Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Ständige Werbe pop-ups bei IE8 (https://www.trojaner-board.de/96814-staendige-werbe-pop-ups-ie8.html)

vijay 24.03.2011 20:52
Ständige Werbe pop-ups bei IE8
 
Hallo nachdem mir dieses Forum schon paar mal weitergeholfen hat, ohne dass ich selbst einen Eintrag im Forum hätte machen müssen, geht es jetzt wohl nicht mehr ohne, da mein Problem diesmal wohl etwas subtiler ist als die Bisherigen (z.B. System Tool )

Im moment öffnen sich bei mir ständig neue Fenster bei IE und zeigen irgendwelche Werbung an. Ansonsten kann ich keine Auswirkungen erkennen, auch Leistungsmässig scheint nichts aussergewöhnlich zu sein. Dennoch würde ich die pop-ups gerne loswerden.

Edit: Gerade eben ist eine cvn fehlermeldung gekommen.

Ich bin nach Anleitung in dem Forum hier vorgegangen und habe hier die entsprechenden Log-files:

OTL.txt:
OTL Logfile:
Code:
OTL logfile created on: 24.03.2011 18:46:38 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 84.34 Gb Free Space | 56.58% Space Free | Partition Type: NTFS
 
Computer Name: VJ | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.24 18:39:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.03.18 12:25:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.13 18:16:16 | 001,176,864 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\SpTNA.exe
PRC - [2011.02.13 18:16:13 | 000,296,224 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\PSDrt.exe
PRC - [2011.02.13 18:16:05 | 000,984,352 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\IFXTCS.exe
PRC - [2011.02.13 18:16:01 | 001,103,136 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\IFXSPMGT.exe
PRC - [2011.02.13 18:15:59 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\IfxPsdSv.exe
PRC - [2011.02.13 17:33:58 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2011.01.10 14:23:04 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.18 06:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.05.06 02:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:47 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008.10.25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.24 18:39:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Vijay\Desktop\OTL.exe
MOD - [2011.02.18 03:00:29 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2011.01.11 07:55:06 | 000,961,376 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2010.12.18 06:29:18 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 02:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009.06.10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009.02.12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008.10.25 11:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveNew.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.03.18 12:25:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.14 02:10:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.02.13 18:16:05 | 000,984,352 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Programme\Infineon\Security Platform Software\IFXTCS.exe -- (IFXTCS)
SRV - [2011.02.13 18:16:01 | 001,103,136 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Programme\Infineon\Security Platform Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2011.02.13 18:15:59 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2011.02.13 17:33:58 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2011.01.10 14:23:04 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.06 02:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.18 12:25:36 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.03.10 14:39:35 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.02.13 18:16:59 | 000,039,712 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2011.02.13 18:03:07 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) Intel(R)
DRV - [2011.01.10 14:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.06 02:46:36 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010.01.13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.12.03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.04.17 11:03:06 | 000,201,264 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC BE 6F 35 C1 E8 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.10 20:39:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.10 20:39:05 | 000,000,000 | ---D | M]
 
[2011.02.21 19:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.03.10 20:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmy4df5k.default\extensions
[2011.03.09 22:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.09 22:54:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.09 22:54:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.21 19:37:46 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2011.03.09 22:54:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKCU..\Run: [A9YA3MI1CF] C:\Users\Vijay\AppData\Local\Temp\Cvm.exe (Jordan Russell)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [odbcutil] C:\Users\Vijay\AppData\Local\Temp\Eap3host.dll ()
O4 - Startup: C:\Users\Vijay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://sslvpn.ethz.ch/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Deployer hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\Shell - "" = AutoRun
O33 - MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.24 18:44:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.03.24 18:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.03.24 18:44:23 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.03.24 18:35:29 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\***\Desktop\Erunt-setup.exe
[2011.03.24 18:35:29 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.03.24 18:35:29 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2011.03.24 15:06:18 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2011.03.24 15:04:42 | 000,125,440 | ---- | C] (Jordan Russell) -- C:\Windows\Cwemea.exe
[2011.03.24 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Snagit
[2011.03.24 14:34:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\assembly
[2011.03.24 14:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit 10
[2011.03.24 14:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2011.03.24 14:33:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TechSmith
[2011.03.24 14:33:53 | 000,000,000 | ---D | C] -- C:\Programme\TechSmith
[2011.03.11 00:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011.03.10 14:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.03.10 14:48:27 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works
[2011.03.10 14:47:51 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio
[2011.03.10 14:47:51 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2011.03.10 14:46:12 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2011.03.10 14:45:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2011.03.10 14:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.03.10 14:44:45 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.03.10 14:39:35 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.03.10 14:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.03.10 14:39:29 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2011.03.10 14:38:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.03.10 14:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.03.10 13:51:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics
[2011.03.10 10:02:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.03.09 22:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.03.09 22:55:07 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.03.09 22:54:48 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.03.07 12:36:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Ironclad Games
[2011.03.07 12:34:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}
[2011.03.07 12:27:49 | 000,000,000 | ---D | C] -- C:\Programme\Sins of a Solar Empire
[2011.03.07 12:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sins of a Solar Empire
[2011.03.07 12:27:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Stardock
[2011.03.03 13:08:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera
[2011.03.03 13:08:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera
[2011.03.03 13:08:54 | 000,000,000 | ---D | C] -- C:\Programme\Opera
[2011.03.03 12:38:49 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2011.03.03 12:38:18 | 000,000,000 | ---D | C] -- C:\Programme\MSECache
[2011.03.02 11:33:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\CutePDF Writer
[2011.03.02 11:23:34 | 000,000,000 | ---D | C] -- C:\Programme\GPLGS
[2011.03.02 11:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
[2011.03.02 11:23:03 | 000,000,000 | ---D | C] -- C:\Programme\Acro Software
[2011.03.02 10:36:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MathWorks
[2011.03.02 10:36:23 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MATLAB
[2011.03.02 00:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
[2011.03.02 00:18:56 | 000,000,000 | ---D | C] -- C:\Programme\MATLAB
[2011.02.24 06:52:22 | 000,000,000 | ---D | C] -- C:\6e76aa05-bb81-4e62-8301-91d5e4310d99
[2011.02.24 04:58:02 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2011.02.24 04:49:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.02.23 14:50:22 | 000,000,000 | ---D | C] -- C:\Neuer Ordner
[2011.02.23 12:06:50 | 000,000,000 | ---D | C] -- C:\Users\Vijay\AppData\Local\Cisco
[2011.02.23 12:06:03 | 000,000,000 | ---D | C] -- C:\Programme\Cisco
[2011.02.23 12:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2011.02.23 12:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.24 18:46:26 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.24 18:46:26 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.24 18:44:47 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.24 18:44:47 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.24 18:44:47 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.24 18:44:47 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.24 18:44:28 | 000,001,078 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.03.24 18:44:24 | 000,000,898 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2011.03.24 18:44:24 | 000,000,879 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk
[2011.03.24 18:40:39 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.03.24 18:40:39 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.03.24 18:40:38 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.03.24 18:40:37 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2011.03.24 18:40:35 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2011.03.24 18:40:33 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\pfasoq.job
[2011.03.24 18:40:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.24 18:40:21 | 2309,877,760 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.24 18:39:05 | 000,301,568 | ---- | M] () -- C:\Users\***\Desktop\g2m3e4r.exe
[2011.03.24 18:39:04 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\***\Desktop\Erunt-setup.exe
[2011.03.24 18:39:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.03.24 18:39:04 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2011.03.24 18:14:19 | 000,742,874 | ---- | M] () -- C:\Users\***\Desktop\Load.exe
[2011.03.24 15:29:25 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2011.03.24 15:04:35 | 000,125,440 | ---- | M] (Jordan Russell) -- C:\Windows\Cwemea.exe
[2011.03.24 15:04:32 | 000,149,504 | RHS- | M] () -- C:\Windows\System32\GfxUI9.dll
[2011.03.18 12:25:36 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.14 14:42:44 | 000,365,461 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe
[2011.03.14 07:02:24 | 000,044,412 | ---- | M] () -- C:\Users\***\Desktop\loesung03.pdf
[2011.03.14 06:59:52 | 000,011,072 | ---- | M] () -- C:\Users\***\Desktop\serie03.pdf
[2011.03.14 06:13:38 | 000,410,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.13 12:36:01 | 000,009,241 | ---- | M] () -- C:\Users\***\Desktop\Anleitung.html
[2011.03.10 14:39:35 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.03.03 13:08:56 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.03.02 00:38:35 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\MATLAB R2010b.lnk
[2011.02.24 04:49:54 | 284,758,121 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2011.03.24 18:44:28 | 000,001,078 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.03.24 18:44:24 | 000,000,898 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2011.03.24 18:44:24 | 000,000,879 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk
[2011.03.24 18:35:30 | 000,301,568 | ---- | C] () -- C:\Users\***\Desktop\g2m3e4r.exe
[2011.03.24 18:14:18 | 000,742,874 | ---- | C] () -- C:\Users\***\Desktop\Load.exe
[2011.03.24 15:04:39 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.03.24 15:04:38 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.03.24 15:04:36 | 000,000,246 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.03.24 15:04:32 | 000,149,504 | RHS- | C] () -- C:\Windows\System32\GfxUI9.dll
[2011.03.24 15:04:32 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\pfasoq.job
[2011.03.23 17:50:09 | 005,036,439 | ---- | C] () -- C:\Users\***\Desktop\Brisby & Jingles - L amour Toujours (Hans-O-Matik Bigroom Electro Mix) www.mp3kings.pl.mp3
[2011.03.14 07:02:24 | 000,044,412 | ---- | C] () -- C:\Users\***\Desktop\loesung03.pdf
[2011.03.14 06:59:52 | 000,011,072 | ---- | C] () -- C:\Users\***\Desktop\serie03.pdf
[2011.03.13 12:41:20 | 000,009,241 | ---- | C] () -- C:\Users\***\Desktop\Anleitung.html
[2011.03.13 12:16:23 | 000,365,461 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe
[2011.03.10 10:03:52 | 000,002,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2011.03.03 13:08:56 | 000,001,791 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.03.03 13:08:56 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.03.03 12:38:51 | 000,002,567 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
[2011.03.02 11:23:04 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011.03.02 00:38:35 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\MATLAB R2010b.lnk
[2011.03.02 00:38:12 | 000,002,364 | ---- | C] () -- C:\Windows\System32\mscomctl.dep
[2011.03.02 00:38:11 | 000,002,362 | ---- | C] () -- C:\Windows\System32\mscomct2.dep
[2011.03.02 00:38:05 | 000,645,120 | ---- | C] () -- C:\Windows\System32\config.gms
[2011.02.24 04:49:54 | 284,758,121 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.02.13 18:05:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.02.13 17:49:32 | 000,189,796 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2011.02.13 17:49:32 | 000,001,112 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011.02.13 17:49:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011.02.13 17:49:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011.02.13 17:49:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011.02.13 17:49:32 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011.02.13 17:28:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.13 17:06:15 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2011.02.13 17:05:25 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009.12.02 19:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009.07.14 09:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,410,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
 
========== LOP Check ==========
 
[2011.03.10 14:42:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.02.13 17:45:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeviceDoctorSoftware
[2011.02.21 20:49:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro
[2011.02.13 18:21:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Infineon
[2011.02.13 17:40:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder
[2011.03.03 13:08:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.03.24 18:34:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2011.02.21 19:37:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense
[2011.03.24 18:40:33 | 000,000,306 | -HS- | M] () -- C:\Windows\Tasks\pfasoq.job
[2009.07.14 05:53:46 | 000,021,796 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.03.24 18:40:39 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.03.24 18:40:38 | 000,000,246 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.03.24 18:40:39 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.02.13 17:16:08 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.02.24 06:52:22 | 000,000,000 | ---D | M] -- C:\6e76aa05-bb81-4e62-8301-91d5e4310d99
[2011.02.13 17:04:25 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.02.13 17:15:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.03.24 18:14:10 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.02.13 17:18:38 | 000,000,000 | ---D | M] -- C:\Intel
[2011.03.10 14:44:45 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.02.23 14:50:22 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.03.24 18:44:23 | 000,000,000 | R--D | M] -- C:\Programme
[2011.03.24 15:28:28 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.02.13 17:15:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.02.13 17:15:47 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.03.24 18:15:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.02.13 17:15:57 | 000,000,000 | R--D | M] -- C:\Users
[2011.03.24 18:44:50 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-14 20:59:33
 
< End of report >
--- --- ---


Extras.txt:
OTL Logfile:
Code:
OTL Extras logfile created on: 24.03.2011 18:46:38 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Vijay\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 84.34 Gb Free Space | 56.58% Space Free | Partition Type: NTFS
 
Computer Name: VJ | User Name: Vijay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F47A74B-217C-445A-BB73-8BF94611CB8F}" = Infineon TPM Professional Package
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{835A6F5F-BC13-48DF-BEBE-8D80B419D145}" = Cisco AnyConnect VPN Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EEEFE7A9-293E-4F5F-A114-81731A9C3826}" = Intel(R) Network Connections 14.2.100.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"InfraRecorder" = InfraRecorder
"MatlabR2010b" = MATLAB R2010b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Opera 11.01.1190" = Opera 11.01
"Orbit_is1" = Orbit Downloader
"PROSetDX" = Intel(R) Network Connections 14.2.100.0
"Sins of a Solar Empire" = Sins of a Solar Empire
"WinLiveSuite" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.03.2011 15:25:30 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\Vista64\vncutil64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 14.03.2011 15:25:32 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\WDM\vncutil64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 21.03.2011 20:21:11 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\Vista64\RAVBg64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 21.03.2011 20:21:12 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\Vista64\RAVCpl64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 21.03.2011 20:21:13 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\Vista64\vncutil64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 21.03.2011 20:21:15 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\WDM\vncutil64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 23.03.2011 19:31:30 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\Vista64\RAVBg64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 23.03.2011 19:31:30 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\Vista64\RAVCpl64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 23.03.2011 19:31:31 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\Vista64\vncutil64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 23.03.2011 19:31:33 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\WDM\vncutil64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
[ Cisco AnyConnect VPN Client Events ]
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2116 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
601 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
189 Invoked Function: CNetEnvironment::testNetwork Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2116 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7411 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4076
Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2116 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 24.03.2011 13:39:42 | Computer Name = VJ | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
[ System Events ]
Error - 24.03.2011 10:28:04 | Computer Name = VJ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 24.03.2011 10:28:06 | Computer Name = VJ | Source = DCOM | ID = 10005
Description =
 
Error - 24.03.2011 10:28:05 | Computer Name = VJ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 24.03.2011 10:28:05 | Computer Name = VJ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 24.03.2011 10:28:05 | Computer Name = VJ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 24.03.2011 10:28:06 | Computer Name = VJ | Source = DCOM | ID = 10005
Description =
 
Error - 24.03.2011 10:28:06 | Computer Name = VJ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 24.03.2011 10:28:07 | Computer Name = VJ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 24.03.2011 10:28:07 | Computer Name = VJ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 24.03.2011 10:28:07 | Computer Name = VJ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
 
< End of report >
--- --- ---


Gmer.txt:
GMER Logfile:
Code:
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-24 20:00:10
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G1 rev.0040020C
Running: g2m3e4r.exe; Driver: C:\Users\Vijay\AppData\Local\Temp\pxldypow.sys
 
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C50589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C75092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
 
---- User code sections - GMER 1.0.15 ----
 
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!CreateWindowExW 76830E51 5 Bytes JMP 6E2B818F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!DialogBoxIndirectParamW 76854AA7 5 Bytes JMP 6E3DFE68 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!DialogBoxParamW 7685564A 5 Bytes JMP 6E1D4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!DialogBoxParamA 7686CF6A 5 Bytes JMP 6E3DFE05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!DialogBoxIndirectParamA 7686D29C 5 Bytes JMP 6E3DFECB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!MessageBoxIndirectA 7687E8C9 5 Bytes JMP 6E3DFD9A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!MessageBoxIndirectW 7687E9C3 5 Bytes JMP 6E3DFD2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!MessageBoxExA 7687EA29 5 Bytes JMP 6E3DFCCD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!MessageBoxExW 7687EA4D 5 Bytes JMP 6E3DFC6B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!UnhookWindowsHookEx 7682CC7B 5 Bytes JMP 6E2C83A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!CallNextHookEx 7682CC8F 5 Bytes JMP 6E2A9D8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!CreateWindowExW 76830E51 5 Bytes JMP 6E2B818F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!SetWindowsHookExW 7683210A 5 Bytes JMP 6E264643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!DialogBoxIndirectParamW 76854AA7 5 Bytes JMP 6E3DFE68 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!DialogBoxParamW 7685564A 5 Bytes JMP 6E1D4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!DialogBoxParamA 7686CF6A 5 Bytes JMP 6E3DFE05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!DialogBoxIndirectParamA 7686D29C 5 Bytes JMP 6E3DFECB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!MessageBoxIndirectA 7687E8C9 5 Bytes JMP 6E3DFD9A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!MessageBoxIndirectW 7687E9C3 5 Bytes JMP 6E3DFD2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!MessageBoxExA 7687EA29 5 Bytes JMP 6E3DFCCD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!MessageBoxExW 7687EA4D 5 Bytes JMP 6E3DFC6B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] ole32.dll!OleLoadFromStream 76685BF6 5 Bytes JMP 6E3E01BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] ole32.dll!CoCreateInstance 766D590C 5 Bytes JMP 6E2B8C7D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 
---- EOF - GMER 1.0.15 ----
--- --- ---

cosinus 25.03.2011 15:27
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

vijay 25.03.2011 16:12
Hatte ich bisher nicht installiert. hab jetzt einen Quickscan gemacht und der hat so einiges gefunden

das Log dazu ist hier.

mbam-log-2011-03-25 (16-05-10):
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6169

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25.03.2011 16:05:10
mbam-log-2011-03-25 (16-05-10).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148924
Laufzeit: 3 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
c:\Users\***\AppData\Local\Temp\Cvn.exe (Trojan.Downloader) -> 1984 -> Unloaded process successfully.
c:\Windows\Cwemea.exe (Trojan.Downloader) -> 1552 -> Unloaded process successfully.
c:\Users\***\AppData\Local\Temp\Cvm.exe (Trojan.Downloader) -> 3520 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\Users\***\AppData\Local\Temp\Eap3host.dll (Spyware.Agent) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\A9YA3MI1CF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Z7HRPUZG3M (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\odbcutil (Spyware.Agent) -> Value: odbcutil -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\A9YA3MI1CF (Trojan.Downloader) -> Value: A9YA3MI1CF -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Local\Temp\Cvn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\Eap3host.dll (Spyware.Agent) -> Delete on reboot.
c:\Windows\Cwemea.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\Cvm.exe (Trojan.Downloader) -> Delete on reboot.
c:\Users\***\AppData\Local\Temp\Cvl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

cosinus 25.03.2011 18:04
Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

vijay 26.03.2011 07:47
so gemacht, ältere logs gibt es nicht.

Malewarebytes log:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6172

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.03.2011 02:46:36
mbam-log-2011-03-26 (02-46-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 372376
Laufzeit: 1 Stunde(n), 7 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\hmy4df5k.default\Cache\8ea60163d01 (Trojan.Downloader) -> Quarantined and deleted successfully.

cosinus 26.03.2011 18:45
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011.02.24 06:52:22 | 000,000,000 | ---D | C] -- C:\6e76aa05-bb81-4e62-8301-91d5e4310d99
[2011.03.07 12:34:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\Shell - "" = AutoRun
O33 - MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\Shell\install\command - "" = G:\SETUP.EXE
O4 - HKCU..\Run: [odbcutil] C:\Users\Vijay\AppData\Local\Temp\Eap3host.dll ()
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKCU..\Run: [A9YA3MI1CF] C:\Users\Vijay\AppData\Local\Temp\Cvm.exe (Jordan Russell)
O4 - HKLM..\Run: [] File not found
:Files
C:\Windows\Tasks\*.job
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

vijay 27.03.2011 06:21
so gemachr, hier das log dazu.

OTL-Log:
Code:
All processes killed
========== OTL ==========
C:\6e76aa05-bb81-4e62-8301-91d5e4310d99 folder moved successfully.
C:\ProgramData\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16} folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{853aef62-4b14-11e0-9172-001c7e3bbabc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{853aef62-4b14-11e0-9172-001c7e3bbabc}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{853aef62-4b14-11e0-9172-001c7e3bbabc}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{853aef62-4b14-11e0-9172-001c7e3bbabc}\ not found.
File G:\SETUP.EXE not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\odbcutil not found.
File C:\Users\Vijay\AppData\Local\Temp\Eap3host.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IFXSPMGT deleted successfully.
C:\Programme\Infineon\Security Platform Software\IFXSPMGT.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\A9YA3MI1CF not found.
File C:\Users\Vijay\AppData\Local\Temp\Cvm.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
C:\Windows\Tasks\pfasoq.job moved successfully.
C:\Windows\Tasks\RegistryBooster.job moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Vijay
->Temp folder emptied: 358566656 bytes
->Temporary Internet Files folder emptied: 100909288 bytes
->Java cache emptied: 463037 bytes
->FireFox cache emptied: 68444334 bytes
->Opera cache emptied: 4412499 bytes
->Flash cache emptied: 28454 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9191276 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 517.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 03272011_071424

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 27.03.2011 20:00
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

vijay 30.03.2011 06:30
sorry, hatte die letzten paar tage etwas viel um die ohren, aber nun bin ich dazu gekommen.

hier das log.

ComboFix:
Code:
ComboFix 11-03-29.03 - Vijay 30.03.2011  0:37.1.2 - x86
Microsoft Windows 7 Professional  6.1.7600.0.1252.41.1031.18.2937.2170 [GMT 2:00]
ausgeführt von:: c:\users\Vijay\Desktop\cofi.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-02-28 bis 2011-03-29  ))))))))))))))))))))))))))))))
.
.
2011-03-29 22:43 . 2011-03-29 22:43        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-03-29 20:55 . 2011-03-29 20:55        --------        d-----w-        c:\program files\CCleaner
2011-03-27 13:19 . 2011-03-28 15:48        --------        d-----w-        c:\users\Vijay\AppData\Roaming\gtk-2.0
2011-03-27 13:16 . 2011-03-27 13:16        --------        d-----w-        c:\users\Vijay\.thumbnails
2011-03-27 09:04 . 2011-03-28 15:48        --------        d-----w-        c:\users\Vijay\.gimp-2.6
2011-03-27 09:04 . 2011-03-27 09:04        --------        d-----w-        c:\program files\GIMP-2.0
2011-03-27 05:14 . 2011-03-27 05:14        --------        d-----w-        C:\_OTL
2011-03-25 14:54 . 2011-03-25 14:54        --------        d-----w-        c:\users\Vijay\AppData\Roaming\Malwarebytes
2011-03-25 14:54 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-25 14:54 . 2011-03-25 14:54        --------        d-----w-        c:\programdata\Malwarebytes
2011-03-25 14:54 . 2011-03-25 14:54        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-03-25 14:54 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-03-25 06:01 . 2011-03-25 06:01        --------        d-----w-        c:\windows\Sun
2011-03-24 21:04 . 2011-03-24 21:04        --------        d-----w-        c:\users\Vijay\AppData\Roaming\Uniblue
2011-03-24 21:04 . 2011-03-24 21:04        --------        dc-h--w-        c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-03-24 21:04 . 2011-03-24 21:04        --------        d-----w-        c:\program files\Uniblue
2011-03-24 21:04 . 2011-03-24 21:04        --------        d-----w-        c:\users\Vijay\AppData\Local\PackageAware
2011-03-24 17:44 . 2011-03-24 17:44        --------        d-----w-        c:\program files\ERUNT
2011-03-24 14:06 . 2011-03-24 14:06        --------        d--h--w-        c:\windows\AxInstSV
2011-03-24 14:04 . 2011-03-24 14:04        149504        --sha-r-        c:\windows\system32\GfxUI9.dll
2011-03-24 13:34 . 2011-03-24 13:34        --------        d-----w-        c:\users\Vijay\AppData\Local\assembly
2011-03-24 13:33 . 2011-03-24 13:33        --------        d-----w-        c:\programdata\TechSmith
2011-03-24 13:33 . 2011-03-24 13:33        --------        d-----w-        c:\users\Vijay\AppData\Local\TechSmith
2011-03-24 13:33 . 2011-03-24 13:33        --------        d-----w-        c:\program files\TechSmith
2011-03-13 11:16 . 2011-03-14 13:42        365461        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe
2011-03-10 23:22 . 2011-03-10 23:22        --------        d-----w-        c:\programdata\Hewlett-Packard
2011-03-10 23:22 . 2009-07-14 01:15        280064        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2011-03-10 18:21 . 2011-03-10 18:21        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help
2011-03-10 13:49 . 2008-11-10 10:41        32656        ----a-w-        c:\windows\system32\msonpmon.dll
2011-03-10 13:49 . 2006-10-26 18:56        33104        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-03-10 13:48 . 2011-03-13 21:25        --------        d-----w-        c:\program files\Microsoft Works
2011-03-10 13:46 . 2011-03-10 13:46        --------        d-----w-        c:\program files\Microsoft Visual Studio 8
2011-03-10 13:45 . 2011-03-19 09:02        --------        d-----w-        c:\users\Vijay\AppData\Local\Microsoft Help
2011-03-10 13:45 . 2011-03-14 20:59        --------        d-----w-        c:\programdata\Microsoft Help
2011-03-10 13:44 . 2011-03-10 13:44        --------        d-----r-        C:\MSOCache
2011-03-10 13:39 . 2011-03-10 13:39        218688        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-10 13:39 . 2011-03-10 13:40        --------        d-----w-        c:\program files\DAEMON Tools Lite
2011-03-10 13:38 . 2011-03-10 13:42        --------        d-----w-        c:\users\Vijay\AppData\Roaming\DAEMON Tools Lite
2011-03-10 13:38 . 2011-03-10 13:38        --------        d-----w-        c:\programdata\DAEMON Tools Lite
2011-03-10 12:51 . 2011-03-10 12:51        --------        d-----w-        c:\users\Vijay\AppData\Local\Diagnostics
2011-03-09 21:55 . 2011-03-09 21:55        --------        d-----w-        c:\program files\Common Files\Java
2011-03-09 21:54 . 2011-03-09 21:54        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-03-09 21:54 . 2011-03-09 21:54        472808        ----a-w-        c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-09 21:54 . 2011-03-09 21:54        --------        d-----w-        c:\program files\Java
2011-03-09 17:42 . 2011-02-19 05:32        1074176        ----a-w-        c:\windows\system32\DWrite.dll
2011-03-09 17:42 . 2011-02-19 05:33        802304        ----a-w-        c:\windows\system32\FntCache.dll
2011-03-09 17:42 . 2011-02-19 05:32        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-03-09 17:42 . 2010-12-23 05:28        850432        ----a-w-        c:\windows\system32\sbe.dll
2011-03-09 17:42 . 2010-12-23 05:28        642048        ----a-w-        c:\windows\system32\CPFilters.dll
2011-03-09 17:42 . 2010-12-23 05:28        534528        ----a-w-        c:\windows\system32\EncDec.dll
2011-03-09 17:42 . 2010-12-23 05:24        199680        ----a-w-        c:\windows\system32\mpg2splt.ax
2011-03-09 17:41 . 2010-12-18 05:30        2690560        ----a-w-        c:\windows\system32\mstscax.dll
2011-03-09 17:41 . 2010-12-18 05:26        1034240        ----a-w-        c:\windows\system32\mstsc.exe
2011-03-07 11:36 . 2011-03-07 11:36        --------        d-----w-        c:\users\Vijay\AppData\Local\Ironclad Games
2011-03-07 11:27 . 2011-03-07 11:34        --------        d-----w-        c:\program files\Sins of a Solar Empire
2011-03-07 11:27 . 2011-03-07 11:27        --------        d-----w-        c:\users\Vijay\AppData\Local\Stardock
2011-03-03 15:45 . 2009-07-14 01:15        90624        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL
2011-03-03 12:08 . 2011-03-03 12:08        --------        d-----w-        c:\users\Vijay\AppData\Local\Opera
2011-03-03 12:08 . 2011-03-03 12:08        --------        d-----w-        c:\program files\Opera
2011-03-03 11:38 . 2011-03-09 16:48        --------        d-----w-        c:\program files\MSECache
2011-03-02 10:33 . 2011-03-17 15:12        --------        d-----w-        c:\users\Vijay\AppData\Local\CutePDF Writer
2011-03-02 10:23 . 2011-03-02 10:23        --------        d-----w-        c:\program files\GPLGS
2011-03-02 10:23 . 2009-11-05 07:39        87552        ----a-w-        c:\windows\system32\cpwmon2k.dll
2011-03-02 10:23 . 2011-03-02 10:23        --------        d-----w-        c:\program files\Acro Software
2011-03-02 09:36 . 2011-03-02 09:36        --------        d-----w-        c:\users\Vijay\AppData\Roaming\MathWorks
2011-03-01 23:38 . 2004-03-01 21:05        407104        ----a-w-        c:\windows\system32\MSHFLXGD.OCX
2011-03-01 23:38 . 2004-02-11 13:37        203976        ----a-w-        c:\windows\system32\RICHTX32.OCX
2011-03-01 23:38 . 2004-07-29 20:35        1077344        ----a-w-        c:\windows\system32\mscomctl.ocx
2011-03-01 23:38 . 2002-02-14 09:26        647872        ----a-w-        c:\windows\system32\mscomct2.ocx
2011-03-01 23:18 . 2011-03-01 23:18        --------        d-----w-        c:\program files\MATLAB
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-29 15:06 . 2011-02-13 16:05        17408        ----a-w-        c:\windows\system32\rpcnetp.exe
2011-03-29 15:06 . 2011-02-13 16:34        58288        ----a-w-        c:\windows\system32\rpcnet.dll
2011-03-24 14:29 . 2011-02-13 16:06        17408        ----a-w-        c:\windows\system32\rpcnetp.dll
2011-03-18 11:25 . 2011-02-13 17:51        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-03-11 07:22 . 2010-06-24 10:33        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-13 17:16 . 2011-02-13 17:16        39712        ----a-w-        c:\windows\system32\drivers\psd.sys
2011-02-13 17:03 . 2011-02-13 17:07        252440        ----a-w-        c:\windows\system32\PROUnstl.exe
2011-02-13 17:03 . 2009-06-03 16:39        61632        ----a-w-        c:\windows\system32\NicInstY.dll
2011-02-13 17:03 . 2009-06-12 17:20        221912        ----a-w-        c:\windows\system32\drivers\e1y6232.sys
2011-02-13 17:03 . 2009-05-26 09:05        28792        ----a-w-        c:\windows\system32\NicCo36.dll
2011-02-13 17:03 . 2007-12-14 12:06        121440        ----a-w-        c:\windows\system32\e1000msg.dll
2011-02-13 16:58 . 2011-02-13 16:58        230496        ----a-w-        c:\windows\system32\PRONtObj.dll
2011-02-13 16:58 . 2011-02-13 16:58        111840        ----a-w-        c:\windows\system32\drivers\iANSW60.sys
2011-02-13 16:34 . 2011-02-13 16:34        13160        ----a-w-        c:\windows\system32\Upgrd.exe
2011-02-13 16:33 . 2011-02-13 16:34        58288        ------w-        c:\windows\system32\rpcnet.exe
2011-02-03 05:45 . 2011-02-13 17:28        219008        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 16:11 . 2011-02-13 16:29        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-02-02 16:10 . 2011-02-13 16:29        5890896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD414E80-0F44-4797-B4AD-FFB74051D981}\mpengine.dll
2011-01-10 13:23 . 2011-02-13 17:51        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-01-07 07:31 . 2011-02-23 05:52        442880        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 05:52        288256        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-13 17:33        34304        ----a-w-        c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-13 17:33        294400        ----a-w-        c:\windows\system32\atmfd.dll
2011-01-05 05:37 . 2011-02-13 17:33        428032        ----a-w-        c:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-13 17:33        2329088        ----a-w-        c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-03-14 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-15 7739936]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-04-14 217088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Vijay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Anleitung.exe [2011-3-14 365461]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-14 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-10 218688]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2011-02-13 39712]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-05-06 583360]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2011-02-13 221912]
.
.
.
------- Zusätzlicher Suchlauf -------
.
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
DPF: Deployer - hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn.ethz.ch/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Vijay\AppData\Roaming\Mozilla\Firefox\Profiles\hmy4df5k.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-Sins of a Solar Empire - c:\programdata\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}\setup.exe
AddRemove-{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41} - c:\programdata\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-03-30  00:44:26
ComboFix-quarantined-files.txt  2011-03-29 22:44
.
Vor Suchlauf: 9 Verzeichnis(se), 96'068'808'704 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 95'974'150'144 Bytes frei
.
- - End Of File - - 71DC26037A6905346988CE3C1D30808B

cosinus 30.03.2011 11:49
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

vijay 30.03.2011 12:51
Das tool sagt, dass keine infektion gefunden wurde:

TDSSkiller:
Code:
2011/03/30 13:47:32.0171 5068        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/30 13:47:32.0171 5068        ================================================================================
2011/03/30 13:47:32.0171 5068        SystemInfo:
2011/03/30 13:47:32.0171 5068       
2011/03/30 13:47:32.0171 5068        OS Version: 6.1.7600 ServicePack: 0.0
2011/03/30 13:47:32.0171 5068        Product type: Workstation
2011/03/30 13:47:32.0171 5068        ComputerName: VJ
2011/03/30 13:47:32.0171 5068        UserName: Vijay
2011/03/30 13:47:32.0171 5068        Windows directory: C:\Windows
2011/03/30 13:47:32.0171 5068        System windows directory: C:\Windows
2011/03/30 13:47:32.0171 5068        Processor architecture: Intel x86
2011/03/30 13:47:32.0171 5068        Number of processors: 2
2011/03/30 13:47:32.0171 5068        Page size: 0x1000
2011/03/30 13:47:32.0171 5068        Boot type: Normal boot
2011/03/30 13:47:32.0171 5068        ================================================================================
2011/03/30 13:47:32.0436 5068        Initialize success
2011/03/30 13:47:37.0381 0732        ================================================================================
2011/03/30 13:47:37.0381 0732        Scan started
2011/03/30 13:47:37.0381 0732        Mode: Manual;
2011/03/30 13:47:37.0381 0732        ================================================================================
2011/03/30 13:47:38.0660 0732        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/30 13:47:38.0707 0732        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/30 13:47:38.0769 0732        AcpiPmi        (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/30 13:47:38.0832 0732        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/30 13:47:39.0003 0732        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/30 13:47:39.0081 0732        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/30 13:47:39.0159 0732        AFD            (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/03/30 13:47:39.0347 0732        AgereSoftModem  (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/03/30 13:47:39.0471 0732        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/30 13:47:39.0534 0732        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/03/30 13:47:39.0690 0732        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/30 13:47:39.0799 0732        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/03/30 13:47:39.0893 0732        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/30 13:47:39.0955 0732        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/30 13:47:40.0033 0732        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/30 13:47:40.0080 0732        amdsata        (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/30 13:47:40.0173 0732        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/30 13:47:40.0283 0732        amdxata        (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/30 13:47:40.0423 0732        ApfiltrService  (d024bf7b3b76df9a5598b49fb0d17775) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/03/30 13:47:40.0517 0732        AppID          (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/03/30 13:47:40.0610 0732        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/03/30 13:47:40.0641 0732        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/30 13:47:40.0704 0732        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/30 13:47:40.0953 0732        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/30 13:47:41.0078 0732        ATSwpWDF        (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
2011/03/30 13:47:41.0203 0732        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/03/30 13:47:41.0281 0732        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/03/30 13:47:41.0421 0732        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/03/30 13:47:41.0515 0732        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/30 13:47:41.0577 0732        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/03/30 13:47:41.0733 0732        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/30 13:47:41.0811 0732        bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/30 13:47:41.0874 0732        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/30 13:47:41.0921 0732        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/30 13:47:42.0030 0732        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/03/30 13:47:42.0123 0732        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/30 13:47:42.0201 0732        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/30 13:47:42.0295 0732        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/30 13:47:42.0420 0732        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/30 13:47:42.0654 0732        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/30 13:47:42.0732 0732        cdrom          (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/30 13:47:42.0810 0732        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/30 13:47:42.0919 0732        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/03/30 13:47:43.0044 0732        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/30 13:47:43.0122 0732        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/30 13:47:43.0200 0732        CNG            (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/03/30 13:47:43.0293 0732        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/30 13:47:43.0403 0732        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/30 13:47:43.0465 0732        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/30 13:47:43.0574 0732        CSC            (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/03/30 13:47:43.0746 0732        DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/03/30 13:47:43.0824 0732        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/03/30 13:47:43.0917 0732        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/03/30 13:47:44.0120 0732        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/03/30 13:47:44.0229 0732        dtsoftbus01    (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/03/30 13:47:44.0510 0732        DXGKrnl        (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/30 13:47:44.0651 0732        e1yexpress      (44a91d98d6719b49bcd649a863225b5c) C:\Windows\system32\DRIVERS\e1y6232.sys
2011/03/30 13:47:44.0978 0732        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/03/30 13:47:45.0181 0732        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/30 13:47:45.0275 0732        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/30 13:47:45.0353 0732        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/03/30 13:47:45.0399 0732        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/03/30 13:47:45.0509 0732        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/30 13:47:45.0587 0732        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/03/30 13:47:45.0805 0732        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/03/30 13:47:45.0867 0732        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/30 13:47:45.0930 0732        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/03/30 13:47:46.0039 0732        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/03/30 13:47:46.0086 0732        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/30 13:47:46.0195 0732        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/30 13:47:46.0257 0732        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/30 13:47:46.0382 0732        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/30 13:47:46.0476 0732        HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/03/30 13:47:46.0523 0732        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/30 13:47:46.0632 0732        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/30 13:47:46.0710 0732        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/30 13:47:46.0757 0732        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/30 13:47:46.0850 0732        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/30 13:47:46.0944 0732        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/30 13:47:47.0022 0732        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/03/30 13:47:47.0240 0732        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/30 13:47:47.0349 0732        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/30 13:47:47.0443 0732        iaStorV        (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/30 13:47:48.0441 0732        igfx            (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/30 13:47:48.0769 0732        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/30 13:47:49.0143 0732        IntcAzAudAddService (e846f87239c4a92b14a56f8b90b24383) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/30 13:47:49.0377 0732        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/30 13:47:49.0455 0732        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/30 13:47:49.0565 0732        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/30 13:47:49.0705 0732        IPMIDRV        (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/30 13:47:49.0799 0732        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/03/30 13:47:49.0877 0732        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/03/30 13:47:49.0923 0732        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/30 13:47:49.0986 0732        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/30 13:47:50.0079 0732        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/30 13:47:50.0157 0732        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/30 13:47:50.0235 0732        KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/30 13:47:50.0329 0732        KSecPkg        (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/30 13:47:50.0454 0732        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/30 13:47:50.0547 0732        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/30 13:47:50.0625 0732        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/30 13:47:50.0688 0732        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/30 13:47:50.0750 0732        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/30 13:47:50.0844 0732        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/03/30 13:47:50.0937 0732        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/30 13:47:51.0047 0732        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/30 13:47:51.0140 0732        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/03/30 13:47:51.0187 0732        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/30 13:47:51.0281 0732        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/30 13:47:51.0374 0732        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/30 13:47:51.0437 0732        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/03/30 13:47:51.0483 0732        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/30 13:47:51.0577 0732        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/30 13:47:51.0749 0732        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/03/30 13:47:51.0842 0732        mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/30 13:47:51.0967 0732        mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/30 13:47:52.0014 0732        mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/30 13:47:52.0092 0732        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/30 13:47:52.0279 0732        msdsm          (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/30 13:47:52.0482 0732        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/03/30 13:47:52.0575 0732        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/30 13:47:52.0685 0732        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/30 13:47:52.0809 0732        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/30 13:47:52.0965 0732        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/30 13:47:53.0075 0732        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/03/30 13:47:53.0231 0732        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/03/30 13:47:53.0433 0732        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/30 13:47:53.0543 0732        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/03/30 13:47:53.0730 0732        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/30 13:47:53.0792 0732        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/03/30 13:47:53.0886 0732        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/30 13:47:53.0964 0732        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/03/30 13:47:54.0057 0732        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/30 13:47:54.0120 0732        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/30 13:47:54.0229 0732        Ndisuio        (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/30 13:47:54.0276 0732        NdisWan        (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/30 13:47:54.0323 0732        NDProxy        (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/03/30 13:47:54.0401 0732        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/30 13:47:54.0479 0732        NetBT          (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/30 13:47:55.0383 0732        NETw5s32        (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
2011/03/30 13:47:56.0039 0732        netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/03/30 13:47:56.0288 0732        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/30 13:47:56.0351 0732        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/03/30 13:47:56.0413 0732        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/30 13:47:56.0507 0732        Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/03/30 13:47:56.0678 0732        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/03/30 13:47:56.0756 0732        nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/30 13:47:56.0819 0732        nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/30 13:47:56.0912 0732        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/30 13:47:57.0021 0732        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/30 13:47:57.0084 0732        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/03/30 13:47:57.0115 0732        partmgr        (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/03/30 13:47:57.0146 0732        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/30 13:47:57.0209 0732        pci            (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/03/30 13:47:57.0255 0732        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/30 13:47:57.0380 0732        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/30 13:47:57.0443 0732        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/03/30 13:47:57.0489 0732        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/03/30 13:47:57.0645 0732        PersonalSecureDrive (ce90b67ca2e16af5a71a5680f8287ca8) C:\Windows\System32\drivers\psd.sys
2011/03/30 13:47:57.0786 0732        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/30 13:47:57.0848 0732        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/03/30 13:47:57.0911 0732        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/30 13:47:58.0051 0732        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/30 13:47:58.0191 0732        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/30 13:47:58.0238 0732        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/30 13:47:58.0285 0732        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/30 13:47:58.0410 0732        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/30 13:47:58.0550 0732        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/30 13:47:58.0613 0732        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/30 13:47:58.0722 0732        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/30 13:47:58.0800 0732        rdbss          (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/30 13:47:58.0878 0732        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/30 13:47:58.0956 0732        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/30 13:47:59.0174 0732        RDPDR          (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/03/30 13:47:59.0299 0732        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/30 13:47:59.0408 0732        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/30 13:47:59.0471 0732        RDPWD          (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/03/30 13:47:59.0595 0732        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/03/30 13:47:59.0767 0732        rismxdp        (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/03/30 13:47:59.0876 0732        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/30 13:47:59.0970 0732        s3cap          (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/03/30 13:48:00.0079 0732        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/30 13:48:00.0188 0732        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/30 13:48:00.0360 0732        sdbus          (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/30 13:48:00.0469 0732        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/30 13:48:00.0563 0732        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/30 13:48:00.0641 0732        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/03/30 13:48:00.0687 0732        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/30 13:48:00.0953 0732        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/30 13:48:01.0062 0732        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/30 13:48:01.0124 0732        sffp_sd        (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/30 13:48:01.0202 0732        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/30 13:48:01.0343 0732        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/03/30 13:48:01.0608 0732        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/30 13:48:01.0733 0732        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/30 13:48:01.0951 0732        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/03/30 13:48:02.0060 0732        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/03/30 13:48:02.0247 0732        srv            (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/30 13:48:02.0357 0732        srv2            (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/30 13:48:02.0497 0732        srvnet          (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/30 13:48:02.0606 0732        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/03/30 13:48:02.0731 0732        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/30 13:48:02.0825 0732        storflt        (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/03/30 13:48:02.0949 0732        storvsc        (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/03/30 13:48:03.0121 0732        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/30 13:48:03.0433 0732        Tcpip          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/03/30 13:48:03.0729 0732        TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/30 13:48:03.0963 0732        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/30 13:48:04.0073 0732        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/03/30 13:48:04.0119 0732        TDTCP          (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/03/30 13:48:04.0260 0732        tdx            (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/30 13:48:04.0338 0732        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/30 13:48:04.0447 0732        TPM            (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
2011/03/30 13:48:04.0509 0732        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/30 13:48:04.0603 0732        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/30 13:48:04.0759 0732        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/30 13:48:04.0884 0732        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/30 13:48:04.0978 0732        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/30 13:48:05.0056 0732        umbus          (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/30 13:48:05.0118 0732        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/30 13:48:05.0368 0732        usbccgp        (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/30 13:48:05.0461 0732        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/30 13:48:05.0539 0732        usbehci        (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/30 13:48:05.0617 0732        usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/30 13:48:05.0680 0732        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/30 13:48:05.0758 0732        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/30 13:48:05.0836 0732        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/30 13:48:05.0960 0732        USBSTOR        (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/30 13:48:06.0179 0732        usbuhci        (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/30 13:48:06.0304 0732        usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/03/30 13:48:06.0382 0732        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/30 13:48:06.0475 0732        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/30 13:48:06.0553 0732        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/03/30 13:48:06.0600 0732        vhdmp          (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/30 13:48:06.0678 0732        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/03/30 13:48:06.0787 0732        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/03/30 13:48:06.0928 0732        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/30 13:48:07.0021 0732        vmbus          (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/03/30 13:48:07.0068 0732        VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/03/30 13:48:07.0146 0732        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/30 13:48:07.0286 0732        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/03/30 13:48:07.0349 0732        volsnap        (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/30 13:48:07.0442 0732        vpnva          (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys
2011/03/30 13:48:07.0552 0732        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/30 13:48:07.0630 0732        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/03/30 13:48:07.0692 0732        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/03/30 13:48:07.0786 0732        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/30 13:48:07.0895 0732        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/30 13:48:07.0910 0732        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/30 13:48:07.0973 0732        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/03/30 13:48:08.0004 0732        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/30 13:48:08.0160 0732        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/30 13:48:08.0222 0732        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/03/30 13:48:08.0300 0732        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/30 13:48:08.0363 0732        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/30 13:48:08.0472 0732        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/03/30 13:48:08.0550 0732        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/30 13:48:08.0628 0732        ================================================================================
2011/03/30 13:48:08.0628 0732        Scan finished
2011/03/30 13:48:08.0628 0732        ================================================================================

cosinus 30.03.2011 15:29
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

vijay 31.03.2011 17:35
So die probleme haben sich in der zwischenzeit etwas verändert, die popups sind nach den ersten schritten hier verschwunden, dafür wurde ich auf googel häufig auf werbeseiten weitergeleitet und heute wurde das system unter wildem rumspringen zwischen laufenden programmen runtergefahren.

hier die gewünschten logs:

gmer:
Code:
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-31 18:20:16
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G1 rev.0040020C
Running: g2m3e4r.exe; Driver: C:\Users\Vijay\AppData\Local\Temp\pxldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                                        82C8D589 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                82CB2092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE            peauth.sys                                                                                                                            A9F7102C 102 Bytes  CALL B5C9F8BB

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!CreateWindowExW                                                        764B0E51 5 Bytes  JMP 6CF4818F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!DrawTextExW                                                            764B7BDD 5 Bytes  JMP 02CFC8DF
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!DrawTextW                                                              764B8220 5 Bytes  JMP 02CFC71B
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!SetClipboardData                                                      764C4979 5 Bytes  JMP 02CFC392
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!DrawTextA                                                              764CA482 5 Bytes  JMP 02CFC63F
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!DrawTextExA                                                            764CA4B9 5 Bytes  JMP 02CFC7F7
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!DialogBoxIndirectParamW                                                764D4AA7 5 Bytes  JMP 6D06FE68 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!DialogBoxParamW                                                        764D564A 5 Bytes  JMP 02CFB9F5
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!DialogBoxParamA                                                        764ECF6A 5 Bytes  JMP 6D06FE05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!DialogBoxIndirectParamA                                                764ED29C 5 Bytes  JMP 6D06FECB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!MessageBoxIndirectA                                                    764FE8C9 5 Bytes  JMP 6D06FD9A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!MessageBoxIndirectW                                                    764FE9C3 5 Bytes  JMP 6D06FD2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!MessageBoxExA                                                          764FEA29 5 Bytes  JMP 6D06FCCD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!MessageBoxExW                                                          764FEA4D 5 Bytes  JMP 6D06FC6B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] GDI32.dll!ExtTextOutW                                                            76458053 5 Bytes  JMP 02CFCAAC
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] GDI32.dll!GetGlyphIndicesW                                                        7645B521 5 Bytes  JMP 02CFCF2D
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] GDI32.dll!ExtTextOutA                                                            76460158 5 Bytes  JMP 02CFC9C7
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] GDI32.dll!TextOutA                                                                76460878 5 Bytes  JMP 02CFC4A5
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] GDI32.dll!TextOutW                                                                764714B9 5 Bytes  JMP 02CFC572
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] GDI32.dll!GetGlyphIndicesA                                                        7647BC42 5 Bytes  JMP 02CFCE63
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!closesocket                                                            757B3BED 5 Bytes  JMP 02CFC304
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!recv                                                                  757B47DF 5 Bytes  JMP 02CFC093
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!GetAddrInfoW                                                          757B60F5 2 Bytes  JMP 02CFB696
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!GetAddrInfoW + 3                                                      757B60F8 2 Bytes  [54, 8D]
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!getaddrinfo                                                            757B6737 5 Bytes  JMP 02CFB5B6
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!WSASend                                                                757B68A7 5 Bytes  JMP 02CFC13D
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!WSARecv                                                                757BC29F 5 Bytes  JMP 02CFC20E
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!send                                                                  757BC4C8 5 Bytes  JMP 02CFBFED
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!WSAAsyncGetHostByName                                                  757C6D2A 5 Bytes  JMP 02CFB91A
.text          C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!gethostbyname                                                          757C7133 5 Bytes  JMP 02CFB4F9
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!CreateDialogParamW                                                    764A9BFF 5 Bytes  JMP 6CE9C570 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!EnableWindow                                                          764AA72E 5 Bytes  JMP 6CE9C4EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!GetAsyncKeyState                                                      764AC09A 5 Bytes  JMP 6CE5D6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!UnhookWindowsHookEx                                                  764ACC7B 5 Bytes  JMP 6CF583A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!CallNextHookEx                                                        764ACC8F 5 Bytes  JMP 6CF39D8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!CreateWindowExW                                                      764B0E51 5 Bytes  JMP 6CF4818F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!SetWindowsHookExW                                                    764B210A 5 Bytes  JMP 6CEF4643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!GetKeyState                                                          764B4FDA 5 Bytes  JMP 6CE9D762 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!IsDialogMessageW                                                      764B6F06 5 Bytes  JMP 6CE64284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!DrawTextExW                                                          764B7BDD 5 Bytes  JMP 01B0C8DF
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!DrawTextW                                                            764B8220 5 Bytes  JMP 01B0C71B
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!CreateDialogParamA                                                    764C3E79 5 Bytes  JMP 6D070A5E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!IsDialogMessage                                                      764C407A 5 Bytes  JMP 6D0702FF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!SetClipboardData                                                      764C4979 5 Bytes  JMP 01B0C392
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!CreateDialogIndirectParamA                                            764C9110 5 Bytes  JMP 6D070A95 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!DrawTextA                                                            764CA482 5 Bytes  JMP 01B0C63F
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!DrawTextExA                                                          764CA4B9 5 Bytes  JMP 01B0C7F7
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!CreateDialogIndirectParamW                                            764D08AD 5 Bytes  JMP 6D070ACC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!DialogBoxIndirectParamW                                              764D4AA7 5 Bytes  JMP 6D06FE68 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!EndDialog                                                            764D555C 5 Bytes  JMP 6CE65AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!DialogBoxParamW                                                      764D564A 5 Bytes  JMP 01B0B9F5
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!SetKeyboardState                                                      764D6B52 5 Bytes  JMP 6D070664 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!SendInput                                                            764D7055 5 Bytes  JMP 6D071228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!SetCursorPos                                                          764EC1D8 5 Bytes  JMP 6D071280 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!DialogBoxParamA                                                      764ECF6A 5 Bytes  JMP 6D06FE05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!DialogBoxIndirectParamA                                              764ED29C 5 Bytes  JMP 6D06FECB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!MessageBoxIndirectA                                                  764FE8C9 5 Bytes  JMP 6D06FD9A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!MessageBoxIndirectW                                                  764FE9C3 5 Bytes  JMP 6D06FD2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!MessageBoxExA                                                        764FEA29 5 Bytes  JMP 6D06FCCD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!MessageBoxExW                                                        764FEA4D 5 Bytes  JMP 6D06FC6B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!keybd_event                                                          764FEC9B 5 Bytes  JMP 6D0715B3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] GDI32.dll!ExtTextOutW                                                            76458053 5 Bytes  JMP 01B0CAAC
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] GDI32.dll!GetGlyphIndicesW                                                      7645B521 5 Bytes  JMP 01B0CF2D
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] GDI32.dll!ExtTextOutA                                                            76460158 5 Bytes  JMP 01B0C9C7
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] GDI32.dll!TextOutA                                                              76460878 5 Bytes  JMP 01B0C4A5
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] GDI32.dll!TextOutW                                                              764714B9 5 Bytes  JMP 01B0C572
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] GDI32.dll!GetGlyphIndicesA                                                      7647BC42 5 Bytes  JMP 01B0CE63
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] SHELL32.dll!SHChangeNotification_Lock + 45BA                                    7660B440 4 Bytes  [11, 36, 39, 6E]
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] SHELL32.dll!SHChangeNotification_Lock + 45C2                                    7660B448 8 Bytes  [5F, 35, 39, 6E, D0, 73, 38, ...]
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] ole32.dll!OleLoadFromStream                                                      76155BF6 5 Bytes  JMP 6D0701BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] ole32.dll!CoCreateInstance                                                      761A590C 5 Bytes  JMP 6CF48C7D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!closesocket                                                          757B3BED 5 Bytes  JMP 01B0C304
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!recv                                                                  757B47DF 5 Bytes  JMP 01B0C093
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!GetAddrInfoW                                                          757B60F5 2 Bytes  JMP 01B0B696
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!GetAddrInfoW + 3                                                      757B60F8 2 Bytes  [35, 8C]
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!getaddrinfo                                                          757B6737 5 Bytes  JMP 01B0B5B6
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!WSASend                                                              757B68A7 5 Bytes  JMP 01B0C13D
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!WSARecv                                                              757BC29F 5 Bytes  JMP 01B0C20E
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!send                                                                  757BC4C8 5 Bytes  JMP 01B0BFED
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!WSAAsyncGetHostByName                                                757C6D2A 5 Bytes  JMP 01B0B91A
.text          C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!gethostbyname                                                        757C7133 5 Bytes  JMP 01B0B4F9

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\system32\rpcnet.exe[612] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                      [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rpcnet.exe[612] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                    [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rpcnet.exe[612] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                  [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rpcnet.exe[612] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                    [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rpcnet.exe[612] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                                    [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rpcnet.exe[612] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                                    [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rundll32.exe[1476] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                  [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rundll32.exe[1476] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                  [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rundll32.exe[1476] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rundll32.exe[1476] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rundll32.exe[1476] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                                [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rundll32.exe[1476] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                                [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                        [73982494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                  [73965624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                  [739656E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                        [7398250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                              [73978573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                [73974D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                [739750CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                              [739751A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                                      [739766D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                [739782CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                          [73978819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                        [7397907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                              [7397E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                  [73974C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                [6E379F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW]                      [6E383932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                  [6E381ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                  [6E37C028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW]            [6E383B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose]                        [6E38595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW]                    [6E3847A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW]                  [6E384EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA]                  [6E381D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW]        [6E37F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                  [6E379F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                    [6E381BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW]                      [6E3806BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW]      [6E37FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                    [6E381ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                      [6E381A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW]                        [6E380043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW]                      [6E380CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW]                      [6E383932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                      [6E381BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                    [6E379F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW]                      [6E3806BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                    [6E381BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW]                    [6E380CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW]                    [6E382ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA]        [6E37F1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW]        [6E37F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW]      [6E37FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                    [6E381A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                  [6E381ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW]                  [6E384EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW]                  [6E3847A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW]              [6E37DF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW]                    [6E3806BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW]                    [6E383932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW]              [6E37DCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA]              [6E37DE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA]                    [6E380571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                  [6E379F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]                  [6E381D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA]              [6E37DBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA]                    [6E3841F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose]                      [6E38595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA]                  [6E384735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA]                  [6E384B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA]                      [6E38823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW]                [6E3889C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW]                      [6E388584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW]                  [6E387E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW]            [6E388CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W]                [6E3890D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW]                    [6E387C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA]                    [6E388D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW]                [6E387F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW]          [6E38794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW]              [6E387D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW]                    [6E388898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW]              [6E3886C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW]                  [6E388760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW]              [6E387EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW]              [6E389B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW]                  [6E38958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA]                  [6E3899D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW]            [6E388026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA]                [6E387F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA]                  [6E387AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW]                    [6E3897FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW]                [6E387BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW]                    [6E389C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW]                [6E3898B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW]                  [6E3877ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW]            [6E3896FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW]                  [6E3881EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW]              [6E3880BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW]                      [6E388286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW]                    [6E388D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW]                  [6E387DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW]                    [6E388F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW]                  [6E38892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW]                  [6E389A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW]                  [6E3892E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW]                      [6E389E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW]                  [6E388E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW]                  [6E387B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW]                      [6E389029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW]                [6E38789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW]                      [6E3883BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW]            [6E38861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW]          [6E388A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW]                [6E388454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW]            [6E3884EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW]                  [6E389974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW]                    [6E388EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile]              [6E37D9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu]                    [02A89DB2] C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitcth/Orbitdownloader.com)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW]                        [6E380F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW]                          [6E381904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW]              [6E38141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                    [6E381A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW]                [6E3809C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW]      [6E37FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW]    [6E37F834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW]  [6E37F084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW]                    [6E3827FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                    [6E381BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW]        [6E37F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW]          [6E37EB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA]              [6E37E563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW]                    [6E382ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW]                      [6E3827DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW]                  [6E37E901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW]                      [6E380043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW]      [6E37EE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                      [6E381BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                      [6E381A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW]                  [6E389974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA]                  [6E389916] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA]          [6E388A0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA]                    [6E388D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW]                  [6E388E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW]              [6E387D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA]                      [6E388FCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA]                      [6E389E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW]                      [6E389029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW]                      [6E389E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW]                    [6E387C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                  [6E379F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                  [6E379F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT            C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress]                  [6E379F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004c                                                                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
osam:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:29:31 on 31.03.2011

OS: Windows 7  (Build 7600), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"IfxSpMgt.cpl" - "Infineon Technologies AG" - C:\Program Files\Infineon\Security Platform Software\IfxSpMgt.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Vijay\AppData\Local\Temp\catchme.sys  (File not found)
"pxldypow" (pxldypow) - ? - C:\Users\Vijay\AppData\Local\Temp\pxldypow.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{E08BF9C5-191E-4B15-8F67-2622B4DB5580} "PSDShCtrl Class" - "Infineon Technologies AG" - C:\Program Files\Infineon\Security Platform Software\PSDShExt.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "Snagit" - "TechSmith Corporation" - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
{CF74B903-3389-469c-B3B6-0204D204FCBD} "SnagItShellExt Class" - "TechSmith Corporation" - C:\Program Files\TechSmith\Snagit 10\SnagitShellExt.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{55963676-2F5E-4BAF-AC28-CF26AA587566} "Cisco AnyConnect VPN Client Web Control" - "Cisco Systems, Inc." - C:\Windows\system32\vpnweb.ocx / https://sslvpn.ethz.ch/CACHE/stc/1/binaries/vpnweb.cab
Deployer "Deployer" - ? -  (File not found | COM-object registry key not found) / hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10m.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "Snagit" - "TechSmith Corporation" - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Program Files\Orbitdownloader\orbitcth.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{00C6482D-C502-44C8-8409-FCE54AD9C208} "SnagIt Toolbar Loader" - "TechSmith Corporation" - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Vijay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"ERUNT AutoBackup.lnk" - ? - C:\Program Files\ERUNT\AUTOBACK.EXE  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Anleitung.exe" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"RegistryBooster" - "Uniblue Systems Limited" - "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"CutePDF Writer Monitor" - ? - C:\Windows\system32\cpwmon2k.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Personal Secure Drive-Dienst" (PersonalSecureDriveService) - "Infineon Technologies AG" - C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe
"Remote Procedure Call (RPC) Net" (rpcnet) - "Absolute Software Corp." - C:\Windows\system32\rpcnet.exe
"Security Platform Management Service" (IFXSpMgtSrv) - ? - C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe  (File not found)
"Trusted Platform Core Service" (IFXTCS) - "Infineon Technologies AG" - C:\Program Files\Infineon\Security Platform Software\ifxtcs.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
MBRCheck:
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Professional
Windows Information:                (build 7600), 32-bit
Base Board Manufacturer:        TOSHIBA
BIOS Manufacturer:                TOSHIBA
System Manufacturer:                TOSHIBA
System Product Name:                TECRA A10
Logical Drives Mask:                0x0000005c

Kernel Drivers (total 165):
  0x82C4A000 \SystemRoot\system32\ntkrnlpa.exe
  0x82C13000 \SystemRoot\system32\halmacpi.dll
  0x80BB5000 \SystemRoot\system32\kdcom.dll
  0x83202000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8327A000 \SystemRoot\system32\PSHED.dll
  0x8328B000 \SystemRoot\system32\BOOTVID.dll
  0x83293000 \SystemRoot\system32\CLFS.SYS
  0x832D5000 \SystemRoot\system32\CI.dll
  0x83380000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x833F1000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8AA2F000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x8AA77000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x8AA80000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x8AA88000 \SystemRoot\system32\DRIVERS\pci.sys
  0x8AAB2000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x8AABD000 \SystemRoot\System32\drivers\partmgr.sys
  0x8AACE000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8AAD6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8AAE1000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x8AAF1000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8AB3C000 \SystemRoot\system32\DRIVERS\pcmcia.sys
  0x8AB6A000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8AB80000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x8AB89000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x8ABAC000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x8ABB6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x8ABC4000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x8AC1D000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8AC51000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8AC62000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8AD91000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8ADBC000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8AE0F000 \SystemRoot\System32\Drivers\cng.sys
  0x8AE6C000 \SystemRoot\System32\drivers\pcw.sys
  0x8AE7A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8AE83000 \SystemRoot\system32\drivers\ndis.sys
  0x8AF3A000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8AF78000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8B00D000 \SystemRoot\System32\drivers\tcpip.sys
  0x8B156000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8B187000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x8B190000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8B1CF000 \SystemRoot\System32\Drivers\spldr.sys
  0x8AF9D000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8B1D7000 \SystemRoot\System32\Drivers\mup.sys
  0x8B1E7000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8AFCA000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8B1EF000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8ADCF000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8AC11000 \SystemRoot\System32\drivers\psd.sys
  0x8ABCD000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8ABEC000 \SystemRoot\System32\Drivers\Null.SYS
  0x8ABF3000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8AA00000 \SystemRoot\System32\drivers\vga.sys
  0x8AA0C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8FC1A000 \SystemRoot\System32\drivers\watchdog.sys
  0x8FC27000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8FC2F000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8FC37000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x8FC3F000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8FC4A000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8FC58000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8FC6F000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8FC7A000 \SystemRoot\system32\drivers\afd.sys
  0x8FCD4000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8FD06000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x8FD0D000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8FD2C000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x8FD3D000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8FD4B000 \SystemRoot\system32\DRIVERS\serial.sys
  0x8FD65000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
  0x8FDA0000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8FDB3000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8FDC3000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x92836000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x92877000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x92881000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x9288B000 \SystemRoot\System32\drivers\discache.sys
  0x92897000 \SystemRoot\system32\drivers\csc.sys
  0x928FB000 \SystemRoot\System32\Drivers\dfsc.sys
  0x92913000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x92921000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x92947000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x92C37000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x9363A000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x936F1000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x9372A000 \SystemRoot\system32\DRIVERS\e1y6232.sys
  0x93764000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x9376F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x937BA000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x937C9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x93E15000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
  0x94491000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x9449B000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x944C7000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0x944E0000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
  0x94531000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x94549000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x94556000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x9458C000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x94599000 \SystemRoot\system32\drivers\tpm.sys
  0x945A5000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x945AF000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x945B3000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x945C5000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x945D2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x945E4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x93E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x93600000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x93622000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x937E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x93554000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x93E0B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x945FC000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x9356B000 \SystemRoot\system32\DRIVERS\ks.sys
  0x9359F000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x935AD000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x92C00000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x94827000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x94ACB000 \SystemRoot\system32\drivers\portcls.sys
  0x94AFA000 \SystemRoot\system32\drivers\drmk.sys
  0x94C14000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0x94D1A000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x94D1C000 \SystemRoot\system32\drivers\modem.sys
  0x94D29000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x94D40000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x94D64000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x94D71000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x94D7C000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x94D86000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x94B13000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
  0x95D00000 \SystemRoot\System32\win32k.sys
  0x94D97000 \SystemRoot\System32\drivers\Dxapi.sys
  0x94DA1000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x94DAC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x94DBF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x94DC6000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x95F60000 \SystemRoot\System32\TSDDD.dll
  0x95F90000 \SystemRoot\System32\cdd.dll
  0x94DDC000 \SystemRoot\system32\drivers\luafv.sys
  0x94BB0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x94BC5000 \SystemRoot\system32\drivers\WudfPf.sys
  0x94C00000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x92968000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x94BDF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x94800000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA9E3C000 \SystemRoot\system32\drivers\HTTP.sys
  0xA9EC1000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA9EDA000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA9EEC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA9F0F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA9F4A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA9F65000 \SystemRoot\system32\drivers\peauth.sys
  0xA9E00000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA9E0A000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA9E2B000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x929AE000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xAE00D000 \SystemRoot\System32\DRIVERS\srv.sys
  0xAE0C8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0xAE122000 \SystemRoot\system32\DRIVERS\monitor.sys
  0xAE12D000 \??\C:\Users\Vijay\AppData\Local\Temp\pxldypow.sys
  0x771C0000 \Windows\System32\ntdll.dll
  0x47B30000 \Windows\System32\smss.exe
  0x77400000 \Windows\System32\apisetschema.dll
  0x000C0000 \Windows\System32\autochk.exe

Processes (total 73):
      0 System Idle Process
      4 System
    224 C:\Windows\System32\smss.exe
    368 csrss.exe
    408 C:\Windows\System32\wininit.exe
    416 csrss.exe
    464 C:\Windows\System32\services.exe
    480 C:\Windows\System32\lsass.exe
    488 C:\Windows\System32\lsm.exe
    596 C:\Windows\System32\svchost.exe
    680 C:\Windows\System32\svchost.exe
    732 C:\Windows\System32\svchost.exe
    780 C:\Windows\System32\svchost.exe
    820 C:\Windows\System32\svchost.exe
    952 C:\Windows\System32\winlogon.exe
    992 C:\Windows\System32\svchost.exe
    1140 C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    1168 C:\Windows\System32\svchost.exe
    1360 C:\Windows\System32\spoolsv.exe
    1372 C:\Windows\System32\taskeng.exe
    1404 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1428 C:\Windows\System32\svchost.exe
    1476 C:\Windows\System32\rundll32.exe
    1560 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1640 C:\Windows\System32\svchost.exe
    1692 C:\Windows\System32\taskhost.exe
    1748 C:\Windows\System32\dwm.exe
    1780 C:\Windows\System32\taskeng.exe
    1824 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1852 C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
    1860 C:\Program Files\Infineon\Security Platform Software\IFXTCS.exe
    1960 C:\Windows\explorer.exe
    1992 C:\Windows\System32\conhost.exe
    348 C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe
    612 C:\Windows\System32\rpcnet.exe
    1040 C:\Windows\System32\svchost.exe
    2028 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2112 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2432 C:\Windows\System32\igfxtray.exe
    2440 C:\Windows\System32\hkcmd.exe
    2448 C:\Windows\System32\igfxpers.exe
    2468 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2552 C:\Program Files\Apoint2K\Apoint.exe
    2572 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2688 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2696 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    2744 C:\Program Files\Skype\Phone\Skype.exe
    2752 C:\Program Files\DAEMON Tools Lite\DTLite.exe
    2780 C:\Program Files\Windows Sidebar\sidebar.exe
    2848 C:\Windows\System32\StikyNot.exe
    3372 C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
    3464 C:\Windows\System32\SearchIndexer.exe
    3664 C:\Windows\System32\svchost.exe
    2640 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    2828 C:\Program Files\Apoint2K\ApMsgFwd.exe
    2604 C:\Program Files\Apoint2K\ApntEx.exe
    4004 C:\Windows\System32\conhost.exe
    3520 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4276 C:\Windows\System32\svchost.exe
    5320 dllhost.exe
    5804 C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe
    892 C:\Program Files\Internet Explorer\iexplore.exe
    5112 C:\Program Files\Internet Explorer\iexplore.exe
    6096 C:\Program Files\Orbitdownloader\orbitdm.exe
    5644 C:\Program Files\Orbitdownloader\orbitnet.exe
    4612 C:\Program Files\Internet Explorer\iexplore.exe
    2528 C:\Windows\System32\SearchProtocolHost.exe
    5508

cosinus 31.03.2011 17:51
Das von MBRCheck ist unvollständig.

vijay 01.04.2011 10:41
MBRCheck:
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Professional
Windows Information:                (build 7600), 32-bit
Base Board Manufacturer:        TOSHIBA
BIOS Manufacturer:                TOSHIBA
System Manufacturer:                TOSHIBA
System Product Name:                TECRA A10
Logical Drives Mask:                0x0000005c

Kernel Drivers (total 165):
  0x82C01000 \SystemRoot\system32\ntkrnlpa.exe
  0x83011000 \SystemRoot\system32\halmacpi.dll
  0x80BA1000 \SystemRoot\system32\kdcom.dll
  0x83231000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x832A9000 \SystemRoot\system32\PSHED.dll
  0x832BA000 \SystemRoot\system32\BOOTVID.dll
  0x832C2000 \SystemRoot\system32\CLFS.SYS
  0x83304000 \SystemRoot\system32\CI.dll
  0x8AA0F000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8AA80000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8AA8E000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x8AAD6000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x8AADF000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x8AAE7000 \SystemRoot\system32\DRIVERS\pci.sys
  0x8AB11000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x8AB1C000 \SystemRoot\System32\drivers\partmgr.sys
  0x8AB2D000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8AB35000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8AB40000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x8AB50000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8AB9B000 \SystemRoot\system32\DRIVERS\pcmcia.sys
  0x8ABC9000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8ABDF000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x833AF000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x8ABE8000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x8ABF2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x8AA00000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x8AC3C000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8AC70000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8AC81000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8ADB0000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8ADDB000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8AE29000 \SystemRoot\System32\Drivers\cng.sys
  0x8AE86000 \SystemRoot\System32\drivers\pcw.sys
  0x8AE94000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8AE9D000 \SystemRoot\system32\drivers\ndis.sys
  0x8AF54000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8AF92000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8B019000 \SystemRoot\System32\drivers\tcpip.sys
  0x8B162000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8B193000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x8B19C000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8B1DB000 \SystemRoot\System32\Drivers\spldr.sys
  0x8AFB7000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8B1E3000 \SystemRoot\System32\Drivers\mup.sys
  0x8B1F3000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8AC00000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8B000000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8AE00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x833D2000 \SystemRoot\System32\drivers\psd.sys
  0x833DB000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8B011000 \SystemRoot\System32\Drivers\Null.SYS
  0x83200000 \SystemRoot\System32\Drivers\Beep.SYS
  0x83207000 \SystemRoot\System32\drivers\vga.sys
  0x8FE0B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8FE2C000 \SystemRoot\System32\drivers\watchdog.sys
  0x8FE39000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8FE41000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8FE49000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x8FE51000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8FE5C000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8FE6A000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8FE81000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8FE8C000 \SystemRoot\system32\drivers\afd.sys
  0x8FEE6000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8FF18000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x8FF1F000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8FF3E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x8FF4F000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8FF5D000 \SystemRoot\system32\DRIVERS\serial.sys
  0x8FF77000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
  0x8FFB2000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8FFC5000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8FFD5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x92821000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x92862000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x9286C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x92876000 \SystemRoot\System32\drivers\discache.sys
  0x92882000 \SystemRoot\system32\drivers\csc.sys
  0x928E6000 \SystemRoot\System32\Drivers\dfsc.sys
  0x928FE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x9290C000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x92932000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x92E1A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x93737000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x92953000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x9298C000 \SystemRoot\system32\DRIVERS\e1y6232.sys
  0x937EE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x92C1E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x92C69000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x92C78000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x93C14000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
  0x94290000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x9429A000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x942C6000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0x942DF000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
  0x94330000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x94348000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x94355000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x9438B000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x94398000 \SystemRoot\system32\drivers\tpm.sys
  0x943A4000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x943AE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x943B2000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x943C4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x943D1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x943E3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x93C00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x92C97000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x92CB9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x92CD1000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x92CE8000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x92CFF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x93C0B000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x92D09000 \SystemRoot\system32\DRIVERS\ks.sys
  0x92D3D000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x92D4B000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x92D8F000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x94820000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x94AC4000 \SystemRoot\system32\drivers\portcls.sys
  0x94AF3000 \SystemRoot\system32\drivers\drmk.sys
  0x9442D000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0x94533000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x94535000 \SystemRoot\system32\drivers\modem.sys
  0x94542000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x94559000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x94B0C000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
  0x96180000 \SystemRoot\System32\win32k.sys
  0x9457D000 \SystemRoot\System32\drivers\Dxapi.sys
  0x94587000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x94594000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x9459F000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x945A9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x945BA000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x945C5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x945D8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x945DF000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x945EA000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x963E0000 \SystemRoot\System32\TSDDD.dll
  0x96020000 \SystemRoot\System32\cdd.dll
  0x94400000 \SystemRoot\system32\drivers\luafv.sys
  0x94BA9000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x94BBE000 \SystemRoot\system32\drivers\WudfPf.sys
  0x9441B000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x92DA0000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x94BD8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x94BE8000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xAA224000 \SystemRoot\system32\drivers\HTTP.sys
  0xAA2A9000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xAA2C2000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xAA2D4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xAA2F7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xAA332000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xAA365000 \SystemRoot\system32\drivers\peauth.sys
  0xAA200000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x929C6000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xAA20A000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAEE3D000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xAEE8C000 \SystemRoot\System32\DRIVERS\srv.sys
  0xAEEDD000 \SystemRoot\system32\drivers\spsys.sys
  0xAEF47000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x770E0000 \Windows\System32\ntdll.dll
  0x477D0000 \Windows\System32\smss.exe
  0x77320000 \Windows\System32\apisetschema.dll
  0x00DF0000 \Windows\System32\autochk.exe

Processes (total 71):
      0 System Idle Process
      4 System
    224 C:\Windows\System32\smss.exe
    368 csrss.exe
    408 C:\Windows\System32\wininit.exe
    420 csrss.exe
    468 C:\Windows\System32\services.exe
    480 C:\Windows\System32\lsass.exe
    488 C:\Windows\System32\lsm.exe
    596 C:\Windows\System32\svchost.exe
    680 C:\Windows\System32\svchost.exe
    732 C:\Windows\System32\svchost.exe
    780 C:\Windows\System32\svchost.exe
    804 C:\Windows\System32\svchost.exe
    876 C:\Windows\System32\audiodg.exe
    944 C:\Windows\System32\svchost.exe
    972 C:\Windows\System32\winlogon.exe
    1144 C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    1168 C:\Windows\System32\svchost.exe
    1364 C:\Windows\System32\spoolsv.exe
    1372 C:\Windows\System32\taskeng.exe
    1408 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1428 C:\Windows\System32\svchost.exe
    1484 C:\Windows\System32\rundll32.exe
    1556 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1600 C:\Windows\System32\svchost.exe
    1624 C:\Program Files\Infineon\Security Platform Software\IFXTCS.exe
    1688 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1712 C:\Windows\System32\taskhost.exe
    1800 C:\Windows\System32\dwm.exe
    1836 C:\Windows\explorer.exe
    1844 C:\Windows\System32\conhost.exe
    1884 C:\Windows\System32\taskeng.exe
    1936 C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
    364 C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe
    540 C:\Windows\System32\rpcnet.exe
    1320 C:\Windows\System32\svchost.exe
    2040 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2312 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2500 C:\Windows\System32\igfxtray.exe
    2516 C:\Windows\System32\hkcmd.exe
    2528 C:\Windows\System32\igfxpers.exe
    2536 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2544 C:\Program Files\Apoint2K\Apoint.exe
    2556 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2584 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2628 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    2812 C:\Program Files\Skype\Phone\Skype.exe
    2820 C:\Program Files\DAEMON Tools Lite\DTLite.exe
    2828 C:\Program Files\Windows Sidebar\sidebar.exe
    2904 C:\Windows\System32\StikyNot.exe
    3264 C:\Windows\System32\SearchIndexer.exe
    3548 C:\Windows\System32\svchost.exe
    3884 C:\Program Files\Apoint2K\ApMsgFwd.exe
    3928 C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
    3940 C:\Program Files\Apoint2K\ApntEx.exe
    3972 C:\Windows\System32\conhost.exe
    2124 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2432 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    3892 C:\Program Files\Internet Explorer\iexplore.exe
    1244 C:\Windows\System32\SearchProtocolHost.exe
    3812 C:\Windows\System32\SearchFilterHost.exe
    2352 C:\Windows\System32\svchost.exe
    4512 C:\Program Files\Internet Explorer\iexplore.exe
    4528 WmiPrvSE.exe
    4704 C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe
    4936 dllhost.exe
    5980 C:\Windows\System32\sppsvc.exe
    2344 C:\Users\Vijay\Desktop\MBRCheck.exe
    3688 C:\Windows\System32\conhost.exe
    5024 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000025`a0b00000

PhysicalDrive0 Model Number: FUJITSUMHZ2320BHG1, Rev: 0040020C

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:09 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19