Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.12.2010, 16:30   #1
morrissey2
 
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Standard

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet



Hallo,

erst einmal besten Dank für die vielen Anleitungen.

Ich hoffe, ich habe die Maleware in hotfix.exe und dgfdgsdf.bat erfolgreich entfernt (beide Dateien lagen in C:\Users\XXXXX\AppData\Roaming). Zur Sicherheit sind hier noch einmal meine Logfiles von OTL und Anti-Maleware. Ich würde mich sehr freuen, wenn jemand, der sich damit auskennt, mal kurz drauf schauen würde.

(Auswirkungen des Virus zuvor: Suchanfragen in Firefox werden umgeleitet, willkürliches Öffnen von neuen Tabs, ein Komplettabsturz. AntiVir hat nichts erkannt, Kaspersky wenigstens etwas, aber nicht alles!)

Allerbesten Dank!OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.12.2010 15:49:38 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\xxxxx\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,72 Gb Total Space | 115,94 Gb Free Space | 79,02% Space Free | Partition Type: NTFS
Drive D: | 784,79 Gb Total Space | 678,89 Gb Free Space | 86,51% Space Free | Partition Type: NTFS
Drive E: | 372,52 Gb Total Space | 67,55 Gb Free Space | 18,13% Space Free | Partition Type: FAT32
 
Computer Name: xxxxx | User Name: xxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Kaspersky Internet Security\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
PRC - C:\Programme\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation)
PRC - C:\Programme\Kaspersky Internet Security\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
PRC - C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Programme\3RVX\3RVX.exe (matt.malensek.net)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\xxxxx\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVP) -- C:\Program Files\Kaspersky Internet Security\avp.exe (Kaspersky Lab ZAO)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MacDrive8Service) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (MDFSYSNT) -- C:\Windows\System32\drivers\MDFSYSNT.SYS (Mediafour Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (MDPMGRNT) -- C:\Windows\System32\drivers\MDPMGRNT.SYS (Mediafour Corporation)
DRV - (CBDisk) -- C:\Windows\System32\drivers\CBDisk.sys (EldoS Corporation)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.6.4
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: feedly@devhd:4.1
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.3
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {c666c018-6409-4479-afa3-68e4129e7eff}:1.0.0
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: Foxdie@tanjihay.com:3.6.4
 
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010.12.07 11:43:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 12:24:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.11 12:24:00 | 000,000,000 | ---D | M]
 
[2010.12.07 00:42:06 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mozilla\Extensions
[2010.12.14 13:34:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\jsza9e5k.default\extensions
[2010.12.07 01:55:42 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\jsza9e5k.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010.12.07 01:55:43 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\jsza9e5k.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010.12.07 01:55:42 | 000,000,000 | ---D | M] (Leo Search) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\jsza9e5k.default\extensions\{c666c018-6409-4479-afa3-68e4129e7eff}
[2010.12.07 01:55:42 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\jsza9e5k.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.12.07 02:08:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\jsza9e5k.default\extensions\DeviceDetection@logitech.com
[2010.12.07 01:55:43 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\jsza9e5k.default\extensions\feedly@devhd
[2010.12.07 01:42:30 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\jsza9e5k.default\extensions\Foxdie@tanjihay.com
[2010.12.07 01:42:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\jsza9e5k.default\extensions\foxdie_ext_ocelot@foxdie.us
[2010.12.07 01:43:55 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\jsza9e5k.default\extensions\FoxdieGraphite@tanjihay.com
[2010.12.12 12:37:26 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\jsza9e5k.default\extensions\twitternotifier@naan.net
[2010.12.07 01:55:43 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\jsza9e5k.default\extensions\feedly@devhd\content\app\extension
[2010.12.14 13:17:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.12.14 13:17:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.12.14 13:17:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.07 11:39:35 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Internet Security\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Internet Security\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Internet Security\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [3RVX] C:\Programme\3RVX\3RVX.exe (matt.malensek.net)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Internet Security\ie_banner_deny.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Internet Security\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Internet Security\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Internet Security\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Internet Security\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f7ecc725-019a-11e0-acae-002522639bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{f7ecc725-019a-11e0-acae-002522639bc4}\Shell\AutoRun\command - "" = H:\Set-up.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.14 15:42:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxx\Desktop\OTL.exe
[2010.12.14 14:55:14 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Malwarebytes
[2010.12.14 14:55:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.14 14:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.14 14:55:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.14 14:55:00 | 000,000,000 | ---D | C] -- C:\Programme\Anti-Malware
[2010.12.14 13:16:47 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Internet Security
[2010.12.14 13:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.12.14 13:16:36 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.12.14 13:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.12.13 15:41:20 | 000,000,000 | ---D | C] -- C:\Programme\VueScan
[2010.12.13 15:03:35 | 000,339,968 | ---- | C] (CANON INC.) -- C:\Windows\System32\N067UFW.DLL
[2010.12.13 15:03:35 | 000,036,864 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNQU70.DLL
[2010.12.13 14:52:19 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\ElevatedDiagnostics
[2010.12.13 14:25:31 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2010.12.13 14:21:00 | 000,389,180 | ---- | C] (Canon) -- C:\Windows\System32\UCS32P.DLL
[2010.12.10 02:36:56 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Google
[2010.12.09 13:01:02 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\Documents\Ableton
[2010.12.09 13:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton
[2010.12.09 13:01:01 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Ableton
[2010.12.09 13:00:06 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll
[2010.12.09 13:00:06 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\REX Shared Library.dll
[2010.12.09 12:58:51 | 000,000,000 | ---D | C] -- C:\Programme\Ableton
[2010.12.09 12:31:31 | 000,000,000 | ---D | C] -- C:\Windows\it-IT
[2010.12.09 12:31:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\it-IT
[2010.12.09 12:31:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\0410
[2010.12.09 12:31:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\it
[2010.12.09 12:29:01 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\volsnap.sys.mui
[2010.12.09 12:29:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\usbport.sys.mui
[2010.12.09 12:29:01 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\usbhub.sys.mui
[2010.12.09 12:29:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vhdmp.sys.mui
[2010.12.09 12:29:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\tpm.sys.mui
[2010.12.09 12:29:01 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\it-IT\pscr.sys.mui
[2010.12.09 12:29:01 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\portcls.sys.mui
[2010.12.09 12:29:01 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\umbus.sys.mui
[2010.12.09 12:29:01 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\serscan.sys.mui
[2010.12.09 12:29:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\wd.sys.mui
[2010.12.09 12:29:00 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\mpio.sys.mui
[2010.12.09 12:29:00 | 000,033,280 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\it-IT\yk62x86.sys.mui
[2010.12.09 12:29:00 | 000,022,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\it-IT\e1y6032.sys.mui
[2010.12.09 12:29:00 | 000,022,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\it-IT\e1e6032.sys.mui
[2010.12.09 12:29:00 | 000,018,944 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\it-IT\E1G60I32.sys.mui
[2010.12.09 12:29:00 | 000,012,800 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\it-IT\k57nd60x.sys.mui
[2010.12.09 12:29:00 | 000,012,800 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\it-IT\b57nd60x.sys.mui
[2010.12.09 12:29:00 | 000,011,776 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\it-IT\e1q6032.sys.mui
[2010.12.09 12:29:00 | 000,011,776 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\it-IT\e1k6032.sys.mui
[2010.12.09 12:29:00 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\serial.sys.mui
[2010.12.09 12:29:00 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\i8042prt.sys.mui
[2010.12.09 12:29:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\msdsm.sys.mui
[2010.12.09 12:29:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\sermouse.sys.mui
[2010.12.09 12:29:00 | 000,005,632 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\it-IT\bcm4sbxp.sys.mui
[2010.12.09 12:29:00 | 000,005,120 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\it-IT\e100b325.sys.mui
[2010.12.09 12:29:00 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\mouclass.sys.mui
[2010.12.09 12:29:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\pcmcia.sys.mui
[2010.12.09 12:29:00 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\parport.sys.mui
[2010.12.09 12:29:00 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\ataport.sys.mui
[2010.12.09 12:29:00 | 000,003,072 | ---- | C] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\it-IT\getn62.sys.mui
[2010.12.09 12:29:00 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\scsiport.sys.mui
[2010.12.09 12:29:00 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\rndismpx.sys.mui
[2010.12.09 12:29:00 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\rndismp6.sys.mui
[2010.12.09 12:29:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vwifibus.sys.mui
[2010.12.09 12:29:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\parvdm.sys.mui
[2010.12.09 12:29:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\MTConfig.sys.mui
[2010.12.09 12:29:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\mouhid.sys.mui
[2010.12.09 12:29:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\amdide.sys.mui
[2010.12.09 12:28:59 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\bfe.dll.mui
[2010.12.09 12:28:59 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\afd.sys.mui
[2010.12.09 12:28:59 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\tunnel.sys.mui
[2010.12.09 12:28:59 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\modem.sys.mui
[2010.12.09 12:28:59 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\wdf01000.sys.mui
[2010.12.09 12:28:59 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\usbrpm.sys.mui
[2010.12.09 12:28:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\ws2ifsl.sys.mui
[2010.12.09 12:28:58 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\tcpip.sys.mui
[2010.12.09 12:28:58 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\srv.sys.mui
[2010.12.09 12:28:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\pacer.sys.mui
[2010.12.09 12:28:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\fvevol.sys.mui
[2010.12.09 12:28:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\rdbss.sys.mui
[2010.12.09 12:28:57 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\RNDISMP.sys.mui
[2010.12.09 12:28:57 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\scfilter.sys.mui
[2010.12.09 12:28:57 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\qwavedrv.sys.mui
[2010.12.09 12:28:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\ntfs.sys.mui
[2010.12.09 12:28:56 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\ndis.sys.mui
[2010.12.09 12:28:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\nwifi.sys.mui
[2010.12.09 12:28:56 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\ndisuio.sys.mui
[2010.12.09 12:28:56 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\partmgr.sys.mui
[2010.12.09 12:28:55 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\ndiscap.sys.mui
[2010.12.09 12:28:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\luafv.sys.mui
[2010.12.09 12:28:54 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\ipnat.sys.mui
[2010.12.09 12:28:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\mountmgr.sys.mui
[2010.12.09 12:28:52 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\http.sys.mui
[2010.12.09 12:28:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\fltmgr.sys.mui
[2010.12.09 12:28:49 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\it-IT\BrSerIb.sys.mui
[2010.12.09 12:28:49 | 000,011,264 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\it-IT\ltmdmnt.sys.mui
[2010.12.09 12:28:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\pci.sys.mui
[2010.12.09 12:28:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vdrvroot.sys.mui
[2010.12.09 12:28:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\isapnp.sys.mui
[2010.12.09 12:28:49 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\mssmbios.sys.mui
[2010.12.09 12:28:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\volmgrx.sys.mui
[2010.12.09 12:28:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\VIAAGP.SYS.mui
[2010.12.09 12:28:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\ULIAGPKX.SYS.mui
[2010.12.09 12:28:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\SISAGP.SYS.mui
[2010.12.09 12:28:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\pnpmem.sys.mui
[2010.12.09 12:28:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\NV_AGP.SYS.mui
[2010.12.09 12:28:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\AMDAGP.SYS.mui
[2010.12.09 12:28:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\AGP440.sys.mui
[2010.12.09 12:28:48 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\viac7.sys.mui
[2010.12.09 12:28:48 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\processr.sys.mui
[2010.12.09 12:28:48 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\intelppm.sys.mui
[2010.12.09 12:28:48 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\amdppm.sys.mui
[2010.12.09 12:28:48 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\amdk8.sys.mui
[2010.12.09 12:28:48 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\ohci1394.sys.mui
[2010.12.09 12:28:48 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\1394ohci.sys.mui
[2010.12.09 12:28:48 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\it-IT\BrSerId.sys.mui
[2010.12.09 12:28:48 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\acpi.sys.mui
[2010.12.09 12:28:48 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\battc.sys.mui
[2010.12.09 12:28:48 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\bthport.sys.mui
[2010.12.09 12:28:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\IPMIDrv.sys.mui
[2010.12.09 12:28:48 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\kbdclass.sys.mui
[2010.12.09 12:28:48 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\bthpan.sys.mui
[2010.12.09 12:28:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\wacompen.sys.mui
[2010.12.09 12:28:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\hdaudbus.sys.mui
[2010.12.09 12:28:48 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\HdAudio.sys.mui
[2010.12.09 12:28:48 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\it-IT\atikmdag.sys.mui
[2010.12.09 12:28:48 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\hidbth.sys.mui
[2010.12.09 12:28:48 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\UAGP35.SYS.mui
[2010.12.09 12:28:48 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\kbdhid.sys.mui
[2010.12.09 12:28:48 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\GAGP30KX.SYS.mui
[2010.12.09 12:28:48 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\Dot4usb.sys.mui
[2010.12.09 12:28:48 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\disk.sys.mui
[2010.12.09 12:28:48 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\BTHUSB.SYS.mui
[2010.12.09 12:28:48 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\it-IT\BrParwdm.sys.mui
[2010.12.09 12:28:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\cdrom.sys.mui
[2010.12.09 12:28:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\bthenum.sys.mui
[2010.12.09 12:27:40 | 000,000,000 | ---D | C] -- C:\Windows\fr-FR
[2010.12.09 12:27:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fr-FR
[2010.12.09 12:27:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\fr
[2010.12.09 12:27:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\040C
[2010.12.09 12:24:57 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\volsnap.sys.mui
[2010.12.09 12:24:57 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\usbport.sys.mui
[2010.12.09 12:24:57 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\usbhub.sys.mui
[2010.12.09 12:24:57 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\fr-FR\pscr.sys.mui
[2010.12.09 12:24:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vhdmp.sys.mui
[2010.12.09 12:24:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\tpm.sys.mui
[2010.12.09 12:24:57 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\portcls.sys.mui
[2010.12.09 12:24:57 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\umbus.sys.mui
[2010.12.09 12:24:57 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\serscan.sys.mui
[2010.12.09 12:24:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\wd.sys.mui
[2010.12.09 12:24:56 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\pcmcia.sys.mui
[2010.12.09 12:24:55 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\mpio.sys.mui
[2010.12.09 12:24:55 | 000,033,280 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\fr-FR\yk62x86.sys.mui
[2010.12.09 12:24:55 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\fr-FR\e1y6032.sys.mui
[2010.12.09 12:24:55 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\fr-FR\e1e6032.sys.mui
[2010.12.09 12:24:55 | 000,019,968 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\fr-FR\E1G60I32.sys.mui
[2010.12.09 12:24:55 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\afd.sys.mui
[2010.12.09 12:24:55 | 000,012,800 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\fr-FR\k57nd60x.sys.mui
[2010.12.09 12:24:55 | 000,012,800 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\fr-FR\b57nd60x.sys.mui
[2010.12.09 12:24:55 | 000,012,288 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\fr-FR\e1q6032.sys.mui
[2010.12.09 12:24:55 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\serial.sys.mui
[2010.12.09 12:24:55 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\i8042prt.sys.mui
[2010.12.09 12:24:55 | 000,011,776 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\fr-FR\e1k6032.sys.mui
[2010.12.09 12:24:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\msdsm.sys.mui
[2010.12.09 12:24:55 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\sermouse.sys.mui
[2010.12.09 12:24:55 | 000,005,632 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\fr-FR\e100b325.sys.mui
[2010.12.09 12:24:55 | 000,005,632 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\fr-FR\bcm4sbxp.sys.mui
[2010.12.09 12:24:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\mouclass.sys.mui
[2010.12.09 12:24:55 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\parport.sys.mui
[2010.12.09 12:24:55 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\ataport.sys.mui
[2010.12.09 12:24:55 | 000,003,072 | ---- | C] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\fr-FR\getn62.sys.mui
[2010.12.09 12:24:55 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\scsiport.sys.mui
[2010.12.09 12:24:55 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\rndismpx.sys.mui
[2010.12.09 12:24:55 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\rndismp6.sys.mui
[2010.12.09 12:24:55 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\parvdm.sys.mui
[2010.12.09 12:24:55 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\mouhid.sys.mui
[2010.12.09 12:24:55 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vwifibus.sys.mui
[2010.12.09 12:24:55 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\MTConfig.sys.mui
[2010.12.09 12:24:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\amdide.sys.mui
[2010.12.09 12:24:54 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\tcpip.sys.mui
[2010.12.09 12:24:54 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\bfe.dll.mui
[2010.12.09 12:24:54 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\tunnel.sys.mui
[2010.12.09 12:24:54 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\modem.sys.mui
[2010.12.09 12:24:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\wdf01000.sys.mui
[2010.12.09 12:24:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\usbrpm.sys.mui
[2010.12.09 12:24:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\ws2ifsl.sys.mui
[2010.12.09 12:24:53 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\fvevol.sys.mui
[2010.12.09 12:24:53 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\srv.sys.mui
[2010.12.09 12:24:53 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\scfilter.sys.mui
[2010.12.09 12:24:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\pacer.sys.mui
[2010.12.09 12:24:50 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\rdbss.sys.mui
[2010.12.09 12:24:50 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\RNDISMP.sys.mui
[2010.12.09 12:24:50 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\qwavedrv.sys.mui
[2010.12.09 12:24:50 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\partmgr.sys.mui
[2010.12.09 12:24:49 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\ntfs.sys.mui
[2010.12.09 12:24:49 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\ndis.sys.mui
[2010.12.09 12:24:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\nwifi.sys.mui
[2010.12.09 12:24:49 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\ndisuio.sys.mui
[2010.12.09 12:24:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\ndiscap.sys.mui
[2010.12.09 12:24:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\mountmgr.sys.mui
[2010.12.09 12:24:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\luafv.sys.mui
[2010.12.09 12:24:45 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\ipnat.sys.mui
[2010.12.09 12:24:44 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\http.sys.mui
[2010.12.09 12:24:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\fltmgr.sys.mui
[2010.12.09 12:24:41 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\volmgrx.sys.mui
[2010.12.09 12:24:40 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\viac7.sys.mui
[2010.12.09 12:24:40 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\processr.sys.mui
[2010.12.09 12:24:40 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\intelppm.sys.mui
[2010.12.09 12:24:40 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\amdppm.sys.mui
[2010.12.09 12:24:40 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\amdk8.sys.mui
[2010.12.09 12:24:40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\ohci1394.sys.mui
[2010.12.09 12:24:40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\1394ohci.sys.mui
[2010.12.09 12:24:40 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\fr-FR\BrSerId.sys.mui
[2010.12.09 12:24:40 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\fr-FR\BrSerIb.sys.mui
[2010.12.09 12:24:40 | 000,011,264 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\fr-FR\ltmdmnt.sys.mui
[2010.12.09 12:24:40 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\acpi.sys.mui
[2010.12.09 12:24:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\battc.sys.mui
[2010.12.09 12:24:40 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\pci.sys.mui
[2010.12.09 12:24:40 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\bthport.sys.mui
[2010.12.09 12:24:40 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\IPMIDrv.sys.mui
[2010.12.09 12:24:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\kbdclass.sys.mui
[2010.12.09 12:24:40 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\bthpan.sys.mui
[2010.12.09 12:24:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\wacompen.sys.mui
[2010.12.09 12:24:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vdrvroot.sys.mui
[2010.12.09 12:24:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\isapnp.sys.mui
[2010.12.09 12:24:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\hdaudbus.sys.mui
[2010.12.09 12:24:40 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\HdAudio.sys.mui
[2010.12.09 12:24:40 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\fr-FR\atikmdag.sys.mui
[2010.12.09 12:24:40 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\mssmbios.sys.mui
[2010.12.09 12:24:40 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\hidbth.sys.mui
[2010.12.09 12:24:40 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\Dot4usb.sys.mui
[2010.12.09 12:24:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\VIAAGP.SYS.mui
[2010.12.09 12:24:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\ULIAGPKX.SYS.mui
[2010.12.09 12:24:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\UAGP35.SYS.mui
[2010.12.09 12:24:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\SISAGP.SYS.mui
[2010.12.09 12:24:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\pnpmem.sys.mui
[2010.12.09 12:24:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\NV_AGP.SYS.mui
[2010.12.09 12:24:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\kbdhid.sys.mui
[2010.12.09 12:24:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\GAGP30KX.SYS.mui
[2010.12.09 12:24:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\disk.sys.mui
[2010.12.09 12:24:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\BTHUSB.SYS.mui
[2010.12.09 12:24:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\AMDAGP.SYS.mui
[2010.12.09 12:24:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\AGP440.sys.mui
[2010.12.09 12:24:40 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\fr-FR\BrParwdm.sys.mui
[2010.12.09 12:24:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\cdrom.sys.mui
[2010.12.09 12:24:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\bthenum.sys.mui
[2010.12.09 12:23:33 | 000,000,000 | ---D | C] -- C:\Windows\en-US
[2010.12.09 12:23:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\en-US
[2010.12.09 12:23:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\en
[2010.12.09 12:23:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\0409
[2010.12.09 12:20:31 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\usbport.sys.mui
[2010.12.09 12:20:31 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\volsnap.sys.mui
[2010.12.09 12:20:31 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\usbhub.sys.mui
[2010.12.09 12:20:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\tpm.sys.mui
[2010.12.09 12:20:31 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\en-US\pscr.sys.mui
[2010.12.09 12:20:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vhdmp.sys.mui
[2010.12.09 12:20:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\portcls.sys.mui
[2010.12.09 12:20:31 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\umbus.sys.mui
[2010.12.09 12:20:31 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\serscan.sys.mui
[2010.12.09 12:20:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\wd.sys.mui
[2010.12.09 12:20:30 | 000,032,256 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\en-US\yk62x86.sys.mui
[2010.12.09 12:20:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\pcmcia.sys.mui
[2010.12.09 12:20:30 | 000,003,072 | ---- | C] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\en-US\getn62.sys.mui
[2010.12.09 12:20:30 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\rndismpx.sys.mui
[2010.12.09 12:20:30 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\rndismp6.sys.mui
[2010.12.09 12:20:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vwifibus.sys.mui
[2010.12.09 12:20:29 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mpio.sys.mui
[2010.12.09 12:20:29 | 000,019,968 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\en-US\e1y6032.sys.mui
[2010.12.09 12:20:29 | 000,019,968 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\en-US\e1e6032.sys.mui
[2010.12.09 12:20:29 | 000,016,896 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\en-US\E1G60I32.sys.mui
[2010.12.09 12:20:29 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\afd.sys.mui
[2010.12.09 12:20:29 | 000,010,752 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\en-US\e1q6032.sys.mui
[2010.12.09 12:20:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\serial.sys.mui
[2010.12.09 12:20:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\i8042prt.sys.mui
[2010.12.09 12:20:29 | 000,010,240 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\en-US\e1k6032.sys.mui
[2010.12.09 12:20:29 | 000,009,728 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\en-US\k57nd60x.sys.mui
[2010.12.09 12:20:29 | 000,009,728 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\en-US\b57nd60x.sys.mui
[2010.12.09 12:20:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\msdsm.sys.mui
[2010.12.09 12:20:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\sermouse.sys.mui
[2010.12.09 12:20:29 | 000,005,120 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\en-US\e100b325.sys.mui
[2010.12.09 12:20:29 | 000,005,120 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\en-US\bcm4sbxp.sys.mui
[2010.12.09 12:20:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouclass.sys.mui
[2010.12.09 12:20:29 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\parport.sys.mui
[2010.12.09 12:20:29 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\scsiport.sys.mui
[2010.12.09 12:20:29 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\ataport.sys.mui
[2010.12.09 12:20:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\parvdm.sys.mui
[2010.12.09 12:20:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\MTConfig.sys.mui
[2010.12.09 12:20:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouhid.sys.mui
[2010.12.09 12:20:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\amdide.sys.mui
[2010.12.09 12:20:28 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\tcpip.sys.mui
[2010.12.09 12:20:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\bfe.dll.mui
[2010.12.09 12:20:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\tunnel.sys.mui
[2010.12.09 12:20:28 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\modem.sys.mui
[2010.12.09 12:20:28 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
[2010.12.09 12:20:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\ws2ifsl.sys.mui
[2010.12.09 12:20:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\usbrpm.sys.mui
[2010.12.09 12:20:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\fvevol.sys.mui
[2010.12.09 12:20:27 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\srv.sys.mui
[2010.12.09 12:20:27 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\scfilter.sys.mui
[2010.12.09 12:20:20 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\pacer.sys.mui
[2010.12.09 12:20:20 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\rdbss.sys.mui
[2010.12.09 12:20:20 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\RNDISMP.sys.mui
[2010.12.09 12:20:20 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui
[2010.12.09 12:20:20 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\partmgr.sys.mui
[2010.12.09 12:20:18 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\ntfs.sys.mui
[2010.12.09 12:20:18 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\ndis.sys.mui
[2010.12.09 12:20:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\nwifi.sys.mui
[2010.12.09 12:20:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\ndiscap.sys.mui
[2010.12.09 12:20:18 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\ndisuio.sys.mui
[2010.12.09 12:20:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\luafv.sys.mui
[2010.12.09 12:20:17 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\ipnat.sys.mui
[2010.12.09 12:20:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mountmgr.sys.mui
[2010.12.09 12:20:16 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\http.sys.mui
[2010.12.09 12:20:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\fltmgr.sys.mui
[2010.12.09 12:20:14 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\volmgrx.sys.mui
[2010.12.09 12:20:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\viac7.sys.mui
[2010.12.09 12:20:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\processr.sys.mui
[2010.12.09 12:20:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\intelppm.sys.mui
[2010.12.09 12:20:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\amdppm.sys.mui
[2010.12.09 12:20:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\amdk8.sys.mui
[2010.12.09 12:20:13 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\ohci1394.sys.mui
[2010.12.09 12:20:13 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\1394ohci.sys.mui
[2010.12.09 12:20:13 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrSerId.sys.mui
[2010.12.09 12:20:13 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrSerIb.sys.mui
[2010.12.09 12:20:13 | 000,009,728 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\en-US\ltmdmnt.sys.mui
[2010.12.09 12:20:13 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\acpi.sys.mui
[2010.12.09 12:20:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\pci.sys.mui
[2010.12.09 12:20:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\bthport.sys.mui
[2010.12.09 12:20:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\battc.sys.mui
[2010.12.09 12:20:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
[2010.12.09 12:20:13 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\bthpan.sys.mui
[2010.12.09 12:20:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\wacompen.sys.mui
[2010.12.09 12:20:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
[2010.12.09 12:20:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\hdaudbus.sys.mui
[2010.12.09 12:20:13 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vdrvroot.sys.mui
[2010.12.09 12:20:13 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\isapnp.sys.mui
[2010.12.09 12:20:13 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mssmbios.sys.mui
[2010.12.09 12:20:13 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\hidbth.sys.mui
[2010.12.09 12:20:13 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\HdAudio.sys.mui
[2010.12.09 12:20:13 | 000,003,072 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\en-US\atikmdag.sys.mui
[2010.12.09 12:20:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\VIAAGP.SYS.mui
[2010.12.09 12:20:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\ULIAGPKX.SYS.mui
[2010.12.09 12:20:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\UAGP35.SYS.mui
[2010.12.09 12:20:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\SISAGP.SYS.mui
[2010.12.09 12:20:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\pnpmem.sys.mui
[2010.12.09 12:20:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\NV_AGP.SYS.mui
[2010.12.09 12:20:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
[2010.12.09 12:20:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\GAGP30KX.SYS.mui
[2010.12.09 12:20:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\Dot4usb.sys.mui
[2010.12.09 12:20:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\BTHUSB.SYS.mui
[2010.12.09 12:20:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\AMDAGP.SYS.mui
[2010.12.09 12:20:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\AGP440.sys.mui
[2010.12.09 12:20:13 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrParwdm.sys.mui
[2010.12.09 12:20:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\disk.sys.mui
[2010.12.09 12:20:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\cdrom.sys.mui
[2010.12.09 12:20:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\bthenum.sys.mui
[2010.12.08 14:28:09 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\Documents\Shutdown
[2010.12.08 13:08:03 | 000,000,000 | ---D | C] -- C:\Programme\Nvidia
[2010.12.08 13:04:56 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab
[2010.12.08 11:05:59 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Kerio
[2010.12.08 11:04:08 | 000,000,000 | ---D | C] -- C:\Programme\Kerio
[2010.12.08 11:03:36 | 000,000,000 | ---D | C] -- C:\Programme\My Company Name
[2010.12.07 18:25:40 | 000,000,000 | R--D | C] -- C:\Users\xxxxx\Documents\Scanned Documents
[2010.12.07 18:25:40 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\Documents\Fax
[2010.12.07 17:44:26 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\WinRAR
[2010.12.07 17:42:12 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.12.07 17:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.12.07 17:37:39 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.12.07 17:37:39 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.12.07 17:37:39 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.12.07 17:37:39 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.12.07 17:37:22 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010.12.07 17:24:01 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer
[2010.12.07 17:22:24 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP
[2010.12.07 17:20:54 | 000,057,800 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\CBDisk.sys
[2010.12.07 17:20:51 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Mediafour
[2010.12.07 17:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Mediafour
[2010.12.07 17:20:19 | 000,000,000 | ---D | C] -- C:\Programme\Mediafour
[2010.12.07 17:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Nike
[2010.12.07 17:20:05 | 000,000,000 | ---D | C] -- C:\Programme\Nike
[2010.12.07 16:56:02 | 000,000,000 | ---D | C] -- C:\Programme\Adobe Media Player
[2010.12.07 16:54:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR
[2010.12.07 16:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010.12.07 16:45:47 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\vlc
[2010.12.07 16:45:13 | 000,000,000 | ---D | C] -- C:\Programme\VLC
[2010.12.07 16:41:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Macrovision Shared
[2010.12.07 12:30:05 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\Documents\Outlook-Dateien
[2010.12.07 12:05:50 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2010.12.07 12:05:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.12.07 12:05:29 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.12.07 12:05:29 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework
[2010.12.07 12:05:29 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.12.07 12:04:38 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2010.12.07 12:03:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2010.12.07 12:03:38 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Microsoft Help
[2010.12.07 12:03:33 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.12.07 12:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.12.07 12:03:25 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.12.07 11:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.12.07 11:44:04 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Adobe
[2010.12.07 11:42:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.12.07 11:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.12.07 11:42:17 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.12.07 02:31:35 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\matt.malensek.net
[2010.12.07 02:30:32 | 000,000,000 | ---D | C] -- C:\Programme\3RVX
[2010.12.07 02:24:20 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Apple Computer
[2010.12.07 02:24:20 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Apple Computer
[2010.12.07 02:24:16 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010.12.07 02:24:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.12.07 02:23:58 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.12.07 02:23:57 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.12.07 02:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.12.07 02:23:25 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.12.07 02:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.12.07 02:23:15 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Apple
[2010.12.07 02:23:13 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.12.07 02:22:54 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.12.07 02:22:45 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2010.12.07 02:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.12.07 02:21:31 | 000,000,000 | ---D | C] -- C:\Programme\VirtualCloneDrive
[2010.12.07 02:15:21 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Leadertech
[2010.12.07 02:15:06 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010.12.07 02:14:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010.12.07 02:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010.12.07 02:14:40 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.12.07 02:13:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\LogiShrd
[2010.12.07 02:13:52 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Logitech
[2010.12.07 02:13:52 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Logishrd
[2010.12.07 01:49:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Macromedia
[2010.12.07 01:49:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Adobe
[2010.12.07 01:49:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.12.07 01:03:16 | 000,372,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvraiins.dll
[2010.12.07 01:03:16 | 000,372,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvraidco.dll
[2010.12.07 01:03:16 | 000,212,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys
[2010.12.07 01:03:16 | 000,017,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoPtb.dll
[2010.12.07 01:03:16 | 000,017,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoIt.dll
[2010.12.07 01:03:16 | 000,017,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoFr.dll
[2010.12.07 01:03:16 | 000,017,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoEsm.dll
[2010.12.07 01:03:16 | 000,017,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoEs.dll
[2010.12.07 01:03:16 | 000,017,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoDe.dll
[2010.12.07 01:03:16 | 000,017,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoSv.dll
[2010.12.07 01:03:16 | 000,017,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoRu.dll
[2010.12.07 01:03:16 | 000,017,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoNo.dll
[2010.12.07 01:03:16 | 000,017,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoNl.dll
[2010.12.07 01:03:16 | 000,017,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoFi.dll
[2010.12.07 01:03:16 | 000,016,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoENU.dll
[2010.12.07 01:03:16 | 000,016,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoEng.dll
[2010.12.07 01:03:16 | 000,015,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoKo.dll
[2010.12.07 01:03:16 | 000,015,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoJa.dll
[2010.12.07 01:03:16 | 000,014,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoZht.dll
[2010.12.07 01:03:16 | 000,014,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoZhc.dll
[2010.12.07 01:03:00 | 000,017,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoDa.dll
[2010.12.07 01:02:48 | 000,000,000 | ---D | C] -- C:\Programme\InstallShield Installation Information
[2010.12.07 01:02:30 | 001,108,480 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viahduaa.sys
[2010.12.07 01:02:30 | 000,868,352 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\System32\VIAPropPageExt.dll
[2010.12.07 01:02:30 | 000,524,288 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\VMAPO32.DLL
[2010.12.07 01:02:30 | 000,502,784 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\System32\VIASysFx.dll
[2010.12.07 01:02:30 | 000,211,456 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\Dts2APO.dll
[2010.12.07 01:02:30 | 000,181,248 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\ViaMicArrayAPO.dll
[2010.12.07 01:02:30 | 000,076,288 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\System32\nQPropPageExt.dll
[2010.12.07 01:02:30 | 000,075,776 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\System32\Dts2PropPageExt.dll
[2010.12.07 01:02:30 | 000,071,680 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\System32\nQAPO.dll
[2010.12.07 01:02:30 | 000,068,608 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\System32\ViaMicArrayPropPageExt.dll
[2010.12.07 01:02:30 | 000,062,464 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\VMWRP32.DLL
[2010.12.07 01:02:30 | 000,047,104 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\VMPPLD32.DLL
[2010.12.07 01:02:30 | 000,044,032 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\VMPPCN32.DLL
[2010.12.07 01:01:50 | 000,000,000 | ---D | C] -- C:\Programme\VIA
[2010.12.07 01:01:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InstallShield
[2010.12.07 01:00:22 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.12.07 01:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010.12.07 00:59:39 | 000,151,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod157.dll
[2010.12.07 00:59:26 | 000,795,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe
[2010.12.07 00:58:44 | 000,898,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\fdco1.dll
[2010.12.07 00:58:44 | 000,240,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvconrm.dll
[2010.12.07 00:58:30 | 000,457,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvunrm.exe
[2010.12.07 00:44:56 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\foobar2000
[2010.12.07 00:44:50 | 000,000,000 | ---D | C] -- C:\Programme\foobar
[2010.12.07 00:42:01 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Mozilla
[2010.12.07 00:42:01 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Mozilla
[2010.12.07 00:41:56 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.12.07 00:19:43 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.12.07 00:18:35 | 000,000,000 | R--D | C] -- C:\Users\xxxxx\Searches
[2010.12.07 00:18:28 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Identities
[2010.12.07 00:18:26 | 000,000,000 | R--D | C] -- C:\Users\xxxxx\Contacts
[2010.12.07 00:18:22 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\VirtualStore
[2010.12.07 00:18:21 | 000,000,000 | --SD | C] -- C:\Users\xxxxx\AppData\Roaming\Microsoft
[2010.12.07 00:18:21 | 000,000,000 | R--D | C] -- C:\Users\xxxxx\Videos
[2010.12.07 00:18:21 | 000,000,000 | R--D | C] -- C:\Users\xxxxx\Saved Games
[2010.12.07 00:18:21 | 000,000,000 | R--D | C] -- C:\Users\xxxxx\Pictures
[2010.12.07 00:18:21 | 000,000,000 | R--D | C] -- C:\Users\xxxxx\Music
[2010.12.07 00:18:21 | 000,000,000 | R--D | C] -- C:\Users\xxxxx\Links
[2010.12.07 00:18:21 | 000,000,000 | R--D | C] -- C:\Users\xxxxx\Favorites
[2010.12.07 00:18:21 | 000,000,000 | R--D | C] -- C:\Users\xxxxx\Downloads
[2010.12.07 00:18:21 | 000,000,000 | R--D | C] -- C:\Users\xxxxx\Documents
[2010.12.07 00:18:21 | 000,000,000 | R--D | C] -- C:\Users\xxxxx\Desktop
[2010.12.07 00:18:21 | 000,000,000 | -HSD | C] -- C:\Users\xxxxx\Vorlagen
[2010.12.07 00:18:21 | 000,000,000 | -HSD | C] -- C:\Users\xxxxx\AppData\Local\Verlauf
[2010.12.07 00:18:21 | 000,000,000 | -HSD | C] -- C:\Users\xxxxx\AppData\Local\Temporary Internet Files
[2010.12.07 00:18:21 | 000,000,000 | -HSD | C] -- C:\Users\xxxxx\Startmenü
[2010.12.07 00:18:21 | 000,000,000 | -HSD | C] -- C:\Users\xxxxx\SendTo
[2010.12.07 00:18:21 | 000,000,000 | -HSD | C] -- C:\Users\xxxxx\Recent
[2010.12.07 00:18:21 | 000,000,000 | -HSD | C] -- C:\Users\xxxxx\Netzwerkumgebung
[2010.12.07 00:18:21 | 000,000,000 | -HSD | C] -- C:\Users\xxxxx\Lokale Einstellungen
[2010.12.07 00:18:21 | 000,000,000 | -HSD | C] -- C:\Users\xxxxx\Documents\Eigene Videos
[2010.12.07 00:18:21 | 000,000,000 | -HSD | C] -- C:\Users\xxxxx\Documents\Eigene Musik
[2010.12.07 00:18:21 | 000,000,000 | -HSD | C] -- C:\Users\xxxxx\Eigene Dateien
[2010.12.07 00:18:21 | 000,000,000 | -HSD | C] -- C:\Users\xxxxx\Documents\Eigene Bilder
[2010.12.07 00:18:21 | 000,000,000 | -HSD | C] -- C:\Users\xxxxx\Druckumgebung
[2010.12.07 00:18:21 | 000,000,000 | -HSD | C] -- C:\Users\xxxxx\Cookies
[2010.12.07 00:18:21 | 000,000,000 | -HSD | C] -- C:\Users\xxxxx\AppData\Local\Anwendungsdaten
[2010.12.07 00:18:21 | 000,000,000 | -HSD | C] -- C:\Users\xxxxx\Anwendungsdaten
[2010.12.07 00:18:21 | 000,000,000 | -H-D | C] -- C:\Users\xxxxx\AppData
[2010.12.07 00:18:21 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Temp
[2010.12.07 00:18:21 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Microsoft
[2010.12.07 00:18:21 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Media Center Programs
[2010.12.07 00:18:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.12.07 00:18:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.12.07 00:18:09 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.12.07 00:18:09 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.12.07 00:18:09 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.12.07 00:18:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.12.07 00:18:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.12.07 00:18:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.12.07 00:18:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.12.07 00:18:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.12.07 00:18:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.12.07 00:18:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010.12.07 00:18:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.12.07 00:14:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010.12.07 00:14:05 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2010.12.07 00:13:03 | 000,000,000 | -HSD | C] -- C:\Boot
[2010.08.25 07:50:00 | 006,189,712 | ---- | C] (Hamrick Software) -- C:\Users\xxxxx\AppData\Roaming\vuescan_v8.6.53.exe
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.14 15:47:09 | 000,012,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.14 15:47:09 | 000,012,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.14 15:42:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxx\Desktop\OTL.exe
[2010.12.14 15:39:10 | 000,697,136 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010.12.14 15:39:10 | 000,691,814 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2010.12.14 15:39:10 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.14 15:39:10 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.14 15:39:10 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.14 15:39:10 | 000,130,786 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010.12.14 15:39:10 | 000,127,790 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2010.12.14 15:39:10 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.14 15:34:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.14 15:34:41 | 1408,737,280 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.14 14:55:04 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.14 13:22:23 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.12.14 13:22:23 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.12.14 13:16:36 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.12.14 04:23:24 | 000,001,456 | ---- | M] () -- C:\Users\xxxxx\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010.12.13 15:04:42 | 000,000,017 | ---- | M] () -- C:\Users\xxxxx\AppData\Local\resmon.resmoncfg
[2010.12.09 12:31:13 | 000,335,478 | ---- | M] () -- C:\Windows\System32\perfi010.dat
[2010.12.09 12:31:13 | 000,037,534 | ---- | M] () -- C:\Windows\System32\perfd010.dat
[2010.12.09 12:27:22 | 000,344,522 | ---- | M] () -- C:\Windows\System32\perfi00C.dat
[2010.12.09 12:27:22 | 000,038,160 | ---- | M] () -- C:\Windows\System32\perfd00C.dat
[2010.12.08 14:51:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.12.07 18:28:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.12.07 17:31:15 | 003,961,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.07 02:15:06 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010.12.07 00:50:12 | 000,000,670 | ---- | M] () -- C:\Users\xxxxx\Desktop\Neue Musik.lnk
[2010.12.07 00:50:05 | 000,000,631 | ---- | M] () -- C:\Users\xxxxx\Desktop\Musik.lnk
[2010.12.07 00:44:51 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\foobar.lnk
[2010.12.07 00:41:58 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.12.07 00:15:55 | 000,000,751 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010.12.07 00:13:04 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010.12.14 14:55:04 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.14 13:17:29 | 000,114,243 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.12.14 13:17:29 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.12.14 04:23:24 | 000,001,456 | ---- | C] () -- C:\Users\xxxxx\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010.12.13 15:04:42 | 000,000,017 | ---- | C] () -- C:\Users\xxxxx\AppData\Local\resmon.resmoncfg
[2010.12.09 12:32:04 | 000,691,814 | ---- | C] () -- C:\Windows\System32\perfh010.dat
[2010.12.09 12:32:04 | 000,335,478 | ---- | C] () -- C:\Windows\System32\perfi010.dat
[2010.12.09 12:32:04 | 000,127,790 | ---- | C] () -- C:\Windows\System32\perfc010.dat
[2010.12.09 12:32:04 | 000,037,534 | ---- | C] () -- C:\Windows\System32\perfd010.dat
[2010.12.09 12:28:16 | 000,697,136 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2010.12.09 12:28:16 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2010.12.09 12:28:16 | 000,130,786 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2010.12.09 12:28:16 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2010.12.08 14:51:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.12.07 18:28:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.12.07 01:51:11 | 001,171,378 | ---- | C] () -- C:\Users\xxxxx\Desktop\springer.pdf
[2010.12.07 01:51:07 | 020,934,656 | ---- | C] () -- C:\Users\xxxxx\Desktop\PR-Feature.mp3
[2010.12.07 00:58:45 | 000,704,512 | R--- | C] () -- C:\Windows\System32\cohelper.dll
[2010.12.07 00:58:45 | 000,005,940 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.12.07 00:58:29 | 000,006,076 | ---- | C] () -- C:\Windows\System32\nvnrm.nvu
[2010.12.07 00:50:12 | 000,000,670 | ---- | C] () -- C:\Users\xxxxx\Desktop\Neue Musik.lnk
[2010.12.07 00:50:05 | 000,000,631 | ---- | C] () -- C:\Users\xxxxx\Desktop\Musik.lnk
[2010.12.07 00:44:51 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\foobar.lnk
[2010.12.07 00:41:58 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.12.07 00:13:40 | 1408,737,280 | -HS- | C] () -- C:\hiberfil.sys
[2010.12.07 00:13:04 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010.12.07 00:13:03 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
 
========== LOP Check ==========
 
[2010.12.09 13:01:02 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Ableton
[2010.12.13 14:25:31 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2010.12.14 12:12:03 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\foobar2000
[2010.12.07 02:15:21 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Leadertech
[2010.12.14 12:57:47 | 000,009,952 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
         
--- --- ---


----------------------------------------------OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.12.2010 15:49:38 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\xxxxxxel\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,72 Gb Total Space | 115,94 Gb Free Space | 79,02% Space Free | Partition Type: NTFS
Drive D: | 784,79 Gb Total Space | 678,89 Gb Free Space | 86,51% Space Free | Partition Type: NTFS
Drive E: | 372,52 Gb Total Space | 67,55 Gb Free Space | 18,13% Space Free | Partition Type: FAT32
 
Computer Name: xxxxxx | User Name: xxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40D32C77-B711-4047-96C6-A968DB2DEDDA}" = Kerio Outlook Connector (Offline Edition)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66BB5D8F-D9BD-4799-A9FA-5731B3B7839A}" = 3RVX
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AF346D59-7F5B-4CA2-9302-7F4AC3C09C10}" = MacDrive 8
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CEA791BB-6F54-48ED-BC2A-F78157C1D558}" = Adobe Setup
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_c015d5ef39552390a753ee735d16041" = Adobe Illustrator CS3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"foobar2000" = foobar2000 v1.1.1
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Live 8.2.1" = Live 8.2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nike+ Connect" = Nike+ Connect
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"sp6" = Logitech SetPoint 6.20
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"VueScan" = VueScan
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.12.2010 14:07:08 | Computer Name = xxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1969
 
Error - 12.12.2010 14:07:10 | Computer Name = xxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.12.2010 14:07:10 | Computer Name = xxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3953
 
Error - 12.12.2010 14:07:10 | Computer Name = xxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3953
 
Error - 12.12.2010 14:07:12 | Computer Name = xxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.12.2010 14:07:12 | Computer Name = xxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5906
 
Error - 12.12.2010 14:07:12 | Computer Name = xxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5906
 
Error - 12.12.2010 15:56:08 | Computer Name = xxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.12.2010 15:56:08 | Computer Name = xxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1969
 
Error - 12.12.2010 15:56:08 | Computer Name = xxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1969
 
[ System Events ]
Error - 07.12.2010 07:19:18 | Computer Name = xxxxxx | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
 
Error - 07.12.2010 07:19:18 | Computer Name = xxxxxx | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
 
Error - 07.12.2010 07:19:18 | Computer Name = xxxxxx | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
 
Error - 07.12.2010 07:50:38 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines 
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
 
Error - 07.12.2010 07:50:39 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32
 
Error - 07.12.2010 12:30:14 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32
 
Error - 07.12.2010 17:17:03 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
 
Error - 07.12.2010 17:17:03 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst nvsvc erreicht.
 
Error - 08.12.2010 08:53:41 | Computer Name = xxxxxx | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
initialisieren.
 
Error - 10.12.2010 14:50:45 | Computer Name = xxxxxx | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
 
 
< End of report >
         
--- --- ---


-----------------------------------------------------------------

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5311

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.12.2010 14:56:39
mbam-log-2010-12-14 (14-56-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 41510
Laufzeit: 1 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 15.12.2010, 13:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Standard

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 15.12.2010, 18:21   #3
morrissey2
 
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Standard

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet



Hallo Arne,

anbei die Logs. Außerdem habe ich bei Kaspersky noch geschaut, wie die Viren hießen:

- Trojan.Win32.FakeAV.wtv
- Rootkit.Win32.TDSS.mbr

Laut Kaspersky beide desinfiziert/gelöscht.

Wenn Anti-Maleware nichts anzeigt, was es bei mir ja nicht tut, ist mein Computer dann definitiv sauber?


Nun die Logs - von heute:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5319

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.12.2010 17:27:21
mbam-log-2010-12-15 (17-27-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|H:\|)
Durchsuchte Objekte: 309912
Laufzeit: 37 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


--------------------------------------------------------

und von gestern:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5311

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.12.2010 15:33:21
mbam-log-2010-12-14 (15-33-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|H:\|)
Durchsuchte Objekte: 310653
Laufzeit: 35 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Daniel\AppData\Roaming\dgfdgsdf.bat (Malware.Trace) -> Quarantined and deleted successfully.


Danke!
__________________

Alt 16.12.2010, 12:08   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Standard

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet



Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
Erklärung dazu? Wieso soll dein Rechner activate.adobe nicht erreichen können?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.12.2010, 14:24   #5
morrissey2
 
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Standard

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet



Hallo,

ich habe vor einiger Zeit meine Festplatte via Linux und dem Befehl dd Sektor für Sektor dupliziert, da die alte Platte einige defekte Sektoren hatte. Auf der neuen Platte haben die Adobe-Produkte dann nicht mehr funktioniert. Deshalb habe ich die Aktivierung verhindert.

Viele Grüße.


Alt 16.12.2010, 19:59   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Standard

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet



Zitat:
Auf der neuen Platte haben die Adobe-Produkte dann nicht mehr funktioniert. Deshalb habe ich die Aktivierung verhindert.
Was hat eine Nichtfunktion mit dem Blockieren des Adobe-Updateservers zu tun?
__________________
--> hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet

Alt 16.12.2010, 20:06   #7
morrissey2
 
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Standard

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet



Obwohl es eine 1:1-Kopie der Festplatte war, wollte Adobe eine erneute Aktivierung. Die ist aber immer fehlgeschlagen. Dann habe ich mit Hilfe eines Forums manuell den Eintrag gemacht. Adobe-Updates, die automatisch gestartet werden, führe ich regelmäßig aus. Es geht also nur um die Aktivierung.

Viele Grüße

Alt 16.12.2010, 20:09   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Standard

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKLM..\Run: [] File not found
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f7ecc725-019a-11e0-acae-002522639bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{f7ecc725-019a-11e0-acae-002522639bc4}\Shell\AutoRun\command - "" = H:\Set-up.exe -- File not found
:Commands
[purity]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.12.2010, 21:47   #9
morrissey2
 
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Standard

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet



Hallo,

vielen Dank!

Hier die Ergebnisse (das H:\Set-up.exe nicht gefunden wurde, liegt vielleicht daran, dass es ein virtuelles Laufwerk ist und ich Clone-Drive vorher beendet habe. Sicher bin ich mir aber nicht.)

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7ecc725-019a-11e0-acae-002522639bc4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7ecc725-019a-11e0-acae-002522639bc4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7ecc725-019a-11e0-acae-002522639bc4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7ecc725-019a-11e0-acae-002522639bc4}\ not found.
File H:\Set-up.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: xxxxxxx
->Temp folder emptied: 397926322 bytes
->Temporary Internet Files folder emptied: 4610233 bytes
->FireFox cache emptied: 47650860 bytes
->Flash cache emptied: 38160 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5788918 bytes
RecycleBin emptied: 1446460 bytes
 
Total Files Cleaned = 436,00 mb
 
 
OTL by OldTimer - Version 3.2.17.3 log created on 12162010_213417

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 17.12.2010, 10:02   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Standard

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.12.2010, 12:52   #11
morrissey2
 
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Standard

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet



So, anbei die CF-Log-Datei.

Code:
ATTFilter
ComboFix 10-12-16.04 - xxxxxx 17.12.2010  12:26:55.1.2 - x86
Microsoft Windows 7 Enterprise  6.1.7600.0.1252.49.1031.18.1791.1226 [GMT 1:00]
ausgeführt von:: c:\users\xxxxxx\Desktop\cofi.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-11-17 bis 2010-12-17  ))))))))))))))))))))))))))))))
.

2010-12-17 11:31 . 2010-12-17 11:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-12-17 11:14 . 2010-12-17 11:14	--------	d-----w-	c:\program files\CCleaner
2010-12-16 20:34 . 2010-12-16 20:34	--------	d-----w-	C:\_OTL
2010-12-15 15:34 . 2010-11-29 16:42	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-15 15:34 . 2010-12-15 15:34	--------	d-----w-	c:\program files\Anti-Malware
2010-12-15 15:34 . 2010-11-29 16:42	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-14 13:55 . 2010-12-14 13:55	--------	d-----w-	c:\programdata\Malwarebytes
2010-12-14 12:17 . 2010-12-14 12:22	97859	----a-w-	c:\windows\system32\drivers\klick.dat
2010-12-14 12:17 . 2010-12-14 12:22	114243	----a-w-	c:\windows\system32\drivers\klin.dat
2010-12-14 12:16 . 2010-12-14 12:17	--------	d-----w-	c:\program files\Kaspersky Internet Security
2010-12-14 12:16 . 2010-12-17 10:36	--------	d-----w-	c:\programdata\Kaspersky Lab
2010-12-14 12:12 . 2010-12-14 12:12	--------	d-----w-	c:\programdata\Kaspersky Lab Setup Files
2010-12-13 14:41 . 2010-12-13 14:52	--------	d-----w-	c:\program files\VueScan
2010-12-13 14:03 . 2003-09-17 16:35	339968	----a-w-	c:\windows\system32\N067UFW.DLL
2010-12-13 14:03 . 2002-09-12 00:07	36864	----a-w-	c:\windows\system32\CNQU70.DLL
2010-12-13 13:21 . 2002-05-24 02:04	389180	----a-w-	c:\windows\system32\UCS32P.DLL
2010-12-12 11:36 . 2010-11-16 11:01	6273872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{30852E55-5E12-45EF-9CCA-13D855A88D97}\mpengine.dll
2010-12-09 12:01 . 2010-12-09 12:01	--------	d-----w-	c:\programdata\Ableton
2010-12-09 12:00 . 2010-10-08 16:57	368640	----a-w-	c:\windows\system32\ReWire.dll
2010-12-09 12:00 . 2010-10-08 16:57	233472	----a-w-	c:\windows\system32\REX Shared Library.dll
2010-12-09 11:58 . 2010-12-09 11:58	--------	d-----w-	c:\program files\Ableton
2010-12-09 11:31 . 2010-12-09 11:31	--------	d-----w-	c:\windows\it-IT
2010-12-09 11:31 . 2010-12-09 11:31	--------	d-----w-	c:\windows\system32\drivers\UMDF\it-IT
2010-12-09 11:31 . 2010-12-09 11:31	--------	d-----w-	c:\windows\system32\drivers\it-IT
2010-12-09 11:31 . 2010-12-09 11:31	--------	d-----w-	c:\windows\system32\0410
2010-12-09 11:31 . 2010-12-09 11:31	--------	d-----w-	c:\windows\system32\wbem\it-IT
2010-12-09 11:31 . 2010-12-09 11:31	--------	d-----w-	c:\windows\system32\it
2010-12-09 11:29 . 2009-07-13 17:44	3584	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\it-IT\LXKPTPRC.DLL.mui
2010-12-09 11:27 . 2010-12-09 11:27	--------	d-----w-	c:\windows\fr-FR
2010-12-09 11:27 . 2010-12-09 11:27	--------	d-----w-	c:\windows\system32\fr
2010-12-09 11:27 . 2010-12-09 11:27	--------	d-----w-	c:\windows\system32\drivers\UMDF\fr-FR
2010-12-09 11:27 . 2010-12-09 11:27	--------	d-----w-	c:\windows\system32\drivers\fr-FR
2010-12-09 11:27 . 2010-12-09 11:27	--------	d-----w-	c:\windows\system32\040C
2010-12-09 11:27 . 2010-12-09 11:27	--------	d-----w-	c:\windows\system32\wbem\fr-FR
2010-12-09 11:24 . 2009-07-13 17:38	3584	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\fr-FR\LXKPTPRC.DLL.mui
2010-12-09 11:23 . 2010-12-09 11:23	--------	d-----w-	c:\windows\en-US
2010-12-09 11:23 . 2010-12-09 11:23	--------	d-----w-	c:\windows\system32\en
2010-12-09 11:23 . 2010-12-09 11:23	--------	d-----w-	c:\windows\system32\drivers\UMDF\en-US
2010-12-09 11:23 . 2010-12-09 11:23	--------	d-----w-	c:\windows\system32\drivers\en-US
2010-12-09 11:23 . 2010-12-09 11:23	--------	d-----w-	c:\windows\system32\0409
2010-12-09 11:23 . 2010-12-09 11:23	--------	d-----w-	c:\windows\system32\wbem\en-US
2010-12-09 11:20 . 2009-07-13 17:03	3584	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\en-US\LXKPTPRC.DLL.mui
2010-12-08 12:08 . 2010-12-08 12:47	--------	d-----w-	c:\program files\Nvidia
2010-12-08 12:04 . 2010-12-08 12:04	--------	d-----w-	c:\program files\SystemRequirementsLab
2010-12-08 10:04 . 2010-12-08 10:04	--------	d-----w-	c:\program files\Kerio
2010-12-08 10:03 . 2010-12-08 10:03	--------	d-----w-	c:\program files\My Company Name
2010-12-07 16:38 . 2010-12-08 12:48	--------	d-----w-	c:\programdata\NVIDIA Corporation
2010-12-07 16:37 . 2010-08-04 06:18	641536	----a-w-	c:\windows\system32\CPFilters.dll
2010-12-07 16:37 . 2010-08-04 06:17	417792	----a-w-	c:\windows\system32\msdri.dll
2010-12-07 16:37 . 2010-08-04 06:15	204288	----a-w-	c:\windows\system32\MSNP.ax
2010-12-07 16:37 . 2010-08-04 06:15	199680	----a-w-	c:\windows\system32\mpg2splt.ax
2010-12-07 16:37 . 2010-10-19 08:10	7680	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2010-12-07 16:37 . 2009-10-24 04:00	258560	----a-w-	c:\windows\system32\drivers\usbhub.sys
2010-12-07 16:37 . 2009-10-24 03:58	41984	----a-w-	c:\windows\system32\drivers\usbehci.sys
2010-12-07 16:37 . 2010-07-13 05:22	26504	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2010-12-07 16:24 . 2010-12-16 13:10	--------	d-----w-	c:\program files\TeamViewer
2010-12-07 16:22 . 2010-12-07 16:22	--------	d-----w-	c:\program files\CDBurnerXP
2010-12-07 16:20 . 2010-05-12 13:42	57800	----a-w-	c:\windows\system32\drivers\CBDisk.sys
2010-12-07 16:20 . 2010-12-07 16:20	--------	d-----w-	c:\program files\Common Files\Mediafour
2010-12-07 16:20 . 2010-12-07 16:20	--------	d-----w-	c:\programdata\Mediafour
2010-12-07 16:20 . 2010-12-07 16:20	--------	d-----w-	c:\program files\Mediafour
2010-12-07 16:20 . 2010-12-07 16:20	--------	d-----w-	c:\programdata\Nike
2010-12-07 16:20 . 2010-12-07 16:20	--------	d-----w-	c:\program files\Nike
2010-12-07 15:56 . 2010-12-07 15:56	--------	d-----w-	c:\program files\Adobe Media Player
2010-12-07 15:54 . 2010-12-07 15:54	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2010-12-07 15:46 . 2010-12-07 15:46	--------	d-----w-	c:\programdata\ALM
2010-12-07 15:45 . 2010-12-07 15:45	--------	d-----w-	c:\program files\VLC
2010-12-07 15:41 . 2010-12-07 15:41	--------	d-----w-	c:\program files\Common Files\Macrovision Shared
2010-12-07 11:05 . 2010-12-07 11:05	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2010-12-07 11:05 . 2010-12-07 11:05	--------	d-----w-	c:\windows\PCHEALTH
2010-12-07 11:05 . 2010-12-07 11:05	--------	d-----w-	c:\program files\Microsoft Sync Framework
2010-12-07 11:05 . 2010-12-07 11:05	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2010-12-07 11:04 . 2010-12-07 11:04	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2010-12-07 11:03 . 2010-12-07 11:03	--------	d-----w-	c:\program files\Microsoft Analysis Services
2010-12-07 11:03 . 2010-12-07 11:08	--------	d-----w-	c:\programdata\Microsoft Help
2010-12-07 11:03 . 2010-12-07 11:03	--------	d-----r-	C:\MSOCache
2010-12-07 10:45 . 2010-12-07 16:01	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2010-12-07 10:42 . 2010-12-07 15:57	--------	d-----w-	c:\program files\Common Files\Adobe
2010-12-07 01:30 . 2010-12-07 01:30	--------	d-----w-	c:\program files\3RVX
2010-12-07 01:24 . 2010-12-07 01:24	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-12-07 01:24 . 2009-05-18 12:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-07 01:24 . 2008-04-17 11:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2010-12-07 01:22 . 2010-12-07 01:22	--------	d-----w-	c:\program files\Bonjour
2010-12-07 01:22 . 2010-12-07 17:27	--------	d-----w-	c:\programdata\Apple
2010-12-07 01:22 . 2010-12-07 01:23	--------	d-----w-	c:\program files\Common Files\Apple
2010-12-07 01:21 . 2010-12-07 01:21	--------	d-----w-	c:\program files\VirtualCloneDrive
2010-12-07 01:15 . 2010-12-07 01:15	16400	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2010-12-07 01:14 . 2010-12-07 01:15	--------	d-----w-	c:\programdata\Logishrd
2010-12-07 01:14 . 2010-12-07 01:14	--------	d-----w-	c:\program files\Logitech
2010-12-07 01:13 . 2010-12-07 01:15	--------	d-----w-	c:\program files\Common Files\LogiShrd
2010-12-07 00:49 . 2010-12-07 00:49	--------	d-----w-	c:\windows\system32\Macromed
2010-12-07 00:02 . 2010-12-07 00:02	--------	d-----w-	c:\program files\InstallShield Installation Information
2010-12-07 00:01 . 2010-12-07 00:01	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-12-07 00:00 . 2010-12-08 12:48	--------	d-----w-	c:\program files\NVIDIA Corporation
2010-12-07 00:00 . 2010-12-08 12:48	--------	d-----w-	c:\programdata\NVIDIA
2010-12-06 23:59 . 2009-07-14 03:54	151552	----a-w-	c:\windows\system32\nvcod157.dll
2010-12-06 23:59 . 2009-07-14 03:54	795104	----a-w-	c:\windows\system32\dpinst.exe
2010-12-06 23:58 . 2009-04-30 04:46	704512	----a-r-	c:\windows\system32\cohelper.dll
2010-12-06 23:58 . 2009-04-28 21:27	5940	----a-r-	c:\windows\system32\drivers\nvphy.bin
2010-12-06 23:58 . 2010-08-12 09:14	240232	----a-w-	c:\windows\system32\nvconrm.dll
2010-12-06 23:58 . 2009-04-30 04:46	898048	----a-w-	c:\windows\system32\fdco1.dll
2010-12-06 23:58 . 2009-04-28 16:45	457248	----a-w-	c:\windows\system32\nvunrm.exe
2010-12-06 23:44 . 2010-12-06 23:44	--------	d-----w-	c:\program files\foobar
2010-12-06 23:13 . 2010-12-06 23:13	--------	d-----w-	C:\Boot

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-25 14:13 . 2010-10-25 14:13	66968	----a-w-	c:\windows\system32\MFC71ITA.DLL
2010-10-25 14:13 . 2010-10-25 14:13	66968	----a-w-	c:\windows\system32\MFC71ESP.DLL
2010-10-25 14:13 . 2010-10-25 14:13	54680	----a-w-	c:\windows\system32\MFC71KOR.DLL
2010-10-25 14:13 . 2010-10-25 14:13	94608	----a-w-	c:\windows\system32\atl71.dll
2010-10-25 14:13 . 2010-10-25 14:13	66968	----a-w-	c:\windows\system32\MFC71FRA.DLL
2010-10-25 14:13 . 2010-10-25 14:13	62872	----a-w-	c:\windows\system32\MFC71ENU.DLL
2010-10-25 14:13 . 2010-10-25 14:13	50584	----a-w-	c:\windows\system32\MFC71CHT.DLL
2010-10-25 14:13 . 2010-10-25 14:13	353680	----a-w-	c:\windows\system32\msvcr71.dll
2010-10-25 14:13 . 2010-10-25 14:13	22936	----a-w-	c:\windows\system32\AdobePDFUI.dll
2010-10-25 14:13 . 2010-10-25 14:13	1066384	----a-w-	c:\windows\system32\mfc71.dll
2010-10-25 14:13 . 2010-10-25 14:13	1053072	----a-w-	c:\windows\system32\mfc71u.dll
2010-10-25 14:13 . 2010-10-25 14:13	71064	----a-w-	c:\windows\system32\MFC71DEU.DLL
2010-10-25 14:13 . 2010-10-25 14:13	54680	----a-w-	c:\windows\system32\MFC71JPN.DLL
2010-10-25 14:13 . 2010-10-25 14:13	505232	----a-w-	c:\windows\system32\msvcp71.dll
2010-10-25 14:13 . 2010-10-25 14:13	47512	----a-w-	c:\windows\system32\AdobePDF.dll
2010-10-25 14:13 . 2010-10-25 14:13	46488	----a-w-	c:\windows\system32\MFC71CHS.DLL
2010-10-19 09:41 . 2010-10-12 12:10	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-10-07 14:36 . 2010-10-07 14:36	234160	----a-w-	c:\windows\system32\drivers\MDFSYSNT.SYS
2010-10-07 11:23 . 2010-10-07 11:23	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-10-07 11:23 . 2010-10-07 11:23	75040	----a-w-	c:\windows\system32\jdns_sd.dll
2010-10-07 11:23 . 2010-10-07 11:23	197920	----a-w-	c:\windows\system32\dnssdX.dll
2010-10-07 11:23 . 2010-10-07 11:23	107808	----a-w-	c:\windows\system32\dns-sd.exe
2010-10-05 19:27 . 2010-10-05 19:27	228024	----a-w-	c:\windows\system32\klogon.dll
2010-09-28 14:44 . 2010-09-28 14:44	41984	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2010-09-28 14:44 . 2010-09-28 14:44	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3RVX"="c:\program files\3RVX\3RVX.exe" [2008-10-13 159232]
"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 1728512]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Nike+ Connect"="c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2010-10-01 299008]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 167936]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-10-08 130560]
"AVP"="c:\program files\Kaspersky Internet Security\avp.exe" [2010-11-02 365336]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Anti-Malware\mbam.exe" [2010-11-29 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13	64592	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-05-12 57800]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 131584]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\TeamViewer_Service.exe [2010-11-30 2222376]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1108480]

.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\jsza9e5k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Modul zur Link-Untersuchung: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - %profile%\extensions\foxdie_ext_ocelot@foxdie.us
FF - Ext: Foxdie: Foxdie@tanjihay.com - %profile%\extensions\Foxdie@tanjihay.com
FF - Ext: Password Exporter: {B17C1C5A-04B1-11DB-9804-B622A1EF5492} - %profile%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
FF - Ext: feedly: feedly@devhd - %profile%\extensions\feedly@devhd
FF - Ext: Echofon: twitternotifier@naan.net - %profile%\extensions\twitternotifier@naan.net
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: Leo Search: {c666c018-6409-4479-afa3-68e4129e7eff} - %profile%\extensions\{c666c018-6409-4479-afa3-68e4129e7eff}
FF - Ext: German Dictionary: de-DE@dictionaries.addons.mozilla.org - %profile%\extensions\de-DE@dictionaries.addons.mozilla.org
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3980)
c:\program files\Mediafour\MacDrive 8\MDVolumeIcons.dll
c:\program files\Mediafour\MacDrive 8\MACDRAPI.DLL
.
Zeit der Fertigstellung: 2010-12-17  12:33:20
ComboFix-quarantined-files.txt  2010-12-17 11:33

Vor Suchlauf: 7 Verzeichnis(se), 122.980.139.008 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 122.895.785.984 Bytes frei

- - End Of File - - 8129C32EFD855CAF8CC30B9036977D72
         

Alt 17.12.2010, 13:44   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Standard

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.12.2010, 15:04   #13
morrissey2
 
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Standard

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet



Wie gewünscht, GMER, OSAM, und MBRCheck. Danke!

GMER:

Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-17 14:15:52
Windows 6.1.7600  Harddisk1\DR1 -> \Device\0000005e SAMSUNG_ rev.1AJ1
Running: hbso4x82.exe; Driver: C:\Users\xxxxxx\AppData\Local\Temp\pxldapod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwAdjustPrivilegesToken [0x8DA48DAA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwAlpcConnectPort [0x8DA4AFE8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwAlpcCreatePort [0x8DA4B262]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwAlpcSendWaitReceivePort [0x8DA4B4D8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwClose [0x8DA496BE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwConnectPort [0x8DA4A4F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateEvent [0x8DA4AA3C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateFile [0x8DA4999A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateMutant [0x8DA4A922]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateNamedPipeFile [0x8DA48998]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreatePort [0x8DA4A7F6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateSection [0x8DA48B40]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateSemaphore [0x8DA4AB5C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateThread [0x8DA49344]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateThreadEx [0x8DA49442]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateUserProcess [0x8DA4B722]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateWaitablePort [0x8DA4A88C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwDebugActiveProcess [0x8DA4C24A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwDeviceIoControlFile [0x8DA49E1C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwDuplicateObject [0x8DA4D458]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwFsControlFile [0x8DA49C2A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwLoadDriver [0x8DA4C33C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwMapViewOfSection [0x8DA4CAA4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenEvent [0x8DA4AAD2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenFile [0x8DA49740]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenMutant [0x8DA4A9B2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenProcess [0x8DA48FE8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenSection [0x8DA4C83E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenSemaphore [0x8DA4ABF2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenThread [0x8DA48ED8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwQueryDirectoryObject [0x8DA4B7DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwQuerySection [0x8DA4CDDE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwQueueApcThread [0x8DA4C6D0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwReplaceKey [0x8DA47652]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwReplyPort [0x8DA4AF56]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwReplyWaitReceivePort [0x8DA4AE1C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwRequestWaitReplyPort [0x8DA4BFE4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwRestoreKey [0x8DA479CA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwResumeThread [0x8DA4D2FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSaveKey [0x8DA475EA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSecureConnectPort [0x8DA4A238]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSetContextThread [0x8DA49560]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSetInformationToken [0x8DA4B87E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSetSecurityObject [0x8DA4C4DA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSetSystemInformation [0x8DA4CF2E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSuspendProcess [0x8DA4D020]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSuspendThread [0x8DA4D15A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSystemDebugControl [0x8DA4C16E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwTerminateProcess [0x8DA4918E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwTerminateThread [0x8DA490E4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwUnmapViewOfSection [0x8DA4CC82]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwWriteVirtualMemory [0x8DA4927A]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                       82A89599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                82AADF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 220                                                   82AB5730 4 Bytes  [AA, 8D, A4, 8D]
.text           ntkrnlpa.exe!RtlSidHashLookup + 248                                                   82AB5758 8 Bytes  CALL E538FC0C 
.text           ntkrnlpa.exe!RtlSidHashLookup + 28C                                                   82AB579C 4 Bytes  [D8, B4, A4, 8D]
.text           ntkrnlpa.exe!RtlSidHashLookup + 2B8                                                   82AB57C8 4 Bytes  [BE, 96, A4, 8D]
.text           ntkrnlpa.exe!RtlSidHashLookup + 2DC                                                   82AB57EC 4 Bytes  [F2, A4, A4, 8D]
.text           ...                                                                                   

---- Devices - GMER 1.0.15 ----

Device                                                                                                Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
Device                                                                                                MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device                                                                                                fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                               kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a                                                     halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \FileSystem\Mup \Device\Mup                                                           MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                               kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\tdx \Device\RawIp                                                             kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice                                                                                        fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer                                        MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                    MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                     MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                         MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                      MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                     MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)

---- EOF - GMER 1.0.15 ----
         


OSAM

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:27:09 on 17.12.2010

OS: Windows 7 Enterprise Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~1\KASPER~1\mzvkbd3.dll
"AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~1\KASPER~1\kloehk.dll

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\xxxxxx\AppData\Local\Temp\catchme.sys  (File not found)
"CBDisk" (CBDisk) - "EldoS Corporation" - C:\Windows\system32\drivers\CBDisk.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"MacDrive file system driver" (MDFSYSNT) - "Mediafour Corporation" - C:\Windows\system32\drivers\MDFSYSNT.sys
"MacDrive partition driver" (MDPMGRNT) - "Mediafour Corporation" - C:\Windows\system32\drivers\MDPMGRNT.sys
"pxldapod" (pxldapod) - ? - C:\Users\xxxxxx\AppData\Local\Temp\pxldapod.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{A454F2F5-BB5F-4ACE-AD9A-CC33353C7341} "Mediafour Mac file columns" - "Mediafour Corporation" - C:\Program Files\Common Files\Mediafour\MACFPROP.DLL
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu.dll
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{A454F2F5-BB5F-4ACE-AD9A-CC33353C7341} "Mediafour Mac file columns" - "Mediafour Corporation" - C:\Program Files\Common Files\Mediafour\MACFPROP.DLL
{E452F45B-DD18-4ADC-9C9A-2B26F85DABC0} "Mediafour Mac file properties" - "Mediafour Corporation" - C:\Program Files\Common Files\Mediafour\MACFPROP.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\VirtualCloneDrive\ElbyVCDShell.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Internet Security\klwtbbho.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Internet Security\klwtbbho.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Internet Security\klwtbbho.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Internet Security\ievkbd.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"3RVX" - "matt.malensek.net" - C:\Program Files\3RVX\3RVX.exe
"Adobe Acrobat Synchronizer" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
"Adobe Acrobat Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Internet Security\avp.exe"
"BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"EvtMgr6" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
"Getting started with MacDrive 8" - "Mediafour Corporation" - "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
"HDAudDeck" - "VIA" - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"MacDrive 8 application" - "Mediafour Corporation" - "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Anti-Malware\mbam.exe" /runcleanupscript
"Nike+ Connect" - "Nike" - "C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SwitchBoard" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Internet Security\avp.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"MacDrive 8 service" (MacDrive8Service) - "Mediafour Corporation" - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\TeamViewer_Service.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

MBRCheck

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Enterprise Edition
Windows Information:		 (build 7600), 32-bit
Base Board Manufacturer:	ASRock
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		To Be Filled By O.E.M.
System Product Name:		To Be Filled By O.E.M.
Logical Drives Mask:		0x000000bd

Kernel Drivers (total 167):
  0x82A46000 \SystemRoot\system32\ntkrnlpa.exe
  0x82A0F000 \SystemRoot\system32\halmacpi.dll
  0x80BB8000 \SystemRoot\system32\kdcom.dll
  0x83A14000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x83A1F000 \SystemRoot\system32\PSHED.dll
  0x83A30000 \SystemRoot\system32\BOOTVID.dll
  0x83A38000 \SystemRoot\system32\CLFS.SYS
  0x83A7A000 \SystemRoot\system32\CI.dll
  0x88402000 \SystemRoot\system32\DRIVERS\kl1.sys
  0x88924000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x88995000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x889A3000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x889EB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x889F4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x83B25000 \SystemRoot\system32\DRIVERS\pci.sys
  0x83B4F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x83B5A000 \SystemRoot\System32\drivers\partmgr.sys
  0x83B6B000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x83B73000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x83B7E000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x83B8E000 \SystemRoot\System32\drivers\volmgrx.sys
  0x83BD9000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x83BE0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x88A23000 \SystemRoot\System32\drivers\mountmgr.sys
  0x88A39000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x88A42000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x88A65000 \SystemRoot\system32\DRIVERS\nvstor.sys
  0x88A8A000 \SystemRoot\system32\DRIVERS\storport.sys
  0x88AD1000 \SystemRoot\system32\DRIVERS\nvstor32.sys
  0x88B08000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x88B11000 \SystemRoot\System32\Drivers\MDPMGRNT.sys
  0x88B1C000 \SystemRoot\system32\drivers\fltmgr.sys
  0x88B50000 \SystemRoot\system32\drivers\fileinfo.sys
  0x88C09000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x88D38000 \SystemRoot\System32\Drivers\msrpc.sys
  0x88D63000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x88D76000 \SystemRoot\System32\Drivers\cng.sys
  0x88DD3000 \SystemRoot\System32\drivers\pcw.sys
  0x88DE1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x88E0C000 \SystemRoot\system32\drivers\ndis.sys
  0x88EC3000 \SystemRoot\system32\drivers\NETIO.SYS
  0x88F01000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8902E000 \SystemRoot\System32\drivers\tcpip.sys
  0x89177000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x891A8000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x891B1000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x891F0000 \SystemRoot\System32\Drivers\spldr.sys
  0x89000000 \SystemRoot\System32\drivers\rdyboost.sys
  0x88F26000 \SystemRoot\System32\Drivers\mup.sys
  0x88F36000 \SystemRoot\System32\Drivers\MDFSYSNT.sys
  0x891F8000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x88F78000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x88FAA000 \SystemRoot\system32\DRIVERS\disk.sys
  0x88FBB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x88B98000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8DA1C000 \SystemRoot\system32\DRIVERS\klif.sys
  0x8DA9F000 \SystemRoot\System32\Drivers\Null.SYS
  0x8DAA6000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8DAAD000 \SystemRoot\System32\drivers\vga.sys
  0x8DAB9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8DADA000 \SystemRoot\System32\drivers\watchdog.sys
  0x8DAE7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8DAEF000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8DAF7000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x8DAFF000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8DB0A000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8DB18000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8DB2F000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8DB3A000 \SystemRoot\system32\DRIVERS\kl2.sys
  0x8DB40000 \SystemRoot\system32\drivers\afd.sys
  0x8DB9A000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8DBCC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x8DBD3000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8DBF2000 \SystemRoot\system32\DRIVERS\klim6.sys
  0x8DA00000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x88BB7000 \SystemRoot\system32\DRIVERS\serial.sys
  0x88BD1000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x88BE4000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8E22A000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8E26B000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8E275000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8E27F000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x8E284000 \SystemRoot\System32\drivers\discache.sys
  0x8E290000 \SystemRoot\system32\drivers\csc.sys
  0x8E2F4000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8E30C000 \??\C:\Windows\system32\drivers\CBDisk.sys
  0x8E319000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x8E327000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8E348000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x8E359000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x8E364000 \SystemRoot\system32\DRIVERS\parport.sys
  0x8E37C000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x8E386000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x8E390000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8E3DB000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8E200000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8E654000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x8E67E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8F21D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8E684000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8FB83000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x8FBBC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x8FBC9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x8FBDB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8FBF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8E73B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8F200000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8E75D000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8E774000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8E78B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x8E795000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8E7A2000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8E7AF000 \SystemRoot\system32\DRIVERS\VClone.sys
  0x8E7BA000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x8F218000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8F01A000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8F04E000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8F05C000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x8F066000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8F0AA000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8FE1A000 \SystemRoot\system32\drivers\viahduaa.sys
  0x8FF99000 \SystemRoot\system32\drivers\portcls.sys
  0x8FFC8000 \SystemRoot\system32\drivers\drmk.sys
  0x8FFE1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8FFF8000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8FE00000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8F0BB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8FE0B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8FE12000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
  0x8F0CE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8F0DA000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8F0E5000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
  0x8F0ED000 \SystemRoot\system32\DRIVERS\klmouflt.sys
  0x8F0F6000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8F103000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x8F10D000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
  0x8F144000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x94AA0000 \SystemRoot\System32\win32k.sys
  0x8F155000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8F15F000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x94D00000 \SystemRoot\System32\TSDDD.dll
  0x94D30000 \SystemRoot\System32\cdd.dll
  0x94D50000 \SystemRoot\System32\ATMFD.DLL
  0x8F16A000 \SystemRoot\system32\drivers\luafv.sys
  0x8F185000 \SystemRoot\system32\drivers\WudfPf.sys
  0x8F19F000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8F1AF000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x95E2A000 \SystemRoot\system32\drivers\HTTP.sys
  0x95EAF000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x95EC8000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x95EDA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x95EFD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x95F38000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x95F53000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0x95F5A000 \SystemRoot\system32\drivers\peauth.sys
  0x95FF1000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x95E00000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x8F1C2000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x99C38000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x99C87000 \SystemRoot\System32\DRIVERS\srv.sys
  0x99D42000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x99DB5000 \??\C:\Users\xxxxxx\AppData\Local\Temp\pxldapod.sys
  0x99CD8000 \SystemRoot\system32\DRIVERS\nvmf6232.sys
  0x77840000 \Windows\System32\ntdll.dll
  0x48150000 \Windows\System32\smss.exe
  0x77A80000 \Windows\System32\apisetschema.dll
  0x003B0000 \Windows\System32\autochk.exe

Processes (total 49):
       0 System Idle Process
       4 System
     320 C:\Windows\System32\smss.exe
     472 csrss.exe
     532 C:\Windows\System32\wininit.exe
     544 csrss.exe
     596 C:\Windows\System32\winlogon.exe
     632 C:\Windows\System32\services.exe
     648 C:\Windows\System32\lsass.exe
     656 C:\Windows\System32\lsm.exe
     748 C:\Windows\System32\svchost.exe
     824 C:\Windows\System32\svchost.exe
     876 C:\Windows\System32\svchost.exe
     980 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\svchost.exe
    1284 C:\Windows\System32\svchost.exe
    1436 C:\Windows\System32\spoolsv.exe
    1484 C:\Windows\System32\svchost.exe
    1580 C:\Windows\System32\dwm.exe
    1652 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1676 C:\Windows\System32\taskhost.exe
    1716 C:\Windows\explorer.exe
    1828 C:\Program Files\Bonjour\mDNSResponder.exe
    1864 C:\Windows\System32\svchost.exe
    1912 C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
    2020 C:\Windows\System32\svchost.exe
    1196 C:\Program Files\TeamViewer\TeamViewer_Service.exe
    2784 C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
    2904 C:\Program Files\iTunes\iTunesHelper.exe
    3476 C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    3516 C:\Windows\System32\SearchIndexer.exe
    3592 C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
    3600 C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
    3664 C:\Program Files\3RVX\3RVX.exe
    3812 C:\Windows\System32\svchost.exe
    3004 C:\Program Files\iPod\bin\iPodService.exe
    3568 C:\Windows\System32\svchost.exe
    4532 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5460 C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    2724 C:\Program Files\Kaspersky Internet Security\avp.exe
    6072 C:\Program Files\Kaspersky Internet Security\avp.exe
    5024 C:\Windows\System32\audiodg.exe
    2828 C:\Windows\System32\SearchProtocolHost.exe
    4964 C:\Program Files\Mozilla Firefox\firefox.exe
    3620 C:\Program Files\Kaspersky Internet Security\klwtblfs.exe
    3468 C:\Users\xxxxxx\Desktop\MBRCheck.exe
    5016 C:\Windows\System32\conhost.exe
    3140 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000024`ae0ba000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (FAT32)

PhysicalDrive1 Model Number: SAMSUNGHD103SJ, Rev: 1AJ1
PhysicalDrive0 Model Number: HitachiHDT725040VLAT80, Rev: V5COA42A

      Size  Device Name          MBR Status
  --------------------------------------------
    931 GB  \\.\PhysicalDrive1   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    372 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
         

Alt 17.12.2010, 15:50   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Standard

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.12.2010, 18:58   #15
morrissey2
 
hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Standard

hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet



Vielen Dank, ich glaube, es sieht ganz gut aus. Kannst Du mir vielleicht noch sagen, welche Ordner (z.B. _OTL oder Qoobox) ich wieder löschen kann/soll? Und welche Programme ich deinstallieren/löschen soll?

Rein interessehalber: Schaut ihr die Log-Dateien eigentlich einfach durch oder habt ihr da spezielle Tools, die Fehler erkennen?

Und noch eine wichtige Frage: Ich habe noch eine externe Festplatte, die bei den meisten Scans nicht angeschlossen war (sie war aber nach dem Auftauchen des Virus auch höchsten einmal kurz angeschlossen, falls das etwas zur Sache tut). Mit welchen Tools soll ich die scannen?

Viele Grüße!


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5343

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.12.2010 18:41:13
mbam-log-2010-12-17 (18-41-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|H:\|)
Durchsuchte Objekte: 312621
Laufzeit: 39 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 12/17/2010 bei 05:58 PM

Version der Applikation : 4.46.1000

Version der Kern-Datenbank : 6018
Version der Spur-Datenbank : 3830

Scan Art       : kompletter Scann
Totale Scann-Zeit : 01:27:30

Gescannte Speicherelemente  : 676
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 8559
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 173835
Erfasste Datei-Elemente   : 0
         

Antwort

Themen zu hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet
analysis, antivir, audiodg.exe, avp.exe, bho, bonjour, canon, corp./icp, dgfdgsdf.bat, document, error, excel.exe, firefox, firefox.exe, flash player, fontcache, format, frage, gruppe, helper, hotfix.exe, hängen, install.exe, installation, kaspersky, location, maleware, media center, microsoft office word, mozilla, nvlddmkm.sys, nvmf6232.sys, nvstor.sys, oldtimer, otl.exe, programdata, registry, richtlinie, rundll, saver, scan, searchplugins, security, senden, shell32.dll, software, studio, taskhost.exe, tastatur, url-umleitungen, usb, vdeck.exe, virus, visual studio, vlc media player, warnung, webcheck, windows



Ähnliche Themen: hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet


  1. ColdFusion-Hotfix: Angreifer können beliebige Dateien auslesen
    Nachrichten - 28.08.2015 (0)
  2. WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam
    Log-Analyse und Auswertung - 02.06.2015 (23)
  3. Freak Attack: Hotfix legt Windows Update lahm
    Nachrichten - 07.03.2015 (0)
  4. Suchanfragen und angeklickte Links werden umgeleitet....sehr merkwürdig..unerwünschte Pop up fenster öffnen plötzlich
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (25)
  5. Windows 7: Google-Suchanfragen werden umgeleitet (Ihavenet, Newsbusters)
    Log-Analyse und Auswertung - 09.09.2013 (7)
  6. Probleme mit FF und IE die Suchanfragen bei google werden auf http://click.sureonlinefind.com umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 18.08.2013 (29)
  7. Hotfix stopft kritische Lücken in Adobes ColdFusion
    Nachrichten - 16.01.2013 (0)
  8. Hotfix für ColdFusion 10
    Nachrichten - 19.11.2012 (0)
  9. Suchanfragen werden umgeleitet
    Log-Analyse und Auswertung - 04.07.2011 (3)
  10. Suchanfragen (Google, Yahoo, etc.) werden umgeleitet (Firefox)
    Log-Analyse und Auswertung - 03.07.2011 (7)
  11. Suchanfragen werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 12.05.2011 (16)
  12. Hotfix behebt PowerPoint-2003-Problem
    Nachrichten - 27.04.2011 (0)
  13. Google Suchanfragen werden umgeleitet
    Log-Analyse und Auswertung - 17.11.2010 (19)
  14. Google - Suchanfragen werden umgeleitet, manipulierte TCP/IP-Einstellungen
    Log-Analyse und Auswertung - 14.11.2010 (19)
  15. Recommended Hotfix/SED.exe Bitte um Hilfe
    Log-Analyse und Auswertung - 15.12.2004 (2)
  16. W32/Nachi trotz Hotfix?
    Plagegeister aller Art und deren Bekämpfung - 07.11.2003 (1)
  17. Win2000 hotfix Q328310 per KAV-Autoupdater für Win98
    Antiviren-, Firewall- und andere Schutzprogramme - 04.05.2003 (0)

Zum Thema hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet - Hallo, erst einmal besten Dank für die vielen Anleitungen. Ich hoffe, ich habe die Maleware in hotfix.exe und dgfdgsdf.bat erfolgreich entfernt (beide Dateien lagen in C:\Users\XXXXX\AppData\Roaming). Zur Sicherheit sind hier - hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet...
Archiv
Du betrachtest: hotfix.exe und dgfdgsdf.bat - Suchanfragen umgeleitet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.