Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.gen in 0070.DLL gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.12.2010, 00:28   #1
Borschti
 
TR/ATRAPS.gen in 0070.DLL gefunden - Standard

TR/ATRAPS.gen in 0070.DLL gefunden



Hallo mein AntiVir hat TR/ATRAPS.Gen gefunden, jedoch konnte ich diese Datei nicht löschen.
Sie ist unter dem Verzeichnis: C:\Windows\System32\0070.DLL
Ich bitte um eure Hilfe!

Im vorraus schonmal ein Dankeschön, Gruß Borschti!

Logs:

MBAM:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5405

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27/12/2010 23:39:24
mbam-log-2010-12-27 (23-39-24).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 154291
Laufzeit: 3 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{CC0085BC-D667-3CF6-2784-15ACE9DF7E61} (Spyware.Passwords.XGen) -> Value: {CC0085BC-D667-3CF6-2784-15ACE9DF7E61} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\CrntDLL (Trojan.Witkinat) -> Value: CrntDLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,,C:\Windows\system32\cfg.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\***\AppData\Roaming\Reaf\ezil.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\System32\wupd.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\cleansweep.exe\config.bin (Trojan.Agent) -> Quarantined and deleted successfully.
         
defogger_disable:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:41 on 27/12/2010 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         
Gmer:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-28 00:06:56
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAJS-22YFA0 rev.12.01C02
Running: gmer.exe; Driver: C:\Users\***\AppData\Local\Temp\pwriqpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                                     830518E9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                              830713D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xA100B300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xA1057300, 0x1BEE, 0xE8000020]
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                                                 A1209000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                                                 A1209123 629 Bytes  [45, 20, A1, FE, 05, 34, 45, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                                                 A1209399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                                                 A12093FF 51 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 53C3                                                                                 A1209433 96 Bytes  [1F, A1, 85, C9, 7C, 18, 8D, ...]
PAGE            ...                                                                                                                 
.text           advapi32.dll!CryptEncrypt                                                                                           770BDD5B 5 Bytes  JMP 0EA87374 
.text           user32.dll!TranslateMessage                                                                                         7600910F 5 Bytes  JMP 0EA85A4D 
.text           wininet.dll!InternetQueryOptionA                                                                                    75EF6421 5 Bytes  JMP 0EA8FDF0 
.text           wininet.dll!HttpAddRequestHeadersA                                                                                  75F09ABA 5 Bytes  JMP 0EA8FCE0 
.text           wininet.dll!InternetCloseHandle                                                                                     75F0C83E 5 Bytes  JMP 0EA94470 
.text           wininet.dll!HttpQueryInfoA                                                                                          75F0CBC2 5 Bytes  JMP 0EA939E0 
.text           wininet.dll!InternetReadFile                                                                                        75F0E264 5 Bytes  JMP 0EA94130 
.text           wininet.dll!HttpSendRequestW                                                                                        75F0EEB3 5 Bytes  JMP 0EA8824D 
.text           wininet.dll!HttpOpenRequestA                                                                                        75F103FA 5 Bytes  JMP 0EA8FBC0 
.text           wininet.dll!InternetQueryDataAvailable                                                                              75F141CB 5 Bytes  JMP 0EA93FD0 
.text           wininet.dll!InternetWriteFile                                                                                       75F290FC 5 Bytes  JMP 0EA883AD 
.text           wininet.dll!InternetReadFileExA                                                                                     75F312F9 5 Bytes  JMP 0EA942E0 
.text           wininet.dll!HttpSendRequestA                                                                                        75F802E0 5 Bytes  JMP 0EA880ED 
.text           ws2_32.dll!send                                                                                                     759CC4C8 5 Bytes  JMP 0EA8F46B 
.text           crypt32.dll!PFXImportCertStore                                                                                      75690D60 5 Bytes  JMP 0EA823AF 

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\winlogon.exe[584] ntdll.dll!NtEnumerateValueKey                                                 77474D80 5 Bytes  JMP 0EA09BD6 
.text           C:\Windows\system32\winlogon.exe[584] ntdll.dll!NtQueryDirectoryFile                                                77475400 5 Bytes  JMP 0EA0A1D7 
.text           C:\Windows\system32\winlogon.exe[584] ntdll.dll!NtResumeThread                                                      77475910 5 Bytes  JMP 0EA0A38D 
.text           C:\Windows\system32\winlogon.exe[584] ntdll.dll!NtVdmControl                                                        77475E30 5 Bytes  JMP 0EA0A28F 
.text           C:\Windows\system32\winlogon.exe[584] ntdll.dll!LdrLoadDll                                                          7748F625 5 Bytes  JMP 0EA0354B 
.text           C:\Windows\system32\winlogon.exe[584] USER32.dll!TranslateMessage                                                   7600910F 5 Bytes  JMP 0EA05A4D 
.text           C:\Windows\system32\winlogon.exe[584] ADVAPI32.dll!CryptEncrypt                                                     770BDD5B 5 Bytes  JMP 0EA07374 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetQueryOptionA                                              75EF6421 5 Bytes  JMP 0EA0FDF0 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!HttpAddRequestHeadersA                                            75F09ABA 5 Bytes  JMP 0EA0FCE0 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetCloseHandle                                               75F0C83E 5 Bytes  JMP 0EA14470 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!HttpQueryInfoA                                                    75F0CBC2 5 Bytes  JMP 0EA139E0 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetReadFile                                                  75F0E264 5 Bytes  JMP 0EA14130 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!HttpSendRequestW                                                  75F0EEB3 5 Bytes  JMP 0EA0824D 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!HttpOpenRequestA                                                  75F103FA 5 Bytes  JMP 0EA0FBC0 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetQueryDataAvailable                                        75F141CB 5 Bytes  JMP 0EA13FD0 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetWriteFile                                                 75F290FC 5 Bytes  JMP 0EA083AD 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!InternetReadFileExA                                               75F312F9 5 Bytes  JMP 0EA142E0 
.text           C:\Windows\system32\winlogon.exe[584] wininet.dll!HttpSendRequestA                                                  75F802E0 5 Bytes  JMP 0EA080ED 
.text           C:\Windows\system32\winlogon.exe[584] CRYPT32.dll!PFXImportCertStore                                                75690D60 5 Bytes  JMP 0EA023AF 
.text           C:\Windows\system32\winlogon.exe[584] ws2_32.dll!send                                                               759CC4C8 5 Bytes  JMP 0EA0F46B 
.text           C:\Windows\system32\nvvsvc.exe[1388] ntdll.dll!NtEnumerateValueKey                                                  77474D80 5 Bytes  JMP 0EA09BD6 
.text           C:\Windows\system32\nvvsvc.exe[1388] ntdll.dll!NtQueryDirectoryFile                                                 77475400 5 Bytes  JMP 0EA0A1D7 
.text           C:\Windows\system32\nvvsvc.exe[1388] ntdll.dll!NtResumeThread                                                       77475910 5 Bytes  JMP 0EA0A38D 
.text           C:\Windows\system32\nvvsvc.exe[1388] ntdll.dll!NtVdmControl                                                         77475E30 5 Bytes  JMP 0EA0A28F 
.text           C:\Windows\system32\nvvsvc.exe[1388] ntdll.dll!LdrLoadDll                                                           7748F625 5 Bytes  JMP 0EA0354B 
.text           C:\Windows\system32\nvvsvc.exe[1388] USER32.dll!TranslateMessage                                                    7600910F 5 Bytes  JMP 0EA05A4D 
.text           C:\Windows\system32\nvvsvc.exe[1388] ADVAPI32.dll!CryptEncrypt                                                      770BDD5B 5 Bytes  JMP 0EA07374 
.text           C:\Windows\system32\nvvsvc.exe[1388] CRYPT32.dll!PFXImportCertStore                                                 75690D60 5 Bytes  JMP 0EA023AF 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetQueryOptionA                                               75EF6421 5 Bytes  JMP 0EA0FDF0 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!HttpAddRequestHeadersA                                             75F09ABA 5 Bytes  JMP 0EA0FCE0 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetCloseHandle                                                75F0C83E 5 Bytes  JMP 0EA14470 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!HttpQueryInfoA                                                     75F0CBC2 5 Bytes  JMP 0EA139E0 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetReadFile                                                   75F0E264 5 Bytes  JMP 0EA14130 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!HttpSendRequestW                                                   75F0EEB3 5 Bytes  JMP 0EA0824D 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!HttpOpenRequestA                                                   75F103FA 5 Bytes  JMP 0EA0FBC0 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetQueryDataAvailable                                         75F141CB 5 Bytes  JMP 0EA13FD0 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetWriteFile                                                  75F290FC 5 Bytes  JMP 0EA083AD 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!InternetReadFileExA                                                75F312F9 5 Bytes  JMP 0EA142E0 
.text           C:\Windows\system32\nvvsvc.exe[1388] wininet.dll!HttpSendRequestA                                                   75F802E0 5 Bytes  JMP 0EA080ED 
.text           C:\Windows\system32\nvvsvc.exe[1388] ws2_32.dll!send                                                                759CC4C8 5 Bytes  JMP 0EA0F46B 
.text           C:\Windows\system32\taskhost.exe[1744] ntdll.dll!NtEnumerateValueKey                                                77474D80 5 Bytes  JMP 0EA09BD6 
.text           C:\Windows\system32\taskhost.exe[1744] ntdll.dll!NtQueryDirectoryFile                                               77475400 5 Bytes  JMP 0EA0A1D7 
.text           C:\Windows\system32\taskhost.exe[1744] ntdll.dll!NtResumeThread                                                     77475910 5 Bytes  JMP 0EA0A38D 
.text           C:\Windows\system32\taskhost.exe[1744] ntdll.dll!NtVdmControl                                                       77475E30 5 Bytes  JMP 0EA0A28F 
.text           C:\Windows\system32\taskhost.exe[1744] ntdll.dll!LdrLoadDll                                                         7748F625 5 Bytes  JMP 0EA0354B 
.text           C:\Windows\system32\taskhost.exe[1744] USER32.dll!TranslateMessage                                                  7600910F 5 Bytes  JMP 0EA05A4D 
.text           C:\Windows\system32\taskhost.exe[1744] ADVAPI32.dll!CryptEncrypt                                                    770BDD5B 5 Bytes  JMP 0EA07374 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetQueryOptionA                                             75EF6421 5 Bytes  JMP 0EA0FDF0 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!HttpAddRequestHeadersA                                           75F09ABA 5 Bytes  JMP 0EA0FCE0 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetCloseHandle                                              75F0C83E 5 Bytes  JMP 0EA14470 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!HttpQueryInfoA                                                   75F0CBC2 5 Bytes  JMP 0EA139E0 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetReadFile                                                 75F0E264 5 Bytes  JMP 0EA14130 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!HttpSendRequestW                                                 75F0EEB3 5 Bytes  JMP 0EA0824D 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!HttpOpenRequestA                                                 75F103FA 5 Bytes  JMP 0EA0FBC0 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetQueryDataAvailable                                       75F141CB 5 Bytes  JMP 0EA13FD0 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetWriteFile                                                75F290FC 5 Bytes  JMP 0EA083AD 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!InternetReadFileExA                                              75F312F9 5 Bytes  JMP 0EA142E0 
.text           C:\Windows\system32\taskhost.exe[1744] wininet.dll!HttpSendRequestA                                                 75F802E0 5 Bytes  JMP 0EA080ED 
.text           C:\Windows\system32\taskhost.exe[1744] CRYPT32.dll!PFXImportCertStore                                               75690D60 5 Bytes  JMP 0EA023AF 
.text           C:\Windows\system32\taskhost.exe[1744] ws2_32.dll!send                                                              759CC4C8 5 Bytes  JMP 0EA0F46B 
.text           C:\Windows\system32\Dwm.exe[1828] ntdll.dll!NtEnumerateValueKey                                                     77474D80 5 Bytes  JMP 0EA09BD6 
.text           C:\Windows\system32\Dwm.exe[1828] ntdll.dll!NtQueryDirectoryFile                                                    77475400 5 Bytes  JMP 0EA0A1D7 
.text           C:\Windows\system32\Dwm.exe[1828] ntdll.dll!NtResumeThread                                                          77475910 5 Bytes  JMP 0EA0A38D 
.text           C:\Windows\system32\Dwm.exe[1828] ntdll.dll!NtVdmControl                                                            77475E30 5 Bytes  JMP 0EA0A28F 
.text           C:\Windows\system32\Dwm.exe[1828] ntdll.dll!LdrLoadDll                                                              7748F625 5 Bytes  JMP 0EA0354B 
.text           C:\Windows\system32\Dwm.exe[1828] USER32.dll!TranslateMessage                                                       7600910F 5 Bytes  JMP 0EA05A4D 
.text           C:\Windows\system32\Dwm.exe[1828] ADVAPI32.dll!CryptEncrypt                                                         770BDD5B 5 Bytes  JMP 0EA07374 
.text           C:\Windows\system32\Dwm.exe[1828] CRYPT32.dll!PFXImportCertStore                                                    75690D60 5 Bytes  JMP 0EA023AF 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetQueryOptionA                                                  75EF6421 5 Bytes  JMP 0EA0FDF0 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!HttpAddRequestHeadersA                                                75F09ABA 5 Bytes  JMP 0EA0FCE0 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetCloseHandle                                                   75F0C83E 5 Bytes  JMP 0EA14470 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!HttpQueryInfoA                                                        75F0CBC2 5 Bytes  JMP 0EA139E0 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetReadFile                                                      75F0E264 5 Bytes  JMP 0EA14130 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!HttpSendRequestW                                                      75F0EEB3 5 Bytes  JMP 0EA0824D 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!HttpOpenRequestA                                                      75F103FA 5 Bytes  JMP 0EA0FBC0 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetQueryDataAvailable                                            75F141CB 5 Bytes  JMP 0EA13FD0 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetWriteFile                                                     75F290FC 5 Bytes  JMP 0EA083AD 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!InternetReadFileExA                                                   75F312F9 5 Bytes  JMP 0EA142E0 
.text           C:\Windows\system32\Dwm.exe[1828] wininet.dll!HttpSendRequestA                                                      75F802E0 5 Bytes  JMP 0EA080ED 
.text           C:\Windows\system32\Dwm.exe[1828] ws2_32.dll!send                                                                   759CC4C8 5 Bytes  JMP 0EA0F46B 
.text           C:\Windows\Explorer.EXE[1904] ntdll.dll!NtEnumerateValueKey                                                         77474D80 5 Bytes  JMP 0EA89BD6 
.text           C:\Windows\Explorer.EXE[1904] ntdll.dll!NtQueryDirectoryFile                                                        77475400 5 Bytes  JMP 0EA8A1D7 
.text           C:\Windows\Explorer.EXE[1904] ntdll.dll!NtResumeThread                                                              77475910 5 Bytes  JMP 0EA8A38D 
.text           C:\Windows\Explorer.EXE[1904] ntdll.dll!NtVdmControl                                                                77475E30 5 Bytes  JMP 0EA8A28F 
.text           C:\Windows\Explorer.EXE[1904] ntdll.dll!LdrLoadDll                                                                  7748F625 5 Bytes  JMP 0EA8354B 
.text           C:\Windows\Explorer.EXE[1904] ADVAPI32.dll!CryptEncrypt                                                             770BDD5B 5 Bytes  JMP 0EA87374 
.text           C:\Windows\Explorer.EXE[1904] USER32.dll!TranslateMessage                                                           7600910F 5 Bytes  JMP 0EA85A4D 
.text           C:\Windows\Explorer.EXE[1904] CRYPT32.dll!PFXImportCertStore                                                        75690D60 5 Bytes  JMP 0EA823AF 
.text           C:\Windows\Explorer.EXE[1904] wininet.dll!InternetCloseHandle                                                       75F0C83E 5 Bytes  JMP 0EA94470 
.text           C:\Windows\Explorer.EXE[1904] wininet.dll!HttpSendRequestW                                                          75F0EEB3 5 Bytes  JMP 0EA8824D 
.text           C:\Windows\Explorer.EXE[1904] wininet.dll!InternetWriteFile                                                         75F290FC 5 Bytes  JMP 0EA883AD 
.text           C:\Windows\Explorer.EXE[1904] wininet.dll!HttpSendRequestA                                                          75F802E0 5 Bytes  JMP 0EA880ED 
.text           C:\Windows\Explorer.EXE[1904] ws2_32.dll!send                                                                       759CC4C8 5 Bytes  JMP 0EA8F46B 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ntdll.dll!NtEnumerateValueKey                                 77474D80 5 Bytes  JMP 0EA09BD6 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ntdll.dll!NtQueryDirectoryFile                                77475400 5 Bytes  JMP 0EA0A1D7 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ntdll.dll!NtResumeThread                                      77475910 5 Bytes  JMP 0EA0A38D 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ntdll.dll!NtVdmControl                                        77475E30 5 Bytes  JMP 0EA0A28F 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ntdll.dll!LdrLoadDll                                          7748F625 5 Bytes  JMP 0EA0354B 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] ADVAPI32.dll!CryptEncrypt                                     770BDD5B 5 Bytes  JMP 0EA07374 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] USER32.dll!TranslateMessage                                   7600910F 5 Bytes  JMP 0EA05A4D 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] CRYPT32.dll!PFXImportCertStore                                75690D60 5 Bytes  JMP 0EA023AF 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] WS2_32.dll!send                                               759CC4C8 5 Bytes  JMP 0EA0F46B 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetQueryOptionA                              75EF6421 5 Bytes  JMP 0EA0FDF0 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!HttpAddRequestHeadersA                            75F09ABA 5 Bytes  JMP 0EA0FCE0 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetCloseHandle                               75F0C83E 5 Bytes  JMP 0EA14470 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!HttpQueryInfoA                                    75F0CBC2 5 Bytes  JMP 0EA139E0 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetReadFile                                  75F0E264 5 Bytes  JMP 0EA14130 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!HttpSendRequestW                                  75F0EEB3 5 Bytes  JMP 0EA0824D 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!HttpOpenRequestA                                  75F103FA 5 Bytes  JMP 0EA0FBC0 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetQueryDataAvailable                        75F141CB 5 Bytes  JMP 0EA13FD0 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetWriteFile                                 75F290FC 5 Bytes  JMP 0EA083AD 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!InternetReadFileExA                               75F312F9 5 Bytes  JMP 0EA142E0 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2444] wininet.dll!HttpSendRequestA                                  75F802E0 5 Bytes  JMP 0EA080ED 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4332] ntdll.dll!LdrLoadDll                                             7748F625 5 Bytes  JMP 011B13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           C:\Users\***\Desktop\gmer.exe[4488] ntdll.dll!NtEnumerateValueKey                                              77474D80 5 Bytes  JMP 0EA89BD6 
.text           C:\Users\***\Desktop\gmer.exe[4488] ntdll.dll!NtQueryDirectoryFile                                             77475400 5 Bytes  JMP 0EA8A1D7 
.text           C:\Users\***\Desktop\gmer.exe[4488] ntdll.dll!NtResumeThread                                                   77475910 5 Bytes  JMP 0EA8A38D 
.text           C:\Users\***\Desktop\gmer.exe[4488] ntdll.dll!NtVdmControl                                                     77475E30 5 Bytes  JMP 0EA8A28F 
.text           C:\Users\***\Desktop\gmer.exe[4488] ntdll.dll!LdrLoadDll                                                       7748F625 5 Bytes  JMP 0EA8354B 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetQueryOptionA                                           75EF6421 5 Bytes  JMP 0EA8FDF0 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!HttpAddRequestHeadersA                                         75F09ABA 5 Bytes  JMP 0EA8FCE0 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetCloseHandle                                            75F0C83E 5 Bytes  JMP 0EA94470 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!HttpQueryInfoA                                                 75F0CBC2 5 Bytes  JMP 0EA939E0 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetReadFile                                               75F0E264 5 Bytes  JMP 0EA94130 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!HttpSendRequestW                                               75F0EEB3 5 Bytes  JMP 0EA8824D 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!HttpOpenRequestA                                               75F103FA 5 Bytes  JMP 0EA8FBC0 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetQueryDataAvailable                                     75F141CB 5 Bytes  JMP 0EA93FD0 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetWriteFile                                              75F290FC 5 Bytes  JMP 0EA883AD 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!InternetReadFileExA                                            75F312F9 5 Bytes  JMP 0EA942E0 
.text           C:\Users\***\Desktop\gmer.exe[4488] wininet.dll!HttpSendRequestA                                               75F802E0 5 Bytes  JMP 0EA880ED 
.text           C:\Users\***\Desktop\gmer.exe[4488] USER32.dll!TranslateMessage                                                7600910F 5 Bytes  JMP 0EA85A4D 
.text           C:\Users\***\Desktop\gmer.exe[4488] ADVAPI32.dll!CryptEncrypt                                                  770BDD5B 5 Bytes  JMP 0EA87374 
.text           C:\Users\***\Desktop\gmer.exe[4488] CRYPT32.dll!PFXImportCertStore                                             75690D60 5 Bytes  JMP 0EA823AF 
.text           C:\Users\***\Desktop\gmer.exe[4488] ws2_32.dll!send                                                            759CC4C8 5 Bytes  JMP 0EA8F46B 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4560] USER32.dll!TrackPopupMenu                               76024B3B 4 Bytes  JMP 629A2342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              OODrvled.sys (O&O DriveLED Filter Driver (Win32)/O&O Software GmbH)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004c                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xC5 0xD4 0xC1 0xDD ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x91 0xBA 0xFD 0xCB ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x9D 0x91 0xAC 0xFF ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xC5 0xD4 0xC1 0xDD ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x91 0xBA 0xFD 0xCB ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x9D 0x91 0xAC 0xFF ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Run@sjdfnhsjfk.exe                                                   C:\sjdfnhsjfk.exe\sjdfnhsjfk.exe

---- Files - GMER 1.0.15 ----

File            C:\sjdfnhsjfk.exe                                                                                                   0 bytes
File            C:\sjdfnhsjfk.exe\config.bin                                                                                        74194 bytes
File            C:\sjdfnhsjfk.exe\sjdfnhsjfk.exe                                                                                    272896 bytes executable
File            C:\Users\***\AppData\Local\Microsoft\XLive\Titles\434307f7\config.bin                                          20480 bytes
File            C:\Users\***\AppData\Local\Microsoft\XLive\Titles\534307ff\config.bin                                          20480 bytes
File            C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5451082D\config.bin                                          20480 bytes
File            C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5454083b\config.bin                                          20480 bytes
File            C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5454085c\config.bin                                          20480 bytes

---- EOF - GMER 1.0.15 ----
         
OTL:
Code:
ATTFilter
OTL logfile created on: 28/12/2010 00:09:13 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\Public\Desktop\MFtools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 14,48 Gb Free Space | 14,83% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 20,23 Gb Free Space | 2,17% Space Free | Partition Type: NTFS
Drive J: | 368,10 Gb Total Space | 56,58 Gb Free Space | 15,37% Space Free | Partition Type: NTFS
Drive M: | 465,76 Gb Total Space | 279,51 Gb Free Space | 60,01% Space Free | Partition Type: NTFS
 
Computer Name: BORSCHTI | User Name: Borschti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010/12/27 23:27:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2010/12/10 19:58:26 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/10 19:58:25 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010/12/10 14:53:49 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/21 10:30:39 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/21 10:30:39 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/02/08 18:46:10 | 008,505,888 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/28 15:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DriveLED\oodlag.exe
PRC - [2009/07/14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2005/01/14 16:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/12/27 23:27:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 02:16:20 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2009/07/14 02:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/12/10 14:53:49 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/08 12:24:46 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_aeec0f0.dll -- (Akamai)
SRV - [2010/11/21 10:30:39 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/05 13:22:20 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/09/28 15:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2006/06/01 19:56:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/01/14 16:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva343.sys -- (XDva343)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Borschti\AppData\Local\Temp\HIF7FBF.tmp -- (GarenaPEngine)
DRV - [2010/12/27 16:41:48 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/07 14:48:55 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/10 12:39:23 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/09/10 12:39:22 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/03/10 16:25:58 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/02/21 16:58:33 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/08 18:17:58 | 003,019,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/28 15:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\OODrvled.sys -- (OODrvled)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009/03/01 22:05:32 | 000,139,776 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2007/10/12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2007/02/12 16:55:56 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/10/18 18:48:38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311)
DRV - [2005/01/14 17:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/12/03 11:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/10/28 11:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 BB 60 30 0C B3 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005210720\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/08 06:34:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/27 00:02:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/27 00:02:32 | 000,000,000 | ---D | M]
 
[2010/02/21 16:54:34 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mozilla\Extensions
[2010/12/27 23:53:51 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mozilla\Firefox\Profiles\grpdhaue.default\extensions
[2010/12/18 15:42:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Borschti\AppData\Roaming\mozilla\Firefox\Profiles\grpdhaue.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/03/14 17:52:22 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mozilla\Firefox\Profiles\grpdhaue.default\extensions\battlefieldheroespatcher@ea.com
[2010/02/21 16:58:44 | 000,002,055 | ---- | M] () -- C:\Users\Borschti\AppData\Roaming\Mozilla\FireFox\Profiles\grpdhaue.default\searchplugins\daemon-search.xml
[2010/12/27 23:53:51 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010/09/17 14:05:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/09/17 14:05:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/09/17 14:05:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/09/17 14:05:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/09/17 14:05:42 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005210720\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Borschti\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/21 13:48:46 | 000,000,000 | ---- | M] () - J:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bc884b39-5455-11df-a460-0019dbe7e8ec}\Shell - "" = AutoRun
O33 - MountPoints2\{bc884b39-5455-11df-a460-0019dbe7e8ec}\Shell\AutoRun\command - "" = L:\Startme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/12/27 23:34:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/27 23:33:30 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010/12/27 23:29:09 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Roaming\Malwarebytes
[2010/12/27 23:29:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/27 23:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/27 23:28:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/27 23:28:58 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/12/27 23:27:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010/12/27 00:04:04 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010/12/27 00:02:18 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010/12/24 13:11:08 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Documents\Downloads
[2010/12/18 15:42:36 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/12/18 15:42:24 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010/12/16 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Documents\Bioshock2
[2010/12/16 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Roaming\Bioshock2
[2010/12/14 19:12:17 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Documents\Heroes of Newerth
[2010/12/09 14:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2010/12/09 14:40:51 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Local\Last.fm
[2010/12/09 14:40:48 | 000,000,000 | ---D | C] -- C:\Programme\Last.fm
[2010/12/02 15:22:07 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010/12/02 15:22:05 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010/11/30 22:00:16 | 000,000,000 | ---D | C] -- C:\Programme\Red Kawa
 
========== Files - Modified Within 30 Days ==========
 
[2010/12/27 23:59:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/27 23:50:13 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 23:50:13 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 23:42:58 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/27 23:42:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/27 23:42:46 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/27 23:42:01 | 000,000,020 | ---- | M] () -- C:\Users\Borschti\defogger_reenable
[2010/12/27 23:33:31 | 000,000,894 | ---- | M] () -- C:\Users\Borschti\Desktop\NTREGOPT.lnk
[2010/12/27 23:33:31 | 000,000,875 | ---- | M] () -- C:\Users\Borschti\Desktop\ERUNT.lnk
[2010/12/27 23:29:01 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/27 23:27:50 | 000,288,107 | ---- | M] () -- C:\Users\Borschti\Desktop\Gmer.zip
[2010/12/27 23:27:50 | 000,050,477 | ---- | M] () -- C:\Users\Borschti\Desktop\defogger.exe
[2010/12/27 23:26:18 | 000,472,152 | ---- | M] () -- C:\Users\Borschti\Desktop\Load.exe
[2010/12/27 16:41:48 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/12/27 11:20:33 | 000,664,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/12/27 11:20:33 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/27 11:20:33 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/12/27 11:20:33 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/27 00:13:44 | 002,726,124 | ---- | M] () -- C:\Users\Borschti\Desktop\kleines Mädchen 299.JPG
[2010/12/27 00:04:34 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/24 14:13:12 | 000,001,903 | ---- | M] () -- C:\Users\Borschti\Desktop\Mozilla Firefox.lnk
[2010/12/23 15:11:20 | 000,103,382 | ---- | M] () -- C:\Users\Borschti\Desktop\Getraenkekarte 2011.pdf
[2010/12/22 14:12:18 | 089,798,376 | ---- | M] () -- C:\Users\Borschti\Desktop\I Just Had Sex (feat. Akon)(1080p_H.264-AAC).mp4
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/09 14:40:50 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010/12/08 20:56:18 | 000,029,969 | ---- | M] () -- C:\Users\Borschti\Desktop\Effe.png
[2010/12/08 20:51:02 | 000,754,873 | ---- | M] () -- C:\Users\Borschti\Desktop\test.jpg
[2010/12/07 18:14:28 | 000,099,415 | ---- | M] () -- C:\Users\Borschti\Desktop\Fuehrerschein.PDF
[2010/12/07 14:48:55 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/12/05 22:00:30 | 000,120,320 | ---- | M] () -- C:\Users\Borschti\Desktop\Win7-Shutdown-Timer.exe
[2010/12/02 15:22:07 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/01 21:22:53 | 004,042,906 | ---- | M] () -- C:\Users\Borschti\Desktop\Ellie Goulding - Starry Eyed (Jakwob Remix).mp3
[2010/11/30 22:00:16 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Videora iPod touch Converter.lnk
 
========== Files Created - No Company Name ==========
 
[2010/12/27 23:45:07 | 000,296,448 | ---- | C] () -- C:\Users\Borschti\Desktop\gmer.exe
[2010/12/27 23:41:46 | 000,000,020 | ---- | C] () -- C:\Users\Borschti\defogger_reenable
[2010/12/27 23:33:31 | 000,000,894 | ---- | C] () -- C:\Users\Borschti\Desktop\NTREGOPT.lnk
[2010/12/27 23:33:31 | 000,000,875 | ---- | C] () -- C:\Users\Borschti\Desktop\ERUNT.lnk
[2010/12/27 23:29:01 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/27 23:27:50 | 000,050,477 | ---- | C] () -- C:\Users\Borschti\Desktop\defogger.exe
[2010/12/27 23:27:49 | 000,288,107 | ---- | C] () -- C:\Users\Borschti\Desktop\Gmer.zip
[2010/12/27 23:26:17 | 000,472,152 | ---- | C] () -- C:\Users\Borschti\Desktop\Load.exe
[2010/12/27 00:10:52 | 002,726,124 | ---- | C] () -- C:\Users\Borschti\Desktop\kleines Mädchen 299.JPG
[2010/12/27 00:04:34 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/26 12:54:50 | 000,099,415 | ---- | C] () -- C:\Users\Borschti\Desktop\Fuehrerschein.PDF
[2010/12/24 14:13:12 | 000,001,903 | ---- | C] () -- C:\Users\Borschti\Desktop\Mozilla Firefox.lnk
[2010/12/22 14:11:26 | 089,798,376 | ---- | C] () -- C:\Users\Borschti\Desktop\I Just Had Sex (feat. Akon)(1080p_H.264-AAC).mp4
[2010/12/15 20:03:05 | 000,103,382 | ---- | C] () -- C:\Users\Borschti\Desktop\Getraenkekarte 2011.pdf
[2010/12/09 14:40:50 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010/12/08 20:56:01 | 000,029,969 | ---- | C] () -- C:\Users\Borschti\Desktop\Effe.png
[2010/12/08 20:50:39 | 000,754,873 | ---- | C] () -- C:\Users\Borschti\Desktop\test.jpg
[2010/12/05 22:00:29 | 000,120,320 | ---- | C] () -- C:\Users\Borschti\Desktop\Win7-Shutdown-Timer.exe
[2010/12/02 15:22:07 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/01 20:58:10 | 004,042,906 | ---- | C] () -- C:\Users\Borschti\Desktop\Ellie Goulding - Starry Eyed (Jakwob Remix).mp3
[2010/11/30 22:00:16 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Videora iPod touch Converter.lnk
[2010/11/15 17:24:11 | 000,000,096 | ---- | C] () -- C:\Users\Borschti\AppData\Local\fusioncache.dat
[2010/10/17 18:27:55 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2010/09/30 16:49:45 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/09/29 17:03:23 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/09/23 17:53:53 | 000,000,565 | ---- | C] () -- C:\Users\Borschti\AppData\Roaming\myMPQ.ini
[2010/09/09 12:28:59 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/09/09 12:28:58 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/08/02 15:10:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/07/21 14:31:48 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010/06/13 19:52:30 | 000,017,408 | ---- | C] () -- C:\Users\Borschti\AppData\Local\WebpageIcons.db
[2010/05/31 21:50:17 | 000,001,611 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/05/29 15:55:07 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010/05/29 15:55:07 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010/05/29 09:51:04 | 000,603,648 | R--- | C] () -- C:\Windows\System32\1911.dll
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/03/14 17:57:57 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/14 17:57:56 | 000,138,056 | ---- | C] () -- C:\Users\Borschti\AppData\Roaming\PnkBstrK.sys
[2010/03/09 17:26:51 | 000,000,092 | ---- | C] () -- C:\Users\Borschti\AppData\Roaming\default.pls
[2009/11/16 14:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/10/12 00:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== LOP Check ==========
 
[2010/08/16 02:33:07 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\acccore
[2010/06/17 17:40:45 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Audacity
[2010/12/17 13:52:12 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Bioshock2
[2010/06/10 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\BitDefender
[2010/03/08 20:11:42 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\DAEMON Tools Lite
[2010/12/18 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/12/27 23:29:09 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Ecwoul
[2010/10/17 21:02:44 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\gtk-2.0
[2010/10/23 19:45:41 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Hardcore
[2010/08/08 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\HLSW
[2010/12/27 21:55:44 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\ICQ
[2010/08/11 21:18:38 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Leadertech
[2010/05/18 14:39:59 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\LolClient
[2010/04/17 22:01:39 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/07/09 18:54:44 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\MAXON
[2010/07/04 22:42:20 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mp3DirectCut
[2010/10/30 21:32:56 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Mp3tag
[2010/12/27 18:46:53 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Mumble
[2010/10/23 15:16:39 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\PACE Anti-Piracy
[2010/07/04 16:05:19 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Publish Providers
[2010/12/27 23:39:23 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Reaf
[2010/07/06 14:27:28 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Sony
[2010/08/05 21:55:52 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Sony Creative Software
[2010/04/30 14:34:57 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Sony Setup
[2010/04/29 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Teleca
[2010/05/18 14:34:48 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\TS3Client
[2010/02/21 17:57:15 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\TuneUp Software
[2010/10/16 14:09:00 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Ubisoft
[2010/05/25 15:04:57 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Wuala
[2010/11/21 10:46:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1362 bytes -> C:\ProgramData\Microsoft:tQSggL5NNsEWjfkn381qrbh
@Alternate Data Stream - 1298 bytes -> C:\ProgramData\Microsoft:QJqAcGcqbqH46UIf8X
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 1209 bytes -> C:\ProgramData\Microsoft:iSqKuAZJnohUs9DMNi6MlbuW

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 28/12/2010 00:09:13 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\Public\Desktop\MFtools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 14,48 Gb Free Space | 14,83% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 20,23 Gb Free Space | 2,17% Space Free | Partition Type: NTFS
Drive J: | 368,10 Gb Total Space | 56,58 Gb Free Space | 15,37% Space Free | Partition Type: NTFS
Drive M: | 465,76 Gb Total Space | 279,51 Gb Free Space | 60,01% Space Free | Partition Type: NTFS
 
Computer Name: BORSCHTI | User Name: Borschti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C3AE9EB-2F0A-451E-A5E4-2BF6AFF21FB9}" = PC Suite for Sony Ericsson
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}" = Tom Clancy's Splinter Cell Chaos Theory
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCAF3D46-3BDA-441F-97B9-3878ACD0CD4F}_is1" = Half-Life 2 (Addon) DZ
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3C80E77-E549-4F76-BC07-61DDBD950345}" = Silent Hill 2 - Directors Cut
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EDB32FFB-FC1C-414B-BF8E-4645217E9AF2}" = League of Legends
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F61DD673-0030-4BB2-A382-7E57E97F1031}" = Nero 7 Essentials
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"43390D7CA42BD8A4396797BE668489DD178C15E4" = Windows-Treiberpaket - Parallax Inc CDM Driver Package (02/17/2009 2.04.16)
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"7C647F24829963C4E203822A80E734EACA726FD7" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"7-Zip" = 7-Zip 9.15 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CINEMA 4D Release 11" = CINEMA 4D Release 11
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Drumaxx" = Drumaxx
"EA Download Manager" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"F.E.A.R. 2 Project Origin_is1" = F.E.A.R. 2 Project Origin
"Fallout New Vegas_is1" = Fallout New Vegas
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Garena" = Garena 2010
"GCFScape_is1" = GCFScape 1.8.0
"Hardcore" = Hardcore
"HLSW_is1" = HLSW v1.3.3.7b
"hon" = Heroes of Newerth
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.27091
"League of Legends_is1" = League of Legends
"Magic Bullet Looks Vegas" = Magic Bullet Looks Vegas
"Magic Bullet LooksBuilder" = Magic Bullet LooksBuilder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP3-Cutter" = MP3-Cutter
"Mp3tag" = Mp3tag v2.46a
"Mumble" = Mumble and Murmur
"NET Render Release 11" = NET Render Release 11
"NewBlue 3D Explosions for Vegas" = NewBlue 3D Explosions for Vegas
"NewBlue 3D Transformations for Vegas" = NewBlue 3D Transformations for Vegas
"NewBlue Art Blends 2.0 for Vegas" = NewBlue Art Blends 2.0 for Vegas
"NewBlue Art Effects 2.0 for Vegas" = NewBlue Art Effects 2.0 for Vegas
"NewBlue Film Effects for Vegas" = NewBlue Film Effects for Vegas
"NewBlue Motion Blends 2.0 for Vegas" = NewBlue Motion Blends 2.0 for Vegas
"NewBlue Motion Effects 2.0 for Vegas" = NewBlue Motion Effects 2.0 for Vegas
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PluginPac" = DebugMode PluginPac (remove only)
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"Sakura" = Sakura
"Sawer" = Sawer
"Shop for HP Supplies" = Shop for HP Supplies
"SpiceMASTER 2.5 PRO for Vegas" = SpiceMASTER 2.5 PRO for Vegas
"STANDARD" = Microsoft Office Standard 2007
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"StarCraft II" = StarCraft II
"Steam App 205" = Source Dedicated Server
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 400" = Portal
"Steam App 630" = Alien Swarm
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Toxic Biohazard" = Toxic Biohazard
"Trapcode Particular v2" = Trapcode Particular v2
"Trapcode Shine" = Trapcode Shine
"Trapcode Starglow" = Trapcode Starglow
"Uninstall_is1" = Uninstall 1.0.0.1
"Videora iPod touch Converter" = Videora iPod touch Converter 6
"VLC media player" = VLC media player 1.1.0
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20/09/2010 13:28:38 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 21/09/2010 12:03:12 | Computer Name = Borschti | Source = VSS | ID = 8194
Description = 
 
Error - 22/09/2010 16:18:20 | Computer Name = Borschti | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Installer.exe, Version: 0.0.0.0, 
Zeitstempel: 0x4c99a19c  Name des fehlerhaften Moduls: Installer.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4c99a19c  Ausnahmecode: 0xc0000006  Fehleroffset: 0x001383e2  ID des fehlerhaften
 Prozesses: 0x46c  Startzeit der fehlerhaften Anwendung: 0x01cb5a9139f41bae  Pfad der
 fehlerhaften Anwendung: K:\Installer.exe  Pfad des fehlerhaften Moduls: K:\Installer.exe
Berichtskennung:
 8a804f98-c686-11df-884d-0019dbe7e8ec
 
Error - 22/09/2010 16:18:20 | Computer Name = Borschti | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm Installer.exe wurde wegen dieses Fehlers geschlossen.

Programm:
 Installer.exe  Datei:     Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
 Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und   - diese sich im Netzwerk 
befindet,   dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.   - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
   Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, 
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: C0000102  Datenträgertyp: 0
 
Error - 23/09/2010 13:14:30 | Computer Name = Borschti | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.0.0.16117 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ea0    Startzeit: 
01cb5b3ffdba54fd    Endzeit: 86    Anwendungspfad: J:\StarCraft II\Versions\Base15405\SC2.exe

Berichts-ID:
   
 
Error - 24/09/2010 11:02:16 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 196: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 24/09/2010 11:21:28 | Computer Name = Borschti | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 24/09/2010 13:17:29 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 24/09/2010 13:18:49 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 24/09/2010 17:13:12 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
[ System Events ]
Error - 27/12/2010 18:29:58 | Computer Name = Borschti | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 27/12/2010 18:30:50 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
 
Error - 27/12/2010 18:30:53 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 27/12/2010 18:31:20 | Computer Name = Borschti | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sfdrv01  sfsync02
 
Error - 27/12/2010 18:40:07 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
 
Error - 27/12/2010 18:40:10 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 27/12/2010 18:40:36 | Computer Name = Borschti | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sfdrv01  sfsync02
 
Error - 27/12/2010 18:42:40 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
 
Error - 27/12/2010 18:42:43 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 27/12/2010 18:43:09 | Computer Name = Borschti | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sfdrv01  sfsync02
 
 
< End of report >
         
Hoffe ich habe alles richtig gemacht mit den Logs und ihr könnt was damit anfangen

Alt 28.12.2010, 18:27   #2
rea
/// Helfer-Team
 
TR/ATRAPS.gen in 0070.DLL gefunden - Standard

TR/ATRAPS.gen in 0070.DLL gefunden



Hallo Borschti und willkommen am Trojaner Board!



Vorweg ein paar Hinweise (Bitte beachten!):

  • Lies meine Anleitung für dich sorgfältig durch, bevor du beginnst. Führe alle Schritte unbedingt der Reihe nach aus, da manchmal der eine Punkt den anderen voraussetzt.
  • Wenn dir etwas im Verlauf der Bereinigung unklar ist, frage bitte in deinem Thread nach, bevor du weitermachst.
  • Lade alle hier angeordneten Programme nur durch die jeweiligen Links herunter! Wenn ein Link nicht funktionieren sollte, melde dich bitte.
  • Installiere während der Bereinigung keine weiteren Programme, ausser denen, die wir dir für die Bereinigung anordnen.
  • Berichte zu jedem Schritt, ob Du ihn abgearbeitet hast, bzw. ob und welche Probleme dabei aufgetreten sind.
  • Sollten beim Abarbeiten der Anleitung Probleme auftauchen, bitte vorerst nicht weitermachen, sondern stoppen und das Problem hier im Thread schildern.
  • Editiere alle persönlichen Daten wie z.B. vollständige Namen realer und privater Personen aus den geforderten Logfiles, bevor du sie postest.
  • Und falls eine Antwort mal länger dauern wird, freu ich mich auch über einen hinweis



Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung:





Avira Antivir - Was wurde gefunden?

Damit wir uns die Funde deines Antivirenprogrammes mal genau ansehen können, gehe bitte wie folgt vor:
  • Starte Avira Antivir
  • Unter dem Reiter Übersicht auf Ereignisse klicken
  • Dort bitte überprüfen, dass oben Alle angehakt sind und unter Filter nur das Kästchen Fund, die anderen bitte auslassen.
  • Alle Funde markieren (Sofern vorhanden)
  • Oben auf den runden Pfeil klicken (Ausgewählte Ereignisse exportieren)
  • Unter dem vorgegebenen Namen abspeichern und den Inhalt dieser .txt-Datei hier ebenfalls posten.



Ich schau mir in der Zwischenzeit deine Logfiles durch
__________________

__________________

Alt 28.12.2010, 21:56   #3
rea
/// Helfer-Team
 
TR/ATRAPS.gen in 0070.DLL gefunden - Standard

TR/ATRAPS.gen in 0070.DLL gefunden



So geht es dann weiter:


1.) Software deinstallieren
  • -> Start
  • -> Systemsteuerung
  • -> Programme und Funktionen
  • -> Programm deinstallieren
  • Wähle nun jeweils eine Software aus:
    Code:
    ATTFilter
    ICQ Toolbar
             
  • -> ändern/entfernen und deinstallieren.


Deinstalliere bitte jede Software aus dieser Liste, die vorhanden ist.





2.) Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-&Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

    Code:
    ATTFilter
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva343.sys -- (XDva343)
    IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O4 - HKCU..\Run: [AdobeBridge]  File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O33 - MountPoints2\{bc884b39-5455-11df-a460-0019dbe7e8ec}\Shell - "" = AutoRun
    O33 - MountPoints2\{bc884b39-5455-11df-a460-0019dbe7e8ec}\Shell\AutoRun\command - "" = L:\Startme.exe -- File not found
    @Alternate Data Stream - 1362 bytes -> C:\ProgramData\Microsoft:tQSggL5NNsEWjfkn381qrbh
    @Alternate Data Stream - 1298 bytes -> C:\ProgramData\Microsoft:QJqAcGcqbqH46UIf8X
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 1209 bytes -> C:\ProgramData\Microsoft:iSqKuAZJnohUs9DMNi6MlbuW
    :Files
    C:\Windows\System32\0070.DLL 
    C:\sjdfnhsjfk.exe\sjdfnhsjfk.exe 
    C:\sjdfnhsjfk.exe\config.bin
    C:\sjdfnhsjfk.exe
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "sjdfnhsjfk.exe"=-
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
             
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf OK.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.





3.) Einstellungen prüfen unter Windows 7

Stelle sicher, dass bei dir alle Ordner, Dateien und Laufwerke angezeigt werden:
  • Starte den Windows Explorer (Rechtsklick auf Start -> Explorer)
  • => Organisieren
  • => Ordner- und Suchoptionen
  • => Ansicht
  • => Dateien und Ordner
  • Ändere folgende Einstellungen:
    • Entferne den Haken bei
      • Erweiterungen bei bekannten Dateitypen ausblenden
      • Geschützte Systemdateien ausblenden
    • Setze den Haken bei
      • Immer Menü anzeigen
      • Laufwerksbuchstaben anzeigen
      • Leere Laufwerke im Ordner Computer ausblenden
    • Unter "Versteckte Dateien und Ordner" setzt du den Punkt bei
      • Ausgeblendete Dateien, Ordner und Laufwerke anzeigen

Sobald wir fertig sind mit der Bereinigung kannst du die Einstellungen wieder zurücksetzen.





4.) Dateiüberprüfung auf Virustotal
Besuche Virustotal
Suche dort nacheinander folgende Dateien und lade sie über den Button "Send file" hoch.
Code:
ATTFilter
C:\Windows\System32\1911.dll
C:\Users\***\AppData\Local\Microsoft\XLive\Titles\434307f7\config.bin
C:\Users\***\AppData\Local\Microsoft\XLive\Titles\534307ff\config.bin
C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5451082D\config.bin
C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5454083b\config.bin
C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5454085c\config.bin
         
Die Überprüfung kann jeweils einige Minuten dauern. Wenn die Datei bereits von anderen Usern geprüft wurde, lasse sie erneut prüfen. Poste mir die Ergebnisse mit Kopf und allem in Codetags hier in den Thread.
Wenn eine Datei nicht zu finden ist, sag mir bitte Bescheid.





5.) Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.






Poste bitte in deiner nächsten Antwort:
  • Das Logfile vom OTL-Fix (Schritt 2)
  • Die Ergebnisse der Datei-Überprüfungen auf Virustotal (Schritt 4)
  • Die beiden neu erstellten Logfiles von OTL - Otl.txt & Extras.txt (Schritt 5)
__________________
__________________

Alt 29.12.2010, 02:35   #4
Borschti
 
TR/ATRAPS.gen in 0070.DLL gefunden - Standard

TR/ATRAPS.gen in 0070.DLL gefunden



Guten Abend oder eher guten Morgen? Naja wie auch immer. Ich habe deine Anweisungen gefolgt und bin auch sehr froh über deine Antworten und Ratschläge.
Ich poste jetzt einfach mal die besagten logs

1. Avira Antivir - Was wurde gefunden?
Code:
ATTFilter
Exportierte Ereignisse:

27/12/2010 23:27 [Guard] Malware gefunden
      In der Datei 'C:\Windows\System32\0070.DLL'
      wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         
2. Das Logfile vom OTL-Fix (Schritt 2)
Code:
ATTFilter
All processes killed
========== OTL ==========
Service XDva343 stopped successfully!
Service XDva343 deleted successfully!
File C:\Windows\System32\XDva343.sys not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc884b39-5455-11df-a460-0019dbe7e8ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc884b39-5455-11df-a460-0019dbe7e8ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc884b39-5455-11df-a460-0019dbe7e8ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc884b39-5455-11df-a460-0019dbe7e8ec}\ not found.
File L:\Startme.exe not found.
ADS C:\ProgramData\Microsoft:tQSggL5NNsEWjfkn381qrbh deleted successfully.
ADS C:\ProgramData\Microsoft:QJqAcGcqbqH46UIf8X deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Microsoft:iSqKuAZJnohUs9DMNi6MlbuW deleted successfully.
========== FILES ==========
File\Folder C:\Windows\System32\0070.DLL not found.
File\Folder C:\sjdfnhsjfk.exe\sjdfnhsjfk.exe not found.
C:\sjdfnhsjfk.exe\config.bin moved successfully.
C:\sjdfnhsjfk.exe folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\sjdfnhsjfk.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Borschti
->Temp folder emptied: 28009 bytes
->Temporary Internet Files folder emptied: 1913657 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55190805 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1598 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38251 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 55,00 mb
 

 
OTL by OldTimer - Version 3.2.18.0 log created on 12292010_015220

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
3. Die Ergebnisse der Datei-Überprüfungen auf Virustotal (Schritt 4)
3.1 C:\Windows\System32\1911.dll
Code:
ATTFilter
Antivirus 	Version 	Last update 	Result
AhnLab-V3 	2010.12.29.00 	2010.12.28 	-
AntiVir 	7.11.0.211 	2010.12.28 	-
Antiy-AVL 	2.0.3.7 	2010.12.29 	-
Avast 	4.8.1351.0 	2010.12.28 	-
Avast5 	5.0.677.0 	2010.12.28 	-
AVG 	9.0.0.851 	2010.12.29 	-
BitDefender 	7.2 	2010.12.29 	-
CAT-QuickHeal 	11.00 	2010.12.28 	-
ClamAV 	0.96.4.0 	2010.12.29 	-
Command 	5.2.11.5 	2010.12.28 	-
Comodo 	7220 	2010.12.28 	-
DrWeb 	5.0.2.03300 	2010.12.29 	-
Emsisoft 	5.1.0.1 	2010.12.28 	-
eSafe 	7.0.17.0 	2010.12.28 	-
eTrust-Vet 	36.1.8067 	2010.12.28 	-
F-Prot 	4.6.2.117 	2010.12.28 	-
F-Secure 	9.0.16160.0 	2010.12.29 	-
Fortinet 	4.2.254.0 	2010.12.28 	-
GData 	21 	2010.12.29 	-
Ikarus 	T3.1.1.90.0 	2010.12.28 	-
Jiangmin 	13.0.900 	2010.12.28 	-
K7AntiVirus 	9.75.3372 	2010.12.28 	-
Kaspersky 	7.0.0.125 	2010.12.28 	-
McAfee 	5.400.0.1158 	2010.12.29 	-
McAfee-GW-Edition 	2010.1C 	2010.12.28 	-
Microsoft 	1.6402 	2010.12.28 	-
NOD32 	5740 	2010.12.28 	-
Norman 	6.06.12 	2010.12.28 	-
nProtect 	2010-12-28.01 	2010.12.28 	-
Panda 	10.0.2.7 	2010.12.28 	-
PCTools 	7.0.3.5 	2010.12.29 	-
Prevx 	3.0 	2010.12.29 	-
Rising 	22.80.01.03 	2010.12.28 	-
Sophos 	4.60.0 	2010.12.29 	-
SUPERAntiSpyware 	4.40.0.1006 	2010.12.29 	-
Symantec 	20101.3.0.103 	2010.12.28 	-
TheHacker 	6.7.0.1.106 	2010.12.27 	-
TrendMicro 	9.120.0.1004 	2010.12.28 	-
TrendMicro-HouseCall 	9.120.0.1004 	2010.12.29 	-
VBA32 	3.12.14.2 	2010.12.28 	-
VIPRE 	7867 	2010.12.29 	-
ViRobot 	2010.12.28.4225 	2010.12.28 	-
VirusBuster 	13.6.117.0 	2010.12.28 	-
MD5: 2607990427fe13e1da9e512e5df92d5e
SHA1: 419caccb0527411f2576fd4806b714e74299ea10
SHA256: c18b4262f334c6a56b5f01e81601a0c45a69277b8eeef7ede8a6f8f632eb36cd
File size: 603648 bytes
Scan date: 2010-12-29 01:02:52 (UTC)
         
3.2 C:\Users\***\AppData\Local\Microsoft\XLive\Titles\434307f7\config.bin
Code:
ATTFilter
Antivirus 	Version 	Last update 	Result
AhnLab-V3 	2010.12.29.00 	2010.12.28 	-
AntiVir 	7.11.0.211 	2010.12.28 	-
Antiy-AVL 	2.0.3.7 	2010.12.29 	-
Avast 	4.8.1351.0 	2010.12.28 	-
Avast5 	5.0.677.0 	2010.12.28 	-
BitDefender 	7.2 	2010.12.29 	-
CAT-QuickHeal 	11.00 	2010.12.28 	-
ClamAV 	0.96.4.0 	2010.12.29 	-
Command 	5.2.11.5 	2010.12.28 	-
Comodo 	7220 	2010.12.28 	-
DrWeb 	5.0.2.03300 	2010.12.29 	-
Emsisoft 	5.1.0.1 	2010.12.28 	-
eSafe 	7.0.17.0 	2010.12.28 	-
eTrust-Vet 	36.1.8067 	2010.12.28 	-
F-Prot 	4.6.2.117 	2010.12.28 	-
F-Secure 	9.0.16160.0 	2010.12.29 	-
Fortinet 	4.2.254.0 	2010.12.28 	-
GData 	21 	2010.12.29 	-
Ikarus 	T3.1.1.90.0 	2010.12.28 	-
Jiangmin 	13.0.900 	2010.12.28 	-
K7AntiVirus 	9.75.3372 	2010.12.28 	-
Microsoft 	1.6402 	2010.12.28 	-
NOD32 	5740 	2010.12.28 	-
Norman 	6.06.12 	2010.12.28 	-
nProtect 	2010-12-28.01 	2010.12.28 	-
Panda 	10.0.2.7 	2010.12.28 	-
PCTools 	7.0.3.5 	2010.12.29 	-
Prevx 	3.0 	2010.12.29 	-
Rising 	22.80.01.03 	2010.12.28 	-
Sophos 	4.60.0 	2010.12.29 	-
SUPERAntiSpyware 	4.40.0.1006 	2010.12.29 	-
Symantec 	20101.3.0.103 	2010.12.28 	-
TheHacker 	6.7.0.1.106 	2010.12.27 	-
TrendMicro 	9.120.0.1004 	2010.12.28 	-
TrendMicro-HouseCall 	9.120.0.1004 	2010.12.29 	-
VBA32 	3.12.14.2 	2010.12.28 	-
VIPRE 	7867 	2010.12.29 	-
ViRobot 	2010.12.28.4225 	2010.12.28 	-
VirusBuster 	13.6.117.0 	2010.12.28 	-
MD5: 76a43013dd1dfdedfdbc928b8360026b
SHA1: 4e29b07134c4528d13ab1f9ea41900a36e45f638
SHA256: aff466c79aa8bd06c4953db64b987df1a4819474d8fff676612e877d8aba71a7
File size: 20480 bytes
Scan date: 2010-12-29 01:05:24 (UTC)
         
3.3 C:\Users\***\AppData\Local\Microsoft\XLive\Titles\534307ff\config.bin
Code:
ATTFilter
Antivirus 	Version 	Last update 	Result
AhnLab-V3 	2010.12.29.00 	2010.12.28 	-
AntiVir 	7.11.0.211 	2010.12.28 	-
Antiy-AVL 	2.0.3.7 	2010.12.29 	-
Avast 	4.8.1351.0 	2010.12.28 	-
Avast5 	5.0.677.0 	2010.12.28 	-
AVG 	9.0.0.851 	2010.12.29 	-
BitDefender 	7.2 	2010.12.29 	-
CAT-QuickHeal 	11.00 	2010.12.28 	-
ClamAV 	0.96.4.0 	2010.12.29 	-
Command 	5.2.11.5 	2010.12.28 	-
Comodo 	7220 	2010.12.28 	-
DrWeb 	5.0.2.03300 	2010.12.29 	-
Emsisoft 	5.1.0.1 	2010.12.28 	-
eSafe 	7.0.17.0 	2010.12.28 	-
eTrust-Vet 	36.1.8067 	2010.12.28 	-
F-Prot 	4.6.2.117 	2010.12.28 	-
F-Secure 	9.0.16160.0 	2010.12.29 	-
Fortinet 	4.2.254.0 	2010.12.28 	-
GData 	21 	2010.12.29 	-
Ikarus 	T3.1.1.90.0 	2010.12.28 	-
Jiangmin 	13.0.900 	2010.12.28 	-
K7AntiVirus 	9.75.3372 	2010.12.28 	-
Kaspersky 	7.0.0.125 	2010.12.28 	-
McAfee 	5.400.0.1158 	2010.12.29 	-
McAfee-GW-Edition 	2010.1C 	2010.12.28 	-
Microsoft 	1.6402 	2010.12.28 	-
NOD32 	5740 	2010.12.28 	-
Norman 	6.06.12 	2010.12.28 	-
nProtect 	2010-12-28.01 	2010.12.28 	-
Panda 	10.0.2.7 	2010.12.28 	-
PCTools 	7.0.3.5 	2010.12.29 	-
Prevx 	3.0 	2010.12.29 	-
Rising 	22.80.01.03 	2010.12.28 	-
Sophos 	4.60.0 	2010.12.29 	-
SUPERAntiSpyware 	4.40.0.1006 	2010.12.29 	-
Symantec 	20101.3.0.103 	2010.12.28 	-
TheHacker 	6.7.0.1.106 	2010.12.27 	-
TrendMicro 	9.120.0.1004 	2010.12.28 	-
TrendMicro-HouseCall 	9.120.0.1004 	2010.12.29 	-
VBA32 	3.12.14.2 	2010.12.28 	-
VIPRE 	7867 	2010.12.29 	-
ViRobot 	2010.12.28.4225 	2010.12.28 	-
VirusBuster 	13.6.117.0 	2010.12.28 	-
MD5: 07e9d5c14af87babe183bdf391df98bf
SHA1: 2b9ac26330fa2030c506145dbb17dc77e2c3822f
SHA256: 69b208dbd3a4ae1b110f772b54c65b718f3f652478e29969bcf5ce3ed0f10c10
File size: 20480 bytes
Scan date: 2010-12-29 01:12:47 (UTC)
         
3.4 C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5451082D\config.bin
Code:
ATTFilter
Antivirus 	Version 	Last update 	Result
AhnLab-V3 	2010.12.29.00 	2010.12.28 	-
AntiVir 	7.11.0.211 	2010.12.28 	-
Antiy-AVL 	2.0.3.7 	2010.12.29 	-
Avast 	4.8.1351.0 	2010.12.28 	-
Avast5 	5.0.677.0 	2010.12.28 	-
AVG 	9.0.0.851 	2010.12.29 	-
BitDefender 	7.2 	2010.12.29 	-
CAT-QuickHeal 	11.00 	2010.12.28 	-
ClamAV 	0.96.4.0 	2010.12.29 	-
Command 	5.2.11.5 	2010.12.28 	-
Comodo 	7220 	2010.12.28 	-
DrWeb 	5.0.2.03300 	2010.12.29 	-
Emsisoft 	5.1.0.1 	2010.12.28 	-
eSafe 	7.0.17.0 	2010.12.28 	-
eTrust-Vet 	36.1.8067 	2010.12.28 	-
F-Prot 	4.6.2.117 	2010.12.28 	-
F-Secure 	9.0.16160.0 	2010.12.29 	-
Fortinet 	4.2.254.0 	2010.12.28 	-
GData 	21 	2010.12.29 	-
Ikarus 	T3.1.1.90.0 	2010.12.28 	-
Jiangmin 	13.0.900 	2010.12.28 	-
K7AntiVirus 	9.75.3372 	2010.12.28 	-
Kaspersky 	7.0.0.125 	2010.12.28 	-
McAfee 	5.400.0.1158 	2010.12.29 	-
McAfee-GW-Edition 	2010.1C 	2010.12.28 	-
Microsoft 	1.6402 	2010.12.28 	-
NOD32 	5740 	2010.12.28 	-
Norman 	6.06.12 	2010.12.28 	-
nProtect 	2010-12-28.01 	2010.12.28 	-
Panda 	10.0.2.7 	2010.12.28 	-
PCTools 	7.0.3.5 	2010.12.29 	-
Prevx 	3.0 	2010.12.29 	-
Rising 	22.80.01.03 	2010.12.28 	-
Sophos 	4.60.0 	2010.12.29 	-
SUPERAntiSpyware 	4.40.0.1006 	2010.12.29 	-
Symantec 	20101.3.0.103 	2010.12.28 	-
TheHacker 	6.7.0.1.106 	2010.12.27 	-
TrendMicro 	9.120.0.1004 	2010.12.28 	-
TrendMicro-HouseCall 	9.120.0.1004 	2010.12.29 	-
VBA32 	3.12.14.2 	2010.12.28 	-
VIPRE 	7867 	2010.12.29 	-
ViRobot 	2010.12.28.4225 	2010.12.28 	-
VirusBuster 	13.6.117.0 	2010.12.28 	-
MD5: 07e9d5c14af87babe183bdf391df98bf
SHA1: 2b9ac26330fa2030c506145dbb17dc77e2c3822f
SHA256: 69b208dbd3a4ae1b110f772b54c65b718f3f652478e29969bcf5ce3ed0f10c10
File size: 20480 bytes
Scan date: 2010-12-29 01:16:03 (UTC)
         
3.5 C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5454083b\config.bin
Code:
ATTFilter
Antivirus 	Version 	Last update 	Result
AhnLab-V3 	2010.12.29.00 	2010.12.28 	-
AntiVir 	7.11.0.211 	2010.12.28 	-
Antiy-AVL 	2.0.3.7 	2010.12.29 	-
Avast 	4.8.1351.0 	2010.12.28 	-
Avast5 	5.0.677.0 	2010.12.28 	-
AVG 	9.0.0.851 	2010.12.29 	-
BitDefender 	7.2 	2010.12.29 	-
CAT-QuickHeal 	11.00 	2010.12.28 	-
ClamAV 	0.96.4.0 	2010.12.29 	-
Command 	5.2.11.5 	2010.12.28 	-
Comodo 	7220 	2010.12.28 	-
DrWeb 	5.0.2.03300 	2010.12.29 	-
Emsisoft 	5.1.0.1 	2010.12.28 	-
eSafe 	7.0.17.0 	2010.12.28 	-
eTrust-Vet 	36.1.8067 	2010.12.28 	-
F-Prot 	4.6.2.117 	2010.12.28 	-
F-Secure 	9.0.16160.0 	2010.12.29 	-
Fortinet 	4.2.254.0 	2010.12.28 	-
GData 	21 	2010.12.29 	-
Ikarus 	T3.1.1.90.0 	2010.12.28 	-
Jiangmin 	13.0.900 	2010.12.28 	-
K7AntiVirus 	9.75.3372 	2010.12.28 	-
Kaspersky 	7.0.0.125 	2010.12.28 	-
McAfee 	5.400.0.1158 	2010.12.29 	-
McAfee-GW-Edition 	2010.1C 	2010.12.28 	-
Microsoft 	1.6402 	2010.12.28 	-
NOD32 	5740 	2010.12.28 	-
Norman 	6.06.12 	2010.12.28 	-
nProtect 	2010-12-28.01 	2010.12.28 	-
Panda 	10.0.2.7 	2010.12.28 	-
PCTools 	7.0.3.5 	2010.12.29 	-
Prevx 	3.0 	2010.12.29 	-
Rising 	22.80.01.03 	2010.12.28 	-
Sophos 	4.60.0 	2010.12.29 	-
SUPERAntiSpyware 	4.40.0.1006 	2010.12.29 	-
Symantec 	20101.3.0.103 	2010.12.28 	-
TheHacker 	6.7.0.1.106 	2010.12.27 	-
TrendMicro 	9.120.0.1004 	2010.12.28 	-
TrendMicro-HouseCall 	9.120.0.1004 	2010.12.29 	-
VBA32 	3.12.14.2 	2010.12.28 	-
VIPRE 	7867 	2010.12.29 	-
ViRobot 	2010.12.28.4225 	2010.12.28 	-
VirusBuster 	13.6.117.0 	2010.12.28 	-
MD5: 20ca8f701c78f240a80053e5fe6c5a9a
SHA1: 2a3886ab2a5484eb0d6062b29bcedd645cdebe98
SHA256: 027a4e22fd471c0af9cdc63c26bda32f9c73fdacf64eb714fbe7039e1bd799df
File size: 20480 bytes
Scan date: 2010-12-29 01:18:43 (UTC)
         
3.6 C:\Users\***\AppData\Local\Microsoft\XLive\Titles\5454085c\config.bin
Code:
ATTFilter
Antivirus 	Version 	Last update 	Result
AhnLab-V3 	2010.12.29.00 	2010.12.28 	-
AntiVir 	7.11.0.211 	2010.12.28 	-
Antiy-AVL 	2.0.3.7 	2010.12.29 	-
Avast 	4.8.1351.0 	2010.12.28 	-
Avast5 	5.0.677.0 	2010.12.28 	-
AVG 	9.0.0.851 	2010.12.29 	-
BitDefender 	7.2 	2010.12.29 	-
CAT-QuickHeal 	11.00 	2010.12.28 	-
ClamAV 	0.96.4.0 	2010.12.29 	-
Command 	5.2.11.5 	2010.12.29 	-
Comodo 	7220 	2010.12.28 	-
DrWeb 	5.0.2.03300 	2010.12.29 	-
Emsisoft 	5.1.0.1 	2010.12.28 	-
eSafe 	7.0.17.0 	2010.12.28 	-
eTrust-Vet 	36.1.8067 	2010.12.28 	-
F-Prot 	4.6.2.117 	2010.12.28 	-
F-Secure 	9.0.16160.0 	2010.12.29 	-
Fortinet 	4.2.254.0 	2010.12.28 	-
GData 	21 	2010.12.29 	-
Ikarus 	T3.1.1.90.0 	2010.12.28 	-
Jiangmin 	13.0.900 	2010.12.28 	-
K7AntiVirus 	9.75.3372 	2010.12.28 	-
Kaspersky 	7.0.0.125 	2010.12.28 	-
McAfee 	5.400.0.1158 	2010.12.29 	-
McAfee-GW-Edition 	2010.1C 	2010.12.28 	-
Microsoft 	1.6402 	2010.12.28 	-
NOD32 	5740 	2010.12.28 	-
Norman 	6.06.12 	2010.12.28 	-
nProtect 	2010-12-28.01 	2010.12.28 	-
Panda 	10.0.2.7 	2010.12.28 	-
PCTools 	7.0.3.5 	2010.12.29 	-
Prevx 	3.0 	2010.12.29 	-
Rising 	22.80.01.03 	2010.12.28 	-
Sophos 	4.60.0 	2010.12.29 	-
SUPERAntiSpyware 	4.40.0.1006 	2010.12.29 	-
Symantec 	20101.3.0.103 	2010.12.28 	-
TheHacker 	6.7.0.1.106 	2010.12.27 	-
TrendMicro 	9.120.0.1004 	2010.12.28 	-
TrendMicro-HouseCall 	9.120.0.1004 	2010.12.29 	-
VBA32 	3.12.14.2 	2010.12.28 	-
VIPRE 	7867 	2010.12.29 	-
ViRobot 	2010.12.28.4225 	2010.12.28 	-
VirusBuster 	13.6.117.0 	2010.12.28 	-
MD5: 42961f45b0d402ad9cd9b2a66476b761
SHA1: a50aa9c4e3b3135229561c2357901abef1fdaf10
SHA256: 9561b107673e44dd973ec090c773f2d6bbc4fbfc4dfc120fb89160c9bff0f9df
File size: 20480 bytes
Scan date: 2010-12-29 01:20:37 (UTC)
         
4. Die beiden neu erstellten Logfiles von OTL - Otl.txt & Extras.txt (Schritt 5)
4.1 Otl.txt
Code:
ATTFilter
OTL logfile created on: 29/12/2010 02:25:24 - Run 2
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\Borschti\Desktop\trojaner-board tools\MFtools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 24,59 Gb Free Space | 25,18% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 10,10 Gb Free Space | 1,08% Space Free | Partition Type: NTFS
Drive J: | 368,10 Gb Total Space | 56,50 Gb Free Space | 15,35% Space Free | Partition Type: NTFS
Drive M: | 465,76 Gb Total Space | 279,51 Gb Free Space | 60,01% Space Free | Partition Type: NTFS
 
Computer Name: BORSCHTI | User Name: Borschti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010/12/27 23:27:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Borschti\Desktop\trojaner-board tools\MFtools\OTL.exe
PRC - [2010/12/10 19:58:26 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/10 19:58:25 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010/12/10 14:53:49 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/21 10:30:39 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/21 10:30:39 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/02/08 18:46:10 | 008,505,888 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/28 15:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DriveLED\oodlag.exe
PRC - [2009/07/14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2005/01/14 16:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/12/27 23:27:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Borschti\Desktop\trojaner-board tools\MFtools\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/12/10 14:53:49 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/08 12:24:46 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_aeec0f0.dll -- (Akamai)
SRV - [2010/11/21 10:30:39 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/05 13:22:20 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/28 15:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2006/06/01 19:56:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/01/14 16:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Borschti\AppData\Local\Temp\HIF7FBF.tmp -- (GarenaPEngine)
DRV - [2010/12/27 16:41:48 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/07 14:48:55 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/10 12:39:23 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/09/10 12:39:22 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/07/10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/03/10 16:25:58 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/02/21 16:58:33 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/08 18:17:58 | 003,019,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/28 15:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\OODrvled.sys -- (OODrvled)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009/03/01 22:05:32 | 000,139,776 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2007/10/12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2007/02/12 16:55:56 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/10/18 18:48:38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311)
DRV - [2005/01/14 17:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/12/03 11:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/10/28 11:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 BB 60 30 0C B3 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/08 06:34:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/27 00:02:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/27 00:02:32 | 000,000,000 | ---D | M]
 
[2010/02/21 16:54:34 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mozilla\Extensions
[2010/12/29 02:03:54 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mozilla\Firefox\Profiles\grpdhaue.default\extensions
[2010/12/18 15:42:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Borschti\AppData\Roaming\mozilla\Firefox\Profiles\grpdhaue.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/03/14 17:52:22 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mozilla\Firefox\Profiles\grpdhaue.default\extensions\battlefieldheroespatcher@ea.com
[2010/02/21 16:58:44 | 000,002,055 | ---- | M] () -- C:\Users\Borschti\AppData\Roaming\Mozilla\FireFox\Profiles\grpdhaue.default\searchplugins\daemon-search.xml
[2010/12/29 02:03:54 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010/09/17 14:05:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/09/17 14:05:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/09/17 14:05:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/09/17 14:05:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/09/17 14:05:42 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Borschti\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/21 13:48:46 | 000,000,000 | ---- | M] () - J:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/12/29 01:52:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/29 01:50:20 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Desktop\Trojaner Board 2
[2010/12/28 11:57:59 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Desktop\trojaner-board tools
[2010/12/27 23:34:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/27 23:33:30 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010/12/27 23:29:09 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Roaming\Malwarebytes
[2010/12/27 23:29:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/27 23:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/27 23:28:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/27 23:28:58 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/12/27 00:04:04 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010/12/27 00:02:18 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010/12/24 13:11:08 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Documents\Downloads
[2010/12/18 15:42:36 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/12/18 15:42:24 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010/12/16 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Documents\Bioshock2
[2010/12/16 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Roaming\Bioshock2
[2010/12/14 19:12:17 | 000,000,000 | ---D | C] -- C:\Users\Borschti\Documents\Heroes of Newerth
[2010/12/09 14:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2010/12/09 14:40:51 | 000,000,000 | ---D | C] -- C:\Users\Borschti\AppData\Local\Last.fm
[2010/12/09 14:40:48 | 000,000,000 | ---D | C] -- C:\Programme\Last.fm
[2010/12/02 15:22:07 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010/12/02 15:22:05 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010/11/30 22:00:16 | 000,000,000 | ---D | C] -- C:\Programme\Red Kawa
[2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
 
========== Files - Modified Within 30 Days ==========
 
[2010/12/29 02:00:30 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/29 02:00:30 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/29 01:59:22 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/29 01:53:17 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/29 01:53:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/29 01:53:06 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/27 23:42:01 | 000,000,020 | ---- | M] () -- C:\Users\Borschti\defogger_reenable
[2010/12/27 16:41:48 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/12/27 11:20:33 | 000,664,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/12/27 11:20:33 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/27 11:20:33 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/12/27 11:20:33 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/27 00:13:44 | 002,726,124 | ---- | M] () -- C:\Users\Borschti\Desktop\kleines Mädchen 299.JPG
[2010/12/27 00:04:34 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/24 14:13:12 | 000,001,903 | ---- | M] () -- C:\Users\Borschti\Desktop\Mozilla Firefox.lnk
[2010/12/23 15:11:20 | 000,103,382 | ---- | M] () -- C:\Users\Borschti\Desktop\Getraenkekarte 2011.pdf
[2010/12/22 14:12:18 | 089,798,376 | ---- | M] () -- C:\Users\Borschti\Desktop\I Just Had Sex (feat. Akon)(1080p_H.264-AAC).mp4
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/09 14:40:50 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010/12/08 20:56:18 | 000,029,969 | ---- | M] () -- C:\Users\Borschti\Desktop\Effe.png
[2010/12/08 20:51:02 | 000,754,873 | ---- | M] () -- C:\Users\Borschti\Desktop\test.jpg
[2010/12/07 18:14:28 | 000,099,415 | ---- | M] () -- C:\Users\Borschti\Desktop\Fuehrerschein.PDF
[2010/12/07 14:48:55 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/12/05 22:00:30 | 000,120,320 | ---- | M] () -- C:\Users\Borschti\Desktop\Win7-Shutdown-Timer.exe
[2010/12/02 15:22:07 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/01 21:22:53 | 004,042,906 | ---- | M] () -- C:\Users\Borschti\Desktop\Ellie Goulding - Starry Eyed (Jakwob Remix).mp3
[2010/11/30 22:00:16 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Videora iPod touch Converter.lnk
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
 
========== Files Created - No Company Name ==========
 
[2010/12/27 23:41:46 | 000,000,020 | ---- | C] () -- C:\Users\Borschti\defogger_reenable
[2010/12/27 00:10:52 | 002,726,124 | ---- | C] () -- C:\Users\Borschti\Desktop\kleines Mädchen 299.JPG
[2010/12/27 00:04:34 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/26 12:54:50 | 000,099,415 | ---- | C] () -- C:\Users\Borschti\Desktop\Fuehrerschein.PDF
[2010/12/24 14:13:12 | 000,001,903 | ---- | C] () -- C:\Users\Borschti\Desktop\Mozilla Firefox.lnk
[2010/12/22 14:11:26 | 089,798,376 | ---- | C] () -- C:\Users\Borschti\Desktop\I Just Had Sex (feat. Akon)(1080p_H.264-AAC).mp4
[2010/12/15 20:03:05 | 000,103,382 | ---- | C] () -- C:\Users\Borschti\Desktop\Getraenkekarte 2011.pdf
[2010/12/09 14:40:50 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010/12/08 20:56:01 | 000,029,969 | ---- | C] () -- C:\Users\Borschti\Desktop\Effe.png
[2010/12/08 20:50:39 | 000,754,873 | ---- | C] () -- C:\Users\Borschti\Desktop\test.jpg
[2010/12/05 22:00:29 | 000,120,320 | ---- | C] () -- C:\Users\Borschti\Desktop\Win7-Shutdown-Timer.exe
[2010/12/02 15:22:07 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/01 20:58:10 | 004,042,906 | ---- | C] () -- C:\Users\Borschti\Desktop\Ellie Goulding - Starry Eyed (Jakwob Remix).mp3
[2010/11/30 22:00:16 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Videora iPod touch Converter.lnk
[2010/11/15 17:24:11 | 000,000,096 | ---- | C] () -- C:\Users\Borschti\AppData\Local\fusioncache.dat
[2010/10/17 18:27:55 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2010/09/30 16:49:45 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/09/29 17:03:23 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/09/23 17:53:53 | 000,000,565 | ---- | C] () -- C:\Users\Borschti\AppData\Roaming\myMPQ.ini
[2010/09/09 12:28:59 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/09/09 12:28:58 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/08/02 15:10:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/07/21 14:31:48 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010/06/13 19:52:30 | 000,017,408 | ---- | C] () -- C:\Users\Borschti\AppData\Local\WebpageIcons.db
[2010/05/31 21:50:17 | 000,001,611 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/05/29 15:55:07 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010/05/29 15:55:07 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010/05/29 09:51:04 | 000,603,648 | R--- | C] () -- C:\Windows\System32\1911.dll
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/03/14 17:57:57 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/14 17:57:56 | 000,138,056 | ---- | C] () -- C:\Users\Borschti\AppData\Roaming\PnkBstrK.sys
[2010/03/09 17:26:51 | 000,000,092 | ---- | C] () -- C:\Users\Borschti\AppData\Roaming\default.pls
[2009/11/16 14:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/10/12 00:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== LOP Check ==========
 
[2010/08/16 02:33:07 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\acccore
[2010/06/17 17:40:45 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Audacity
[2010/12/17 13:52:12 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Bioshock2
[2010/06/10 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\BitDefender
[2010/03/08 20:11:42 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\DAEMON Tools Lite
[2010/12/18 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/12/27 23:29:09 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Ecwoul
[2010/10/17 21:02:44 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\gtk-2.0
[2010/10/23 19:45:41 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Hardcore
[2010/08/08 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\HLSW
[2010/12/28 16:18:23 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\ICQ
[2010/08/11 21:18:38 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Leadertech
[2010/05/18 14:39:59 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\LolClient
[2010/04/17 22:01:39 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/07/09 18:54:44 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\MAXON
[2010/07/04 22:42:20 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\mp3DirectCut
[2010/10/30 21:32:56 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Mp3tag
[2010/12/27 18:46:53 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Mumble
[2010/10/23 15:16:39 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\PACE Anti-Piracy
[2010/07/04 16:05:19 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Publish Providers
[2010/12/27 23:39:23 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Reaf
[2010/07/06 14:27:28 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Sony
[2010/08/05 21:55:52 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Sony Creative Software
[2010/04/30 14:34:57 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Sony Setup
[2010/04/29 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Teleca
[2010/05/18 14:34:48 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\TS3Client
[2010/02/21 17:57:15 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\TuneUp Software
[2010/10/16 14:09:00 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Ubisoft
[2010/05/25 15:04:57 | 000,000,000 | ---D | M] -- C:\Users\Borschti\AppData\Roaming\Wuala
[2010/11/21 10:46:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

< End of report >
         
4.2 Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 29/12/2010 02:25:24 - Run 2
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\Borschti\Desktop\trojaner-board tools\MFtools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 24,59 Gb Free Space | 25,18% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 10,10 Gb Free Space | 1,08% Space Free | Partition Type: NTFS
Drive J: | 368,10 Gb Total Space | 56,50 Gb Free Space | 15,35% Space Free | Partition Type: NTFS
Drive M: | 465,76 Gb Total Space | 279,51 Gb Free Space | 60,01% Space Free | Partition Type: NTFS
 
Computer Name: BORSCHTI | User Name: Borschti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C3AE9EB-2F0A-451E-A5E4-2BF6AFF21FB9}" = PC Suite for Sony Ericsson
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}" = Tom Clancy's Splinter Cell Chaos Theory
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCAF3D46-3BDA-441F-97B9-3878ACD0CD4F}_is1" = Half-Life 2 (Addon) DZ
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3C80E77-E549-4F76-BC07-61DDBD950345}" = Silent Hill 2 - Directors Cut
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EDB32FFB-FC1C-414B-BF8E-4645217E9AF2}" = League of Legends
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F61DD673-0030-4BB2-A382-7E57E97F1031}" = Nero 7 Essentials
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"43390D7CA42BD8A4396797BE668489DD178C15E4" = Windows-Treiberpaket - Parallax Inc CDM Driver Package (02/17/2009 2.04.16)
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"7C647F24829963C4E203822A80E734EACA726FD7" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"7-Zip" = 7-Zip 9.15 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CINEMA 4D Release 11" = CINEMA 4D Release 11
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Drumaxx" = Drumaxx
"EA Download Manager" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"F.E.A.R. 2 Project Origin_is1" = F.E.A.R. 2 Project Origin
"Fallout New Vegas_is1" = Fallout New Vegas
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Garena" = Garena 2010
"GCFScape_is1" = GCFScape 1.8.0
"Hardcore" = Hardcore
"HLSW_is1" = HLSW v1.3.3.7b
"hon" = Heroes of Newerth
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IL Download Manager" = IL Download Manager
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.27091
"League of Legends_is1" = League of Legends
"Magic Bullet Looks Vegas" = Magic Bullet Looks Vegas
"Magic Bullet LooksBuilder" = Magic Bullet LooksBuilder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP3-Cutter" = MP3-Cutter
"Mp3tag" = Mp3tag v2.46a
"Mumble" = Mumble and Murmur
"NET Render Release 11" = NET Render Release 11
"NewBlue 3D Explosions for Vegas" = NewBlue 3D Explosions for Vegas
"NewBlue 3D Transformations for Vegas" = NewBlue 3D Transformations for Vegas
"NewBlue Art Blends 2.0 for Vegas" = NewBlue Art Blends 2.0 for Vegas
"NewBlue Art Effects 2.0 for Vegas" = NewBlue Art Effects 2.0 for Vegas
"NewBlue Film Effects for Vegas" = NewBlue Film Effects for Vegas
"NewBlue Motion Blends 2.0 for Vegas" = NewBlue Motion Blends 2.0 for Vegas
"NewBlue Motion Effects 2.0 for Vegas" = NewBlue Motion Effects 2.0 for Vegas
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PluginPac" = DebugMode PluginPac (remove only)
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"Sakura" = Sakura
"Sawer" = Sawer
"Shop for HP Supplies" = Shop for HP Supplies
"SpiceMASTER 2.5 PRO for Vegas" = SpiceMASTER 2.5 PRO for Vegas
"STANDARD" = Microsoft Office Standard 2007
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"StarCraft II" = StarCraft II
"Steam App 205" = Source Dedicated Server
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 400" = Portal
"Steam App 630" = Alien Swarm
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Toxic Biohazard" = Toxic Biohazard
"Trapcode Particular v2" = Trapcode Particular v2
"Trapcode Shine" = Trapcode Shine
"Trapcode Starglow" = Trapcode Starglow
"Uninstall_is1" = Uninstall 1.0.0.1
"Videora iPod touch Converter" = Videora iPod touch Converter 6
"VLC media player" = VLC media player 1.1.0
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23/09/2010 13:14:30 | Computer Name = Borschti | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.0.0.16117 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ea0    Startzeit: 
01cb5b3ffdba54fd    Endzeit: 86    Anwendungspfad: J:\StarCraft II\Versions\Base15405\SC2.exe

Berichts-ID:
   
 
Error - 24/09/2010 11:02:16 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 196: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 24/09/2010 11:21:28 | Computer Name = Borschti | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 24/09/2010 13:17:29 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 24/09/2010 13:18:49 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 24/09/2010 17:13:12 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 25/09/2010 04:27:33 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 332: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 25/09/2010 04:27:33 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 25/09/2010 04:27:33 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 456: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 25/09/2010 04:27:33 | Computer Name = Borschti | Source = Bonjour Service | ID = 100
Description = 464: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
[ System Events ]
Error - 28/12/2010 13:16:39 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
 
Error - 28/12/2010 13:16:42 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 28/12/2010 13:17:08 | Computer Name = Borschti | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sfdrv01  sfsync02
 
Error - 28/12/2010 20:42:17 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
 
Error - 28/12/2010 20:42:20 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 28/12/2010 20:42:45 | Computer Name = Borschti | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sfdrv01  sfsync02
 
Error - 28/12/2010 20:52:20 | Computer Name = Borschti | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 28/12/2010 20:52:59 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
 
Error - 28/12/2010 20:53:02 | Computer Name = Borschti | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 28/12/2010 20:53:27 | Computer Name = Borschti | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sfdrv01  sfsync02
 
 
< End of report >
         
Danke für die bisherige Hilfe!
Gruß Borschti!

Alt 29.12.2010, 11:54   #5
rea
/// Helfer-Team
 
TR/ATRAPS.gen in 0070.DLL gefunden - Standard

TR/ATRAPS.gen in 0070.DLL gefunden



Okay, kannst du mir bitte auch noch ein neues Logfile mit GMER erstellen:


Rootkitscan mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Gmer startet automatisch einen ersten Scan.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    Code:
    ATTFilter
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system?
             
  • Unbedingt auf "No" klicken,
    in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

    .
  • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
  • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
  • Wichtig: "Show all" darf nicht angehakt sein!
  • Starte den Scan durch Drücken des Buttons "Scan".
    Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
  • Wenn der Scan fertig ist, bleibt die Zeile leer.
    Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
    Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 29.12.2010, 13:25   #6
Borschti
 
TR/ATRAPS.gen in 0070.DLL gefunden - Standard

TR/ATRAPS.gen in 0070.DLL gefunden



Gmer Log:

Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-29 13:23:22
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAJS-22YFA0 rev.12.01C02
Running: in3r5b12.exe; Driver: C:\Users\Borschti\AppData\Local\Temp\pwriqpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                                     8306D8E9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                              8308D3D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xA101F300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xA106B300, 0x1BEE, 0xE8000020]
.text           autochk.exe                                                                                                         002111D4 2 Bytes  [24, 0B] {AND AL, 0xb}
.text           autochk.exe                                                                                                         002111D8 2 Bytes  [50, 0B]
.text           autochk.exe                                                                                                         002111DC 1 Byte  [36]
.text           autochk.exe                                                                                                         002111E0 2 Bytes  [88, 0B] {MOV [EBX], CL}
.text           autochk.exe                                                                                                         002111E4 2 Bytes  [9C, 0B]
.text           ...                                                                                                                 

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[1212] ntdll.dll!LdrLoadDll                                             7750F625 5 Bytes  JMP 002213F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2876] USER32.dll!TrackPopupMenu                               77644B3B 5 Bytes  JMP 62B82342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              OODrvled.sys (O&O DriveLED Filter Driver (Win32)/O&O Software GmbH)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004b                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xC5 0xD4 0xC1 0xDD ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x91 0xBA 0xFD 0xCB ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x9D 0x91 0xAC 0xFF ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xC5 0xD4 0xC1 0xDD ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x91 0xBA 0xFD 0xCB ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x9D 0x91 0xAC 0xFF ...

---- EOF - GMER 1.0.15 ----
         

Alt 29.12.2010, 18:38   #7
rea
/// Helfer-Team
 
TR/ATRAPS.gen in 0070.DLL gefunden - Standard

TR/ATRAPS.gen in 0070.DLL gefunden



1.) Malwarebytes Antimalware
Downloade Malwarebytes Anti-Malware von einem dieser Downloadspiegel:

Malwarebytes - MajorGeeks.com - BestTechie
  • Anwendbar auf Windows 2000, XP, Vista und Win7.
  • Installiere das Programm in den vorgegebenen Pfad.
  • Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
  • Lasse es online updaten (Reiter Updates), wenn das nicht automatisch passiert (ca. 1 MB).
  • Aktiviere "Komplett Scan durchführen" => Scan.
  • Wähle alle verfügbaren Laufwerke aus und starte den Scan.
  • Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
  • Versichere Dich, dass alle Funde markiert sind und drücke "Löschen".
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.





2.) Eset Online Scan
ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.




Poste bitte in deiner nächsten Antwort:
  • Das Logfile vom Mbam-Scan (Schritt 1)
  • Das Logfile vom Eset Onlinescan (Schritt 2)
  • Berichte, wie der Rechner nun läuft
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 03.01.2011, 14:10   #8
rea
/// Helfer-Team
 
TR/ATRAPS.gen in 0070.DLL gefunden - Standard

TR/ATRAPS.gen in 0070.DLL gefunden



Hi Borschti,

gehts hier noch weiter? Ansonsten lösche ich diesen Thread in einer Woche aus meinen Abos, damit ich wieder Platz für einen neuen User habe.

__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Antwort

Themen zu TR/ATRAPS.gen in 0070.DLL gefunden
0xc0000006, 32 bit, 7-zip, adobe after effects, akamai, alternate, antivir, avgntflt.sys, avira, bho, black, bonjour, call of duty, chkdsk /f, converter, corp./icp, counter-strike source, cpu-z, dateisystem, desktop, dll -, dwm.exe, encrypt, error, excel.exe, festplatte, firefox, firefox.exe, flash player, fontcache, grand theft auto, helper, install.exe, jdownloader, langs, location, locker, logfile, microsoft office word, mp3, nicht möglich, ntdll.dll, nvlddmkm.sys, nvstor.sys, object, oldtimer, origin, pixel, plug-in, problem, programdata, realtek, registry, required, richtlinie, saver, searchplugins, security, security update, shell32.dll, software, system, taskhost.exe, teamspeak, third party, vlc media player, webcheck, windows



Ähnliche Themen: TR/ATRAPS.gen in 0070.DLL gefunden


  1. TR/ATRAPS.Gen/Gen2 von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 06.10.2013 (21)
  2. TR/ATRAPS.Gen2 und W32/Patched.UC gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.05.2013 (19)
  3. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  4. TR/ATRAPS.Gen mit Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (15)
  5. TR/ATRAPS.Gen & TR/ATRAPS.Gen2 durch Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (3)
  6. TR/ATRAPS.Gen2 gefunden
    Log-Analyse und Auswertung - 24.10.2012 (10)
  7. TR/ATRAPS.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (20)
  8. Trojaner gefunden TR/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (11)
  9. TR/ATRAPS.Gen , TR/ATRAPS.Gen2 und Live Security Platinum gefunden
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (3)
  10. Virus gefunden: TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (1)
  11. TR/ATRAPS.Gen/Gen2 gefunden
    Log-Analyse und Auswertung - 03.07.2012 (25)
  12. TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (4)
  13. TR/SmallFI, TR/ATRAPS.Gen und TR/ATRAPS.Gen von Avira gefunden - was nun?
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (12)
  14. antivir hat tr/atraps.gen2 gefunden - was tun?
    Plagegeister aller Art und deren Bekämpfung - 07.03.2012 (17)
  15. TR/ATRAPS.Gen2 gefunden.
    Plagegeister aller Art und deren Bekämpfung - 22.01.2012 (18)
  16. TR/ATRAPS.Gen gefunden
    Log-Analyse und Auswertung - 12.01.2012 (74)
  17. Trojaner TR/ATRAPS.Gen gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.03.2011 (13)

Zum Thema TR/ATRAPS.gen in 0070.DLL gefunden - Hallo mein AntiVir hat TR/ATRAPS.Gen gefunden, jedoch konnte ich diese Datei nicht löschen. Sie ist unter dem Verzeichnis: C:\Windows\System32\0070.DLL Ich bitte um eure Hilfe! Im vorraus schonmal ein Dankeschön, Gruß - TR/ATRAPS.gen in 0070.DLL gefunden...
Archiv
Du betrachtest: TR/ATRAPS.gen in 0070.DLL gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.