| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: windows\system32\drivers\sptd.sys - Rootkit ModificationWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.06.2011, 12:52
| #1 |
 |  windows\system32\drivers\sptd.sys - Rootkit Modification Hey Leute, habe gestern meinen Rechner hochgefahren und plötzlich poppte ein Fenster(1.jpg) von Aast5 auf, in dem stand das eine bedrohliche Datei gefunden worden sei. Und zwar handelt es sich hierbei um einen Rootkit names sptd.sys, der sich im windows\system32\drivers\ verzeichnis befindet. Habe dann halt erstmal auf löschen geklickt, dann öffnet sich kurze Zeit später ein weiteres Fenster (2.jpg) indem es mehrmals die besagte Datei indentifiziert hat. Nach nochmaligen Löschen, öffnet sich Bild 3.jpg und ich habe eine Startzeitprüfung gemacht. Nach dem Neustarten dann passiert das gleiche wieder! Mit Google habe ich herausgefunden das es etwas mit Cloneprogrammen zutun hat, speziell wurde Deamon Tools genannt. Das hatte ich auch mal drauf aber eigentlich gelöscht dachte ich. Zudem kam die Meldung auch erst jetzt ganz plötzlich und ist davor noch nie aufgetreten. Habe bisher Avast5 einen Scan machen lassen, der die Datei immer wieder findet(4.jpg), im besagten Ordner kann ich die Datei aber nicht finden. Ich denke mal als Einleitung reicht das hier. Bin für jede Hilfe offen die mich weiter bringt  Code:
ATTFilter Betriebssystemname Microsoft® Windows Vista™ Home Premium
Version 6.0.6002 Service Pack 2 Build 6002
Zusätzliche Betriebssystembeschreibung Nicht verfügbar
Betriebssystemhersteller Microsoft Corporation
Systemname ***
Systemhersteller ASUSTeK Computer Inc.
Systemmodell F5SR
Systemtyp X86-basierter PC
Prozessor Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz, 2266 MHz, 2 Kern(e), 2 logische(r) Prozessor(en)
BIOS-Version/-Datum American Megatrends Inc. 206, 12.12.2008
SMBIOS-Version 2.4
Windows-Verzeichnis C:\Windows
Systemverzeichnis C:\Windows\system32
Startgerät \Device\HarddiskVolume2
Gebietsschema Deutschland
Hardwareabstraktionsebene Version = "6.0.6002.18005"
Benutzername ***\***
Zeitzone Mitteleuropäische Sommerzeit
Installierter physikalischer Speicher (RAM) 4,00 GB
Gesamter realer Speicher 3,00 GB
Verfügbarer realer Speicher 1,77 GB
Gesamter virtueller Speicher 6,19 GB
Verfügbarer virtueller Speicher 5,08 GB
Größe der Auslagerungsdatei 3,29 GB
Auslagerungsdatei C:\pagefile.sys
|
|
01.06.2011, 14:57
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | windows\system32\drivers\sptd.sys - Rootkit Modification SPTD ist ein Treiber, der zB von den DaemonTools für die Verwaltung virtueller optischer Laufwerke benötigt wird. Und ja, das Teil nistet sich wie ein Rootkit ein, ist aber kein schädliches Rootkit.
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
02.06.2011, 19:13
| #3 |
| | windows\system32\drivers\sptd.sys - Rootkit Modification Hey,
__________________also hier die Logs, hat ein wenig länger gedauert. Extras Logfile OTL: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.06.2011 19:15:00 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,52% Memory free
6,19 Gb Paging File | 5,08 Gb Available in Paging File | 82,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 10,48 Gb Free Space | 7,03% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 6,06 Gb Free Space | 4,35% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CDB2725-289D-4ED9-A3B7-2047909FD013}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1134834A-7BEF-4EF8-82F2-5BBE7A0AFD4E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1A384342-F487-45E1-BB05-586020560851}" = lport=139 | protocol=6 | dir=in | app=system |
"{1AC791BB-9410-44D9-9897-642610987351}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{3246BA19-C51B-438D-B5D0-5AE3957C90E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3A4FDD34-8792-4BD2-86D9-0061198DB9B4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4D6F2272-4961-4F00-A143-D83274D209C0}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe |
"{538D9597-70F4-494A-9988-C346C918C3B3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{542A65AB-DF17-4CA0-9442-904F39C21E3C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{635AB57C-6D36-41C9-997D-A8B34D05AC68}" = lport=138 | protocol=17 | dir=in | app=system |
"{7FC65E79-031C-4EFE-93BF-D57D1B0DE15D}" = rport=138 | protocol=17 | dir=out | app=system |
"{8645AD10-4A92-4200-A8C4-4A47662CC23F}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{9B5E7BD6-2DF5-43FF-A448-48B19F8B1B44}" = rport=137 | protocol=17 | dir=out | app=system |
"{9CBEDAA5-5586-4D71-99AB-374E85DA58C9}" = rport=445 | protocol=6 | dir=out | app=system |
"{B02FA881-643E-485F-8793-932748D7F10F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B335299A-1E1D-4ABC-9677-BAE166DBDDE4}" = rport=139 | protocol=6 | dir=out | app=system |
"{BF15584E-07EA-4E9A-906B-34A8D7930855}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{D2521475-969F-42FB-86FE-0EA17A1E0FD9}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |
"{D9AD0B88-A277-45BF-B148-8AF3671782B7}" = lport=137 | protocol=17 | dir=in | app=system |
"{E870AF03-C0D6-4CB1-AB39-D59B45CB3EEB}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD4958C8-4C25-4015-81D9-4CAF7037DA6F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{FDF96227-1597-4875-8E60-C8189386C1B2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CF5C79A-6DD8-4165-837E-C5326FAE878C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1FB6BD92-942C-4285-AA83-01E1F6298ADA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27A99362-7BDC-433F-B7EA-BBC9F4E6B56B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{296A7740-EC15-43AE-B918-7ED40C866CBF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{35B41AC4-7AFB-4D9F-BAD6-7414618818E7}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe |
"{3B4E8A78-E4BA-4EE3-AE12-8470650A508E}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{3F3FB793-A918-4907-B4EF-CD2CED805F97}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{582AC351-392F-4B5F-B93C-7D1E96202617}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{5C47A05F-A3A7-4BA7-9F32-FAEF3648DD18}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{619ADFC2-E7A7-42E1-A4D0-A8266F29BE04}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{6C90D5AE-C52C-4AB5-B0E5-00BCCCCA6B43}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E2616D0-84F6-4E1A-A4DC-5F5613116BB1}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{71BE8019-380B-4954-8167-0380D282D668}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{8F44B892-103C-47FE-B39A-69A27DEDFB82}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{90727149-04A4-450A-A6B8-FFA4D65571BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9346F820-AFB8-45B0-84DA-CFE00B0C98CD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{9F26E6B9-3312-42B6-8ED8-6C443490FA2C}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\daniel.schurr@gmx.net\day of defeat\hl.exe |
"{9F7B6A1D-0F48-4F2B-9C3C-834D43DD4B22}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\daniel.schurr@gmx.net\day of defeat\hl.exe |
"{A6DD2AF4-EC08-43E6-A0FE-929BFE9AC932}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{AAB3C215-974D-4AED-BFB4-86CAE05C6B23}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{B2F0E916-93B4-4F4B-8F64-F62F40415F88}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B5D793D9-A97C-4341-AD4D-4D10849CFA7C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B6426013-D262-4154-90A4-C41C75F415C4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C02DF333-D5E0-4D1C-A7FB-D3F2DA6B8438}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CD72F80C-2634-487A-A3B1-3FBE4EEDBA55}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe |
"{CEBA02BA-4556-4C3A-80F6-3ED39586CFFB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D9AAD8E3-A0A3-4FA5-B797-9300186B4798}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D9E13536-F712-455D-BEC7-4663917372C2}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{DB48D943-CC23-4885-8333-A04B2F1F91DE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E2768921-8D47-42FF-968C-382374BBC4A3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E4AC9472-9977-4E46-BAF6-FBED1575AB16}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E72C83BB-CFEA-44F8-8031-0ECA80659CF9}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07620C4F-0964-4086-A872-C9C12E418E52}" = DJ_SF_03_D4300_Software
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese
"{24EFA94F-F3D6-4386-8824-B54712C9DC88}" = D4300_Help
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French
"{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch
"{387D9916-BD27-480f-8CF0-3228832BBAA2}" = HP Deskjet D4300 Printer Driver Software 10.0 Rel .3
"{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42C7C4D8-033E-44F9-BF34-43808A0686CC}" = D4300
"{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins
"{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech
"{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58F14BA8-F5EE-45E3-B759-43488557E272}" = Windows Phone Support Tool
"{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek
"{59BDB81E-9BB8-476E-A0A4-EE053A7FCBCB}" = PDF-XChange Viewer
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian
"{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69464949-AD9C-4C98-933F-C32FFC86F3C8}" = Doomsday
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai
"{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{886F91D5-4B45-45DC-938E-6B0276C6B015}" = Solid Edge V20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B0A7592-2AE0-48EA-A327-6EB7DAB25E4A}" = DJ_SF_03_D4300_Software_Min
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility
"{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{ACA0919C-BF7F-41A6-943E-C853EF9A247B}_is1" = DMP Mod Doomsday-Armageddon 21.0 Farbige Techbilder
"{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese
"{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista
"{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish
"{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 GOLD
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DBBA19C5-6EB4-4753-B881-189CF6ACB9CD}" = OpenVPN
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E60A3FF1-856E-4DD2-BFC6-FD9B976FE1C5}" = DJ_SF_03_D4300_ProductContext
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard
"{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"avast" = avast! Free Antivirus
"DD-DAIM" = DD-DAIM
"DMP Mod 10.0 Doomsday-Armageddon" = DMP Mod 10.0 Doomsday-Armageddon 10.0
"DMP Mod 19.0 Doomsday-Armageddon" = DMP Mod 19.0 Doomsday-Armageddon 19.0
"DMP Mod 20.0 Doomsday-Armageddon" = DMP Mod 20.0 Doomsday-Armageddon 20.0
"DMP Mod Version 11.0 Hearts of Iron 2" = DMP Mod Version 11.0 Hearts of Iron 2 DMP 11.0
"DMP Mod Version 12.0 Hearts of Iron 2" = DMP Mod Version 12.0 Hearts of Iron 2 DMP 12.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 11.11.2109" = Opera 11.11
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 0.9.9
"VLC play! Server_is1" = VLC play! Server 1.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zune" = Zune
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.06.2011 07:53:57 | Computer Name = ***| Source = EventSystem | ID = 4621
Description =
Error - 01.06.2011 07:59:51 | Computer Name = ***| Source = WinMgmt | ID = 10
Description =
Error - 01.06.2011 10:06:48 | Computer Name =*** | Source = WinMgmt | ID = 10
Description =
Error - 01.06.2011 12:17:18 | Computer Name =*** | Source = WinMgmt | ID = 10
Description =
Error - 01.06.2011 12:26:16 | Computer Name =*** | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0062-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
werden.
Error - 01.06.2011 12:28:30 | Computer Name = *** | Source = EventSystem | ID = 4621
Description =
Error - 02.06.2011 08:09:28 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 02.06.2011 09:43:41 | Computer Name = *** | Source = EventSystem | ID = 4621
Description =
Error - 02.06.2011 10:04:44 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 02.06.2011 13:06:57 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 17.08.2010 05:29:47 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11.12.2010 07:33:49 | Computer Name = dani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 02.06.2011 08:09:42 | Computer Name = *** | Source = Service Control Manager | ID = 7022
Description =
Error - 02.06.2011 08:09:42 | Computer Name = ***| Source = Service Control Manager | ID = 7026
Description =
Error - 02.06.2011 08:10:26 | Computer Name =*** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 02.06.2011 10:02:47 | Computer Name = *** | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 02.06.2011 10:05:03 | Computer Name = ***| Source = Service Control Manager | ID = 7022
Description =
Error - 02.06.2011 10:05:03 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description =
Error - 02.06.2011 13:05:02 | Computer Name = *** | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 02.06.2011 13:07:11 | Computer Name = *** | Source = Service Control Manager | ID = 7022
Description =
Error - 02.06.2011 13:07:11 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description =
Error - 02.06.2011 13:07:55 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
[ TuneUp Events ]
Error - 06.12.2010 13:01:40 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-06 18:01:40', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','3188',0)
Error - 06.12.2010 13:26:50 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-06 18:26:50', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','5584',0)
Error - 23.12.2010 15:22:02 | Computer Name = ***| Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-23 20:22:02', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\unins000.exe','4648',0)
Error - 31.05.2011 12:51:45 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-31 18:51:45', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','5920',0)
Error - 31.05.2011 12:53:00 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-31 18:53:00', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','5508',0)
Error - 31.05.2011 13:06:25 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-31 19:06:25', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','5508',0)
Error - 31.05.2011 13:39:31 | Computer Name = ***| Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-31 19:39:31', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','5080',0)
Error - 01.06.2011 10:07:21 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-06-01 16:07:21', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','5240',0)
Error - 01.06.2011 10:08:06 | Computer Name = ***| Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-06-01 16:08:06', '\device\harddiskvolume2\programdata\malwarebytes\malwarebytes'
anti-malware\mbam-setup.exe','5612',0)
Error - 01.06.2011 10:09:17 | Computer Name = ***| Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-06-01 16:09:17', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','5940',0)
< End of report >
[/code] |
|
02.06.2011, 19:14
| #4 |
| | windows\system32\drivers\sptd.sys - Rootkit Modification OTL Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.06.2011 19:15:00 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\dani\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,52% Memory free 6,19 Gb Paging File | 5,08 Gb Available in Paging File | 82,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 10,48 Gb Free Space | 7,03% Space Free | Partition Type: NTFS Drive D: | 139,28 Gb Total Space | 6,06 Gb Free Space | 4,35% Space Free | Partition Type: NTFS Computer Name: DANI-PC | User Name: dani | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.02 14:36:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.05.10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011.05.05 20:43:42 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010.12.02 20:48:28 | 000,462,848 | ---- | M] (ageye GbR) -- C:\Program Files\ageye\VLC play! Server\VLCplayServer.exe PRC - [2010.11.11 14:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.06.18 08:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.07 10:25:13 | 004,853,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.10.12 07:44:28 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe ========== Modules (SafeList) ========== MOD - [2011.06.02 14:36:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\dani\Desktop\OTL.exe MOD - [2011.05.10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon) SRV - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.02.28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.12.25 01:31:16 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.11.11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2010.11.11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2010.11.11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2010.04.24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.04.24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.01.30 12:19:23 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2010.01.30 12:19:18 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.08.10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.05.18 12:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007.02.06 04:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) ========== Driver Services (SafeList) ========== DRV - [2011.05.10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.05.10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.05.10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.05.10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.05.10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011.05.10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.01.01 13:46:08 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.04.24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2010.04.24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2010.04.24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2010.04.24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys -- (SANDRA) DRV - [2009.06.11 20:14:29 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.04.28 21:53:57 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.04.28 21:53:56 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2008.06.03 08:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008.05.29 20:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby) DRV - [2008.03.09 16:58:41 | 003,533,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.10.01 08:59:45 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.08.11 06:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.07.24 21:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.06.20 05:12:17 | 000,047,616 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2006.12.14 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.10.01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801) DRV - [2005.03.03 19:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005.02.23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - prefs.js..network.proxy.type: 2 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.05 20:43:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.05 20:43:48 | 000,000,000 | ---D | M] [2009.08.28 03:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dani\AppData\Roaming\mozilla\Extensions [2009.08.28 03:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dani\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011.06.02 14:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dani\AppData\Roaming\mozilla\Firefox\Profiles\r40js1v1.default\extensions [2010.05.20 22:12:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\dani\AppData\Roaming\mozilla\Firefox\Profiles\r40js1v1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.25 22:49:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\dani\AppData\Roaming\mozilla\Firefox\Profiles\r40js1v1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.25 21:09:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\dani\AppData\Roaming\mozilla\Firefox\Profiles\r40js1v1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.12.06 18:50:10 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\dani\AppData\Roaming\mozilla\Firefox\Profiles\r40js1v1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.05 14:37:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\dani\AppData\Roaming\mozilla\Firefox\Profiles\r40js1v1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(38) [2011.05.30 20:33:57 | 000,001,056 | ---- | M] () -- C:\Users\dani\AppData\Roaming\Mozilla\Firefox\Profiles\r40js1v1.default\searchplugins\icqplugin.xml [2011.02.06 21:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009.09.19 11:23:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.12.06 18:55:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.06 21:43:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2009.03.31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011.01.11 13:22:42 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll [2011.05.05 20:43:45 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.05.05 20:43:45 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2011.05.05 20:43:45 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.05.05 20:43:45 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.05.05 20:43:45 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - Startup: C:\Users\dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VLC play! Server.lnk = C:\Program Files\ageye\VLC play! Server\VLCplayServer.exe (ageye GbR) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\dani\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\dani\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\dani\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0f38fdde-3e41-11df-8126-002354623135}\Shell\AutoRun\command - "" = H:\Menu.exe O33 - MountPoints2\{11468d40-159d-11e0-8820-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{11468d40-159d-11e0-8820-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{295c0b7d-539d-11de-9038-002354623135}\Shell - "" = AutoRun O33 - MountPoints2\{295c0b7d-539d-11de-9038-002354623135}\Shell\AutoRun\command - "" = G:\autoplay.exe O33 - MountPoints2\{47a1c498-144c-11e0-8f15-002354623135}\Shell - "" = AutoRun O33 - MountPoints2\{47a1c498-144c-11e0-8f15-002354623135}\Shell\AutoRun\command - "" = I:\setup.exe O33 - MountPoints2\{e331fcbe-1440-11e0-8ce2-002354623135}\Shell - "" = AutoRun O33 - MountPoints2\{e331fcbe-1440-11e0-8ce2-002354623135}\Shell\AutoRun\command - "" = F:\autorunmenu.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {59DC1004-42BC-4C4A-590E-815A06EC7313} - Browser Customizations ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.06.02 14:36:34 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\dani\Desktop\OTL.exe [2011.05.31 19:15:13 | 000,645,632 | ---- | C] (OldTimer Tools) -- C:\Users\dani\Desktop\OTS.exe [2011.05.31 18:49:21 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.31 18:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.31 18:49:18 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.31 18:46:35 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\dani\Desktop\mbam-setup-1.50.1.1100.exe [2011.05.24 18:52:07 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.05.18 19:56:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Procter_gamble [2011.05.17 20:57:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2F32CDF7-00A6-4397-864A-096C3466C5DA} [2011.05.16 09:05:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Hotmail [2011.05.14 16:38:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B7858982-E89F-4FED-84EF-A2FB1D0CA99E} [2011.05.12 20:33:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ECAC77A5-0E60-4BC1-81A7-3689B4D7C654} [2011.05.11 16:17:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B6AD6F74-9D01-432D-8CD7-5DCFA4AC0300} [2011.05.09 19:07:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{66116B64-24A0-43D9-B582-2D3BF857AE50} [2011.05.07 21:03:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B7B624D3-618B-4C42-B0D7-A7BAF63CEBB8} [2011.05.07 10:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011.05.05 23:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ageye [2011.05.05 23:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\ageye [2011.05.05 23:39:21 | 000,724,935 | ---- | C] (ageye GbR ) -- C:\Users\***\Desktop\vlcplayserver_1.1.exe [2011.05.04 20:06:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{17724F29-BEFF-4C9D-923C-C8ADBB6ACF1C} [2008.06.03 08:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.02 19:21:25 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.02 19:09:49 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2011.06.02 19:09:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.02 19:05:31 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.02 19:05:31 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.02 19:05:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.02 14:36:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.06.02 14:15:08 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3CDFAA12-AB5C-4A00-A36F-295ADAD51018}.job [2011.06.01 18:28:02 | 000,027,190 | ---- | M] () -- C:\Users\***\Desktop\Frequently asked questions.odt [2011.06.01 18:27:27 | 000,053,897 | ---- | M] () -- C:\Users\***\Desktop\Kalkulation_Runde5.ods [2011.06.01 13:20:45 | 000,037,845 | ---- | M] () -- C:\Users\***\Desktop\2.jpg [2011.06.01 13:19:29 | 000,032,390 | ---- | M] () -- C:\Users\***\Desktop\1.jpg [2011.06.01 13:16:05 | 000,025,149 | ---- | M] () -- C:\Users\***\Desktop\3.jpg [2011.06.01 13:15:36 | 000,059,600 | ---- | M] () -- C:\Users\***\Desktop\4.jpg [2011.05.31 19:15:22 | 000,645,632 | ---- | M] (OldTimer Tools) -- C:\Users\dani\Desktop\OTS.exe [2011.05.31 18:46:49 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\dani\Desktop\mbam-setup-1.50.1.1100.exe [2011.05.30 17:59:41 | 000,629,186 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.30 17:59:41 | 000,596,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.30 17:59:41 | 000,126,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.30 17:59:41 | 000,104,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.30 17:58:38 | 000,316,956 | ---- | M] () -- C:\Users\***\Desktop\Mibi Kurs.pdf [2011.05.30 17:57:27 | 000,245,663 | ---- | M] () -- C:\Users\***\Desktop\Mibi Kurs.odt [2011.05.30 00:57:29 | 000,041,984 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.26 17:25:12 | 000,046,130 | ---- | M] () -- C:\Users\***\Desktop\Calculation_Green_SieheTotaleNachfrage2.ods [2011.05.26 16:50:00 | 000,039,576 | ---- | M] () -- C:\Users\***\Desktop\Calculation_Green2.ods [2011.05.24 18:52:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.05.20 23:48:10 | 016,111,389 | ---- | M] () -- C:\Users\***\Desktop\Italien_1940_Mai_30.eug [2011.05.19 12:48:55 | 000,028,386 | ---- | M] () -- C:\Users\***\Desktop\Optionen Runde 4.odt [2011.05.18 22:30:37 | 016,130,101 | ---- | M] () -- C:\Users\***\Desktop\Italien_1940_Mai_7 xxx.eug [2011.05.18 19:49:53 | 013,304,806 | ---- | M] () -- C:\Users\***\Desktop\Procter_gamble.zip [2011.05.16 09:05:20 | 001,404,234 | ---- | M] () -- C:\Users\***\Desktop\Hotmail.zip [2011.05.10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011.05.10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.05.10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.05.10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.05.10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.05.10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.05.10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.05.10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.05.09 20:29:27 | 000,079,849 | ---- | M] () -- C:\Users\***\Desktop\216443_212684722094298_100000583148127_749754_2942354_n.jpg [2011.05.07 10:20:41 | 000,076,570 | ---- | M] () -- C:\Users\***\Desktop\PdfPrint.pdf [2011.05.07 10:14:09 | 000,044,567 | ---- | M] () -- C:\Users\***\Desktop\B10419-2660_54877939_8MWBL3_145469-20110508-PDFTICKET 19 .pdf [2011.05.07 01:49:35 | 000,007,846 | ---- | M] () -- C:\Users\***\Desktop\OpenDocument Text (neu).odt [2011.05.06 12:35:05 | 000,733,188 | ---- | M] () -- C:\Users\***\Desktop\tox 3.pdf [2011.05.06 12:33:59 | 002,216,156 | ---- | M] () -- C:\Users\***\Desktop\tox 2.pdf [2011.05.06 12:32:15 | 003,270,670 | ---- | M] () -- C:\Users\***\Desktop\tox 1.pdf [2011.05.05 23:40:41 | 000,001,876 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VLC play! Server.lnk [2011.05.05 23:39:30 | 000,724,935 | ---- | M] (ageye GbR ) -- C:\Users\***\Desktop\vlcplayserver_1.1.exe [2011.05.05 12:47:50 | 000,029,177 | ---- | M] () -- C:\Users\***\Desktop\Strategie_Green_AOI.odt [2011.05.04 22:33:45 | 000,767,892 | ---- | M] () -- C:\Users\***\Desktop\Vorlesung Grundlagenmodul Slide Selection 1104.pdf [2011.05.04 19:26:22 | 000,047,810 | ---- | M] () -- C:\Users\***\Desktop\***.jpg [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.01 18:28:01 | 000,027,190 | ---- | C] () -- C:\Users\***\Desktop\Frequently asked questions.odt [2011.06.01 17:41:27 | 000,053,897 | ---- | C] () -- C:\Users\***\Desktop\Kalkulation_Runde5.ods [2011.06.01 13:16:05 | 000,037,845 | ---- | C] () -- C:\Users\***\Desktop\2.jpg [2011.06.01 13:16:05 | 000,025,149 | ---- | C] () -- C:\Users\***\Desktop\3.jpg [2011.06.01 13:15:36 | 000,059,600 | ---- | C] () -- C:\Users\***\Desktop\4.jpg [2011.06.01 13:15:36 | 000,032,390 | ---- | C] () -- C:\Users\***\Desktop\1.jpg [2011.05.30 17:58:36 | 000,316,956 | ---- | C] () -- C:\Users\***\Desktop\Mibi Kurs.pdf [2011.05.30 17:57:26 | 000,245,663 | ---- | C] () -- C:\Users\***\Desktop\Mibi Kurs.odt [2011.05.26 16:58:04 | 000,046,130 | ---- | C] () -- C:\Users\***\Desktop\Calculation_Green_SieheTotaleNachfrage2.ods [2011.05.23 10:15:42 | 016,111,389 | ---- | C] () -- C:\Users\***\Desktop\Italien_1940_Mai_30.eug [2011.05.20 18:19:00 | 016,130,101 | ---- | C] () -- C:\Users\***\Desktop\Italien_1940_Mai_7 xxx.eug [2011.05.18 19:49:34 | 013,304,806 | ---- | C] () -- C:\Users\***\Desktop\Procter_gamble.zip [2011.05.18 09:07:05 | 000,028,386 | ---- | C] () -- C:\Users\***\Desktop\Optionen Runde 4.odt [2011.05.17 10:05:58 | 000,039,576 | ---- | C] () -- C:\Users\***\Desktop\Calculation_Green2.ods [2011.05.16 09:05:16 | 001,404,234 | ---- | C] () -- C:\Users\***\Desktop\Hotmail.zip [2011.05.09 20:29:26 | 000,079,849 | ---- | C] () -- C:\Users\***\Desktop\216443_212684722094298_100000583148127_749754_2942354_n.jpg [2011.05.07 10:20:40 | 000,076,570 | ---- | C] () -- C:\Users\***\Desktop\PdfPrint.pdf [2011.05.07 10:14:07 | 000,044,567 | ---- | C] () -- C:\Users\***\Desktop\B10419-2660_54877939_8MWBL3_145469-20110508-PDFTICKET 19 .pdf [2011.05.07 01:09:46 | 000,007,846 | ---- | C] () -- C:\Users\***\Desktop\OpenDocument Text (neu).odt [2011.05.06 12:35:05 | 000,733,188 | ---- | C] () -- C:\Users\dani\Desktop\tox 3.pdf [2011.05.06 12:33:59 | 002,216,156 | ---- | C] () -- C:\Users\dani\Desktop\tox 2.pdf [2011.05.06 12:32:14 | 003,270,670 | ---- | C] () -- C:\Users\dani\Desktop\tox 1.pdf [2011.05.05 23:40:41 | 000,001,876 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VLC play! Server.lnk [2011.05.05 12:47:49 | 000,029,177 | ---- | C] () -- C:\Users\***\Desktop\Strategie_Green_AOI.odt [2011.05.04 19:26:20 | 000,047,810 | ---- | C] () -- C:\Users\***\Desktop\anna.jpg [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.01.13 10:14:46 | 000,000,983 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.12.05 19:22:45 | 000,000,036 | ---- | C] () -- C:\Users\dani\AppData\Local\housecall.guid.cache [2010.09.06 20:52:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.07.10 13:21:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0.17074596067894565.exe [2010.05.20 18:42:02 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2010.04.29 21:39:24 | 000,000,600 | ---- | C] () -- C:\Users\dani\AppData\Local\PUTTY.RND [2010.04.11 20:54:53 | 000,167,936 | ---- | C] () -- C:\Windows\A4.dll [2010.04.11 20:54:53 | 000,045,056 | ---- | C] () -- C:\Windows\GetKey.dll [2010.04.11 20:44:39 | 000,001,841 | ---- | C] () -- C:\ProgramData\HijackThis.lnk [2010.03.14 13:39:56 | 000,008,385 | ---- | C] () -- C:\Windows\System32\SETUP.INI [2010.03.10 18:30:32 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.10.15 18:24:01 | 000,000,604 | ---- | C] () -- C:\Windows\Edofma.INI [2009.08.16 16:29:18 | 000,438,272 | ---- | C] () -- C:\Windows\System32\PaintX.dll [2009.06.05 21:30:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.05 21:30:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.05.03 20:39:16 | 000,041,984 | ---- | C] () -- C:\Users\dani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.28 21:53:57 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.04.28 21:53:56 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.04.28 21:15:47 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2009.04.28 21:15:47 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2009.04.13 21:54:46 | 000,000,680 | ---- | C] () -- C:\Users\dani\AppData\Local\d3d9caps.dat [2009.04.13 21:21:51 | 000,179,179 | ---- | C] () -- C:\Windows\hphins27.dat [2009.02.25 01:16:36 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe [2009.02.25 01:16:26 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe [2009.02.25 00:43:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.02.24 23:19:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.07.02 05:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008.05.22 19:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg [2008.04.16 13:11:34 | 000,629,186 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.04.16 13:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.04.16 13:11:34 | 000,126,640 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.04.16 13:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2008.03.09 16:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.03.09 15:32:51 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.03.04 13:01:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.02.28 04:14:03 | 000,168,886 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.12.13 02:04:20 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl27.dat [2007.10.01 08:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.08.06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe [2007.05.09 09:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 003,785,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,596,440 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,256 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2004.10.26 22:24:32 | 000,130,016 | ---- | C] () -- C:\Windows\System32\KM1630AQ.DRV [2004.04.21 22:52:28 | 000,000,263 | ---- | C] () -- C:\Windows\System32\KCMV3D.INI [2003.06.20 23:22:44 | 000,024,311 | ---- | C] () -- C:\Windows\System32\KM311910.DAT ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.23 21:02:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2011.01.22 22:55:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer [2009.05.10 23:14:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arcsoft [2009.08.22 21:14:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari [2009.03.31 21:23:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI [2009.10.30 16:48:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus [2009.12.12 16:02:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink [2009.06.07 23:17:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2009.09.20 12:28:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX [2011.05.30 19:53:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss [2010.12.05 00:10:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.10 20:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2009.04.16 09:06:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google [2009.12.04 22:10:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hamachi [2009.04.13 21:58:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HP [2011.04.06 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2009.03.31 21:22:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2009.05.03 14:54:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield [2009.03.31 21:23:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2010.12.06 19:01:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2011.05.09 15:16:20 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2009.04.24 15:42:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2009.05.12 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2009.04.25 08:37:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2010.12.06 20:09:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2009.05.03 15:27:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scilab [2009.05.09 22:10:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skinux [2011.05.17 20:02:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2011.05.17 18:13:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM [2011.05.28 12:59:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2009.06.26 21:25:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Symantec [2010.07.09 03:29:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2009.04.28 19:55:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2010.05.03 20:39:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unigraphics Solutions [2010.06.12 03:25:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc [2009.04.28 19:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.06.04 10:53:16 | 000,010,134 | R--- | M] () -- C:\Users\dani\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A9662AE0 @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:010ADD2C < End of report > [/code] Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6744
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
01.06.2011 18:11:38
mbam-log-2011-06-01 (18-11-38).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Durchsuchte Objekte: 545123
Laufzeit: 1 Stunde(n), 59 Minute(n), 52 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
03.06.2011, 10:17
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | windows\system32\drivers\sptd.sys - Rootkit ModificationZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2011, 11:01
| #6 |
| | windows\system32\drivers\sptd.sys - Rootkit Modification Hey, ne das ist nicht der VLC-Playern, sondern das Gegenstück von einer Windows Phone 7 App. Damit ist es möglich den VLC-Player mit dem Handy anzusteuern, also Lautstärke regeln. Wird das denn als gefährlich angezeigt? Danke übrigens schonmal für die Hilfe!! |
|
03.06.2011, 11:17
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | windows\system32\drivers\sptd.sys - Rootkit Modification Nein ich wollte nur wissen was das ist. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0f38fdde-3e41-11df-8126-002354623135}\Shell\AutoRun\command - "" = H:\Menu.exe
O33 - MountPoints2\{11468d40-159d-11e0-8820-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{11468d40-159d-11e0-8820-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{295c0b7d-539d-11de-9038-002354623135}\Shell - "" = AutoRun
O33 - MountPoints2\{295c0b7d-539d-11de-9038-002354623135}\Shell\AutoRun\command - "" = G:\autoplay.exe
O33 - MountPoints2\{47a1c498-144c-11e0-8f15-002354623135}\Shell - "" = AutoRun
O33 - MountPoints2\{47a1c498-144c-11e0-8f15-002354623135}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{e331fcbe-1440-11e0-8ce2-002354623135}\Shell - "" = AutoRun
O33 - MountPoints2\{e331fcbe-1440-11e0-8ce2-002354623135}\Shell\AutoRun\command - "" = F:\autorunmenu.exe
[2011.05.04 20:06:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{17724F29-BEFF-4C9D-923C-C8ADBB6ACF1C}
[2010.07.10 13:21:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0.17074596067894565.exe
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A9662AE0
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:010ADD2C
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2011, 13:14
| #8 |
| | windows\system32\drivers\sptd.sys - Rootkit Modification hey, ich hab ein Problem mit OTL. Ich wollte es ausführen da wurde es von avast als Trojaner erkannt und hat es automatisch gelöscht. Runterladen klappt nun nicht mehr da es immer wieder gelöscht wird. Kannst du mir das vllt gepackt per Mail schicken? Dann kann ich es runterladen, internet trennen und avast ausmachen. Vllt klappt das ja. |
|
03.06.2011, 14:57
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | windows\system32\drivers\sptd.sys - Rootkit Modification Du kannst avast auch so vorher deaktivieren. Und nein, nur weil man eine Verbindung zum Internet hat, fliegen die Schädlinge nicht einfach so auf dem Rechner, man kann auch sicher ohne Virenscanner im Internet surfen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2011, 15:23
| #10 |
| | windows\system32\drivers\sptd.sys - Rootkit Modification OK, scheint geklappt zu haben! Hier der Log: Code:
ATTFilter ========== OTL ==========
Service ACDaemon stopped successfully!
Service ACDaemon deleted successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f38fdde-3e41-11df-8126-002354623135}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f38fdde-3e41-11df-8126-002354623135}\ not found.
File H:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11468d40-159d-11e0-8820-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11468d40-159d-11e0-8820-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11468d40-159d-11e0-8820-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11468d40-159d-11e0-8820-806e6f6e6963}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{295c0b7d-539d-11de-9038-002354623135}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{295c0b7d-539d-11de-9038-002354623135}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{295c0b7d-539d-11de-9038-002354623135}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{295c0b7d-539d-11de-9038-002354623135}\ not found.
File G:\autoplay.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47a1c498-144c-11e0-8f15-002354623135}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47a1c498-144c-11e0-8f15-002354623135}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47a1c498-144c-11e0-8f15-002354623135}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47a1c498-144c-11e0-8f15-002354623135}\ not found.
File I:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e331fcbe-1440-11e0-8ce2-002354623135}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e331fcbe-1440-11e0-8ce2-002354623135}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e331fcbe-1440-11e0-8ce2-002354623135}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e331fcbe-1440-11e0-8ce2-002354623135}\ not found.
File F:\autorunmenu.exe not found.
C:\Users\***\AppData\Local\{17724F29-BEFF-4C9D-923C-C8ADBB6ACF1C} folder moved successfully.
C:\Windows\System32\0.17074596067894565.exe moved successfully.
ADS C:\ProgramData\Temp:A9662AE0 deleted successfully.
ADS C:\ProgramData\Temp:010ADD2C deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.23.0 log created on 06032011_162033
|
|
03.06.2011, 19:08
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | windows\system32\drivers\sptd.sys - Rootkit Modification Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.06.2011, 13:28
| #12 |
| | windows\system32\drivers\sptd.sys - Rootkit Modification Hey, habs durchlaufen lassen und danach direkt auf neustarten geklickt, von daher hab ich kein Log mehr. Hab nur den Log nach dem Neustart. Code:
ATTFilter 2011/06/04 14:25:24.0304 3256 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/04 14:25:24.0546 3256 ================================================================================
2011/06/04 14:25:24.0546 3256 SystemInfo:
2011/06/04 14:25:24.0546 3256
2011/06/04 14:25:24.0547 3256 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/04 14:25:24.0547 3256 Product type: Workstation
2011/06/04 14:25:24.0547 3256 ComputerName: DANI-PC
2011/06/04 14:25:24.0547 3256 UserName: dani
2011/06/04 14:25:24.0547 3256 Windows directory: C:\Windows
2011/06/04 14:25:24.0547 3256 System windows directory: C:\Windows
2011/06/04 14:25:24.0547 3256 Processor architecture: Intel x86
2011/06/04 14:25:24.0547 3256 Number of processors: 2
2011/06/04 14:25:24.0547 3256 Page size: 0x1000
2011/06/04 14:25:24.0547 3256 Boot type: Normal boot
2011/06/04 14:25:24.0547 3256 ================================================================================
2011/06/04 14:25:25.0952 3256 Initialize success
2011/06/04 14:26:19.0337 2492 ================================================================================
2011/06/04 14:26:19.0337 2492 Scan started
2011/06/04 14:26:19.0337 2492 Mode: Manual;
2011/06/04 14:26:19.0337 2492 ================================================================================
2011/06/04 14:26:20.0179 2492 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/04 14:26:20.0363 2492 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/04 14:26:20.0502 2492 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/04 14:26:20.0587 2492 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/04 14:26:20.0728 2492 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/04 14:26:20.0879 2492 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/04 14:26:20.0958 2492 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/04 14:26:21.0050 2492 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/04 14:26:21.0104 2492 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/04 14:26:21.0179 2492 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/04 14:26:21.0277 2492 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/04 14:26:21.0376 2492 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/04 14:26:21.0427 2492 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/04 14:26:21.0557 2492 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/04 14:26:21.0589 2492 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/04 14:26:21.0755 2492 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
2011/06/04 14:26:21.0910 2492 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2011/06/04 14:26:22.0084 2492 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/04 14:26:22.0204 2492 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/04 14:26:22.0302 2492 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/06/04 14:26:22.0393 2492 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/06/04 14:26:22.0492 2492 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/06/04 14:26:22.0753 2492 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/06/04 14:26:22.0896 2492 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/04 14:26:23.0108 2492 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/04 14:26:23.0347 2492 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
2011/06/04 14:26:23.0886 2492 atikmdag (8ae1745bfc7d383daa3f82fe8d7be7c0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/04 14:26:24.0124 2492 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
2011/06/04 14:26:24.0227 2492 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/04 14:26:24.0276 2492 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/04 14:26:24.0355 2492 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/04 14:26:24.0391 2492 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/04 14:26:24.0468 2492 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/04 14:26:24.0578 2492 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/04 14:26:24.0808 2492 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/04 14:26:24.0905 2492 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/04 14:26:24.0954 2492 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/04 14:26:25.0047 2492 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/04 14:26:25.0091 2492 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/04 14:26:25.0207 2492 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/04 14:26:25.0301 2492 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/04 14:26:25.0480 2492 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/04 14:26:25.0644 2492 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/04 14:26:25.0697 2492 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/04 14:26:25.0807 2492 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/04 14:26:25.0891 2492 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/04 14:26:25.0934 2492 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/04 14:26:26.0131 2492 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/04 14:26:26.0183 2492 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/04 14:26:26.0422 2492 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/04 14:26:26.0578 2492 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/04 14:26:26.0817 2492 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/04 14:26:26.0897 2492 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/04 14:26:26.0959 2492 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/04 14:26:27.0011 2492 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/04 14:26:27.0093 2492 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/04 14:26:27.0206 2492 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/04 14:26:27.0340 2492 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/04 14:26:27.0438 2492 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/04 14:26:27.0472 2492 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/04 14:26:27.0524 2492 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/04 14:26:27.0604 2492 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/04 14:26:27.0758 2492 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/04 14:26:27.0849 2492 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/04 14:26:28.0057 2492 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/04 14:26:28.0176 2492 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
2011/06/04 14:26:28.0234 2492 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/04 14:26:28.0395 2492 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/04 14:26:28.0525 2492 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/04 14:26:28.0575 2492 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/04 14:26:28.0784 2492 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/04 14:26:28.0847 2492 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/04 14:26:29.0037 2492 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/04 14:26:29.0093 2492 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/04 14:26:29.0141 2492 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/04 14:26:29.0200 2492 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/04 14:26:29.0343 2492 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/04 14:26:29.0953 2492 IntcAzAudAddService (b795745f7e51aa20d46753ec5a811aca) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/04 14:26:30.0110 2492 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/04 14:26:30.0142 2492 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/04 14:26:30.0257 2492 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/04 14:26:30.0414 2492 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/04 14:26:30.0463 2492 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/04 14:26:30.0551 2492 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/04 14:26:30.0586 2492 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/04 14:26:30.0778 2492 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/04 14:26:30.0898 2492 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/04 14:26:30.0956 2492 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/04 14:26:31.0041 2492 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/04 14:26:31.0086 2492 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/06/04 14:26:31.0172 2492 kbfiltr (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/06/04 14:26:31.0281 2492 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/04 14:26:31.0505 2492 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/06/04 14:26:31.0681 2492 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/04 14:26:31.0784 2492 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/04 14:26:31.0863 2492 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/04 14:26:31.0966 2492 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/04 14:26:32.0060 2492 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/04 14:26:32.0099 2492 lullaby (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys
2011/06/04 14:26:32.0181 2492 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/04 14:26:32.0286 2492 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/04 14:26:32.0352 2492 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/04 14:26:32.0397 2492 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/04 14:26:32.0485 2492 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/04 14:26:32.0550 2492 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/04 14:26:32.0708 2492 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/04 14:26:32.0889 2492 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/04 14:26:32.0955 2492 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/04 14:26:33.0050 2492 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/04 14:26:33.0124 2492 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/04 14:26:33.0234 2492 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/04 14:26:33.0324 2492 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/04 14:26:33.0373 2492 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/04 14:26:33.0467 2492 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/06/04 14:26:33.0575 2492 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/04 14:26:33.0652 2492 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/04 14:26:33.0683 2492 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/04 14:26:33.0886 2492 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/04 14:26:33.0937 2492 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/04 14:26:33.0993 2492 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/04 14:26:34.0088 2492 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/04 14:26:34.0247 2492 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/04 14:26:34.0327 2492 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/04 14:26:34.0424 2492 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2011/06/04 14:26:34.0571 2492 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/04 14:26:34.0762 2492 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/04 14:26:35.0020 2492 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/04 14:26:35.0086 2492 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/04 14:26:35.0187 2492 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/04 14:26:35.0347 2492 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/04 14:26:35.0593 2492 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/04 14:26:35.0841 2492 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/04 14:26:35.0949 2492 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/04 14:26:36.0079 2492 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/04 14:26:36.0135 2492 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/04 14:26:36.0244 2492 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/04 14:26:36.0494 2492 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/04 14:26:36.0547 2492 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/04 14:26:36.0589 2492 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/04 14:26:36.0640 2492 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/04 14:26:36.0682 2492 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/04 14:26:36.0743 2492 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/04 14:26:37.0012 2492 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/04 14:26:37.0088 2492 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/04 14:26:37.0196 2492 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/04 14:26:37.0324 2492 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/04 14:26:37.0470 2492 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/04 14:26:37.0577 2492 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/06/04 14:26:37.0698 2492 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/04 14:26:37.0880 2492 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/04 14:26:38.0005 2492 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/04 14:26:38.0063 2492 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/06/04 14:26:38.0118 2492 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/04 14:26:38.0204 2492 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/04 14:26:38.0403 2492 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/04 14:26:38.0526 2492 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/04 14:26:38.0572 2492 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/04 14:26:38.0600 2492 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/04 14:26:38.0696 2492 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/04 14:26:38.0790 2492 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/04 14:26:38.0837 2492 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/04 14:26:38.0900 2492 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/04 14:26:39.0006 2492 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/04 14:26:39.0138 2492 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/06/04 14:26:39.0175 2492 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/04 14:26:39.0253 2492 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/04 14:26:39.0410 2492 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/04 14:26:39.0467 2492 RTSTOR (557d431125aa3d58f2d132fda1eb8255) C:\Windows\system32\drivers\RTSTOR.SYS
2011/06/04 14:26:39.0645 2492 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys
2011/06/04 14:26:39.0892 2492 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/04 14:26:40.0066 2492 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/04 14:26:40.0134 2492 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/04 14:26:40.0244 2492 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/04 14:26:40.0309 2492 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/04 14:26:40.0364 2492 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/04 14:26:40.0476 2492 sfdrv01 (00de597b81b381053cb5b21a7f20e365) C:\Windows\system32\drivers\sfdrv01.sys
2011/06/04 14:26:40.0533 2492 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/06/04 14:26:40.0574 2492 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/04 14:26:40.0708 2492 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/04 14:26:40.0782 2492 sfhlp02 (64b9ab76f1b16eb059cb6cdd906c067a) C:\Windows\system32\drivers\sfhlp02.sys
2011/06/04 14:26:40.0839 2492 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/04 14:26:40.0926 2492 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\Windows\system32\drivers\sfsync02.sys
2011/06/04 14:26:41.0038 2492 Sftfs (cc895997c0995a07b6b2779a3b21918b) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/06/04 14:26:41.0111 2492 Sftplay (cf5e9798637795db59697f5e40fca993) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/06/04 14:26:41.0161 2492 Sftredir (4c8076ff8938b365eeec9123969e0350) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/06/04 14:26:41.0204 2492 Sftvol (6095a5f221eca9dada2c9ee80ec0d92d) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/06/04 14:26:41.0362 2492 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/04 14:26:41.0457 2492 SiSGbeLH (a029482be40def54df02fce751aa16dc) C:\Windows\system32\DRIVERS\SiSGB6.sys
2011/06/04 14:26:41.0518 2492 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/04 14:26:41.0566 2492 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/04 14:26:41.0692 2492 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/04 14:26:41.0784 2492 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
2011/06/04 14:26:42.0224 2492 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/06/04 14:26:42.0295 2492 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/04 14:26:42.0402 2492 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/04 14:26:42.0505 2492 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/04 14:26:42.0709 2492 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/04 14:26:42.0895 2492 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/04 14:26:43.0033 2492 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/04 14:26:43.0133 2492 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/04 14:26:43.0262 2492 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/04 14:26:43.0335 2492 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/04 14:26:43.0391 2492 tap0801 (0c82061920a2de35d33c2c2bb83b1e98) C:\Windows\system32\DRIVERS\tap0801.sys
2011/06/04 14:26:43.0531 2492 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/04 14:26:43.0698 2492 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/04 14:26:43.0803 2492 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/04 14:26:43.0946 2492 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/04 14:26:44.0092 2492 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/04 14:26:44.0256 2492 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/04 14:26:44.0425 2492 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/04 14:26:44.0527 2492 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/04 14:26:44.0628 2492 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/04 14:26:44.0767 2492 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/04 14:26:44.0833 2492 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/04 14:26:45.0037 2492 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/04 14:26:45.0144 2492 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/04 14:26:45.0244 2492 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/04 14:26:45.0292 2492 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/04 14:26:45.0341 2492 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/04 14:26:45.0399 2492 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/04 14:26:45.0544 2492 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/04 14:26:45.0618 2492 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/04 14:26:45.0718 2492 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/04 14:26:45.0783 2492 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/04 14:26:45.0889 2492 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/04 14:26:46.0027 2492 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/04 14:26:46.0187 2492 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/04 14:26:46.0364 2492 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/04 14:26:46.0471 2492 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/04 14:26:46.0585 2492 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/04 14:26:46.0693 2492 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/04 14:26:46.0872 2492 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2011/06/04 14:26:46.0989 2492 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/04 14:26:47.0038 2492 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/04 14:26:47.0099 2492 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/04 14:26:47.0156 2492 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/04 14:26:47.0217 2492 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/04 14:26:47.0274 2492 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/04 14:26:47.0377 2492 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/04 14:26:47.0437 2492 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/04 14:26:47.0533 2492 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/04 14:26:47.0624 2492 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/04 14:26:47.0756 2492 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/04 14:26:47.0788 2492 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/04 14:26:48.0011 2492 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/04 14:26:48.0210 2492 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/04 14:26:48.0459 2492 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/06/04 14:26:48.0551 2492 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/04 14:26:48.0825 2492 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/04 14:26:48.0962 2492 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/04 14:26:49.0071 2492 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/06/04 14:26:49.0123 2492 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/04 14:26:49.0336 2492 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/06/04 14:26:49.0492 2492 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
2011/06/04 14:26:49.0509 2492 ================================================================================
2011/06/04 14:26:49.0509 2492 Scan finished
2011/06/04 14:26:49.0509 2492 ================================================================================
2011/06/04 14:26:49.0524 1380 Detected object count: 0
2011/06/04 14:26:49.0524 1380 Actual detected object count: 0
|
|
05.06.2011, 12:05
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | windows\system32\drivers\sptd.sys - Rootkit Modification Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.06.2011, 13:28
| #14 |
| | windows\system32\drivers\sptd.sys - Rootkit Modification [code] Combofix Logfile: Code:
ATTFilter ComboFix 11-06-05.01 - dani 05.06.2011 14:00:04.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1906 [GMT 2:00]
ausgeführt von:: c:\users\dani\Desktop\cofi.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\iuoidiosri.exe
c:\iuoidiosri.exe\config.bin
c:\windows\system32\setup.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-05 bis 2011-06-05 ))))))))))))))))))))))))))))))
.
.
2011-06-05 11:57 . 2011-06-05 11:57 -------- d-----w- C:\32788R22FWJFW
2011-06-03 14:20 . 2011-06-03 14:20 -------- d-----w- C:\_OTL
2011-06-03 12:23 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5519886E-B10B-4A66-8E44-509DCD13BE66}\mpengine.dll
2011-05-31 16:49 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-31 16:49 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 16:52 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-17 18:57 . 2011-05-17 18:57 -------- d-----w- c:\users\dani\AppData\Local\{2F32CDF7-00A6-4397-864A-096C3466C5DA}
2011-05-14 14:38 . 2011-05-14 14:38 -------- d-----w- c:\users\dani\AppData\Local\{B7858982-E89F-4FED-84EF-A2FB1D0CA99E}
2011-05-12 18:33 . 2011-05-12 18:33 -------- d-----w- c:\users\dani\AppData\Local\{ECAC77A5-0E60-4BC1-81A7-3689B4D7C654}
2011-05-11 14:17 . 2011-05-11 14:18 -------- d-----w- c:\users\dani\AppData\Local\{B6AD6F74-9D01-432D-8CD7-5DCFA4AC0300}
2011-05-11 11:59 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-09 17:07 . 2011-05-09 17:08 -------- d-----w- c:\users\dani\AppData\Local\{66116B64-24A0-43D9-B582-2D3BF857AE50}
2011-05-07 19:03 . 2011-05-07 19:03 -------- d-----w- c:\users\dani\AppData\Local\{B7B624D3-618B-4C42-B0D7-A7BAF63CEBB8}
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2010-06-29 09:56 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-04-20 09:13 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-04-20 09:14 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-04-20 09:14 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-04-20 09:14 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-04-20 09:14 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-04-20 09:14 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-03-17 02:00 . 2011-03-17 02:00 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-12 21:55 . 2011-04-27 14:04 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 08:11 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 08:11 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-09 13:30 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2009-03-31 20:47 . 2009-08-07 21:19 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
c:\users\dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
VLC play! Server.lnk - c:\program files\ageye\VLC play! Server\VLCplayServer.exe [2011-5-5 462848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" silent loginmode=4
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ASUS Camera ScreenSaver"=c:\windows\AsScrProlog.exe
"ATKMEDIA"=c:\program files\ASUS\ATK Media\DMedia.exe
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe"
"openvpn-gui"=c:\program files\OpenVPN\bin\openvpn-gui.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 268528]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-23 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-23 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-23 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-05 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 20:59]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 20:59]
.
2011-06-04 c:\windows\Tasks\User_Feed_Synchronization-{3CDFAA12-AB5C-4A00-A36F-295ADAD51018}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\dani\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\dani\AppData\Roaming\Mozilla\Firefox\Profiles\r40js1v1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-14851473.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-05 14:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-05 14:12:18
ComboFix-quarantined-files.txt 2011-06-05 12:12
.
Vor Suchlauf: 10 Verzeichnis(se), 11.564.052.480 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 11.478.540.288 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 08281A169C21FDAFDBEDC5C35F21BD99
|
|
05.06.2011, 14:31
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | windows\system32\drivers\sptd.sys - Rootkit Modification Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder::
C:\32788R22FWJFW
c:\users\dani\AppData\Local\{2F32CDF7-00A6-4397-864A-096C3466C5DA}
c:\users\dani\AppData\Local\{B7858982-E89F-4FED-84EF-A2FB1D0CA99E}
c:\users\dani\AppData\Local\{ECAC77A5-0E60-4BC1-81A7-3689B4D7C654}
c:\users\dani\AppData\Local\{B6AD6F74-9D01-432D-8CD7-5DCFA4AC0300}
c:\users\dani\AppData\Local\{66116B64-24A0-43D9-B582-2D3BF857AE50}
c:\users\dani\AppData\Local\{B7B624D3-618B-4C42-B0D7-A7BAF63CEBB8}
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu windows\system32\drivers\sptd.sys - Rootkit Modification |
| avast, bild, code, computer, cpu, datei, gelöscht, google, home, löschen, meldung, neustarten, ordner, physikalischer speicher, plötzlich, rechner, rootkit, scan, service pack 2, speicher, sptd.sys, system, system32, tools, windows, öffnet |
Textbox.
.
Linear-Darstellung
