Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.gen in 0070.DLL gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 28.12.2010, 00:28   #1
Borschti
 
TR/ATRAPS.gen in 0070.DLL gefunden - Standard

TR/ATRAPS.gen in 0070.DLL gefunden



Hallo mein AntiVir hat TR/ATRAPS.Gen gefunden, jedoch konnte ich diese Datei nicht löschen.
Sie ist unter dem Verzeichnis: C:\Windows\System32\0070.DLL
Ich bitte um eure Hilfe!

Im vorraus schonmal ein Dankeschön, Gruß Borschti!

Logs:

MBAM:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5405

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27/12/2010 23:39:24
mbam-log-2010-12-27 (23-39-24).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 154291
Laufzeit: 3 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{CC0085BC-D667-3CF6-2784-15ACE9DF7E61} (Spyware.Passwords.XGen) -> Value: {CC0085BC-D667-3CF6-2784-15ACE9DF7E61} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\CrntDLL (Trojan.Witkinat) -> Value: CrntDLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,,C:\Windows\system32\cfg.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\***\AppData\Roaming\Reaf\ezil.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\System32\wupd.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\cleansweep.exe\config.bin (Trojan.Agent) -> Quarantined and deleted successfully.
         
defogger_disable:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:41 on 27/12/2010 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         
Gmer:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-28 00:06:56
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAJS-22YFA0 rev.12.01C02
Running: gmer.exe; Driver: C:\Users\***\AppData\Local\Temp\pwriqpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                                     830518E9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                              830713D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xA100B300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xA1057300, 0x1BEE, 0xE8000020]
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                                                 A1209000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                                                 A1209123 629 Bytes  [45, 20, A1, FE, 05, 34, 45, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                                                 A1209399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                                                 A12093FF 51 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 53C3                                                                                 A1209433 96 Bytes  [1F, A1, 85, C9, 7C, 18, 8D, ...]
PAGE            ...                                                                                                                 
.text           advapi32.dll!CryptEncrypt                                                                                           770BDD5B 5 Bytes  JMP 0EA87374 
.text           user32.dll!TranslateMessage                                                                                         7600910F 5 Bytes  JMP 0EA85A4D 
.text           wininet.dll!InternetQueryOptionA                                                                                    75EF6421 5 Bytes  JMP 0EA8FDF0 
.text           wininet.dll!HttpAddRequestHeadersA                                                                                  75F09ABA 5 Bytes  JMP 0EA8FCE0 
.text           wininet.dll!InternetCloseHandle                                                                                     75F0C83E 5 Bytes  JMP 0EA94470 
.text           wininet.dll!HttpQueryInfoA                                                                                          75F0CBC2 5 Bytes  JMP 0EA939E0 
.text           wininet.dll!InternetReadFile                                                                                        75F0E264 5 Bytes  JMP 0EA94130 
.text           wininet.dll!HttpSendRequestW                                                                                        75F0EEB3 5 Bytes  JMP 0EA8824D 
.text           wininet.dll!HttpOpenRequestA                                                                                        75F103FA 5 Bytes  JMP 0EA8FBC0 
.text           wininet.dll!InternetQueryDataAvailable                                                                              75F141CB 5 Bytes  JMP 0EA93FD0 
.text           wininet.dll!InternetWriteFile                                                                                       75F290FC 5 Bytes  JMP 0EA883AD 
.text           wininet.dll!InternetReadFileExA                                                                                     75F312F9 5 Bytes  JMP 0EA942E0 
.text           wininet.dll!HttpSendRequestA                                                                                        75F802E0 5 Bytes  JMP 0EA880ED 
.text           ws2_32.dll!send                                                                                                     759CC4C8 5 Bytes  JMP 0EA8F46B 
.text           crypt32.dll!PFXImportCertStore                                                                                      75690D60 5 Bytes  JMP 0EA823AF 

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\winlogon.exe[584] ntdll.dll!NtEnumerateValueKey                                                 77474D80 5 Bytes  JMP 0EA09BD6 
.text           C:\Windows\system32\winlogon.exe[584] ntdll.dll!NtQueryDirectoryFile                                                77475400 5 Bytes  JMP 0EA0A1D7 
.text           C:\Windows\system32\winlogon.exe[584] ntdll.dll!NtResumeThread                                                      77475910 5 Bytes  JMP 0EA0A38D 
.text           C:\Windows\system32\winlogon.exe[584] ntdll.dll!NtVdmControl                                                        77475E30 5 Bytes  JMP 0EA0A28F 
.text           C:\Windows\system32\winlogon.exe[584] ntdll.dll!LdrLoadDll                                                          7748F625 5 Bytes  JMP 0EA0354B 
.text           C:\Windows\system32\winlogon.exe[584] USER32.dll!TranslateMessage                                                   7600910F 5 Bytes  JMP 0EA05A4D 
.text           C:\Windows\system32\winlogon.exe[584] ADVAPI32.dll!CryptEncrypt                                                     770BDD5B 5 Bytes  JMP 0EA07374 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetQueryOptionA                                              75EF6421 5 Bytes  JMP 0EA0FDF0 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!HttpAddRequestHeadersA                                            75F09ABA 5 Bytes  JMP 0EA0FCE0 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetCloseHandle                                               75F0C83E 5 Bytes  JMP 0EA14470 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!HttpQueryInfoA                                                    75F0CBC2 5 Bytes  JMP 0EA139E0 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetReadFile                                                  75F0E264 5 Bytes  JMP 0EA14130 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!HttpSendRequestW                                                  75F0EEB3 5 Bytes  JMP 0EA0824D 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!HttpOpenRequestA                                                  75F103FA 5 Bytes  JMP 0EA0FBC0 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetQueryDataAvailable                                        75F141CB 5 Bytes  JMP 0EA13FD0 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetWriteFile                                                 75F290FC 5 Bytes  JMP 0EA083AD 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetReadFileExA                                               75F312F9 5 Bytes  JMP 0EA142E0 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!HttpSendRequestA                                                  75F802E0 5 Bytes  JMP 0EA080ED 
.text           C:\Windows\system32\winlogon.exe[584] CRYPT32.dll!PFXImportCertStore                                                75690D60 5 Bytes  JMP 0EA023AF 
.text           C:\Windows\system32\winlogon.exe[584] ws2_32.dll!send                                                               759CC4C8 5 Bytes  JMP 0EA0F46B 
.text           C:\Windows\system32\nvvsvc.exe[1388] ntdll.dll!NtEnumerateValueKey                                                  77474D80 5 Bytes  JMP 0EA09BD6 
.text           C:\Windows\system32\nvvsvc.exe[1388] ntdll.dll!NtQueryDirectoryFile                                                 77475400 5 Bytes  JMP 0EA0A1D7 
.text           C:\Windows\system32\nvvsvc.exe[1388] ntdll.dll!NtResumeThread                                                       77475910 5 Bytes  JMP 0EA0A38D 
.text           C:\Windows\system32\nvvsvc.exe[1388] ntdll.dll!NtVdmControl                                                         77475E30 5 Bytes  JMP 0EA0A28F 
.text           C:\Windows\system32\nvvsvc.exe[1388] ntdll.dll!LdrLoadDll                                                           7748F625 5 Bytes  JMP 0EA0354B 
.text           C:\Windows\system32\nvvsvc.exe[1388] USER32.dll!TranslateMessage                                                    7600910F 5 Bytes  JMP 0EA05A4D 
.text           C:\Windows\system32\nvvsvc.exe[1388] ADVAPI32.dll!CryptEncrypt                                                      770BDD5B 5 Bytes  JMP 0EA07374 
.text           C:\Windows\system32\nvvsvc.exe[1388] CRYPT32.dll!PFXImportCertStore                                                 75690D60 5 Bytes  JMP 0EA023AF 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetQueryOptionA                                               75EF6421 5 Bytes  JMP 0EA0FDF0 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!HttpAddRequestHeadersA                                             75F09ABA 5 Bytes  JMP 0EA0FCE0 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetCloseHandle                                                75F0C83E 5 Bytes  JMP 0EA14470 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!HttpQueryInfoA                                                     75F0CBC2 5 Bytes  JMP 0EA139E0 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetReadFile                                                   75F0E264 5 Bytes  JMP 0EA14130 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!HttpSendRequestW                                                   75F0EEB3 5 Bytes  JMP 0EA0824D 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!HttpOpenRequestA                                                   75F103FA 5 Bytes  JMP 0EA0FBC0 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetQueryDataAvailable                                         75F141CB 5 Bytes  JMP 0EA13FD0 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetWriteFile                                                  75F290FC 5 Bytes  JMP 0EA083AD 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetReadFileExA                                                75F312F9 5 Bytes  JMP 0EA142E0 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!HttpSendRequestA                                                   75F802E0 5 Bytes  JMP 0EA080ED 
.text           C:\Windows\system32\nvvsvc.exe[1388] ws2_32.dll!send                                                                759CC4C8 5 Bytes  JMP 0EA0F46B 
.text           C:\Windows\system32\taskhost.exe[1744] ntdll.dll!NtEnumerateValueKey                                                77474D80 5 Bytes  JMP 0EA09BD6 
.text           C:\Windows\system32\taskhost.exe[1744] ntdll.dll!NtQueryDirectoryFile                                               77475400 5 Bytes  JMP 0EA0A1D7 
.text           C:\Windows\system32\taskhost.exe[1744] ntdll.dll!NtResumeThread                                                     77475910 5 Bytes  JMP 0EA0A38D 
.text           C:\Windows\system32\taskhost.exe[1744] ntdll.dll!NtVdmControl                                                       77475E30 5 Bytes  JMP 0EA0A28F 
.text           C:\Windows\system32\taskhost.exe[1744] ntdll.dll!LdrLoadDll                                                         7748F625 5 Bytes  JMP 0EA0354B 
.text           C:\Windows\system32\taskhost.exe[1744] USER32.dll!TranslateMessage                                                  7600910F 5 Bytes  JMP 0EA05A4D 
.text           C:\Windows\system32\taskhost.exe[1744] ADVAPI32.dll!CryptEncrypt                                                    770BDD5B 5 Bytes  JMP 0EA07374 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetQueryOptionA                                             75EF6421 5 Bytes  JMP 0EA0FDF0 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!HttpAddRequestHeadersA                                           75F09ABA 5 Bytes  JMP 0EA0FCE0 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetCloseHandle                                              75F0C83E 5 Bytes  JMP 0EA14470 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!HttpQueryInfoA                                                   75F0CBC2 5 Bytes  JMP 0EA139E0 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetReadFile                                                 75F0E264 5 Bytes  JMP 0EA14130 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!HttpSendRequestW                                                 75F0EEB3 5 Bytes  JMP 0EA0824D 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!HttpOpenRequestA                                                 75F103FA 5 Bytes  JMP 0EA0FBC0 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetQueryDataAvailable                                       75F141CB 5 Bytes  JMP 0EA13FD0 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetWriteFile                                                75F290FC 5 Bytes  JMP 0EA083AD 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetReadFileExA                                              75F312F9 5 Bytes  JMP 0EA142E0 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!HttpSendRequestA                                                 75F802E0 5 Bytes  JMP 0EA080ED 
.text           C:\Windows\system32\taskhost.exe[1744] CRYPT32.dll!PFXImportCertStore                                               75690D60 5 Bytes  JMP 0EA023AF 
.text           C:\Windows\system32\taskhost.exe[1744] ws2_32.dll!send                                                              759CC4C8 5 Bytes  JMP 0EA0F46B 
.text           C:\Windows\system32\Dwm.exe[1828] ntdll.dll!NtEnumerateValueKey                                                     77474D80 5 Bytes  JMP 0EA09BD6 
.text           C:\Windows\system32\Dwm.exe[1828] ntdll.dll!NtQueryDirectoryFile                                                    77475400 5 Bytes  JMP 0EA0A1D7 
.text           C:\Windows\system32\Dwm.exe[1828] ntdll.dll!NtResumeThread                                                          77475910 5 Bytes  JMP 0EA0A38D 
.text           C:\Windows\system32\Dwm.exe[1828] ntdll.dll!NtVdmControl                                                            77475E30 5 Bytes  JMP 0EA0A28F 
.text           C:\Windows\system32\Dwm.exe[1828] ntdll.dll!LdrLoadDll                                                              7748F625 5 Bytes  JMP 0EA0354B 
.text           C:\Windows\system32\Dwm.exe[1828] USER32.dll!TranslateMessage                                                       7600910F 5 Bytes  JMP 0EA05A4D 
.text           C:\Windows\system32\Dwm.exe[1828] ADVAPI32.dll!CryptEncrypt                                                         770BDD5B 5 Bytes  JMP 0EA07374 
.text           C:\Windows\system32\Dwm.exe[1828] CRYPT32.dll!PFXImportCertStore                                                    75690D60 5 Bytes  JMP 0EA023AF 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetQueryOptionA                                                  75EF6421 5 Bytes  JMP 0EA0FDF0 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!HttpAddRequestHeadersA                                                75F09ABA 5 Bytes  JMP 0EA0FCE0 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetCloseHandle                                                   75F0C83E 5 Bytes  JMP 0EA14470 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!HttpQueryInfoA                                                        75F0CBC2 5 Bytes  JMP 0EA139E0 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetReadFile                                                      75F0E264 5 Bytes  JMP 0EA14130 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!HttpSendRequestW                                                      75F0EEB3 5 Bytes  JMP 0EA0824D 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!HttpOpenRequestA                                                      75F103FA 5 Bytes  JMP 0EA0FBC0 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetQueryDataAvailable                                            75F141CB 5 Bytes  JMP 0EA13FD0 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetWriteFile                                                     75F290FC 5 Bytes  JMP 0EA083AD 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetReadFileExA                                                   75F312F9 5 Bytes  JMP 0EA142E0 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!HttpSendRequestA                                                      75F802E0 5 Bytes  JMP 0EA080ED 
.text           C:\Windows\system32\Dwm.exe[1828] ws2_32.dll!send                                                                   759CC4C8 5 Bytes  JMP 0EA0F46B 
.text           C:\Windows\Explorer.EXE[1904] ntdll.dll!NtEnumerateValueKey                                                         77474D80 5 Bytes  JMP 0EA89BD6 
.text           C:\Windows\Explorer.EXE[1904] ntdll.dll!NtQueryDirectoryFile                                                        77475400 5 Bytes  JMP 0EA8A1D7 
.text           C:\Windows\Explorer.EXE[1904] ntdll.dll!NtResumeThread                                                              77475910 5 Bytes  JMP 0EA8A38D 
.text           C:\Windows\Explorer.EXE[1904] ntdll.dll!NtVdmControl                                                                77475E30 5 Bytes  JMP 0EA8A28F 
.text           C:\Windows\Explorer.EXE[1904] ntdll.dll!LdrLoadDll                                                                  7748F625 5 Bytes  JMP 0EA8354B 
.text           C:\Windows\Explorer.EXE[1904] ADVAPI32.dll!CryptEncrypt                                                             770BDD5B 5 Bytes  JMP 0EA87374 
.text           C:\Windows\Explorer.EXE[1904] USER32.dll!TranslateMessage                                                           7600910F 5 Bytes  JMP 0EA85A4D 
.text           C:\Windows\Explorer.EXE[1904] CRYPT32.dll!PFXImportCertStore                                                        75690D60 5 Bytes  JMP 0EA823AF 
.text           C:\Windows\Explorer.EXE[1904] wininet.dll!InternetCloseHandle                                                       75F0C83E 5 Bytes  JMP 0EA94470 
.text           C:\Windows\Explorer.EXE[1904] wininet.dll!HttpSendRequestW                                                          75F0EEB3 5 Bytes  JMP 0EA8824D 
.text           C:\Windows\Explorer.EXE[1904] wininet.dll!InternetWriteFile                                                         75F290FC 5 Bytes  JMP 0EA883AD 
.text           C:\Windows\Explorer.EXE[1904] wininet.dll!HttpSendRequestA                                                          75F802E0 5 Bytes  JMP 0EA880ED 
.text           C:\Windows\Explorer.EXE[1904] ws2_32.dll!send                                                                       759CC4C8 5 Bytes  JMP 0EA8F46B 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ntdll.dll!NtEnumerateValueKey                                 77474D80 5 Bytes  JMP 0EA09BD6 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ntdll.dll!NtQueryDirectoryFile                                77475400 5 Bytes  JMP 0EA0A1D7 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ntdll.dll!NtResumeThread                                      77475910 5 Bytes  JMP 0EA0A38D 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ntdll.dll!NtVdmControl                                        77475E30 5 Bytes  JMP 0EA0A28F 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ntdll.dll!LdrLoadDll                                          7748F625 5 Bytes  JMP 0EA0354B 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ADVAPI32.dll!CryptEncrypt                                     770BDD5B 5 Bytes  JMP 0EA07374 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] USER32.dll!TranslateMessage                                   7600910F 5 Bytes  JMP 0EA05A4D 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] CRYPT32.dll!PFXImportCertStore                                75690D60 5 Bytes  JMP 0EA023AF 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] WS2_32.dll!send                                               759CC4C8 5 Bytes  JMP 0EA0F46B 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetQueryOptionA                              75EF6421 5 Bytes  JMP 0EA0FDF0 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!HttpAddRequestHeadersA                            75F09ABA 5 Bytes  JMP 0EA0FCE0 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetCloseHandle                               75F0C83E 5 Bytes  JMP 0EA14470 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!HttpQueryInfoA                                    75F0CBC2 5 Bytes  JMP 0EA139E0 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetReadFile                                  75F0E264 5 Bytes  JMP 0EA14130 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!HttpSendRequestW                                  75F0EEB3 5 Bytes  JMP 0EA0824D 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!HttpOpenRequestA                                  75F103FA 5 Bytes  JMP 0EA0FBC0 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetQueryDataAvailable                        75F141CB 5 Bytes  JMP 0EA13FD0 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetWriteFile                                 75F290FC 5 Bytes  JMP 0EA083AD 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetReadFileExA                               75F312F9 5 Bytes  JMP 0EA142E0 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!HttpSendRequestA                                  75F802E0 5 Bytes  JMP 0EA080ED 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4332] ntdll.dll!LdrLoadDll                                             7748F625 5 Bytes  JMP 011B13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           C:\Users\***\Desktop\gmer.exe[4488] ntdll.dll!NtEnumerateValueKey                                              77474D80 5 Bytes  JMP 0EA89BD6 
.text           C:\Users\***\Desktop\gmer.exe[4488] ntdll.dll!NtQueryDirectoryFile                                             77475400 5 Bytes  JMP 0EA8A1D7 
.text           C:\Users\***\Desktop\gmer.exe[4488] ntdll.dll!NtResumeThread                                                   77475910 5 Bytes  JMP 0EA8A38D 
.text           C:\Users\***\Desktop\gmer.exe[4488] ntdll.dll!NtVdmControl                                                     77475E30 5 Bytes  JMP 0EA8A28F 
.text           C:\Users\***\Desktop\gmer.exe[4488] ntdll.dll!LdrLoadDll                                                       7748F625 5 Bytes  JMP 0EA8354B 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetQueryOptionA                                           75EF6421 5 Bytes  JMP 0EA8FDF0 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!HttpAddRequestHeadersA                                         75F09ABA 5 Bytes  JMP 0EA8FCE0 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetCloseHandle                                            75F0C83E 5 Bytes  JMP 0EA94470 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!HttpQueryInfoA                                                 75F0CBC2 5 Bytes  JMP 0EA939E0 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetReadFile                                               75F0E264 5 Bytes  JMP 0EA94130 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!HttpSendRequestW                                               75F0EEB3 5 Bytes  JMP 0EA8824D 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!HttpOpenRequestA                                               75F103FA 5 Bytes  JMP 0EA8FBC0 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetQueryDataAvailable                                     75F141CB 5 Bytes  JMP 0EA93FD0 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetWriteFile                                              75F290FC 5 Bytes  JMP 0EA883AD 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetReadFileExA                                            75F312F9 5 Bytes  JMP 0EA942E0 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!HttpSendRequestA                                               75F802E0 5 Bytes  JMP 0EA880ED 
.text           C:\Users\***\Desktop\gmer.exe[4488] USER32.dll!TranslateMessage                                                7600910F 5 Bytes  JMP 0EA85A4D 
.text           C:\Users\***\Desktop\gmer.exe[4488] ADVAPI32.dll!CryptEncrypt                                                  770BDD5B 5 Bytes  JMP 0EA87374 
.text           C:\Users\***\Desktop\gmer.exe[4488] CRYPT32.dll!PFXImportCertStore                                             75690D60 5 Bytes  JMP 0EA823AF 
.text           C:\Users\***\Desktop\gmer.exe[4488] ws2_32.dll!send                                                            759CC4C8 5 Bytes  JMP 0EA8F46B 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4560] USER32.dll!TrackPopupMenu                               76024B3B 4 Bytes  JMP 629A2342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              OODrvled.sys (O&O DriveLED Filter Driver (Win32)/O&O Software GmbH)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004c                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xC5 0xD4 0xC1 0xDD ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x91 0xBA 0xFD 0xCB ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x9D 0x91 0xAC 0xFF ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xC5 0xD4 0xC1 0xDD ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x91 0xBA 0xFD 0xCB ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x9D 0x91 0xAC 0xFF ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Run@sjdfnhsjfk.exe                                                   C:\sjdfnhsjfk.exe\sjdfnhsjfk.exe

---- Files - GMER 1.0.15 ----

File            C:\sjdfnhsjfk.exe                                                                                                   0 bytes
File            C:\sjdfnhsjfk.exe\config.bin                                                                                        74194 bytes
File            C:\sjdfnhsjfk.exe\sjdfnhsjfk.exe                                                                                    272896 bytes executable
File            C:\Users\***\AppData\Local\Microsoft\XLive\Titles\434307f7\config.bin                                          20480 bytes
File            C:\Users\***\AppData\Local\Microsoft\XLive\Titles\534307ff\config.bin                                          20480 bytes
File            C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5451082D\config.bin                                          20480 bytes
File            C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5454083b\config.bin                                          20480 bytes
File            C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5454085c\config.bin                                          20480 bytes

---- EOF - GMER 1.0.15 ----
         
OTL:
Code:
ATTFilter
OTL logfile created on: 28/12/2010 00:09:13 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\Public\Desktop\MFtools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 14,48 Gb Free Space | 14,83% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 20,23 Gb Free Space | 2,17% Space Free | Partition Type: NTFS
Drive J: | 368,10 Gb Total Space | 56,58 Gb Free Space | 15,37% Space Free | Partition Type: NTFS
Drive M: | 465,76 Gb Total Space | 279,51 Gb Free Space | 60,01% Space Free | Partition Type: NTFS
 
Computer Name: BORSCHTI | User Name: Borschti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010/12/27 23:27:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2010/12/10 19:58:26 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/10 19:58:25 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010/12/10 14:53:49 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/21 10:30:39 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/21 10:30:39 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/02/08 18:46:10 | 008,505,888 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/28 15:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DriveLED\oodlag.exe
PRC - [2009/07/14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2005/01/14 16:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/12/27 23:27:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 02:16:20 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2009/07/14 02:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/12/10 14:53:49 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/08 12:24:46 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_aeec0f0.dll -- (Akamai)
SRV - [2010/11/21 10:30:39 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/05 13:22:20 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/09/28 15:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2006/06/01 19:56:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/01/14 16:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva343.sys -- (XDva343)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Borschti\AppData\Local\Temp\HIF7FBF.tmp -- (GarenaPEngine)
DRV - [2010/12/27 16:41:48 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/07 14:48:55 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/10 12:39:23 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/09/10 12:39:22 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/03/10 16:25:58 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/02/21 16:58:33 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/08 18:17:58 | 003,019,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/28 15:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\OODrvled.sys -- (OODrvled)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009/03/01 22:05:32 | 000,139,776 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2007/10/12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2007/02/12 16:55:56 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/10/18 18:48:38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311)
DRV - [2005/01/14 17:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/12/03 11:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/10/28 11:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 BB 60 30 0C B3 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005210720\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/08 06:34:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/27 00:02:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/27 00:02:32 | 000,000,000 | ---D | M]
 
[2010/02/21 16:54:34 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mozilla\Extensions
[2010/12/27 23:53:51 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mozilla\Firefox\Profiles\grpdhaue.default\extensions
[2010/12/18 15:42:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Borschti\AppData\Roaming\mozilla\Firefox\Profiles\grpdhaue.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/03/14 17:52:22 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mozilla\Firefox\Profiles\grpdhaue.default\extensions\battlefieldheroespatcher@ea.com
[2010/02/21 16:58:44 | 000,002,055 | ---- | M] () -- C:\Users\Borschti\AppData\Roaming\Mozilla\FireFox\Profiles\grpdhaue.default\searchplugins\daemon-search.xml
[2010/12/27 23:53:51 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010/09/17 14:05:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/09/17 14:05:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/09/17 14:05:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/09/17 14:05:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/09/17 14:05:42 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005210720\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Borschti\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/21 13:48:46 | 000,000,000 | ---- | M] () - J:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bc884b39-5455-11df-a460-0019dbe7e8ec}\Shell - "" = AutoRun
O33 - MountPoints2\{bc884b39-5455-11df-a460-0019dbe7e8ec}\Shell\AutoRun\command - "" = L:\Startme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/12/27 23:34:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/27 23:33:30 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010/12/27 23:29:09 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Roaming\Malwarebytes
[2010/12/27 23:29:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/27 23:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/27 23:28:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/27 23:28:58 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/12/27 23:27:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010/12/27 00:04:04 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010/12/27 00:02:18 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010/12/24 13:11:08 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Documents\Downloads
[2010/12/18 15:42:36 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/12/18 15:42:24 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010/12/16 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Documents\Bioshock2
[2010/12/16 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Roaming\Bioshock2
[2010/12/14 19:12:17 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Documents\Heroes of Newerth
[2010/12/09 14:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2010/12/09 14:40:51 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Local\Last.fm
[2010/12/09 14:40:48 | 000,000,000 | ---D | C] -- C:\Programme\Last.fm
[2010/12/02 15:22:07 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010/12/02 15:22:05 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010/11/30 22:00:16 | 000,000,000 | ---D | C] -- C:\Programme\Red Kawa
 
========== Files - Modified Within 30 Days ==========
 
[2010/12/27 23:59:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/27 23:50:13 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 23:50:13 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 23:42:58 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/27 23:42:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/27 23:42:46 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/27 23:42:01 | 000,000,020 | ---- | M] () -- C:\Users\Borschti\defogger_reenable
[2010/12/27 23:33:31 | 000,000,894 | ---- | M] () -- C:\Users\Borschti\Desktop\NTREGOPT.lnk
[2010/12/27 23:33:31 | 000,000,875 | ---- | M] () -- C:\Users\Borschti\Desktop\ERUNT.lnk
[2010/12/27 23:29:01 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/27 23:27:50 | 000,288,107 | ---- | M] () -- C:\Users\Borschti\Desktop\Gmer.zip
[2010/12/27 23:27:50 | 000,050,477 | ---- | M] () -- C:\Users\Borschti\Desktop\defogger.exe
[2010/12/27 23:26:18 | 000,472,152 | ---- | M] () -- C:\Users\Borschti\Desktop\Load.exe
[2010/12/27 16:41:48 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/12/27 11:20:33 | 000,664,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/12/27 11:20:33 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/27 11:20:33 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/12/27 11:20:33 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/27 00:13:44 | 002,726,124 | ---- | M] () -- C:\Users\Borschti\Desktop\kleines Mädchen 299.JPG
[2010/12/27 00:04:34 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/24 14:13:12 | 000,001,903 | ---- | M] () -- C:\Users\Borschti\Desktop\Mozilla Firefox.lnk
[2010/12/23 15:11:20 | 000,103,382 | ---- | M] () -- C:\Users\Borschti\Desktop\Getraenkekarte 2011.pdf
[2010/12/22 14:12:18 | 089,798,376 | ---- | M] () -- C:\Users\Borschti\Desktop\I Just Had Sex (feat. Akon)(1080p_H.264-AAC).mp4
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/09 14:40:50 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010/12/08 20:56:18 | 000,029,969 | ---- | M] () -- C:\Users\Borschti\Desktop\Effe.png
[2010/12/08 20:51:02 | 000,754,873 | ---- | M] () -- C:\Users\Borschti\Desktop\test.jpg
[2010/12/07 18:14:28 | 000,099,415 | ---- | M] () -- C:\Users\Borschti\Desktop\Fuehrerschein.PDF
[2010/12/07 14:48:55 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/12/05 22:00:30 | 000,120,320 | ---- | M] () -- C:\Users\Borschti\Desktop\Win7-Shutdown-Timer.exe
[2010/12/02 15:22:07 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/01 21:22:53 | 004,042,906 | ---- | M] () -- C:\Users\Borschti\Desktop\Ellie Goulding - Starry Eyed (Jakwob Remix).mp3
[2010/11/30 22:00:16 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Videora iPod touch Converter.lnk
 
========== Files Created - No Company Name ==========
 
[2010/12/27 23:45:07 | 000,296,448 | ---- | C] () -- C:\Users\Borschti\Desktop\gmer.exe
[2010/12/27 23:41:46 | 000,000,020 | ---- | C] () -- C:\Users\Borschti\defogger_reenable
[2010/12/27 23:33:31 | 000,000,894 | ---- | C] () -- C:\Users\Borschti\Desktop\NTREGOPT.lnk
[2010/12/27 23:33:31 | 000,000,875 | ---- | C] () -- C:\Users\Borschti\Desktop\ERUNT.lnk
[2010/12/27 23:29:01 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/27 23:27:50 | 000,050,477 | ---- | C] () -- C:\Users\Borschti\Desktop\defogger.exe
[2010/12/27 23:27:49 | 000,288,107 | ---- | C] () -- C:\Users\Borschti\Desktop\Gmer.zip
[2010/12/27 23:26:17 | 000,472,152 | ---- | C] () -- C:\Users\Borschti\Desktop\Load.exe
[2010/12/27 00:10:52 | 002,726,124 | ---- | C] () -- C:\Users\Borschti\Desktop\kleines Mädchen 299.JPG
[2010/12/27 00:04:34 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/26 12:54:50 | 000,099,415 | ---- | C] () -- C:\Users\Borschti\Desktop\Fuehrerschein.PDF
[2010/12/24 14:13:12 | 000,001,903 | ---- | C] () -- C:\Users\Borschti\Desktop\Mozilla Firefox.lnk
[2010/12/22 14:11:26 | 089,798,376 | ---- | C] () -- C:\Users\Borschti\Desktop\I Just Had Sex (feat. Akon)(1080p_H.264-AAC).mp4
[2010/12/15 20:03:05 | 000,103,382 | ---- | C] () -- C:\Users\Borschti\Desktop\Getraenkekarte 2011.pdf
[2010/12/09 14:40:50 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010/12/08 20:56:01 | 000,029,969 | ---- | C] () -- C:\Users\Borschti\Desktop\Effe.png
[2010/12/08 20:50:39 | 000,754,873 | ---- | C] () -- C:\Users\Borschti\Desktop\test.jpg
[2010/12/05 22:00:29 | 000,120,320 | ---- | C] () -- C:\Users\Borschti\Desktop\Win7-Shutdown-Timer.exe
[2010/12/02 15:22:07 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/01 20:58:10 | 004,042,906 | ---- | C] () -- C:\Users\Borschti\Desktop\Ellie Goulding - Starry Eyed (Jakwob Remix).mp3
[2010/11/30 22:00:16 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Videora iPod touch Converter.lnk
[2010/11/15 17:24:11 | 000,000,096 | ---- | C] () -- C:\Users\Borschti\AppData\Local\fusioncache.dat
[2010/10/17 18:27:55 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2010/09/30 16:49:45 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/09/29 17:03:23 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/09/23 17:53:53 | 000,000,565 | ---- | C] () -- C:\Users\Borschti\AppData\Roaming\myMPQ.ini
[2010/09/09 12:28:59 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/09/09 12:28:58 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/08/02 15:10:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/07/21 14:31:48 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010/06/13 19:52:30 | 000,017,408 | ---- | C] () -- C:\Users\Borschti\AppData\Local\WebpageIcons.db
[2010/05/31 21:50:17 | 000,001,611 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/05/29 15:55:07 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010/05/29 15:55:07 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010/05/29 09:51:04 | 000,603,648 | R--- | C] () -- C:\Windows\System32\1911.dll
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/03/14 17:57:57 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/14 17:57:56 | 000,138,056 | ---- | C] () -- C:\Users\Borschti\AppData\Roaming\PnkBstrK.sys
[2010/03/09 17:26:51 | 000,000,092 | ---- | C] () -- C:\Users\Borschti\AppData\Roaming\default.pls
[2009/11/16 14:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/10/12 00:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== LOP Check ==========
 
[2010/08/16 02:33:07 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\acccore
[2010/06/17 17:40:45 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Audacity
[2010/12/17 13:52:12 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Bioshock2
[2010/06/10 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\BitDefender
[2010/03/08 20:11:42 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\DAEMON Tools Lite
[2010/12/18 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/12/27 23:29:09 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Ecwoul
[2010/10/17 21:02:44 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\gtk-2.0
[2010/10/23 19:45:41 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Hardcore
[2010/08/08 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\HLSW
[2010/12/27 21:55:44 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\ICQ
[2010/08/11 21:18:38 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Leadertech
[2010/05/18 14:39:59 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\LolClient
[2010/04/17 22:01:39 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/07/09 18:54:44 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\MAXON
[2010/07/04 22:42:20 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mp3DirectCut
[2010/10/30 21:32:56 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Mp3tag
[2010/12/27 18:46:53 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Mumble
[2010/10/23 15:16:39 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\PACE Anti-Piracy
[2010/07/04 16:05:19 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Publish Providers
[2010/12/27 23:39:23 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Reaf
[2010/07/06 14:27:28 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Sony
[2010/08/05 21:55:52 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Sony Creative Software
[2010/04/30 14:34:57 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Sony Setup
[2010/04/29 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Teleca
[2010/05/18 14:34:48 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\TS3Client
[2010/02/21 17:57:15 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\TuneUp Software
[2010/10/16 14:09:00 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Ubisoft
[2010/05/25 15:04:57 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Wuala
[2010/11/21 10:46:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1362 bytes -> C:\ProgramData\Microsoft:tQSggL5NNsEWjfkn381qrbh
@Alternate Data Stream - 1298 bytes -> C:\ProgramData\Microsoft:QJqAcGcqbqH46UIf8X
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 1209 bytes -> C:\ProgramData\Microsoft:iSqKuAZJnohUs9DMNi6MlbuW

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 28/12/2010 00:09:13 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\Public\Desktop\MFtools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 14,48 Gb Free Space | 14,83% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 20,23 Gb Free Space | 2,17% Space Free | Partition Type: NTFS
Drive J: | 368,10 Gb Total Space | 56,58 Gb Free Space | 15,37% Space Free | Partition Type: NTFS
Drive M: | 465,76 Gb Total Space | 279,51 Gb Free Space | 60,01% Space Free | Partition Type: NTFS
 
Computer Name: BORSCHTI | User Name: Borschti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C3AE9EB-2F0A-451E-A5E4-2BF6AFF21FB9}" = PC Suite for Sony Ericsson
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}" = Tom Clancy's Splinter Cell Chaos Theory
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCAF3D46-3BDA-441F-97B9-3878ACD0CD4F}_is1" = Half-Life 2 (Addon) DZ
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3C80E77-E549-4F76-BC07-61DDBD950345}" = Silent Hill 2 - Directors Cut
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EDB32FFB-FC1C-414B-BF8E-4645217E9AF2}" = League of Legends
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F61DD673-0030-4BB2-A382-7E57E97F1031}" = Nero 7 Essentials
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"43390D7CA42BD8A4396797BE668489DD178C15E4" = Windows-Treiberpaket - Parallax Inc CDM Driver Package (02/17/2009 2.04.16)
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"7C647F24829963C4E203822A80E734EACA726FD7" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"7-Zip" = 7-Zip 9.15 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CINEMA 4D Release 11" = CINEMA 4D Release 11
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Drumaxx" = Drumaxx
"EA Download Manager" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"F.E.A.R. 2 Project Origin_is1" = F.E.A.R. 2 Project Origin
"Fallout New Vegas_is1" = Fallout New Vegas
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Garena" = Garena 2010
"GCFScape_is1" = GCFScape 1.8.0
"Hardcore" = Hardcore
"HLSW_is1" = HLSW v1.3.3.7b
"hon" = Heroes of Newerth
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.27091
"League of Legends_is1" = League of Legends
"Magic Bullet Looks Vegas" = Magic Bullet Looks Vegas
"Magic Bullet LooksBuilder" = Magic Bullet LooksBuilder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP3-Cutter" = MP3-Cutter
"Mp3tag" = Mp3tag v2.46a
"Mumble" = Mumble and Murmur
"NET Render Release 11" = NET Render Release 11
"NewBlue 3D Explosions for Vegas" = NewBlue 3D Explosions for Vegas
"NewBlue 3D Transformations for Vegas" = NewBlue 3D Transformations for Vegas
"NewBlue Art Blends 2.0 for Vegas" = NewBlue Art Blends 2.0 for Vegas
"NewBlue Art Effects 2.0 for Vegas" = NewBlue Art Effects 2.0 for Vegas
"NewBlue Film Effects for Vegas" = NewBlue Film Effects for Vegas
"NewBlue Motion Blends 2.0 for Vegas" = NewBlue Motion Blends 2.0 for Vegas
"NewBlue Motion Effects 2.0 for Vegas" = NewBlue Motion Effects 2.0 for Vegas
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PluginPac" = DebugMode PluginPac (remove only)
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"Sakura" = Sakura
"Sawer" = Sawer
"Shop for HP Supplies" = Shop for HP Supplies
"SpiceMASTER 2.5 PRO for Vegas" = SpiceMASTER 2.5 PRO for Vegas
"STANDARD" = Microsoft Office Standard 2007
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"StarCraft II" = StarCraft II
"Steam App 205" = Source Dedicated Server
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 400" = Portal
"Steam App 630" = Alien Swarm
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Toxic Biohazard" = Toxic Biohazard
"Trapcode Particular v2" = Trapcode Particular v2
"Trapcode Shine" = Trapcode Shine
"Trapcode Starglow" = Trapcode Starglow
"Uninstall_is1" = Uninstall 1.0.0.1
"Videora iPod touch Converter" = Videora iPod touch Converter 6
"VLC media player" = VLC media player 1.1.0
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20/09/2010 13:28:38 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 21/09/2010 12:03:12 | Computer Name = Borschti | Source = VSS | ID = 8194
Description = 
 
Error - 22/09/2010 16:18:20 | Computer Name = Borschti | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Installer.exe, Version: 0.0.0.0, 
Zeitstempel: 0x4c99a19c  Name des fehlerhaften Moduls: Installer.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4c99a19c  Ausnahmecode: 0xc0000006  Fehleroffset: 0x001383e2  ID des fehlerhaften
 Prozesses: 0x46c  Startzeit der fehlerhaften Anwendung: 0x01cb5a9139f41bae  Pfad der
 fehlerhaften Anwendung: K:\Installer.exe  Pfad des fehlerhaften Moduls: K:\Installer.exe
Berichtskennung:
 8a804f98-c686-11df-884d-0019dbe7e8ec
 
Error - 22/09/2010 16:18:20 | Computer Name = Borschti | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm Installer.exe wurde wegen dieses Fehlers geschlossen.

Programm:
 Installer.exe  Datei:     Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
 Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und   - diese sich im Netzwerk 
befindet,   dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.   - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
   Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, 
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: C0000102  Datenträgertyp: 0
 
Error - 23/09/2010 13:14:30 | Computer Name = Borschti | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.0.0.16117 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ea0    Startzeit: 
01cb5b3ffdba54fd    Endzeit: 86    Anwendungspfad: J:\StarCraft II\Versions\Base15405\SC2.exe

Berichts-ID:
   
 
Error - 24/09/2010 11:02:16 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 196: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 24/09/2010 11:21:28 | Computer Name = Borschti | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 24/09/2010 13:17:29 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 24/09/2010 13:18:49 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 24/09/2010 17:13:12 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
[ System Events ]
Error - 27/12/2010 18:29:58 | Computer Name = Borschti | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 27/12/2010 18:30:50 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
 
Error - 27/12/2010 18:30:53 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 27/12/2010 18:31:20 | Computer Name = Borschti | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sfdrv01  sfsync02
 
Error - 27/12/2010 18:40:07 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
 
Error - 27/12/2010 18:40:10 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 27/12/2010 18:40:36 | Computer Name = Borschti | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sfdrv01  sfsync02
 
Error - 27/12/2010 18:42:40 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
 
Error - 27/12/2010 18:42:43 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 27/12/2010 18:43:09 | Computer Name = Borschti | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sfdrv01  sfsync02
 
 
< End of report >
         
Hoffe ich habe alles richtig gemacht mit den Logs und ihr könnt was damit anfangen

 

Themen zu TR/ATRAPS.gen in 0070.DLL gefunden
0xc0000006, 32 bit, 7-zip, adobe after effects, akamai, alternate, antivir, avgntflt.sys, avira, bho, black, bonjour, call of duty, chkdsk /f, converter, corp./icp, counter-strike source, cpu-z, dateisystem, desktop, dll -, dwm.exe, encrypt, error, excel.exe, festplatte, firefox, firefox.exe, flash player, fontcache, grand theft auto, helper, install.exe, jdownloader, langs, location, locker, logfile, microsoft office word, mp3, nicht möglich, ntdll.dll, nvlddmkm.sys, nvstor.sys, object, oldtimer, origin, pixel, plug-in, problem, programdata, realtek, registry, required, richtlinie, saver, searchplugins, security, security update, shell32.dll, software, system, taskhost.exe, teamspeak, third party, vlc media player, webcheck, windows




Ähnliche Themen: TR/ATRAPS.gen in 0070.DLL gefunden


  1. TR/ATRAPS.Gen/Gen2 von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 06.10.2013 (21)
  2. TR/ATRAPS.Gen2 und W32/Patched.UC gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.05.2013 (19)
  3. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  4. TR/ATRAPS.Gen mit Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (15)
  5. TR/ATRAPS.Gen & TR/ATRAPS.Gen2 durch Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (3)
  6. TR/ATRAPS.Gen2 gefunden
    Log-Analyse und Auswertung - 24.10.2012 (10)
  7. TR/ATRAPS.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (20)
  8. Trojaner gefunden TR/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (11)
  9. TR/ATRAPS.Gen , TR/ATRAPS.Gen2 und Live Security Platinum gefunden
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (3)
  10. Virus gefunden: TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (1)
  11. TR/ATRAPS.Gen/Gen2 gefunden
    Log-Analyse und Auswertung - 03.07.2012 (25)
  12. TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (4)
  13. TR/SmallFI, TR/ATRAPS.Gen und TR/ATRAPS.Gen von Avira gefunden - was nun?
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (12)
  14. antivir hat tr/atraps.gen2 gefunden - was tun?
    Plagegeister aller Art und deren Bekämpfung - 07.03.2012 (17)
  15. TR/ATRAPS.Gen2 gefunden.
    Plagegeister aller Art und deren Bekämpfung - 22.01.2012 (18)
  16. TR/ATRAPS.Gen gefunden
    Log-Analyse und Auswertung - 12.01.2012 (74)
  17. Trojaner TR/ATRAPS.Gen gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.03.2011 (13)

Zum Thema TR/ATRAPS.gen in 0070.DLL gefunden - Hallo mein AntiVir hat TR/ATRAPS.Gen gefunden, jedoch konnte ich diese Datei nicht löschen. Sie ist unter dem Verzeichnis: C:\Windows\System32\0070.DLL Ich bitte um eure Hilfe! Im vorraus schonmal ein Dankeschön, Gruß - TR/ATRAPS.gen in 0070.DLL gefunden...
Archiv
Du betrachtest: TR/ATRAPS.gen in 0070.DLL gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.