EA-B2FF-99AF905D7660}" = Envisioneer Express 5.0
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF4ED9E2-7289-4D60-9E9A-AA726408C989}" = Vita Gev
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3AAAEA9-9A0C-4568-8E9D-073497291031}" = Nero 8
"{D6DF7FE9-2420-4DAA-8A00-BB5367AE1DFA}" = NÜRNBERGER Beratungstechnologie 01/2011
"{D8B5B7C3-47B1-40FA-8251-59C74A543880}" = Dragon Age: Origins Character Creator
"{DA74A65E-31B4-4A32-A80C-96FF5CBA6A53}" = Movavi SplitMovie 2
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE64E0C1-1DF6-4997-9B98-10411D175BEC}" = Moreba
"{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}" = resident evil 4
"{E37AF296-698F-413B-8264-A3CB391DA44C}" = Fernwartung GEV
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FB6908C2-2138-4D6E-9CAF-11D7AE6C3909}" = Doom 3
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = DER HERR DER RINGE ONLINE: Schatten von Angmar v07.12.30.70
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"CreaturesDeinstKey" = Creatures
"Dark Omen" = Dark Omen
"Dfine 2.0" = Dfine 2.0
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"Exposure" = Alien Skin Exposure
"EyeCandy5Impact" = Alien Skin Eye Candy 5 Impact
"EyeCandy5Nature" = Alien Skin Eye Candy 5 Nature
"EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FlyakiteOSX" = FlyakiteOSX
"Free Monitor for Google_is1" = Free Monitor for Google 2.5
"FreePortScanner_is1" = FreePortScanner 2.8.2
"FreeUndelete" = FreeUndelete
"Generali Versicherungen Beratungssoftware" = Generali Versicherungen Beratungssoftware
"Google Desktop" = Google Desktop
"iColorFolder" = iColorFolder
"Image Doctor" = Alien Skin Image Doctor 1.0
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{35249233-B3B6-47D2-8D91-64BE6968F24E}" = BeratungsNavigator April 2010
"InstallShield_{87D9045F-5DE3-4AED-B56E-3A2927F2AF91}" = Fujitsu NetCOBOL Free Run-time
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{BF6685DC-50F9-48EA-B2FF-99AF905D7660}" = Envisioneer Express 5.0
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"Invers" = INVERS Makler Assistent
"Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.1.8.4
"JDownloader" = JDownloader
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"MainApp.exe_is1" = CloneDVD 4.1.0.23
"MediaCoder" = MediaCoder 0.7.5.4762
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"NameNormPROFI_is1" = Entferne NameNormPROFI
"Nokia PC Suite" = Nokia PC Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Offline Tarifrechner 3_is1" = Offline Tarifrechner 3.1.5.1
"OnlineFotoservice" = OnlineFotoservice
"OpenAL" = OpenAL
"PDF zu HTML Wandler 1" = PDF zu HTML Wandler 1
"PhatMan" = PhatNoise Music Manager
"PhotoBookWorld_is1" = PhotoBookWorld 2.1
"RealFlightG4Pro" = RealFlight G4 R/C Simulator
"RealPlayer 12.0" = RealPlayer
"Rename-It Version 2_is1" = Rename-It Version 2
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Runic Games Torchlight" = Torchlight
"Sharpener Pro 3.0" = Sharpener Pro 3.0
"Silver Efex Pro" = Silver Efex Pro
"Snap Art" = Alien Skin Snap Art
"Some PDF to HTML Converter_is1" = Some PDF to HTML Converter 1.5
"ST6UNST #1" = PrismaLife Angebots-Software
"ST6UNST #2" = PrismaLife Angebots-Software (C:\Program Files\PrismaLife Angebots-Software PrismaLife\)
"ST6UNST #3" = PrismaLife Angebots-Software (C:\Program Files\PrismaLife Angebots-Software PrismaLife\) #3
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"StarCraft II" = StarCraft II
"Steam App 21680" = Bionic Commando: Rearmed
"Steam App 2600" = Vampire: The Masquerade - Bloodlines
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 3620" = Zuma's Revenge
"Steam App 41020" = Serious Sam HD: The First Encounter Demo
"Steam App 47760" = Mass Effect 2 Demo
"Steam App 49460" = Magic: The Gathering - Duels of the Planeswalkers Demo
"Steam App 550" = Left 4 Dead 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 73050" = Magicka - Demo
"Sweet Home 3D_is1" = Sweet Home 3D version 3.1
"SWF & FLV Toolbox 4_is1" = SWF & FLV Toolbox 4.0 (build 4.0.0.440)
"Tiger System Preferences v2" = Tiger System Preferences v2
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities" = TuneUp Utilities
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.2
"uTorrent" = µTorrent
"Venetica_is1" = Venetica
"VirtualCloneDrive" = VirtualCloneDrive
"Viveza" = Viveza
"Viveza 2" = Viveza 2
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR Archivierer
"Xenofex2" = Alien Skin Xenofex 2.0
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Vielen Dank schon mal für eure Hilfe Spybot S&D findet nichts mehr. Malewarebyts Antimalware hatte das gefunden: PHP-Code: |
|
06.04.2011, 18:14
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Rootkit Patched TDSS GEn entfernt? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
06.04.2011, 18:25
| #3 |
| | Rootkit Patched TDSS GEn entfernt? Hallo Arne,
__________________zumindest keine älteren. Das Programm läuft gerade (seit etwa 2 Stunden). Bisher 1infiziertes Objekt. Log poste ich sobald er fertig ist... EDIT: Ich habe gerade gesehen das ich noch gar nicht geschrieben habe das die besagten Probleme seit dem Bootdisk Scan nicht mehr bestehen. Das System verhält sich (augenscheinlich) normal Geändert von blafungomio (06.04.2011 um 18:35 Uhr) Grund: Nachtrag |
|
06.04.2011, 19:41
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit Patched TDSS GEn entfernt?Zitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.04.2011, 05:24
| #5 |
| | Rootkit Patched TDSS GEn entfernt? So hat ein bischen gedauert. Der Scan lief über Nacht und bei Zugriff auf 2 zu scannende Dateien durch Malwarebytes hat mein G-Data Internet Security gemeckert und der Scan wurde bis zur Bestätigung durch mich pausiert. Hier erstmal der Bericht: PHP-Code: Im Anhang die Quarantäne von G-Data. Die gemeldeten PDFs gehören eigentlich zu einem Arbeitsprogramm und sollten in Ordnung sein. Ich bin aber nicht sicher - zumindest in vergangenen G-Data Scans wurden die Dateien nicht gemeldet (auch bei Scans durch die anderen Programme nicht) |
|
07.04.2011, 10:05
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit Patched TDSS GEn entfernt?Zitat:
 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:60466E88
[2011.03.07 13:43:50 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Vso
[2008.02.15 16:08:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\f7129022-a000-4847-db07-470265a73c4f
[2010.09.18 10:49:32 | 000,005,095 | ---- | C] () -- C:\ProgramData\xpbthzbm.qqq
[2011.03.07 09:03:02 | 000,000,465 | ---- | C] () -- C:\Windows\System32\test
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.18 23:12:18 | 000,000,088 | ---- | M] () - I:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5acc1b3f-688c-11df-a204-cf16305673b9}\Shell - "" = AutoRun
O33 - MountPoints2\{5acc1b3f-688c-11df-a204-cf16305673b9}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- [2009.11.13 21:25:22 | 003,280,672 | ---- | M] (Western Digital)
O33 - MountPoints2\{a162abee-f23b-11de-9e5b-0023542551c7}\Shell - "" = AutoRun
O33 - MountPoints2\{a162abee-f23b-11de-9e5b-0023542551c7}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{c33a2fa5-d1b7-11de-8f30-0023542551c7}\Shell - "" = AutoRun
O33 - MountPoints2\{c33a2fa5-d1b7-11de-8f30-0023542551c7}\Shell\AutoRun\command - "" = H:\Setup\rsrc\Autorun.exe
O33 - MountPoints2\{c33a2fa5-d1b7-11de-8f30-0023542551c7}\Shell\dinstall\command - "" = H:\Directx\dxsetup.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Rootkit Patched TDSS GEn entfernt? |
|
07.04.2011, 10:43
| #7 | |
| | Rootkit Patched TDSS GEn entfernt?Zitat:
So ich glaube ich hab die Logfile nach dem Neustart übersehen (und versehentlich weggeklickt??) Aber im _OTL Ordner war eine Kopie denke ich (diese hatte zumindest das Datum und die Uhrzeit des Neustarts von eben). Bitte schön: Code:
ATTFilter All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:60466E88 deleted successfully.
Folder C:\Users\Marco\AppData\Roaming\Vso\ not found.
C:\ProgramData\f7129022-a000-4847-db07-470265a73c4f moved successfully.
C:\ProgramData\xpbthzbm.qqq moved successfully.
C:\Windows\System32\test moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. I:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5acc1b3f-688c-11df-a204-cf16305673b9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5acc1b3f-688c-11df-a204-cf16305673b9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5acc1b3f-688c-11df-a204-cf16305673b9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5acc1b3f-688c-11df-a204-cf16305673b9}\ not found.
File move failed. I:\WD SmartWare.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a162abee-f23b-11de-9e5b-0023542551c7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a162abee-f23b-11de-9e5b-0023542551c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a162abee-f23b-11de-9e5b-0023542551c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a162abee-f23b-11de-9e5b-0023542551c7}\ not found.
File J:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c33a2fa5-d1b7-11de-8f30-0023542551c7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c33a2fa5-d1b7-11de-8f30-0023542551c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c33a2fa5-d1b7-11de-8f30-0023542551c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c33a2fa5-d1b7-11de-8f30-0023542551c7}\ not found.
File H:\Setup\rsrc\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c33a2fa5-d1b7-11de-8f30-0023542551c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c33a2fa5-d1b7-11de-8f30-0023542551c7}\ not found.
File H:\Directx\dxsetup.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Marco
->Temp folder emptied: 7207059 bytes
->Temporary Internet Files folder emptied: 1023634 bytes
->Java cache emptied: 3714 bytes
->FireFox cache emptied: 145796006 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 917 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1776470 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 149,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04072011_112813
Files\Folders moved on Reboot...
File move failed. I:\autorun.inf scheduled to be moved on reboot.
File move failed. I:\WD SmartWare.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
07.04.2011, 15:27
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit Patched TDSS GEn entfernt? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.04.2011, 15:39
| #9 |
| | Rootkit Patched TDSS GEn entfernt? Nichts gefunden Code:
ATTFilter 2011/04/07 16:37:38.0447 7920 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/07 16:37:40.0452 7920 ================================================================================
2011/04/07 16:37:40.0452 7920 SystemInfo:
2011/04/07 16:37:40.0452 7920
2011/04/07 16:37:40.0452 7920 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/07 16:37:40.0452 7920 Product type: Workstation
2011/04/07 16:37:40.0452 7920 ComputerName: MARCO***-PC
2011/04/07 16:37:40.0452 7920 UserName: Marco ***
2011/04/07 16:37:40.0452 7920 Windows directory: C:\Windows
2011/04/07 16:37:40.0452 7920 System windows directory: C:\Windows
2011/04/07 16:37:40.0452 7920 Processor architecture: Intel x86
2011/04/07 16:37:40.0452 7920 Number of processors: 4
2011/04/07 16:37:40.0452 7920 Page size: 0x1000
2011/04/07 16:37:40.0452 7920 Boot type: Normal boot
2011/04/07 16:37:40.0453 7920 ================================================================================
2011/04/07 16:37:53.0887 7920 Initialize success
2011/04/07 16:37:59.0040 7568 ================================================================================
2011/04/07 16:37:59.0040 7568 Scan started
2011/04/07 16:37:59.0040 7568 Mode: Manual;
2011/04/07 16:37:59.0040 7568 ================================================================================
2011/04/07 16:38:00.0374 7568 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/07 16:38:00.0432 7568 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/07 16:38:00.0481 7568 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/07 16:38:00.0510 7568 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/07 16:38:00.0550 7568 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/07 16:38:00.0585 7568 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/07 16:38:00.0657 7568 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/07 16:38:00.0692 7568 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/07 16:38:00.0712 7568 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/07 16:38:00.0772 7568 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/07 16:38:00.0803 7568 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/07 16:38:00.0839 7568 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/07 16:38:00.0869 7568 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/07 16:38:00.0886 7568 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/07 16:38:00.0920 7568 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/07 16:38:00.0960 7568 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/07 16:38:00.0987 7568 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/07 16:38:01.0027 7568 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/07 16:38:01.0098 7568 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/07 16:38:01.0121 7568 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/07 16:38:01.0218 7568 Aspi32 (eb62fa6d7da4e774e47d376e4d19ca5f) C:\Windows\system32\drivers\aspi32.sys
2011/04/07 16:38:01.0324 7568 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/07 16:38:01.0361 7568 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/07 16:38:01.0473 7568 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/07 16:38:01.0538 7568 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/07 16:38:01.0585 7568 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/07 16:38:01.0651 7568 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/07 16:38:01.0700 7568 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/07 16:38:01.0731 7568 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/07 16:38:01.0761 7568 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/07 16:38:01.0821 7568 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/07 16:38:01.0907 7568 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\Windows\system32\Drivers\BrSerIf.sys
2011/04/07 16:38:01.0942 7568 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/07 16:38:01.0972 7568 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/07 16:38:01.0999 7568 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
2011/04/07 16:38:02.0069 7568 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/07 16:38:02.0130 7568 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/07 16:38:02.0191 7568 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/07 16:38:02.0273 7568 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/07 16:38:02.0326 7568 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/07 16:38:02.0436 7568 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/07 16:38:02.0455 7568 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/07 16:38:02.0486 7568 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/07 16:38:02.0508 7568 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/07 16:38:02.0568 7568 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/07 16:38:02.0613 7568 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/07 16:38:02.0754 7568 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys
2011/04/07 16:38:02.0855 7568 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/04/07 16:38:02.0924 7568 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/07 16:38:02.0954 7568 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/07 16:38:02.0998 7568 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/07 16:38:03.0073 7568 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/07 16:38:03.0140 7568 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/07 16:38:03.0236 7568 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/07 16:38:03.0372 7568 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/04/07 16:38:03.0442 7568 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/07 16:38:03.0477 7568 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/07 16:38:03.0543 7568 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/07 16:38:03.0577 7568 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/07 16:38:03.0628 7568 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/07 16:38:03.0659 7568 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/07 16:38:03.0690 7568 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/07 16:38:03.0753 7568 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/07 16:38:03.0793 7568 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/07 16:38:03.0847 7568 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/07 16:38:03.0875 7568 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/07 16:38:03.0937 7568 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/07 16:38:03.0971 7568 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/07 16:38:04.0037 7568 GDBehave (c6fbeb6ae2050304381af3c570d967b1) C:\Windows\system32\drivers\GDBehave.sys
2011/04/07 16:38:04.0145 7568 GDMnIcpt (6db1a96198a42526d13aba7d8812a436) C:\Windows\system32\drivers\MiniIcpt.sys
2011/04/07 16:38:04.0240 7568 GdNetMon (a7757940b3380343b378b5a1e7fbef16) C:\Windows\system32\drivers\GdNetMon32.sys
2011/04/07 16:38:04.0355 7568 GDPkIcpt (4170eb2a2acca7ac7a525399e781d40e) C:\Windows\system32\drivers\PktIcpt.sys
2011/04/07 16:38:04.0379 7568 gdwfpcd (909a37273ac257508548d0acbec30d7a) C:\Windows\system32\drivers\gdwfpcd32.sys
2011/04/07 16:38:04.0507 7568 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\drivers\GEARAspiWDM.sys
2011/04/07 16:38:04.0624 7568 GRD (8eb5731238c4a4007ffb63a0bb1bc7da) C:\Windows\system32\drivers\GRD.sys
2011/04/07 16:38:04.0711 7568 GT680x (7b90be6811334caa9243b89f3d3fee1a) C:\Windows\system32\Drivers\gt680x.sys
2011/04/07 16:38:04.0756 7568 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/07 16:38:04.0826 7568 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/07 16:38:04.0884 7568 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/07 16:38:04.0912 7568 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/07 16:38:04.0947 7568 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/07 16:38:05.0004 7568 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/07 16:38:05.0066 7568 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/07 16:38:05.0160 7568 HookCentre (c146d298c84f774290ff91712a9e7bbf) C:\Windows\system32\drivers\HookCentre.sys
2011/04/07 16:38:05.0195 7568 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/07 16:38:05.0260 7568 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/07 16:38:05.0288 7568 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/07 16:38:05.0325 7568 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/07 16:38:05.0359 7568 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/07 16:38:05.0434 7568 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/07 16:38:05.0566 7568 IntcAzAudAddService (b4fd14f7b231e358bec6c71d1a6c2845) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/07 16:38:05.0624 7568 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/07 16:38:05.0802 7568 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/07 16:38:05.0840 7568 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/07 16:38:05.0912 7568 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/07 16:38:05.0946 7568 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/07 16:38:06.0023 7568 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/07 16:38:06.0057 7568 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/07 16:38:06.0096 7568 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/07 16:38:06.0129 7568 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/07 16:38:06.0188 7568 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/07 16:38:06.0234 7568 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/07 16:38:06.0291 7568 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/07 16:38:06.0512 7568 L1E (8c804b1ffad1efa952b747e8285c3b76) C:\Windows\system32\DRIVERS\L1E62x86.sys
2011/04/07 16:38:06.0701 7568 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/04/07 16:38:06.0803 7568 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/07 16:38:06.0892 7568 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/04/07 16:38:06.0984 7568 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/07 16:38:07.0138 7568 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/07 16:38:07.0270 7568 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/07 16:38:07.0311 7568 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/07 16:38:07.0389 7568 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/07 16:38:07.0458 7568 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/07 16:38:07.0492 7568 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/07 16:38:07.0542 7568 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/07 16:38:07.0575 7568 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/07 16:38:07.0665 7568 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/07 16:38:07.0755 7568 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/07 16:38:07.0787 7568 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/07 16:38:07.0829 7568 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/07 16:38:07.0885 7568 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/07 16:38:07.0926 7568 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/07 16:38:08.0016 7568 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/07 16:38:08.0109 7568 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/07 16:38:08.0147 7568 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/07 16:38:08.0262 7568 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/07 16:38:08.0281 7568 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/07 16:38:08.0366 7568 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/07 16:38:08.0404 7568 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/07 16:38:08.0440 7568 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/07 16:38:08.0532 7568 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/07 16:38:08.0586 7568 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/07 16:38:08.0646 7568 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/07 16:38:08.0716 7568 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/07 16:38:08.0825 7568 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/07 16:38:08.0874 7568 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/07 16:38:08.0901 7568 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/07 16:38:08.0992 7568 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/07 16:38:09.0186 7568 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/07 16:38:09.0308 7568 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/07 16:38:09.0352 7568 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/07 16:38:09.0417 7568 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/07 16:38:09.0475 7568 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/07 16:38:09.0495 7568 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/07 16:38:09.0530 7568 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/07 16:38:09.0557 7568 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/07 16:38:09.0627 7568 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/07 16:38:09.0656 7568 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/07 16:38:09.0783 7568 netr73 (d6c3db065b58ae8eebfc017756e01c96) C:\Windows\system32\DRIVERS\netr73.sys
2011/04/07 16:38:09.0864 7568 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/07 16:38:09.0977 7568 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys
2011/04/07 16:38:10.0038 7568 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys
2011/04/07 16:38:10.0066 7568 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/07 16:38:10.0102 7568 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/07 16:38:10.0147 7568 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/07 16:38:10.0181 7568 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/07 16:38:10.0422 7568 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/07 16:38:10.0657 7568 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/07 16:38:10.0687 7568 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/07 16:38:10.0753 7568 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/07 16:38:10.0808 7568 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/07 16:38:10.0880 7568 oodisr (57c76678b16e01fd21e9ff6c97e3a347) C:\Windows\system32\DRIVERS\oodisr.sys
2011/04/07 16:38:10.0902 7568 oodisrh (1e340c450ea4040a831a4e382ca9e74f) C:\Windows\system32\DRIVERS\oodisrh.sys
2011/04/07 16:38:10.0928 7568 oodivd (fae65b557395f7b59ddf09d6caf36b2d) C:\Windows\system32\DRIVERS\oodivd.sys
2011/04/07 16:38:10.0955 7568 oodivdh (a516f6c7738bdb447289a90824480d65) C:\Windows\system32\DRIVERS\oodivdh.sys
2011/04/07 16:38:11.0001 7568 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/07 16:38:11.0021 7568 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/07 16:38:11.0048 7568 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/07 16:38:11.0122 7568 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/04/07 16:38:11.0142 7568 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/07 16:38:11.0163 7568 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/07 16:38:11.0186 7568 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/07 16:38:11.0260 7568 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/07 16:38:11.0335 7568 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/07 16:38:11.0368 7568 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/07 16:38:11.0509 7568 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/07 16:38:11.0542 7568 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/07 16:38:11.0613 7568 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/07 16:38:11.0671 7568 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/07 16:38:11.0717 7568 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/07 16:38:11.0753 7568 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/07 16:38:11.0830 7568 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/07 16:38:11.0863 7568 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/07 16:38:11.0893 7568 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/07 16:38:11.0948 7568 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/07 16:38:11.0967 7568 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/07 16:38:11.0995 7568 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/07 16:38:12.0040 7568 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/07 16:38:12.0065 7568 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/07 16:38:12.0106 7568 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/04/07 16:38:12.0165 7568 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/07 16:38:12.0197 7568 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/07 16:38:12.0234 7568 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/07 16:38:12.0305 7568 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/07 16:38:12.0461 7568 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
2011/04/07 16:38:12.0559 7568 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/07 16:38:12.0594 7568 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/07 16:38:12.0713 7568 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/07 16:38:12.0790 7568 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/07 16:38:12.0874 7568 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/07 16:38:12.0908 7568 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/07 16:38:12.0957 7568 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/07 16:38:13.0028 7568 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/07 16:38:13.0057 7568 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/07 16:38:13.0084 7568 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/07 16:38:13.0177 7568 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/07 16:38:13.0208 7568 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/07 16:38:13.0235 7568 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/07 16:38:13.0269 7568 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/07 16:38:13.0312 7568 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/07 16:38:13.0347 7568 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/07 16:38:13.0380 7568 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/07 16:38:13.0443 7568 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/07 16:38:13.0516 7568 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/07 16:38:13.0592 7568 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/07 16:38:13.0627 7568 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/07 16:38:13.0689 7568 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/07 16:38:13.0790 7568 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/07 16:38:13.0831 7568 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/07 16:38:13.0864 7568 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/07 16:38:13.0896 7568 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/07 16:38:13.0991 7568 tbhsd (0a396237c3c4164de12d7c26450bd69c) C:\Windows\system32\drivers\tbhsd.sys
2011/04/07 16:38:14.0073 7568 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/07 16:38:14.0127 7568 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/07 16:38:14.0175 7568 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/07 16:38:14.0210 7568 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/07 16:38:14.0248 7568 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/07 16:38:14.0289 7568 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/07 16:38:14.0314 7568 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/07 16:38:14.0402 7568 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/07 16:38:14.0517 7568 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
2011/04/07 16:38:14.0575 7568 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/07 16:38:14.0646 7568 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/07 16:38:14.0675 7568 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/07 16:38:14.0728 7568 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/07 16:38:14.0789 7568 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/07 16:38:14.0850 7568 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/07 16:38:14.0919 7568 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2011/04/07 16:38:14.0949 7568 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/07 16:38:15.0001 7568 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/07 16:38:15.0027 7568 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/07 16:38:15.0054 7568 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/07 16:38:15.0081 7568 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/07 16:38:15.0141 7568 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/07 16:38:15.0225 7568 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/07 16:38:15.0313 7568 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys
2011/04/07 16:38:15.0375 7568 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
2011/04/07 16:38:15.0415 7568 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/07 16:38:15.0440 7568 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/07 16:38:15.0543 7568 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
2011/04/07 16:38:15.0597 7568 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/07 16:38:15.0635 7568 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/07 16:38:15.0669 7568 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/07 16:38:15.0702 7568 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/07 16:38:15.0737 7568 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/07 16:38:15.0773 7568 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/07 16:38:15.0807 7568 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/07 16:38:15.0855 7568 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/07 16:38:15.0889 7568 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/07 16:38:15.0917 7568 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/07 16:38:15.0940 7568 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/07 16:38:15.0962 7568 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/07 16:38:16.0024 7568 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/07 16:38:16.0057 7568 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/07 16:38:16.0107 7568 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/07 16:38:16.0166 7568 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/07 16:38:16.0244 7568 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/07 16:38:16.0297 7568 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/07 16:38:16.0315 7568 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/07 16:38:16.0364 7568 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/07 16:38:16.0432 7568 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
2011/04/07 16:38:16.0490 7568 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/07 16:38:16.0586 7568 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/07 16:38:16.0616 7568 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/07 16:38:16.0763 7568 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/07 16:38:16.0842 7568 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/07 16:38:16.0903 7568 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/07 16:38:16.0963 7568 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/07 16:38:16.0992 7568 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/07 16:38:17.0156 7568 ================================================================================
2011/04/07 16:38:17.0156 7568 Scan finished
2011/04/07 16:38:17.0156 7568 ================================================================================
|
|
07.04.2011, 18:40
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit Patched TDSS GEn entfernt? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.04.2011, 22:06
| #11 |
| | Rootkit Patched TDSS GEn entfernt? Alles strikt nach Anleitung befolgt und abgearbeitet. Nachdem Combofix den Rechner neu gestartet hat bootete Windows nicht mehr (blieb beim Windows Logo stehen und startete wieder neu). Auch abgesicherter Modus ging nicht mehr Das System lies sich nur durch die Systemstartreparatur wieder in gang bringen. Das System hat offenbar jetzt den Stand von heute Nachmittag aber die I-Net Verbindung ist zum schreien langsam. Vor dem Start von Combofix war es normal. Was soll ich denn als nächstes machen |
|
08.04.2011, 05:11
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit Patched TDSS GEn entfernt? Hm, du bist jetzt der 2. der das erwähnt, sonst hatte CF den Windows-Bootvorgang nie beeinträchtigt...  Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2011, 23:51
| #13 |
| | Rootkit Patched TDSS GEn entfernt? Ist das jetzt ein Problem das die Änderungen von Combofix wohl durch die Systemwiederherstellung zunichte gemacht wurden? Also GMER verursacht immer kurz vor Ende einen Bluescreen. Beim zweiten Durchlauf habe ich aber davor noch das Log gespeichert. Ich hoffe das hilft schon: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-08 12:45:30
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD502IJ rev.1AA01117
Running: g2m3e4r.exe; Driver: C:\Users\MARCOL~1\AppData\Local\Temp\kxtcikod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 8308E589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B3092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe[1960] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe[1960] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe[1960] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe[1960] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe[1960] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe[1960] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe[3052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe[3052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe[3052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe[3052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe[3052] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe[3052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\RapidSolution\Tunebite\Tunebite.exe[3724] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\RapidSolution\Tunebite\Tunebite.exe[3724] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\RapidSolution\Tunebite\Tunebite.exe[3724] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\RapidSolution\Tunebite\Tunebite.exe[3724] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\RapidSolution\Tunebite\Tunebite.exe[3724] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\RapidSolution\Tunebite\Tunebite.exe[3724] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [747A5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
AttachedDevice oodisrh.sys (O&O DiskImage Snapshot/Restore Helper Driver (Win32)/O&O Software GmbH)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device udfs.sys (UDF File System Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 oodisr.sys (O&O DiskImage Snapshot/Restore Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 oodisr.sys (O&O DiskImage Snapshot/Restore Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 oodisr.sys (O&O DiskImage Snapshot/Restore Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 oodisr.sys (O&O DiskImage Snapshot/Restore Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 oodisr.sys (O&O DiskImage Snapshot/Restore Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 oodisr.sys (O&O DiskImage Snapshot/Restore Driver (Win32)/O&O Software GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000008c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???y?|??????????????????????.NT?-0???????????????????????y??????????1???TDTCP????????z???;???????????;???????z???<?????????n?<???????z??????????????????????????t????????{??????@????0?gS ???????????B??????????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|?????????z???????????????n???????z????????????n??????????z???????????????????????z???<????????n??????????z???????????????????????z??????????????????system32\DRIVERS\udfs.sys???system32\DRIVERS\usbehci.sys?usbehci.sys????????????????t????????w??????????????????6-21-2006????????|??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|??????????????????????????8??z????????h?????????????????????????????x??????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????????int?????11???e??11??b}??????????#???Root\*6TO4MP\0011??????????????????? ???\\?\Root#*6TO4MP#0011#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{523B1534-5564-4BE8-836A-2EBFA5B1B0C8}?????? ???????:???????????v?:????????????&???????????????????????? ??????????????Ne???????????s?????e????? ?????????????u????????????????????????????? ???????????????????p?????????? ????????????t??6to4mp.ndi???4??? ?????????????????????,????????????'????????????????????}??? ?????????????????????-??????????????????????????????D?????????????????? ?????????????????????-?????????????????f????????????????6TO4??nettun.inf??EA??Microsoft????????????0???0???????????????????f??????????????????????????????????{523B1534-5564-4BE8-836A-2EBFA5B1B0C8}???????????????p???????????????????z?????????d????? ???????~???????????????????????????????????????z???????????v??? ???z??????????????? ??????????????n????????y???????????????????z????????????????`?????????????6.1.7600.16385?yst??? P??????1?????Dra????*???????????d?????? .?????????????????Microso
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???;????????????????????????????? h?????????????o???? N?????????????????????????????"???MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EEE58DA3-D321-48B6-B7CC-10BCD4B15D56}] DATAGRAM 66???????????????????????m??????????:???(N??;???-??????????????????????{637c490d-eee3-4c0a-973f-371958802da2}????????0??????-??????2C?????;????? ???????:???????????:?:??????????*?&???????????????????????? ?????????????????????;??L????????????????????9?;?????????????????????????? ??????????? ??????????? ??????????? ???????????????????????????????????????????????????????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|???? ???<???;???????;???????;???????????????????????????;???????????????????????????;?????????????????e?????????;???;??????????????????? ???<???;???????;???????;???????????????????????????;????????????????????????N?????????D????;??????????????v2.10|Action=Al
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???y?|???????;???????y???y???y??????????????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|??????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|?????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\p2phost.exe|Name=@FirewallAPI.dll,-32007|Desc=@FirewallAPI.dll,-32010|EmbedCtxt=@FirewallAPI.dll,-32002|????????????{???????{??v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ????????????????lc??? ?????????????????????-????????????????????? ?????????????????????1??L????????? ?????????????N?????? ???????????????????????????????I??????_0??????????? ?????????????????????1????????????&????????????????????1????????????????*??????D?????? O????????????????????????B?????????????????????#???????@cdrom.inf,%genmanufacturer%;(Standard-CD-ROM-Laufwerke)?????????????c??am??? ?????????????????????1??L????????? ???????????????????? ???????U?????????????,????????$???<????????????????????????????????9???????????????????s??? ???????u??????????? ?????????????????????,????????z???????????? ???????@????????????????????$?N???????????{EB440452-E368-49A2-8B18-CC27F36F01D2}??? ??6to4mp.ndi?r????????????????????? ???????Z?????????????1????????????&????????????????????c??? ???????????????????/?1??????*?&??? ????????a???????????}????????????&??????????t??LAN-Verbindung* 19?s|???????????? ?????????????u?????t??????????<???????????nettun.inf?to4??????? ?????????????????????1????????????&????????????????????n?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???u?w???????w???????p??????????????????????????????????????????????????????????3b??%systemroot%\system32\scext.dll???????8??????????????????????????@?????????????????6???????????????????????????5?????????????????????????????????????@??????????????????6???? ?????????????????????????????????????????????????????????????????e????????"C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe"?G??RPCSS??"?T???????????B??C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe???e??tunnel??t???????????????????\??\C:\Windows\system32\drivers\GdNetMon32.sys??????G Data Network Monitor?r K??? ???????????????????k?,????????<????????????????????????????????????????d???l???t??????????????????????????????????????????*6to4mp??v???????????0??.1????8??p????????h???????????????????????<??o????????h???????????????????????????f??p?????????e??????8??p????????h???????X??t?????????n?????????????v??NDIS????????0c??????????????????????????????system32\DRIVERS\CompositeBus.sys?siteBus.sys???system32\drivers\csc.sys?????????????????g?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???f?s???????????????????g?g????@fdc.inf,%genmanufacturer%;(Standard-Diskettenlaufwerkcontroller)???{00000000-0000-0000-ffff-ffffffffffff}??????? .??f???n?????nag??? ???i?????????D??????????????N??k?????????D???????e???f???f???f????????????????????machine.inf?????{4d36e97d-e325-11ce-bfc1-08002be10318}???????????????????????f?g?f???????T?????????????ncy???????f???????e???????e??? ???2??? ???????f???????????f?-??????$???????????????s??????????????????????????s??? ???????f?????????????-?????????????????f???????U??????????{00000000-0000-0000-ffff-ffffffffffff}??????NDIS????ACPI_Inst????????i???????????????????????j???-?????????n?/?????????????????????????????????s?????????h???????????f?f?h???????????f??????????????{4d36e97d-e325-11ce-bfc1-08002be10318}?????????????????????sN???*pnp0c08??????N???????????????????????????????????n?????Q?Q?????????????R?R?????????????S?S?????????????T?T?????????????U?U?????????????V?V?????????????W?W?????????????X?X?????????????Y?Y?????????????Z?Z?????????????[?[?????????????\?\????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???s?k???????e?????????????s????????e5???????f???-??e5??Boot File System?????????????????????????h???????????????p??????????volsnap?C3???????????????????|???????????T??????s????n?o?q?s?o?t?p???????l???????????????????????????~?????s????45000????????k???????e??mdiui.dll???????????????????Microsoft???? ???????s?????s?????s????????????????????s??????????s???????????e??? ???????s???????????s???????????????????????????s???????????s??????????????s????s?s???????s????? ???????o?????s?????s??????????h?w???????e???????h??s?????????e????@%SystemRoot%\system32\drivers\filetrace.sys,-10001???????4??s??????p???FSFilter Activity Monitor??????s??????>??s????????h?????system32\drivers\filetrace.sys????????h??s?????????n????@%SystemRoot%\system32\drivers\filetrace.sys,-10000?????FltMgr??????????????????????????????????????t????????s?????????????????????g?????????????????????s?s?s?s?s?s?s?s?s???????s???????????e??? ???????s?????s?????s?,??0?????2?????????s???????2??s???????????e??FileTrace - Top Instance????? ???????s?????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???l?s??? ???????k?????k?????k?-??????????+??????????0??volume_install??????? ???????k???????????k?-????????P??????????????????????????s?????i?k?k?k?k?k?l?????k?&??{8ECC055D-047F-11D1-A537-0000F8753ED1}????????N??l?????????4????????????????????? $??k???y?????r?s??ms_pppoeminiport?????l????????????????N??l????????D??????????????????????????t?u?u???????????????????????????k???????????????l???????????l?l?l??????????????????RDP_KBD?????? ???????k?????l?????k?-??????????Q????????S?????????????6??????????? ???????l?????????????-????????N??????????????? ??????????s&????l?los????????????????????????N??k???4?????????????l?&???????????????????l???B???????l?l?l??? ???k?????????4?????????????????????????k?k?l??Microsoft???????????????????.NTx86???????????????????????????l???n???????????????????????????????????????1??????????FltMgr??? ??????????????????LegacyDriver?????????f???????e???????????????i???????e??? "??l???????????????????????????????????????????u?v?v??????????????????????????? ??????RDP_MOU??????????w?????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???s????????e5???????f???-??e5??Boot File System?????????????????????????h???????????????p??????????volsnap?C3???????????????????|???????????T??????s????n?o?q?s?o?t?p???????l???????????????????????????~?????s????45000????????k???????e??mdiui.dll???????????????????Microsoft???? ???????s?????s?????s????????????????????s??????????s???????????e??? ???????s???????????s???????????????????????????s???????????s??????????????s????s?s???????s????? ???????o?????s?????s??????????h?w???????e???????h??s?????????e????@%SystemRoot%\system32\drivers\filetrace.sys,-10001???????4??s??????p???FSFilter Activity Monitor??????s??????>??s????????h?????system32\drivers\filetrace.sys????????h??s?????????n????@%SystemRoot%\system32\drivers\filetrace.sys,-10000?????FltMgr??????????????????????????????????????t????????s?????????????????????g?????????????????????s?s?s?s?s?s?s?s?s???????s???????????e??? ???????s?????s?????s?,??0?????2?????????s???????2??s???????????e??FileTrace - Top Instance????? ???????s???????????s?,???????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???n?|?????f????? ???????g?????g???????-??"?????????????????el???f???g??????????????MEM:HAL,MBRES,*;IRQ:HAL,MBRES,*???????X??????????????g?g????? ?????????????g???????1????????????????????? d?????????????????? ???????g???????????f?1????????@???????????????????????????{4d36e97d-e325-11ce-bfc1-08002be10318}\0029?????*pnp0700???????g????? ?????????????g???????1????????????????????? ???????g???????????f?1??????????????????????@? g???????????????a??????s???DMA-Controller?????????????g????? ?????????????g???????1??????????????????????????????????????N??g??????????? ???????g???????????f?1???????????????????????????????????????????????????????????????g????? ?????????????g???????1????????????????????? ???????g???????????f?1?????????????????????????????????????????????????????????f?????????????????g????? ?????????????g???????1????????????????????? ???????g???????????f?1?????????????????????????f???????????????g???????????g?g????Microsoft??????g????? ?????????????g???????1????????????????????? ?????????g???g???g???g???
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???|?????????????????????????|???????????????|??*6to4mp?????text????????0?????`??????6???F??Extended Base???User Mode Driver Frameworks Platform Driver?????????????????t????????????????????????e????V??}???????????~????`?????????????????????????????Net??????????????6??.1???????|???????t?????????????????????????????????????????????????5????????????????????e????????????????????????0???????z???????????????????l??????.t???????????|??t???????????????????????Net??????????????|???????????????????B??????????WmiCollectPerfData??????tunnel???k???|???????????|????????????R??}???-???????????????????????????????y????????????????????N????????????D?????????=??????????????a???5&5c6cfd6&0??3???????????|????????????????X??????|???t????????????????d?????????????????????????????????d????????????????????|???????????5??}???????????????el???????????8???????????????????:???????e???????? ??t????????rers??Typ??????????????????????????????????????????|??????0???????????????????????????1????????????|???e??????Ka??@??????????????????????
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:40:48 on 09.04.2011 OS: Windows 7 Ultimate Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 4.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL [Control Panel Objects] -----( %SystemRoot%\system32 )----- "appwiz.cpl" - "Microsoft Corporation" - C:\Windows\system32\appwiz.cpl "desk.cpl" - "Microsoft Corporation" - C:\Windows\system32\desk.cpl "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "hdwwiz.cpl" - "Microsoft Corporation" - C:\Windows\system32\hdwwiz.cpl "inetcpl.cpl" - "Microsoft Corporation" - C:\Windows\system32\inetcpl.cpl "intl.cpl" - "Microsoft Corporation" - C:\Windows\system32\intl.cpl "irprops.cpl" - "Microsoft Corporation" - C:\Windows\system32\irprops.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "joy.cpl" - "Microsoft Corporation" - C:\Windows\system32\joy.cpl "main.cpl" - "Microsoft Corporation" - C:\Windows\system32\main.cpl "mmsys.cpl" - "Microsoft Corporation" - C:\Windows\system32\mmsys.cpl "ncpa.cpl" - "Microsoft Corporation" - C:\Windows\system32\ncpa.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl "powercfg.cpl" - "Microsoft Corporation" - C:\Windows\system32\powercfg.cpl "sysdm.cpl" - "Microsoft Corporation" - C:\Windows\system32\sysdm.cpl "telephon.cpl" - "Microsoft Corporation" - C:\Windows\system32\telephon.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Aspi32" (Aspi32) - "Adaptec" - C:\Windows\System32\drivers\aspi32.sys "CrystalSysInfo" (CrystalSysInfo) - ? - C:\Program Files\MediaCoder\SysInfo.sys (File found, but it contains no detailed information) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "G Data Network Monitor" (GdNetMon) - "G Data Software AG" - C:\Windows\system32\drivers\GdNetMon32.sys "G Data Rootkit Detector Driver" (GRD) - "G Data Software" - C:\Windows\system32\drivers\GRD.sys "G Data WFP CD" (gdwfpcd) - "G Data Software AG" - C:\Windows\System32\drivers\gdwfpcd32.sys "GDBehave" (GDBehave) - "G Data Software AG" - C:\Windows\System32\drivers\GDBehave.sys "GDMnIcpt" (GDMnIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\MiniIcpt.sys "GDPkIcpt" (GDPkIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\PktIcpt.sys "HookCentre" (HookCentre) - "G Data Software AG" - C:\Windows\system32\drivers\HookCentre.sys "O&O DiskImage Snapshot/Restore Driver" (oodisr) - "O&O Software GmbH" - C:\Windows\System32\DRIVERS\oodisr.sys "O&O DiskImage VirtualDisk Driver" (oodivd) - "O&O Software GmbH" - C:\Windows\System32\DRIVERS\oodivd.sys "oodisrh" (oodisrh) - "O&O Software GmbH" - C:\Windows\System32\DRIVERS\oodisrh.sys "oodivdh" (oodivdh) - "O&O Software GmbH" - C:\Windows\System32\DRIVERS\oodivdh.sys "RivaTuner32" (RivaTuner32) - ? - C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys (File found, but it contains no detailed information) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys "VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\Windows\System32\Drivers\pcouffin.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} "PixiePack Codec Pack 0.10.6.0" - ? - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe (File found, but it contains no detailed information) {2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll {89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop Update" - ? - regsvr32.exe /s /n /i:U shell32.dll (File found, but it contains no detailed information) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\Windows\system32\urlmon.dll {8f6b0360-b80d-11d0-a9b3-006097942311} "AP encoding/decoding Filters" - "Microsoft Corporation" - C:\Windows\system32\urlmon.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {3dd53d40-7b8b-11D0-b013-00aa0059ce02} "CDL: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\urlmon.dll {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\urlmon.dll {79eac9e7-baf9-11ce-8c82-00aa004ba90b} "file:, local: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\urlmon.dll {79eac9e3-baf9-11ce-8c82-00aa004ba90b} "ftp: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\urlmon.dll {79eac9e2-baf9-11ce-8c82-00aa004ba90b} "http: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\urlmon.dll {79eac9e5-baf9-11ce-8c82-00aa004ba90b} "https: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\urlmon.dll {3050F406-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML About Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\System32\mshtml.dll {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\System32\mshtml.dll {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\System32\mshtml.dll {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Mailto Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\System32\mshtml.dll {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\System32\mshtml.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL {79eac9e6-baf9-11ce-8c82-00aa004ba90b} "mk: Asychronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Windows\system32\urlmon.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll {ABC70703-32AF-11d4-90C4-D483A70F4825} "CMenuExtender" - "Revenger inc." - C:\Program Files\iColorFolder\CMExt.dll {1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71} "CShellStitcher Object" - "Microsoft Corporation" - C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {84ECF479-BB35-4e8a-B376-2F37758D1312} "O&O DiskImage PropertyPage" - ? - (File not found | COM-object registry key not found) {5B036813-4E35-4421-ADCB-E06925C7A7ED} "OODIDismount Class" - ? - C:\Program Files\OO Software\DiskImage\oodishd.dll {E5EE7DC9-D673-434a-86E1-306EAFD4A4CF} "OODIMount Class" - ? - C:\Program Files\OO Software\DiskImage\oodishm.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} "CKAVWebScan Object" - "Kaspersky Lab" - C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll / hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10i.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {182EC0BE-5110-49C8-A062-BEB1D02A220B} "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\WebFilter\AVKWebIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll {0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\WebFilter\AVKWebIE.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - ? - C:\Program Files\Java\jre6\bin\jp2ssv.dll (File not found) {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Known DLLs] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )----- "ole32" - "Microsoft Corporation" - C:\Windows\system32\ole32.dll "SHELL32" - ? - C:\Windows\system32\SHELL32.dll (File found, but it contains no detailed information) "URLMON" - "Microsoft Corporation" - C:\Windows\system32\URLMON.dll "user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll "WININET" - "Microsoft Corporation" - C:\Windows\system32\WININET.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "BeratungsNavigator Quickstarter.lnk" - ? - C:\Stuttgarter_Versicherungsgruppe\Stuttgarter\.kevuSSLV\SAS\kqstarter.exe (Shortcut exists | File found, but it contains no detailed information | File exists) "desktop.ini" - ? - C:\Users\Marco ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Alt+Q Hotkey Tool" - ? - C:\Windows\Alt+Q Hotkey.exe (File found, but it contains no detailed information) "ISUSPM" - "Macrovision Corporation" - "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler "PC Suite Tray" - "Nokia" - "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray "TomTomHOME.exe" - "TomTom" - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" "Tunebite" - "RapidSolution Software AG" - C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray "UberIcon" - ? - "C:\Program Files\UberIcon\UberIcon Manager.exe" (File found, but it contains no detailed information) "WinRoll" - ? - C:\Program Files\WinRoll\winroll.exe (File found, but it contains no detailed information) "Yz Shadow" - "Y'z@Home" - C:\Program Files\YzShadow\YzShadow.exe -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "Shell" - "Microsoft Corporation" - C:\Windows\explorer.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN "ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun "DivX Download Manager" - "DivX, LLC" - "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "G Data AntiVirus Tray Application" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe "GDFirewallTray" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "IndexSearch" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" "PaperPort PTD" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "RK Launcher" - "RaduKing" - "C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe" "System Files Updater" - ? - C:\Windows\FlyakiteOSX\Tools\System Files Updater.exe /S (File found, but it contains no detailed information) "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\system32\msimsg.dll,-27" (msiserver) - "Microsoft Corporation" - C:\Windows\system32\msiexec.exe "@%SystemRoot%\System32\themeservice.dll,-8192" (Themes) - "Microsoft Corporation" - C:\Windows\system32\themeservice.dll "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "AST Service" (astcc) - "Nalpeiron Ltd." - C:\Windows\SYSTEM32\astsrv.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "G Data AntiVirus Proxy" (AVKProxy) - "G Data Software AG" - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe "G Data Dateisystem Wächter" (AVKWCtl) - "G Data Software AG" - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe "G Data Personal Firewall" (GDFwSvc) - "G Data Software AG" - C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe "G Data Scanner" (GDScan) - "G Data Software AG" - C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe "G Data Scheduler" (AVKService) - "G Data Software AG" - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Nalpeiron Licensing Service" (nlsX86cc) - "Nalpeiron Ltd." - C:\Windows\system32\nlssrv32.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "O&O DiskImage" (O&O DiskImage) - ? - C:\Program Files\OO Software\DiskImage\oodiag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Ralink Registry Writer" (RalinkRegistryWriter) - "Ralink Technology, Corp." - C:\Program Files\Ralink\Common\RaRegistry.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe "TVersityMediaServer" (TVersityMediaServer) - ? - C:\Users\Marco ****\AppData\Local\TVersity\Media Server\MediaServer.exe (File found, but it contains no detailed information) "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "Matt Ginzton" - C:\Windows\system32\Flurry.scr -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "UIHost" - "Microsoft Corporation" - C:\Windows\system32\logonui.exe -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL "LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: P5Q SE
Logical Drives Mask: 0x000003fd
Kernel Drivers (total 186):
0x83055000 \SystemRoot\system32\ntkrnlpa.exe
0x8301E000 \SystemRoot\system32\halmacpi.dll
0x80BAF000 \SystemRoot\system32\kdcom.dll
0x83621000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83699000 \SystemRoot\system32\PSHED.dll
0x836AA000 \SystemRoot\system32\BOOTVID.dll
0x836B2000 \SystemRoot\system32\CLFS.SYS
0x836F4000 \SystemRoot\system32\CI.dll
0x8BC3E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BCAF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BCBD000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BD05000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8BD0E000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BD16000 \SystemRoot\system32\DRIVERS\pci.sys
0x8BD40000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8BD4B000 \SystemRoot\System32\drivers\partmgr.sys
0x8BD5C000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8BD6C000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BDB7000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8BDBE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8BDCC000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BDE2000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8BC23000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8379F000 \SystemRoot\system32\drivers\fltmgr.sys
0x8BC2C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BE12000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF41000 \SystemRoot\System32\Drivers\msrpc.sys
0x8BF6C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BF7F000 \SystemRoot\System32\Drivers\cng.sys
0x8BFDC000 \SystemRoot\System32\drivers\pcw.sys
0x8BFEA000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C01F000 \SystemRoot\system32\drivers\ndis.sys
0x8C0D6000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C114000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C233000 \SystemRoot\System32\drivers\tcpip.sys
0x8C37C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C3AD000 \SystemRoot\system32\DRIVERS\oodisrh.sys
0x8C3B9000 \SystemRoot\system32\DRIVERS\oodivdh.sys
0x8C3C6000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8C139000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C3CF000 \SystemRoot\System32\Drivers\spldr.sys
0x8C200000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C3D7000 \SystemRoot\system32\DRIVERS\oodisr.sys
0x8C178000 \SystemRoot\system32\DRIVERS\oodivd.sys
0x8C19D000 \SystemRoot\System32\Drivers\mup.sys
0x8C3F3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C1AD000 \SystemRoot\system32\drivers\GDBehave.sys
0x8C1B5000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C1E7000 \SystemRoot\system32\DRIVERS\disk.sys
0x837D3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x83600000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BDEB000 \??\C:\Windows\system32\drivers\MiniIcpt.sys
0x91C0D000 \??\C:\Windows\system32\drivers\HookCentre.sys
0x91C1B000 \SystemRoot\System32\Drivers\Null.SYS
0x91C22000 \SystemRoot\System32\Drivers\Beep.SYS
0x91C29000 \SystemRoot\System32\drivers\vga.sys
0x91C35000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91C56000 \SystemRoot\System32\drivers\watchdog.sys
0x91C63000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91C6B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91C73000 \SystemRoot\system32\drivers\rdprefmp.sys
0x91C7B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91C86000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91C94000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91CAB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91CB6000 \SystemRoot\system32\drivers\afd.sys
0x91D10000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91D42000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x91D49000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91D68000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x91D79000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91D87000 \SystemRoot\system32\DRIVERS\serial.sys
0x91DA1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91DB4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x91DC4000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x91DE6000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x91A01000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91A42000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91A4C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x91A56000 \??\C:\Windows\system32\drivers\GRD.sys
0x91A6C000 \SystemRoot\system32\drivers\gdwfpcd32.sys
0x91A7C000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x91A81000 \SystemRoot\System32\drivers\discache.sys
0x91A8D000 \SystemRoot\system32\drivers\csc.sys
0x91AF1000 \SystemRoot\System32\Drivers\dfsc.sys
0x91B09000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x91B17000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x91B38000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x93003000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x939FD000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x92606000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x926BD000 \SystemRoot\System32\drivers\dxgmms1.sys
0x926F6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x92701000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9274C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9275B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9277A000 \SystemRoot\system32\DRIVERS\L1E62x86.sys
0x92789000 \SystemRoot\system32\DRIVERS\fdc.sys
0x92794000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x92796000 \SystemRoot\system32\DRIVERS\serenum.sys
0x927A0000 \SystemRoot\System32\drivers\GEARAspiWDM.sys
0x927A6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x927B3000 \SystemRoot\system32\drivers\tbhsd.sys
0x927B9000 \SystemRoot\system32\drivers\portcls.sys
0x91B4A000 \SystemRoot\system32\drivers\drmk.sys
0x91B63000 \SystemRoot\system32\drivers\ks.sys
0x927E8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91B97000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91BAF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91BBA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91BDC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x92C39000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92C50000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x92C67000 \SystemRoot\System32\Drivers\pcouffin.sys
0x92C73000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x92C7D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x92C8A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x92C97000 \SystemRoot\system32\DRIVERS\VClone.sys
0x92CA2000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x92CC8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92CCA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92CD8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x92D1C000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x92D26000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9A40C000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9A643000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9A650000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9A65B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9A664000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9BF80000 \SystemRoot\System32\win32k.sys
0x9A675000 \SystemRoot\System32\drivers\Dxapi.sys
0x9A67F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9A696000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9A698000 \SystemRoot\system32\DRIVERS\wdcsam.sys
0x9A69B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9A6B2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9A6BD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9A6D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9A6D7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9A6E3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A6EE000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x9A6F9000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x9A707000 \SystemRoot\System32\Drivers\BrUsbSer.sys
0x9A70A000 \SystemRoot\System32\Drivers\BrSerIf.sys
0x9C1E0000 \SystemRoot\System32\TSDDD.dll
0x9BE20000 \SystemRoot\System32\cdd.dll
0x9A717000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x9A71F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9BE40000 \SystemRoot\System32\ATMFD.DLL
0x9A72A000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x9A732000 \SystemRoot\system32\drivers\luafv.sys
0x9A74D000 \SystemRoot\system32\drivers\WudfPf.sys
0x9A767000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A777000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A7BD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A7CD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x92D37000 \SystemRoot\system32\drivers\HTTP.sys
0x92DBC000 \SystemRoot\system32\DRIVERS\udfs.sys
0x9A7E0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x92C00000 \SystemRoot\System32\drivers\mpsdrv.sys
0x92C12000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA3436000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3471000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA34A4000 \SystemRoot\System32\drivers\aspi32.sys
0xA34A9000 \SystemRoot\system32\drivers\peauth.sys
0xA3540000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA354A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA356B000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA3578000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA7015000 \SystemRoot\System32\DRIVERS\srv.sys
0xA7066000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA7090000 \SystemRoot\System32\drivers\ipnat.sys
0xA70B6000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
0xA70B7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA70D8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA70E1000 \??\C:\Windows\system32\drivers\PktIcpt.sys
0xA715B000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x775E0000 \Windows\System32\ntdll.dll
0x48070000 \Windows\System32\smss.exe
0x77820000 \Windows\System32\apisetschema.dll
0x000C0000 \Windows\System32\autochk.exe
0x777F0000 \Windows\System32\sechost.dll
0x774F0000 \Windows\System32\wininet.dll
0x777E0000 \Windows\System32\psapi.dll
0x77380000 \Windows\System32\ole32.dll
Processes (total 91):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
548 csrss.exe
632 C:\Windows\System32\wininit.exe
644 csrss.exe
696 C:\Windows\System32\services.exe
720 C:\Windows\System32\lsass.exe
728 C:\Windows\System32\lsm.exe
840 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\winlogon.exe
956 C:\Windows\System32\nvvsvc.exe
1008 C:\Windows\System32\svchost.exe
1112 C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
1148 C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
1264 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\audiodg.exe
1480 C:\Windows\System32\svchost.exe
1608 C:\Windows\System32\svchost.exe
1728 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1740 C:\Windows\System32\nvvsvc.exe
1864 C:\Windows\System32\spoolsv.exe
1904 C:\Windows\System32\svchost.exe
2032 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
292 C:\Windows\System32\ASTSRV.EXE
384 C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
568 C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
776 C:\Windows\System32\taskhost.exe
648 C:\Program Files\Bonjour\mDNSResponder.exe
1272 C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe
1780 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
2092 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
2244 C:\Windows\System32\nlssrv32.exe
2272 C:\Program Files\Ralink\Common\RaRegistry.exe
2304 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2340 C:\Windows\System32\svchost.exe
2400 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
2436 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
2484 C:\Users\Marco ***\AppData\Local\TVersity\Media Server\MediaServer.exe
2540 C:\Windows\System32\vds.exe
2604 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2692 C:\Program Files\OO Software\DiskImage\oodiag.exe
2796 vdsldr.exe
3008 C:\Windows\System32\dwm.exe
3044 C:\Windows\explorer.exe
3164 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
3280 C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe
3296 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
3308 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3316 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3368 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3396 C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
3444 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
3504 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
3536 C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
3548 C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
3568 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3584 C:\Windows\Alt+Q Hotkey.exe
3608 C:\Program Files\UberIcon\UberIcon Manager.exe
3636 C:\Program Files\WinRoll\winroll.exe
3668 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
3676 C:\Program Files\YzShadow\YzShadow.exe
3704 C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
3724 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
3748 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
3776 C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
2460 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
3800 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
4016 C:\Program Files\Logitech\SetPoint\SetPoint.exe
3988 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
4764 WmiPrvSE.exe
5012 C:\Program Files\Mozilla Thunderbird\thunderbird.exe
5164 C:\Program Files\Mozilla Firefox\firefox.exe
2520 C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
3624 C:\Windows\System32\alg.exe
5628 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
5820 C:\Windows\System32\svchost.exe
6124 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
6140 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
4156 WUDFHost.exe
4264 C:\Windows\System32\svchost.exe
4876 C:\Program Files\Windows Media Player\wmpnetwk.exe
5052 C:\Windows\System32\svchost.exe
5332 C:\Windows\System32\svchost.exe
4356 C:\Windows\System32\svchost.exe
2668 C:\Program Files\G DATA\InternetSecurity\GUI\GDSC.exe
552 C:\Users\Marco ***\Desktop\MBRCheck.exe
4336 C:\Windows\System32\conhost.exe
3452 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000049`32f66000 (NTFS)
\\.\G: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHD502IJ, Rev: 1AA01117
PhysicalDrive1 Model Number: ST3320820AS, Rev: 3.AHG
PhysicalDrive2 Model Number: WDMy Book 1111, Rev: 2003
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
298 GB \\.\PhysicalDrive1 Hewlett-Packard MBR code detected
SHA1: 161E5DF10EB9B6EAC4AA8DF99305EF77B11BEBD8
930 GB \\.\PhysicalDrive2 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
|
|
09.04.2011, 14:33
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit Patched TDSS GEn entfernt? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.04.2011, 21:11
| #15 |
| | Rootkit Patched TDSS GEn entfernt? Malwarebytes findet nichts mehr Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6283
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
09.04.2011 16:35:35
mbam-log-2011-04-09 (16-35-35).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 727974
Laufzeit: 8 Stunde(n), 16 Minute(n), 3 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
SASW findet nur wieder verdächtige Dateien die zu einem Arbeitsprogramm gehören. Ich bin mir hier aber sicher das es ein Fehlalarm ist. Ich hab die Dateien mal gemeldet (zur weiteren Prüfung) und sie trotzdem mal gelöscht. Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/10/2011 at 09:45 PM
Application Version : 4.50.1002
Core Rules Database Version : 6796
Trace Rules Database Version: 4608
Scan type : Complete Scan
Total Scan Time : 03:51:43
Memory items scanned : 990
Memory threats detected : 0
Registry items scanned : 10683
Registry threats detected : 0
File items scanned : 519527
File threats detected : 3
Trojan.Agent/Gen-Krpytik
C:\VHV\VHV TARIFPROGRAMM\VPL_APPS\DLL.32\SBIKSE32.DLL
Adware.Vundo/Variant-X32[Header]
C:\VHV\VHV TARIFPROGRAMM\VPL_APPS\DLL.32\SBITLV32.DLL
Trojan.Agent/Gen-FakeAlert
C:\VHV\VHV TARIFPROGRAMM\VPL_APPS\TOOLBAR.EXE
|
|
| Themen zu Rootkit Patched TDSS GEn entfernt? |
| 0x00000001, 7-zip, adblock, alternate, antivirus, bho, bluescreen, bonjour, bookmark, browser, converter, entfernt?, error, excel, excel.exe, firefox, flash player, frage, g-data, google, helper, home, install.exe, intranet, jdownloader, langs, location, logfile, mozilla thunderbird, msvcrt, nicht gefunden, nvlddmkm.sys, object, oldtimer, plug-in, preferences, realtek, rootkit, saver, scan, searchplugins, security, shell32.dll, software, spyware.onlinegames, start menu, starten, studio, total commander, trojan.fakems, updates, user agent, visual studio, webcheck, wordpress |
Linear-Darstellung
