| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: fheydbueyj.exe im Autostart. Was ist das?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.10.2010, 13:06
| #1 |
| |  fheydbueyj.exe im Autostart. Was ist das? Hallo, wollte mal fragen ob sich mal jemand meinen Autostart angucken kann und mir sagen kann, was dort rein gehört und was nicht! Diese Datei: fheydbueyj.exe kann ich mir jedenfalls nicht erklären!   Hab auch schon nach der Datei gegoogelt aber dabei nichts sinnvolles gefunden. Kann mir wer sagen, was das ist? Danke im Vorraus |
|
18.10.2010, 15:14
| #2 | ||
| /// Helfer-Team    | fheydbueyj.exe im Autostart. Was ist das? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
 1. - Lade dir RSIT - 2. Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken: System-Dateien und -Ordner unter XP und Vista sichtbar machen Am Ende unserer Arbeit, kannst wieder rückgängig machen! 3. → Lade Dir HJTscanlist.zip herunter → entpacke die Datei auf deinem Desktop → Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren → per Doppelklick starten → Wähle dein Betriebsystem aus - bei Win7 wähle Vista → Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen → Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren → Bitte kopiere den Inhalt hier in Deinen Thread. 4. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool "Ccleaner" herunter installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 5. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! 6. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Lade und installiere das Tool RootRepeal herunter
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußCoverflow |
|
21.10.2010, 12:00
| #3 |
| | fheydbueyj.exe im Autostart. Was ist das? Hallo,
__________________es hat ein bisschen gedauert alles zusammen zu tragen. Aber hier die Log-files....ich hoffe es ist nicht zu unübersichtlich! rsit log: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by Administrator at 2010-10-20 15:20:30 WIN_XP Service Pack 3 System drive C: has 211 MB (3%) free of 7 GB Total RAM: 3582 MB (76% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:20:40, on 20.10.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe D:\Programme\Avira\AntiVir Desktop\avgnt.exe D:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe D:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe D:\Programme\Mozilla Firefox\firefox.exe D:\Programme\Mozilla Firefox\plugin-container.exe D:\Programme\ICQ6.5\ICQ.exe C:\Dokumente und Einstellungen\Administrator\Desktop\RSIT.exe C:\Programme\trend micro\Administrator.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-21-1085031214-73586283-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/ADMINI~1/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 6158 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-05-26 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-26 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440] "JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864] "avgnt"=D:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "SpybotSD TeaTimer"=D:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDeluxe2] D:\Programme\Hercules\Deluxe Optical Glass\Camservice.exe [2007-08-10 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fheydbueyj.exe] C:\fheydbueyj.exe\fheydbueyj.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2004-04-13 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe [2009-05-26 148888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YVIBBBHA8C] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^forteManager.lnk] C:\PROGRA~1\LGSOFT~1\FORTEM~1\bin\Monitor.exe [2008-12-12 1687552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] D:\PROGRA~1\MICROS~1\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoRecentDocsNetHood"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Programme\ICQ6\ICQ.exe"="D:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ Library" "D:\SIERRA\Steam\steamapps\cagiva82\counter-strike source\hl2.exe"="D:\SIERRA\Steam\steamapps\cagiva82\counter-strike source\hl2.exe:*:Enabled:hl2" "D:\Programme\SFT Loader\leecher.exe"="D:\Programme\SFT Loader\leecher.exe:*:Enabled:leecher" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "D:\Programme\ICQ6.5\ICQ.exe"="D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\SIERRA\Steam\steamapps\***************\counter-strike\hl.exe"="D:\SIERRA\Steam\steamapps\************\counter-strike\hl.exe:*:Enabled:Counter-Strike" "D:\Programme\Skype\Phone\Skype.exe"="D:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======File associations====== .js - edit - "D:\Programme\************************************" "%1" ======List of files/folders created in the last 1 months====== 2010-10-18 20:04:36 ----D---- C:\Programme\trend micro 2010-10-18 20:04:35 ----D---- C:\rsit 2010-10-15 22:33:10 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech ======List of files/folders modified in the last 1 months====== 2010-10-20 15:17:23 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ 2010-10-20 15:17:06 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype 2010-10-20 15:03:15 ----SD---- C:\WINDOWS\Tasks 2010-10-20 15:01:40 ----D---- C:\WINDOWS\Temp 2010-10-20 15:01:36 ----D---- C:\WINDOWS\system32\CatRoot2 2010-10-20 13:45:34 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-10-20 13:27:08 ----D---- C:\WINDOWS\Prefetch 2010-10-20 09:39:16 ----D---- C:\WINDOWS 2010-10-20 02:11:35 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc 2010-10-19 16:50:31 ----HD---- C:\fheydbueyj.exe 2010-10-19 12:09:52 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft 2010-10-19 12:08:36 ----D---- C:\Programme\NCH Software 2010-10-19 12:08:01 ----RD---- C:\Programme 2010-10-19 11:50:53 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\LumaPix 2010-10-19 11:50:01 ----D---- C:\WINDOWS\system32\drivers 2010-10-18 20:06:57 ----SHD---- C:\WINDOWS\Installer 2010-10-18 20:06:42 ----SHD---- C:\Config.Msi 2010-10-18 20:06:42 ----D---- C:\Programme\Lavasoft 2010-10-16 21:23:26 ----D---- C:\WINDOWS\security 2010-10-16 21:17:01 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-10-16 21:17:00 ----D---- C:\WINDOWS\system32 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912] R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-02-16 44928] R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-06-11 64288] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-04-28 721904] R1 avgio;avgio; \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928] R3 camfilt2;camfilt2; C:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 94720] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 SNPSTD3;Hercules Deluxe Optical Glass; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-07-17 10371072] R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S0 fupkkzul;fupkkzul; C:\WINDOWS\system32\drivers\fupkkzul.sys [] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 a8p200u1;a8p200u1; C:\WINDOWS\system32\drivers\a8p200u1.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928] S3 Dot4Scan;Scannerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704] S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936] S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] S3 LGDDCDevice;LGDDCDevice; \??\C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys [] S3 LGII2CDevice;LGII2CDevice; \??\C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; D:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-05-26 152984] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-06-29 1352832] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-04 75064] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920] S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe /svc [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-11-11 38912] -----------------EOF----------------- Hijacklist-log Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by Administrator at 2010-10-20 15:20:30 WIN_XP Service Pack 3 System drive C: has 211 MB (3%) free of 7 GB Total RAM: 3582 MB (76% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:20:40, on 20.10.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe D:\Programme\Avira\AntiVir Desktop\avgnt.exe D:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe D:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe D:\Programme\Mozilla Firefox\firefox.exe D:\Programme\Mozilla Firefox\plugin-container.exe D:\Programme\ICQ6.5\ICQ.exe C:\Dokumente und Einstellungen\Administrator\Desktop\RSIT.exe C:\Programme\trend micro\Administrator.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-21-1085031214-73586283-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/ADMINI~1/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 6158 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-05-26 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-26 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440] "JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864] "avgnt"=D:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "SpybotSD TeaTimer"=D:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDeluxe2] D:\Programme\Hercules\Deluxe Optical Glass\Camservice.exe [2007-08-10 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fheydbueyj.exe] C:\fheydbueyj.exe\fheydbueyj.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2004-04-13 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe [2009-05-26 148888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YVIBBBHA8C] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^forteManager.lnk] C:\PROGRA~1\LGSOFT~1\FORTEM~1\bin\Monitor.exe [2008-12-12 1687552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] D:\PROGRA~1\MICROS~1\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoRecentDocsNetHood"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Programme\ICQ6\ICQ.exe"="D:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ Library" "D:\SIERRA\Steam\steamapps\XXXX\counter-strike source\hl2.exe"="D:\SIERRA\Steam\steamapps\XXXXXX\counter-strike source\hl2.exe:*:Enabled:hl2" "D:\Programme\SFT Loader\leecher.exe"="D:\Programme\SFT Loader\leecher.exe:*:Enabled:leecher" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "D:\Programme\ICQ6.5\ICQ.exe"="D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\SIERRA\Steam\steamapps\***************\counter-strike\hl.exe"="D:\SIERRA\Steam\steamapps\************\counter-strike\hl.exe:*:Enabled:Counter-Strike" "D:\Programme\Skype\Phone\Skype.exe"="D:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======File associations====== .js - edit - "D:\Programme\************************************" "%1" ======List of files/folders created in the last 1 months====== 2010-10-18 20:04:36 ----D---- C:\Programme\trend micro 2010-10-18 20:04:35 ----D---- C:\rsit 2010-10-15 22:33:10 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech ======List of files/folders modified in the last 1 months====== 2010-10-20 15:17:23 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ 2010-10-20 15:17:06 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype 2010-10-20 15:03:15 ----SD---- C:\WINDOWS\Tasks 2010-10-20 15:01:40 ----D---- C:\WINDOWS\Temp 2010-10-20 15:01:36 ----D---- C:\WINDOWS\system32\CatRoot2 2010-10-20 13:45:34 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-10-20 13:27:08 ----D---- C:\WINDOWS\Prefetch 2010-10-20 09:39:16 ----D---- C:\WINDOWS 2010-10-20 02:11:35 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc 2010-10-19 16:50:31 ----HD---- C:\fheydbueyj.exe 2010-10-19 12:09:52 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft 2010-10-19 12:08:36 ----D---- C:\Programme\NCH Software 2010-10-19 12:08:01 ----RD---- C:\Programme 2010-10-19 11:50:53 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\LumaPix 2010-10-19 11:50:01 ----D---- C:\WINDOWS\system32\drivers 2010-10-18 20:06:57 ----SHD---- C:\WINDOWS\Installer 2010-10-18 20:06:42 ----SHD---- C:\Config.Msi 2010-10-18 20:06:42 ----D---- C:\Programme\Lavasoft 2010-10-16 21:23:26 ----D---- C:\WINDOWS\security 2010-10-16 21:17:01 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-10-16 21:17:00 ----D---- C:\WINDOWS\system32 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912] R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-02-16 44928] R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-06-11 64288] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528] R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-04-28 721904] R1 avgio;avgio; \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928] R3 camfilt2;camfilt2; C:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 94720] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 SNPSTD3;Hercules Deluxe Optical Glass; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-07-17 10371072] R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S0 fupkkzul;fupkkzul; C:\WINDOWS\system32\drivers\fupkkzul.sys [] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 a8p200u1;a8p200u1; C:\WINDOWS\system32\drivers\a8p200u1.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928] S3 Dot4Scan;Scannerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704] S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936] S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] S3 LGDDCDevice;LGDDCDevice; \??\C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys [] S3 LGII2CDevice;LGII2CDevice; \??\C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; D:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-05-26 152984] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-06-29 1352832] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-04 75064] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920] S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe /svc [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-11-11 38912] -----------------EOF----------------- Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows XP [Version 5.1.2600]
C:
C:\pagefile.sys ---------
20.10.2010 15:00 C:\aaw7boot.log --------- 70286
20.10.2010 09:39 C:\WINDOWS --------- 0
19.10.2010 16:50 C:\fheydbueyj.exe --------- 0
19.10.2010 12:08 C:\Programme --------- 0
18.10.2010 20:06 C:\Config.Msi --------- 0
18.10.2010 20:04 C:\rsit --------- 0
25.08.2010 20:35 C:\Dokumente und Einstellungen --------- 0
25.08.2010 20:32 C:\boot.ini --------- 211
25.08.2010 16:34 C:\boot.ini.backup.txt --------- 325
25.08.2010 16:14 C:\RECYCLER --------- 0
25.08.2010 16:10 C:\System Volume Information --------- 0
31.05.2010 13:39 C:\MSOCache --------- 0
20.05.2010 10:56 C:\ntldr --------- 251712
20.01.2010 22:12 C:\ptcsetup.log --------- 5653
20.01.2010 22:11 C:\ptcsetup.bak --------- 17723
28.08.2009 11:36 C:\crashAddress.txt --------- 160
25.06.2009 17:08 C:\1100 --------- 0
11.06.2009 20:43 C:\usr --------- 0
03.03.2009 13:25 C:\found.000 --------- 0
22.02.2009 21:07 C:\ImageOutput --------- 0
21.01.2009 14:27 C:\Intel --------- 0
21.01.2009 14:24 C:\csb.log --------- 10
21.01.2009 00:57 C:\ATI --------- 0
21.01.2009 00:48 C:\MSDOS.SYS --------- 0
21.01.2009 00:48 C:\IO.SYS --------- 0
21.01.2009 00:48 C:\AUTOEXEC.BAT --------- 0
21.01.2009 00:48 C:\CONFIG.SYS --------- 0
11.11.2004 14:00 C:\NTDETECT.COM --------- 47564
11.11.2004 14:00 C:\bootfont.bin --------- 4952
----------------------------------------
C:\WINDOWS
20.10.2010 15:01 C:\WINDOWS\0.log --------- 0
20.10.2010 15:01 C:\WINDOWS\wiadebug.log --------- 159
20.10.2010 15:00 C:\WINDOWS\wiaservc.log --------- 50
20.10.2010 15:00 C:\WINDOWS\bootstat.dat --------- 2048
20.10.2010 13:45 C:\WINDOWS\SchedLgU.Txt --------- 32386
20.10.2010 13:45 C:\WINDOWS\WindowsUpdate.log --------- 1288
19.10.2010 20:15 C:\WINDOWS\setupapi.log --------- 5090
25.05.2010 21:50 C:\WINDOWS\citamis.str --------- 3241
20.05.2010 11:41 C:\WINDOWS\SiInst.ini --------- 1331
20.05.2010 11:14 C:\WINDOWS\WMSysPr9.prx --------- 316640
03.05.2010 14:24 C:\WINDOWS\wininit.ini --------- 209
03.05.2010 13:31 C:\WINDOWS\win.ini --------- 477
03.05.2010 13:31 C:\WINDOWS\system.ini --------- 227
14.01.2010 21:02 C:\WINDOWS\pwc62ud.INI --------- 279
14.01.2010 17:32 C:\WINDOWS\ODBC.INI --------- 400
14.01.2010 17:32 C:\WINDOWS\vbaddin.ini --------- 63
27.08.2009 14:20 C:\WINDOWS\ULead32.ini --------- 315
27.08.2009 14:20 C:\WINDOWS\u3dedit3.INI --------- 2602
21.01.2009 16:31 C:\WINDOWS\HideWin.exe --------- 319488
21.01.2009 15:46 C:\WINDOWS\gdrv.sys --------- 15600
21.01.2009 15:36 C:\WINDOWS\winamp.ini --------- 1065
21.01.2009 14:32 C:\WINDOWS\nsreg.dat --------- 0
21.01.2009 01:03 C:\WINDOWS\ativpsrm.bin --------- 0
21.01.2009 00:51 C:\WINDOWS\REGLOCS.OLD --------- 8192
21.01.2009 00:48 C:\WINDOWS\control.ini --------- 0
21.01.2009 00:47 C:\WINDOWS\ODBCINST.INI --------- 4161
21.01.2009 00:47 C:\WINDOWS\WindowsShell.Manifest --------- 749
21.01.2009 00:45 C:\WINDOWS\vb.ini --------- 36
17.10.2008 16:19 C:\WINDOWS\atiogl.xml --------- 15079
23.07.2008 17:51 C:\WINDOWS\RTHDCPL.exe --------- 16804864
15.07.2008 14:58 C:\WINDOWS\RtlExUpd.dll --------- 524288
15.07.2008 14:47 C:\WINDOWS\RtlUpd.exe --------- 1196032
19.06.2008 17:42 C:\WINDOWS\alcwzrd.exe --------- 2808832
19.06.2008 17:27 C:\WINDOWS\RTLCPL.exe --------- 9715200
19.06.2008 17:20 C:\WINDOWS\Alcmtr.exe --------- 57344
18.06.2008 19:01 C:\WINDOWS\SoundMan.exe --------- 77824
14.04.2008 07:53 C:\WINDOWS\winhlp32.exe --------- 288768
14.04.2008 07:53 C:\WINDOWS\slrundll.exe --------- 32866
14.04.2008 07:53 C:\WINDOWS\regedit.exe --------- 153600
14.04.2008 07:52 C:\WINDOWS\notepad.exe --------- 70144
14.04.2008 07:52 C:\WINDOWS\hh.exe --------- 10752
14.04.2008 07:52 C:\WINDOWS\explorer.exe --------- 1036800
14.04.2008 07:52 C:\WINDOWS\twain_32.dll --------- 50688
01.01.2008 01:58 C:\WINDOWS\Sti_Trace.log --------- 0
20.11.2007 19:15 C:\WINDOWS\SkyTel.exe --------- 1826816
14.11.2007 01:18 C:\WINDOWS\USetup.iss --------- 553
20.07.2007 12:33 C:\WINDOWS\snpstd3.ini --------- 15478
20.07.2007 12:18 C:\WINDOWS\snpstd3.src --------- 13003
28.06.2007 17:44 C:\WINDOWS\MicCal.exe --------- 2165760
29.12.2006 00:31 C:\WINDOWS\002671_.tmp --------- 19569
01.08.2006 13:31 C:\WINDOWS\ffmpeg.exe --------- 3600384
31.07.2006 12:27 C:\WINDOWS\alcrmv.exe --------- 217088
31.07.2006 12:19 C:\WINDOWS\alcupd.exe --------- 315392
11.11.2004 14:00 C:\WINDOWS\Zapotek.bmp --------- 9522
11.11.2004 14:00 C:\WINDOWS\SET8.tmp --------- 14043
11.11.2004 14:00 C:\WINDOWS\SET4.tmp --------- 1086058
11.11.2004 14:00 C:\WINDOWS\SET3.tmp --------- 106147
11.11.2004 14:00 C:\WINDOWS\Seifenblase.bmp --------- 65978
11.11.2004 14:00 C:\WINDOWS\Santa Fe-Stuck.bmp --------- 65832
11.11.2004 14:00 C:\WINDOWS\TASKMAN.EXE --------- 15872
11.11.2004 14:00 C:\WINDOWS\twain.dll --------- 94800
11.11.2004 14:00 C:\WINDOWS\msdfmap.ini --------- 1405
11.11.2004 14:00 C:\WINDOWS\twunk_16.exe --------- 49680
11.11.2004 14:00 C:\WINDOWS\Granit.bmp --------- 26582
11.11.2004 14:00 C:\WINDOWS\Feder.bmp --------- 16730
11.11.2004 14:00 C:\WINDOWS\explorer.scf --------- 80
11.11.2004 14:00 C:\WINDOWS\wmprfDEU.prx --------- 34818
11.11.2004 14:00 C:\WINDOWS\winnt256.bmp --------- 48680
11.11.2004 14:00 C:\WINDOWS\desktop.ini --------- 2
11.11.2004 14:00 C:\WINDOWS\vmmreg32.dll --------- 18944
11.11.2004 14:00 C:\WINDOWS\clock.avi --------- 82944
11.11.2004 14:00 C:\WINDOWS\Blaue Spitzen 16.bmp --------- 1272
11.11.2004 14:00 C:\WINDOWS\Angler.bmp --------- 17336
11.11.2004 14:00 C:\WINDOWS\Rhododendron.bmp --------- 17362
11.11.2004 14:00 C:\WINDOWS\twunk_32.exe --------- 25600
11.11.2004 14:00 C:\WINDOWS\F„cher.bmp --------- 26680
11.11.2004 14:00 C:\WINDOWS\winhelp.exe --------- 257568
11.11.2004 14:00 C:\WINDOWS\Kaffeetasse.bmp --------- 17062
11.11.2004 14:00 C:\WINDOWS\Pr„riewind.bmp --------- 65954
11.11.2004 14:00 C:\WINDOWS\winnt.bmp --------- 48680
11.11.2004 14:00 C:\WINDOWS\_default.pif --------- 707
12.01.2001 18:04 C:\WINDOWS\setdebug.exe --------- 46352
12.01.2001 16:10 C:\WINDOWS\jautoexp.dat --------- 6550
17.11.1998 12:44 C:\WINDOWS\IsUn0407.exe --------- 328704
29.10.1998 16:45 C:\WINDOWS\IsUninst.exe --------- 306688
----------------------------------------
C:\WINDOWS\System
14.04.2008 07:53 C:\WINDOWS\System\winspool.drv --------- 146944
11.11.2004 14:00 C:\WINDOWS\System\AVIFILE.DLL --------- 109504
11.11.2004 14:00 C:\WINDOWS\System\COMMDLG.DLL --------- 33744
11.11.2004 14:00 C:\WINDOWS\System\WFWNET.DRV --------- 13600
11.11.2004 14:00 C:\WINDOWS\System\VGA.DRV --------- 2176
11.11.2004 14:00 C:\WINDOWS\System\VER.DLL --------- 9200
11.11.2004 14:00 C:\WINDOWS\System\KEYBOARD.DRV --------- 2000
11.11.2004 14:00 C:\WINDOWS\System\LZEXPAND.DLL --------- 9936
11.11.2004 14:00 C:\WINDOWS\System\MCIAVI.DRV --------- 73760
11.11.2004 14:00 C:\WINDOWS\System\MCISEQ.DRV --------- 25296
11.11.2004 14:00 C:\WINDOWS\System\MCIWAVE.DRV --------- 28160
11.11.2004 14:00 C:\WINDOWS\System\MMSYSTEM.DLL --------- 69632
11.11.2004 14:00 C:\WINDOWS\System\MMTASK.TSK --------- 1152
11.11.2004 14:00 C:\WINDOWS\System\MOUSE.DRV --------- 2032
11.11.2004 14:00 C:\WINDOWS\System\TIMER.DRV --------- 4048
11.11.2004 14:00 C:\WINDOWS\System\TAPI.DLL --------- 19200
11.11.2004 14:00 C:\WINDOWS\System\SYSTEM.DRV --------- 3360
11.11.2004 14:00 C:\WINDOWS\System\stdole.tlb --------- 5532
11.11.2004 14:00 C:\WINDOWS\System\MSVIDEO.DLL --------- 127104
11.11.2004 14:00 C:\WINDOWS\System\AVICAP.DLL --------- 70368
11.11.2004 14:00 C:\WINDOWS\System\OLECLI.DLL --------- 82944
11.11.2004 14:00 C:\WINDOWS\System\OLESVR.DLL --------- 24064
11.11.2004 14:00 C:\WINDOWS\System\SOUND.DRV --------- 1744
11.11.2004 14:00 C:\WINDOWS\System\setup.inf --------- 59167
11.11.2004 14:00 C:\WINDOWS\System\SHELL.DLL --------- 5120
13.08.2002 10:57 C:\WINDOWS\System\tabctl16.ocx --------- 113056
13.08.2002 10:57 C:\WINDOWS\System\threed16.ocx --------- 177824
13.08.2002 10:57 C:\WINDOWS\System\oc25.dll --------- 536048
13.08.2002 10:57 C:\WINDOWS\System\mscomm16.ocx --------- 71104
13.08.2002 10:57 C:\WINDOWS\System\grid16.ocx --------- 85552
13.08.2002 10:56 C:\WINDOWS\System\dao2516.dll --------- 543584
13.08.2002 10:56 C:\WINDOWS\System\vbajet.dll --------- 2920
13.08.2002 10:56 C:\WINDOWS\System\vbdb16.dll --------- 86848
13.08.2002 10:56 C:\WINDOWS\System\vb40016.dll --------- 935632
13.08.2002 10:56 C:\WINDOWS\System\vaen21.olb --------- 35200
13.08.2002 10:56 C:\WINDOWS\System\msjetint.dll --------- 15936
13.08.2002 10:56 C:\WINDOWS\System\regsvr.exe --------- 7216
13.08.2002 10:56 C:\WINDOWS\System\msjeterr.dll --------- 11232
13.08.2002 10:56 C:\WINDOWS\System\msajt200.dll --------- 995136
13.08.2002 10:56 C:\WINDOWS\System\compobj.dll --------- 108544
----------------------------------------
C:\WINDOWS\System32
20.10.2010 15:01 C:\WINDOWS\system32\CatRoot2 --------- 0
19.10.2010 11:50 C:\WINDOWS\system32\drivers --------- 0
16.10.2010 21:17 C:\WINDOWS\system32\dllcache --------- 0
09.10.2010 10:33 C:\WINDOWS\system32\wpa.dbl --------- 2206
17.09.2010 12:12 C:\WINDOWS\system32\CatRoot --------- 0
17.09.2010 12:12 C:\WINDOWS\system32\de-DE --------- 0
29.07.2010 18:39 C:\WINDOWS\system32\FNTCACHE.DAT --------- 232776
15.07.2010 22:40 C:\WINDOWS\system32\Restore --------- 0
15.06.2010 17:44 C:\WINDOWS\system32\lsdelete.exe --------- 15880
11.06.2010 17:46 C:\WINDOWS\system32\DRVSTORE --------- 0
25.05.2010 22:59 C:\WINDOWS\system32\config --------- 0
20.05.2010 11:13 C:\WINDOWS\system32\spupdwxp.log --------- 247
20.05.2010 11:13 C:\WINDOWS\system32\Setup --------- 0
20.05.2010 11:13 C:\WINDOWS\system32\wbem --------- 0
20.05.2010 11:00 C:\WINDOWS\system32\inetsrv --------- 0
20.05.2010 10:59 C:\WINDOWS\system32\usmt --------- 0
20.05.2010 10:59 C:\WINDOWS\system32\de --------- 0
20.05.2010 10:59 C:\WINDOWS\system32\bits --------- 0
20.05.2010 10:57 C:\WINDOWS\system32\npp --------- 0
20.05.2010 10:57 C:\WINDOWS\system32\Com --------- 0
20.05.2010 10:57 C:\WINDOWS\system32\oobe --------- 0
20.05.2010 10:55 C:\WINDOWS\system32\ReinstallBackups --------- 0
03.05.2010 15:34 C:\WINDOWS\system32\lowsec --------- 0
20.03.2010 20:11 C:\WINDOWS\system32\FM20DEU.DLL --------- 36736
07.03.2010 17:31 C:\WINDOWS\system32\d3d9caps.dat --------- 664
05.03.2010 22:04 C:\WINDOWS\system32\PnkBstrB.exe --------- 189488
05.03.2010 22:04 C:\WINDOWS\system32\PnkBstrB.xtr --------- 189488
04.03.2010 20:59 C:\WINDOWS\system32\PnkBstrA.exe --------- 75064
04.03.2010 20:59 C:\WINDOWS\system32\pbsvc_heroes.exe --------- 2407792
20.02.2010 17:20 C:\WINDOWS\system32\FM20ENU.DLL --------- 31616
31.01.2010 17:29 C:\WINDOWS\system32\HWC HD --------- 0
25.12.2009 02:28 C:\WINDOWS\system32\quicktime --------- 0
27.08.2009 14:19 C:\WINDOWS\system32\DKRNL.JAX --------- 24
30.06.2009 22:08 C:\WINDOWS\system32\pbsvc.exe --------- 794408
30.06.2009 22:08 C:\WINDOWS\system32\LogFiles --------- 0
26.05.2009 21:10 C:\WINDOWS\system32\javacpl.cpl --------- 73728
26.05.2009 21:10 C:\WINDOWS\system32\javaw.exe --------- 144792
26.05.2009 21:10 C:\WINDOWS\system32\javaws.exe --------- 148888
26.05.2009 21:10 C:\WINDOWS\system32\java.exe --------- 144792
26.05.2009 21:10 C:\WINDOWS\system32\deploytk.dll --------- 410984
30.03.2009 14:29 C:\WINDOWS\system32\appmgmt --------- 0
29.03.2009 14:09 C:\WINDOWS\system32\perfh007.dat --------- 405448
29.03.2009 14:09 C:\WINDOWS\system32\perfh009.dat --------- 392432
29.03.2009 14:09 C:\WINDOWS\system32\perfc007.dat --------- 70778
29.03.2009 14:09 C:\WINDOWS\system32\perfc009.dat --------- 58732
29.03.2009 14:09 C:\WINDOWS\system32\PerfStringBackup.INI --------- 938224
17.03.2009 20:16 C:\WINDOWS\system32\mui --------- 0
08.03.2009 15:29 C:\WINDOWS\system32\ieframe.dll.mui --------- 1302528
08.03.2009 15:29 C:\WINDOWS\system32\msrating.dll.mui --------- 57344
08.03.2009 15:28 C:\WINDOWS\system32\mshta.exe.mui --------- 2560
08.03.2009 15:27 C:\WINDOWS\system32\ie4uinit.exe.mui --------- 4096
08.03.2009 15:27 C:\WINDOWS\system32\advpack.dll.mui --------- 12288
08.03.2009 15:27 C:\WINDOWS\system32\iedkcs32.dll.mui --------- 81920
08.03.2009 15:09 C:\WINDOWS\system32\iedkcs32.dll --------- 391536
08.03.2009 05:41 C:\WINDOWS\system32\mshtml.dll --------- 5937152
08.03.2009 05:39 C:\WINDOWS\system32\ieframe.dll --------- 11063808
08.03.2009 05:35 C:\WINDOWS\system32\html.iec --------- 385024
08.03.2009 05:34 C:\WINDOWS\system32\wininet.dll --------- 914944
08.03.2009 05:34 C:\WINDOWS\system32\urlmon.dll --------- 1206784
08.03.2009 05:34 C:\WINDOWS\system32\inetcpl.cpl --------- 1469440
08.03.2009 05:34 C:\WINDOWS\system32\WinFXDocObj.exe --------- 208384
08.03.2009 05:34 C:\WINDOWS\system32\webcheck.dll --------- 236544
08.03.2009 05:34 C:\WINDOWS\system32\licmgr10.dll --------- 43008
08.03.2009 05:34 C:\WINDOWS\system32\url.dll --------- 105984
08.03.2009 05:34 C:\WINDOWS\system32\msrating.dll --------- 193536
08.03.2009 05:34 C:\WINDOWS\system32\occache.dll --------- 109568
08.03.2009 05:33 C:\WINDOWS\system32\corpol.dll --------- 18944
08.03.2009 05:33 C:\WINDOWS\system32\jsproxy.dll --------- 25600
08.03.2009 05:33 C:\WINDOWS\system32\jscript.dll --------- 726528
08.03.2009 05:33 C:\WINDOWS\system32\ieaksie.dll --------- 229376
08.03.2009 05:33 C:\WINDOWS\system32\vbscript.dll --------- 420352
08.03.2009 05:33 C:\WINDOWS\system32\ieakeng.dll --------- 125952
08.03.2009 05:32 C:\WINDOWS\system32\admparse.dll --------- 72704
08.03.2009 05:32 C:\WINDOWS\system32\ie4uinit.exe --------- 173056
08.03.2009 05:32 C:\WINDOWS\system32\ieakui.dll --------- 163840
08.03.2009 05:32 C:\WINDOWS\system32\iesetup.dll --------- 71680
08.03.2009 05:32 C:\WINDOWS\system32\iernonce.dll --------- 55808
08.03.2009 05:32 C:\WINDOWS\system32\advpack.dll --------- 128512
08.03.2009 05:32 C:\WINDOWS\system32\inseng.dll --------- 94720
08.03.2009 05:32 C:\WINDOWS\system32\msfeeds.dll --------- 594432
08.03.2009 05:32 C:\WINDOWS\system32\iertutil.dll --------- 1985024
08.03.2009 05:32 C:\WINDOWS\system32\mstime.dll --------- 611840
08.03.2009 05:31 C:\WINDOWS\system32\iepeers.dll --------- 183808
08.03.2009 05:31 C:\WINDOWS\system32\msfeedssync.exe --------- 13312
08.03.2009 05:31 C:\WINDOWS\system32\icardie.dll --------- 59904
08.03.2009 05:31 C:\WINDOWS\system32\msfeedsbs.dll --------- 55296
08.03.2009 05:31 C:\WINDOWS\system32\dxtmsft.dll --------- 348160
08.03.2009 05:31 C:\WINDOWS\system32\dxtrans.dll --------- 216064
08.03.2009 05:31 C:\WINDOWS\system32\imgutil.dll --------- 34816
08.03.2009 05:31 C:\WINDOWS\system32\pngfilt.dll --------- 46592
08.03.2009 05:31 C:\WINDOWS\system32\mshtmled.dll --------- 66560
08.03.2009 05:31 C:\WINDOWS\system32\mshtmler.dll --------- 48128
08.03.2009 05:31 C:\WINDOWS\system32\mshtml.tlb --------- 1638912
08.03.2009 05:31 C:\WINDOWS\system32\mshta.exe --------- 45568
08.03.2009 05:30 C:\WINDOWS\system32\tdc.ocx --------- 66560
08.03.2009 05:22 C:\WINDOWS\system32\ieui.dll --------- 164352
08.03.2009 05:22 C:\WINDOWS\system32\msls31.dll --------- 156160
08.03.2009 05:15 C:\WINDOWS\system32\ieuinit.inf --------- 57667
08.03.2009 05:11 C:\WINDOWS\system32\ieapfltr.dll --------- 445952
08.03.2009 04:32 C:\WINDOWS\system32\ieudinit.exe --------- 36864
----------------------------------------
C:\WINDOWS\Prefetch
20.10.2010 15:38 C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf --------- 11724
20.10.2010 15:31 C:\WINDOWS\Prefetch\AVWSC.EXE-1742FD55.pf --------- 37996
20.10.2010 15:30 C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf --------- 16000
20.10.2010 15:29 C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-3643707F.pf --------- 25714
20.10.2010 15:20 C:\WINDOWS\Prefetch\ADMINISTRATOR.EXE-2711813F.pf --------- 28090
20.10.2010 15:20 C:\WINDOWS\Prefetch\RSIT.EXE-3AC3D3D1.pf --------- 18966
20.10.2010 15:17 C:\WINDOWS\Prefetch\ICQ.EXE-1AD5010D.pf --------- 75120
20.10.2010 15:05 C:\WINDOWS\Prefetch\SKYPE.EXE-0D322358.pf --------- 56458
20.10.2010 15:04 C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf --------- 15704
20.10.2010 15:04 C:\WINDOWS\Prefetch\PLUGIN-CONTAINER.EXE-022F6795.pf --------- 94680
20.10.2010 15:04 C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-1E60A522.pf --------- 7768
20.10.2010 15:04 C:\WINDOWS\Prefetch\FIREFOX.EXE-28BE8AE1.pf --------- 114524
20.10.2010 15:03 C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf --------- 48562
20.10.2010 15:03 C:\WINDOWS\Prefetch\AUTOLAUNCH.EXE-343E795D.pf --------- 51288
20.10.2010 15:03 C:\WINDOWS\Prefetch\AD-AWARE.EXE-2B8B58D1.pf --------- 60898
20.10.2010 15:03 C:\WINDOWS\Prefetch\AAWTRAY.EXE-31E33C30.pf --------- 62728
20.10.2010 15:02 C:\WINDOWS\Prefetch\AAWWSC.EXE-3513A2B5.pf --------- 23786
20.10.2010 15:02 C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf --------- 17814
20.10.2010 15:01 C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf --------- 45698
20.10.2010 15:01 C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf --------- 15274
20.10.2010 15:01 C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf --------- 30444
20.10.2010 15:01 C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf --------- 16738
20.10.2010 15:01 C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 1209232
20.10.2010 13:30 C:\WINDOWS\Prefetch\OSE.EXE-313A091F.pf --------- 9116
20.10.2010 13:27 C:\WINDOWS\Prefetch\IMAGECONVERTER.EXE-2FB34E09.pf --------- 14808
20.10.2010 13:26 C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf --------- 20032
20.10.2010 13:25 C:\WINDOWS\Prefetch\EXCEL.EXE-09824C88.pf --------- 88220
20.10.2010 13:24 C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-19B1D743.pf --------- 58140
20.10.2010 13:24 C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf --------- 27152
20.10.2010 12:44 C:\WINDOWS\Prefetch\WINAMP.EXE-065B55C4.pf --------- 85116
20.10.2010 02:11 C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf --------- 25124
20.10.2010 01:38 C:\WINDOWS\Prefetch\VLC.EXE-2584CE07.pf --------- 97026
20.10.2010 01:38 C:\WINDOWS\Prefetch\ADOBEARM.EXE-237273D1.pf --------- 23250
20.10.2010 01:37 C:\WINDOWS\Prefetch\ACRORD32.EXE-2E761392.pf --------- 58328
20.10.2010 01:22 C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf --------- 36308
19.10.2010 21:55 C:\WINDOWS\Prefetch\AVNOTIFY.EXE-22D2A6A0.pf --------- 41626
19.10.2010 21:55 C:\WINDOWS\Prefetch\UPDATE.EXE-33FE454B.pf --------- 50738
19.10.2010 20:14 C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C51EBAA.pf --------- 17256
19.10.2010 20:14 C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf --------- 16154
19.10.2010 19:56 C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf --------- 100946
19.10.2010 17:50 C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf --------- 19538
19.10.2010 17:49 C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf --------- 88286
19.10.2010 17:49 C:\WINDOWS\Prefetch\Layout.ini --------- 499202
19.10.2010 17:45 C:\WINDOWS\Prefetch\AAWSERVICE.EXE-1E1DE6D1.pf --------- 81572
19.10.2010 17:44 C:\WINDOWS\Prefetch\AD-AWAREADMIN.EXE-1618EEEB.pf --------- 37580
19.10.2010 16:50 C:\WINDOWS\Prefetch\AVSCAN.EXE-068A2CAC.pf --------- 86356
19.10.2010 13:03 C:\WINDOWS\Prefetch\AVCENTER.EXE-377C5668.pf --------- 62604
19.10.2010 13:01 C:\WINDOWS\Prefetch\THREATWORK.EXE-2CC668FF.pf --------- 31900
19.10.2010 12:59 C:\WINDOWS\Prefetch\GUARDGUI.EXE-1FA25B88.pf --------- 15708
19.10.2010 12:09 C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf --------- 53742
19.10.2010 12:09 C:\WINDOWS\Prefetch\_IU14D2N.TMP-38A1306E.pf --------- 26292
19.10.2010 12:09 C:\WINDOWS\Prefetch\UNINS001.EXE-1EB18737.pf --------- 19506
19.10.2010 12:09 C:\WINDOWS\Prefetch\UNINS000.EXE-02BCB9C7.pf --------- 18766
19.10.2010 12:09 C:\WINDOWS\Prefetch\FOTOFUSIONV4 UNINSTALLER.EXE-1AB6D74C.pf --------- 19102
19.10.2010 12:09 C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf --------- 128060
19.10.2010 12:09 C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf --------- 23888
19.10.2010 12:09 C:\WINDOWS\Prefetch\COLLAGE.EXE-34742083.pf --------- 56016
19.10.2010 12:08 C:\WINDOWS\Prefetch\UNINST.EXE-1E1D427F.pf --------- 16754
19.10.2010 12:08 C:\WINDOWS\Prefetch\UNINST.EXE-1910BCF3.pf --------- 28430
19.10.2010 12:08 C:\WINDOWS\Prefetch\UNINS000.EXE-0B5F6769.pf --------- 16692
19.10.2010 12:07 C:\WINDOWS\Prefetch\UNINS000.EXE-2C46BE05.pf --------- 18628
19.10.2010 12:07 C:\WINDOWS\Prefetch\CCLEANER.EXE-17ADB38C.pf --------- 113546
19.10.2010 11:50 C:\WINDOWS\Prefetch\AU_.EXE-1563F1CE.pf --------- 24870
19.10.2010 11:50 C:\WINDOWS\Prefetch\UNINSTALL.EXE-2B525910.pf --------- 13676
19.10.2010 11:50 C:\WINDOWS\Prefetch\UNINS000.EXE-2AE40FD4.pf --------- 24612
19.10.2010 11:49 C:\WINDOWS\Prefetch\NMSACCESSU.EXE-0836AD64.pf --------- 8794
19.10.2010 11:34 C:\WINDOWS\Prefetch\RUNDLL32.EXE-481F709A.pf --------- 48596
19.10.2010 11:34 C:\WINDOWS\Prefetch\JAVA.EXE-2167859B.pf --------- 72862
18.10.2010 22:48 C:\WINDOWS\Prefetch\WINRAR.EXE-1A0EFB18.pf --------- 52964
18.10.2010 20:06 C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf --------- 26442
18.10.2010 20:06 C:\WINDOWS\Prefetch\RUNDLL32.EXE-13404D23.pf --------- 63118
18.10.2010 14:03 C:\WINDOWS\Prefetch\SYSTEMLOOK.EXE-047336E8.pf --------- 18400
18.10.2010 13:07 C:\WINDOWS\Prefetch\HJTINSTALL.EXE-120AE2D7.pf --------- 20036
18.10.2010 12:44 C:\WINDOWS\Prefetch\POWERPNT.EXE-2A26805E.pf --------- 69842
18.10.2010 11:39 C:\WINDOWS\Prefetch\CLEANSWEEPUPD.EXE-1F1C0D67.pf --------- 22106
18.10.2010 00:07 C:\WINDOWS\Prefetch\RUNDLL32.EXE-207E54C3.pf --------- 14962
18.10.2010 00:07 C:\WINDOWS\Prefetch\RUNDLL32.EXE-4BA7A70C.pf --------- 15130
17.10.2010 19:37 C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf --------- 21290
17.10.2010 19:16 C:\WINDOWS\Prefetch\AGENT.EXE-241FAAD9.pf --------- 60418
17.10.2010 19:16 C:\WINDOWS\Prefetch\ISUSPM.EXE-1D77C392.pf --------- 153370
16.10.2010 22:41 C:\WINDOWS\Prefetch\LEECHER.EXE-2319A22A.pf --------- 29676
16.10.2010 22:40 C:\WINDOWS\Prefetch\RUNDLL32.EXE-4C40A48F.pf --------- 15630
16.10.2010 22:40 C:\WINDOWS\Prefetch\RUNDLL32.EXE-188DF14E.pf --------- 23664
16.10.2010 22:36 C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf --------- 16732
16.10.2010 22:19 C:\WINDOWS\Prefetch\CLVIEW.EXE-23D169C2.pf --------- 65234
16.10.2010 22:01 C:\WINDOWS\Prefetch\WINWORD.EXE-2811918F.pf --------- 98858
16.10.2010 21:23 C:\WINDOWS\Prefetch\STATION2.EXE-038805B3.pf --------- 53856
16.10.2010 21:17 C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf --------- 22744
16.10.2010 21:17 C:\WINDOWS\Prefetch\RUNDLL32.EXE-49A1D709.pf --------- 19928
16.10.2010 21:17 C:\WINDOWS\Prefetch\RUNDLL32.EXE-15206D5C.pf --------- 19980
16.10.2010 21:17 C:\WINDOWS\Prefetch\RUNDLL32.EXE-188D9E9C.pf --------- 19996
16.10.2010 21:17 C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D3D8701.pf --------- 19968
16.10.2010 21:17 C:\WINDOWS\Prefetch\RUNDLL32.EXE-3085D5CC.pf --------- 19968
16.10.2010 21:17 C:\WINDOWS\Prefetch\RUNDLL32.EXE-43854211.pf --------- 19968
16.10.2010 21:17 C:\WINDOWS\Prefetch\RUNDLL32.EXE-2C703AED.pf --------- 17738
16.10.2010 21:17 C:\WINDOWS\Prefetch\RUNDLL32.EXE-14EC1EE8.pf --------- 17738
16.10.2010 21:17 C:\WINDOWS\Prefetch\RUNDLL32.EXE-4ABAF25B.pf --------- 17738
16.10.2010 21:14 C:\WINDOWS\Prefetch\MMC.EXE-39071BCC.pf --------- 36142
16.10.2010 21:14 C:\WINDOWS\Prefetch\RUNDLL32.EXE-44A0B4BC.pf --------- 32444
16.10.2010 21:08 C:\WINDOWS\Prefetch\RUNDLL32.EXE-23061B8F.pf --------- 16074
16.10.2010 19:17 C:\WINDOWS\Prefetch\PLAYER.EXE-3A1D4B43.pf --------- 47752
16.10.2010 19:12 C:\WINDOWS\Prefetch\VEETLE-0.9.18.EXE-1F1D1ED4.pf --------- 31336
16.10.2010 16:19 C:\WINDOWS\Prefetch\CALC.EXE-02CD573A.pf --------- 17398
15.10.2010 23:48 C:\WINDOWS\Prefetch\RUNDLL32.EXE-4B08ECFB.pf --------- 23268
15.10.2010 22:44 C:\WINDOWS\Prefetch\RUNDLL32.EXE-47DAD21C.pf --------- 43988
15.10.2010 22:33 C:\WINDOWS\Prefetch\SETUP.EXE-002F50CE.pf --------- 35118
15.10.2010 22:33 C:\WINDOWS\Prefetch\SEAGATE-RELEASE.EXE-1589B8C9.pf --------- 49106
15.10.2010 22:32 C:\WINDOWS\Prefetch\RUNDLL32.EXE-4207E90B.pf --------- 15260
14.10.2010 22:25 C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf --------- 19036
14.10.2010 21:22 C:\WINDOWS\Prefetch\RUNDLL32.EXE-28DAF2FD.pf --------- 17296
14.10.2010 21:06 C:\WINDOWS\Prefetch\FHEYDBUEYJ.EXE-2CFB0202.pf --------- 15354
13.10.2010 23:43 C:\WINDOWS\Prefetch\RUNDLL32.EXE-19411A95.pf --------- 16748
13.10.2010 23:02 C:\WINDOWS\Prefetch\FIREWORKS 4.EXE-28616533.pf --------- 56422
12.10.2010 23:48 C:\WINDOWS\Prefetch\RUNDLL32.EXE-418EC388.pf --------- 35126
12.10.2010 23:02 C:\WINDOWS\Prefetch\CRASHREPORTER.EXE-05610F59.pf --------- 20764
12.10.2010 18:33 C:\WINDOWS\Prefetch\RUNDLL32.EXE-3B495574.pf --------- 15772
12.10.2010 16:38 C:\WINDOWS\Prefetch\RUNDLL32.EXE-3E116FC1.pf --------- 15686
12.10.2010 16:30 C:\WINDOWS\Prefetch\RUNDLL32.EXE-3BA10EF7.pf --------- 44256
12.10.2010 16:30 C:\WINDOWS\Prefetch\RUNDLL32.EXE-27CA4AF1.pf --------- 38154
12.10.2010 15:49 C:\WINDOWS\Prefetch\RUNDLL32.EXE-29192C59.pf --------- 46622
12.10.2010 14:10 C:\WINDOWS\Prefetch\DW20.EXE-005BA42F.pf --------- 10146
12.10.2010 14:09 C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf --------- 62202
11.10.2010 22:35 C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf --------- 35656
11.10.2010 22:35 C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf --------- 32918
11.10.2010 22:34 C:\WINDOWS\Prefetch\0.40520102324780105.EXE-38E656CB.pf --------- 7862
11.10.2010 22:34 C:\WINDOWS\Prefetch\JAVAW.EXE-0159D575.pf --------- 5432
11.10.2010 22:34 C:\WINDOWS\Prefetch\JAVAWS.EXE-1714DD62.pf --------- 15864
11.10.2010 22:13 C:\WINDOWS\Prefetch\RUNDLL32.EXE-14F71516.pf --------- 47326
----------------------------------------
C:\WINDOWS\Tasks
20.10.2010 15:23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job --------- 892
20.10.2010 15:03 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job --------- 470
20.10.2010 15:00 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job --------- 888
20.10.2010 15:00 C:\WINDOWS\Tasks\SA.DAT --------- 6
11.11.2004 14:00 C:\WINDOWS\Tasks\desktop.ini --------- 65
----------------------------------------
C:\WINDOWS\Temp
20.10.2010 15:00 C:\WINDOWS\Temp\Perflib_Perfdata_21c.dat --------- 16384
19.10.2010 16:50 C:\WINDOWS\Temp\History --------- 0
19.10.2010 16:50 C:\WINDOWS\Temp\Cookies --------- 0
19.10.2010 16:50 C:\WINDOWS\Temp\Temporary Internet Files --------- 0
16.10.2010 14:54 C:\WINDOWS\Temp\Perflib_Perfdata_9dc.dat --------- 16384
----------------------------------------
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp
20.10.2010 15:17 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\JETB906.tmp --------- 0
20.10.2010 15:16 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\plugtmp --------- 0
20.10.2010 15:04 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\foxtab --------- 0
20.10.2010 01:38 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\AdobeARM_NotLocked.log --------- 735
20.10.2010 01:38 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ArmUI.ini --------- 148526
19.10.2010 12:56 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\hsperfdata_Administrator --------- 0
19.10.2010 11:37 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\AdobeARM.log --------- 245330
19.10.2010 11:34 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\java_install_reg.log --------- 1580
17.10.2010 19:17 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\34661.dmp --------- 45671
17.10.2010 19:17 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\34576.dmp --------- 26234
17.10.2010 19:17 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\45b3_appcompat.txt --------- 16174
17.10.2010 19:17 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\437f_appcompat.txt --------- 16174
16.10.2010 19:12 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\veetleb --------- 0
16.10.2010 14:54 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\AD85.dmp --------- 27778
16.10.2010 14:54 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\95a0_appcompat.txt --------- 11664
13.10.2010 20:57 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache2316889501280927226.tmp --------- 37809
13.10.2010 20:57 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache3801248208306411390.tmp --------- 43975
13.10.2010 20:57 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache1710087421479198575.tmp --------- 84096
13.10.2010 20:57 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache6640324910098707211.tmp --------- 59439
13.10.2010 20:56 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache2351662818532060136.tmp --------- 9457
13.10.2010 20:56 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache2700756697933379298.tmp --------- 14802
12.10.2010 22:55 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\plugtmp-2 --------- 0
11.10.2010 22:34 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\0.40163477446917484.exe --------- 101071
21.09.2010 13:22 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\SkypeSetup.exe --------- 19075976
30.08.2010 23:25 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\tmp10.tmp --------- 349517
13.06.2010 11:06 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\German.bin --------- 25764
30.04.2010 23:13 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\uninst.exe --------- 991236
----------------------------------------
C:\Programme
20.10.2010 15:20 C:\Programme\trend micro --------- 0
19.10.2010 12:08 C:\Programme\NCH Software --------- 0
18.10.2010 20:06 C:\Programme\Lavasoft --------- 0
17.09.2010 12:19 C:\Programme\Internet Explorer --------- 0
25.08.2010 16:02 C:\Programme\Windows Media Player --------- 0
25.08.2010 16:02 C:\Programme\Movie Maker --------- 0
25.08.2010 16:02 C:\Programme\NetMeeting --------- 0
25.08.2010 16:02 C:\Programme\Outlook Express --------- 0
25.08.2010 16:01 C:\Programme\ComPlus Applications --------- 0
25.08.2010 16:01 C:\Programme\Messenger --------- 0
25.08.2010 16:00 C:\Programme\Windows NT --------- 0
12.06.2010 13:48 C:\Programme\MSECache --------- 0
11.06.2010 22:40 C:\Programme\Microsoft Office --------- 0
31.05.2010 13:24 C:\Programme\Gemeinsame Dateien --------- 0
02.02.2010 20:22 C:\Programme\LG Soft India --------- 0
02.02.2010 20:21 C:\Programme\InstallShield Installation Information --------- 0
14.01.2010 17:31 C:\Programme\Microsoft.NET --------- 0
25.12.2009 02:28 C:\Programme\NimoCodec Pack --------- 0
25.12.2009 02:28 C:\Programme\XviD --------- 0
25.12.2009 02:28 C:\Programme\DivX --------- 0
25.12.2009 02:28 C:\Programme\DivXCodec --------- 0
23.12.2009 20:12 C:\Programme\UnderCoverXP --------- 0
17.06.2009 11:08 C:\Programme\Kyocera --------- 0
26.05.2009 21:10 C:\Programme\Java --------- 0
29.04.2009 10:39 C:\Programme\DAEMON Tools Lite --------- 0
11.04.2009 18:01 C:\Programme\Adobe --------- 0
19.03.2009 17:20 C:\Programme\Graphviz2.22 --------- 0
17.03.2009 20:17 C:\Programme\Mindjet --------- 0
17.03.2009 20:16 C:\Programme\MSXML 6.0 --------- 0
21.01.2009 16:31 C:\Programme\Realtek --------- 0
21.01.2009 16:04 C:\Programme\Realtek AC97 --------- 0
21.01.2009 14:36 C:\Programme\xp-AntiSpy --------- 0
21.01.2009 14:27 C:\Programme\Intel --------- 0
21.01.2009 00:58 C:\Programme\ATI Technologies --------- 0
21.01.2009 00:51 C:\Programme\Uninstall Information --------- 0
21.01.2009 00:48 C:\Programme\xerox --------- 0
21.01.2009 00:48 C:\Programme\microsoft frontpage --------- 0
21.01.2009 00:47 C:\Programme\WindowsUpdate --------- 0
21.01.2009 00:47 C:\Programme\Online-Dienste --------- 0
21.01.2009 00:45 C:\Programme\Online Services --------- 0
21.01.2009 00:44 C:\Programme\MSN Gaming Zone --------- 0
21.01.2009 00:44 C:\Programme\MSN --------- 0
----------------------------------------
C:\Dokumente und Einstellungen\All Users\..
Administrator
LocalService.NT-AUTORITŽT
NetworkService.NT-AUTORITŽT
All Users
LocalService
NetworkService
Default User
----------------------------------------
C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
***************************************
----------------------------------------
***** Ende des Scans 20.10.2010 um 15:38:34,31 ***
Ccleaner: Install: Code:
ATTFilter 3GP Media Player 1.0 vsevensoft.com
ACDSee Pro 2.5 ACD Systems International 2.5.333
Ad-Aware Lavasoft
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 10.0.42.34
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.1.53.64
Adobe Reader 9.3.4 - Deutsch Adobe Systems Incorporated 9.3.4
ATI - Software Uninstall Utility 6.14.10.1022
ATI Catalyst Control Center 2.008.1201.1503
ATI Display Driver 8.561-081201a1-072271C-ATI
Avira AntiVir Personal - Free Antivirus Avira GmbH 10.0.0.565
Battlefield Heroes (Administrator) EA Digital illusions
CCleaner Piriform 2.31
DivX Plus Web Player DivX,Inc. 2.0.0
Easy Graphic Converter 1.2 Etru Software Development 1.1
Enterprise Dynamics Developer 8.0.0 1617
forteManager LG Soft India 3.15
Gigabyte Raid Configurer Gigabyte Technology Corp. 1.00.0000
Graphviz AT&T Research Labs 2.22
Hercules Deluxe Optical Glass Hercules 2.8.0.0
High Definition Audio Driver Package - KB888111 Microsoft Corporation 20040219.000000
HijackThis 2.0.2 TrendMicro 2.0.2
ICQ6.5 ICQ 6.5
Java(TM) 6 Update 13 Sun Microsystems, Inc. 6.0.130
JDownloader AppWork UG (haftungsbeschränkt) 0.89
xxxxxxxxxxxxxxx
xxxxxxxxxxxxxxx
xxxxxxxxxxxxxxx
xxxxxxxxxxxxxxx
xxxxxxxxxxxxxxx
xxxxxxxxxxxxxxx
xxxxxxxxxxxxxxx
mIRC
Mozilla Firefox (3.6.10) Mozilla 3.6.10 (de)
MSXML 6.0 Parser Microsoft Corporation 6.10.1129.0
Mumble and Murmur Mumble 1.1.8
Nimo Codecs Pack v5.0 (Remove Only)
PDF-XChange 3 Tracker Software
PDF24 Creator PDF24.org
Prism Video Converter NCH Software
xxxxxxxxxxxxxxx
PunkBuster Services Even Balance, Inc. 0.988
Realtek AC'97 Audio Realtek Semiconductor Corp. 5.36
REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek 1.08.0000
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 5.10.0.5672
Skype™ 4.2 Skype Technologies S.A. 4.2.187
Spybot - Search & Destroy Safer Networking Limited 1.6.2
taraVRbuilder 8.0 Demo tarakos GmbH 8.0.14
TeamSpeak 2 RC2 Dominating Bytes Design 2.0.32.60
UnderCoverXP 1.22 Wicked & Wild Inc.
Uninstall 1.0.0.1
Veetle TV 0.9.18 Veetle, Inc 0.9.18
VLC media player 1.0.3 VideoLAN Team 1.0.3
Winamp Nullsoft, Inc 5.56
Windows Internet Explorer 8 Microsoft Corporation 20090308.140743
Windows Media Player Firefox Plugin Microsoft Corp 1.0.0.8
Windows XP Service Pack 3 Microsoft Corporation 20080414.031514
WinRAR
xp-AntiSpy 3.97 Christian Taubenheim
Code:
ATTFilter Ja HKCU:Run CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
Ja HKCU:Run SpybotSD TeaTimer D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
Nein HKCU:Run DAEMON Tools Lite "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
Nein HKCU:Run fheydbueyj.exe C:\fheydbueyj.exe\fheydbueyj.exe
Nein HKCU:Run Hvh C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe
Ja HKLM:Run StartCCC "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Ja HKLM:Run JMB36X IDE Setup C:\WINDOWS\JM\JMInsIDE.exe
Ja HKLM:Run avgnt "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
Nein HKLM:Run 36X Raid Configurer C:\WINDOWS\system32\JMRaidSetup.exe boot
Nein HKLM:Run Alcmtr ALCMTR.EXE
Nein HKLM:Run AlcWzrd ALCWZRD.EXE
Nein HKLM:Run Camservice D:\Programme\Hercules\Deluxe Optical Glass\Camservice.exe /startup
Nein HKLM:Run ISUSPM Startup C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
Nein HKLM:Run ISUSScheduler "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
Nein HKLM:Run RTHDCPL RTHDCPL.EXE
Nein HKLM:Run SoundMan SOUNDMAN.EXE
Nein HKLM:Run SunJavaUpdateSched "C:\Programme\Java\jre6\bin\jusched.exe"
Nein Startup Common forteManager.lnk C:\PROGRA~1\LGSOFT~1\FORTEM~1\bin\Monitor.exe -startup
Nein Startup Common Microsoft Office.lnk D:\PROGRA~1\MICROS~1\Office10\OSA.EXE
[CODE] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15319 - hxxp://www.gmer.net
Rootkit scan 2010-10-20 16:17:09
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxtdqpod.sys
---- System - GMER 1.0.15 ----
SSDT A075E656 ZwCreateKey
SSDT A075E64C ZwCreateThread
SSDT A075E65B ZwDeleteKey
SSDT A075E665 ZwDeleteValueKey
SSDT spea.sys ZwEnumerateKey [0xB9EC5CA4]
SSDT spea.sys ZwEnumerateValueKey [0xB9EC6032]
SSDT A075E66A ZwLoadKey
SSDT spea.sys ZwOpenKey [0xB9EA70C0]
SSDT A075E638 ZwOpenProcess
SSDT A075E63D ZwOpenThread
SSDT spea.sys ZwQueryKey [0xB9EC610A]
SSDT spea.sys ZwQueryValueKey [0xB9EC5F8A]
SSDT A075E674 ZwReplaceKey
SSDT A075E66F ZwRestoreKey
SSDT A075E660 ZwSetValueKey
SSDT A075E647 ZwTerminateProcess
INT 0x62 ? 8B189BF8
INT 0x73 ? 8B189BF8
INT 0x73 ? 8B189BF8
INT 0x73 ? 8B119BF8
INT 0x73 ? 8AEB5BF8
INT 0x73 ? 8B189BF8
INT 0x82 ? 8B189BF8
INT 0x84 ? 8AEB5BF8
INT 0xA4 ? 8AEB5BF8
INT 0xA4 ? 8AEB5BF8
INT 0xA4 ? 8AEB5BF8
INT 0xA4 ? 8AEB5BF8
INT 0xB4 ? 8AEB5BF8
---- Kernel code sections - GMER 1.0.15 ----
? spea.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8502000, 0x1B601E, 0xE8000020]
.text USBPORT.SYS!DllUnload B84B98AC 5 Bytes JMP 8AEB51D8
.text a8p200u1.SYS B8432386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a8p200u1.SYS B84323AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a8p200u1.SYS B84323C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a8p200u1.SYS B84323C9 1 Byte [30]
.text a8p200u1.SYS B84323C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA8042] spea.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA813E] spea.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA80C0] spea.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA8800] spea.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA86D6] spea.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB7E9C] spea.sys
IAT \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\a8p200u1.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a8p200u1.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8B1151F8
Device \Driver\usbuhci \Device\USBPDO-0 8AEB11F8
Device \Driver\usbuhci \Device\USBPDO-1 8AEB11F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B1171F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B1171F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B1171F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B1171F8
Device \Driver\usbuhci \Device\USBPDO-2 8AEB11F8
Device \Driver\usbehci \Device\USBPDO-3 8AEBD500
Device \Driver\usbuhci \Device\USBPDO-4 8AEB11F8
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\usbuhci \Device\USBPDO-5 8AEB11F8
Device \Driver\usbuhci \Device\USBPDO-6 8AEB11F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B18A1F8
Device \Driver\usbehci \Device\USBPDO-7 8AEBD500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B18A1F8
Device \Driver\Cdrom \Device\CdRom0 8AE641F8
Device \Driver\Cdrom \Device\CdRom1 8AE641F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\PCI_PNP6778 \Device\0000003d spea.sys
Device \Driver\sptd \Device\3100154278 spea.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A3941F8
Device \Driver\NetBT \Device\NetbiosSmb 8A3941F8
Device \Driver\usbuhci \Device\USBFDO-0 8AEB11F8
Device \Driver\usbuhci \Device\USBFDO-1 8AEB11F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A3861F8
Device \Driver\usbuhci \Device\USBFDO-2 8AEB11F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A3861F8
Device \Driver\usbehci \Device\USBFDO-3 8AEBD500
Device \Driver\usbuhci \Device\USBFDO-4 8AEB11F8
Device \Driver\Ftdisk \Device\FtControl 8B18A1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0779FD98-11CB-4589-B42A-3CE9891FBFEC} 8A3941F8
Device \Driver\usbuhci \Device\USBFDO-5 8AEB11F8
Device \Driver\usbuhci \Device\USBFDO-6 8AEB11F8
Device \Driver\usbehci \Device\USBFDO-7 8AEBD500
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 8B1161F8
Device \Driver\a8p200u1 \Device\Scsi\a8p200u11Port5Path0Target0Lun0 8ADC91F8
Device \Driver\a8p200u1 \Device\Scsi\a8p200u11 8ADC91F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8B1161F8
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target1Lun0 8B1161F8
Device \FileSystem\Cdfs \Cdfs 8ADBE500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x83 0x3C 0x5F 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4F 0xDA 0xA4 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD4 0xBF 0x8C 0x1D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x83 0x3C 0x5F 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4F 0xDA 0xA4 0x54 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x39 0xB7 0xC1 0x4B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x83 0x3C 0x5F 0x9D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4F 0xDA 0xA4 0x54 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD4 0xBF 0x8C 0x1D ...
---- EOF - GMER 1.0.15 ----
|
Linear-Darstellung
