Ständige Werbe pop-ups bei IE8

vijay · 24.03.2011, 20:52

Hallo nachdem mir dieses Forum schon paar mal weitergeholfen hat, ohne dass ich selbst einen Eintrag im Forum hätte machen müssen, geht es jetzt wohl nicht mehr ohne, da mein Problem diesmal wohl etwas subtiler ist als die Bisherigen (z.B. System Tool )

Im moment öffnen sich bei mir ständig neue Fenster bei IE und zeigen irgendwelche Werbung an. Ansonsten kann ich keine Auswirkungen erkennen, auch Leistungsmässig scheint nichts aussergewöhnlich zu sein. Dennoch würde ich die pop-ups gerne loswerden.

Edit: Gerade eben ist eine cvn fehlermeldung gekommen.

Ich bin nach Anleitung in dem Forum hier vorgegangen und habe hier die entsprechenden Log-files:

OTL.txt:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.03.2011 18:46:38 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 84.34 Gb Free Space | 56.58% Space Free | Partition Type: NTFS
 
Computer Name: VJ | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.24 18:39:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.03.18 12:25:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.13 18:16:16 | 001,176,864 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\SpTNA.exe
PRC - [2011.02.13 18:16:13 | 000,296,224 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\PSDrt.exe
PRC - [2011.02.13 18:16:05 | 000,984,352 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\IFXTCS.exe
PRC - [2011.02.13 18:16:01 | 001,103,136 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\IFXSPMGT.exe
PRC - [2011.02.13 18:15:59 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Programme\Infineon\Security Platform Software\IfxPsdSv.exe
PRC - [2011.02.13 17:33:58 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2011.01.10 14:23:04 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.18 06:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.05.06 02:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:47 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008.10.25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.24 18:39:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Vijay\Desktop\OTL.exe
MOD - [2011.02.18 03:00:29 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2011.01.11 07:55:06 | 000,961,376 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2010.12.18 06:29:18 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 02:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009.06.10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009.02.12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008.10.25 11:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveNew.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.03.18 12:25:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.14 02:10:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.02.13 18:16:05 | 000,984,352 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Programme\Infineon\Security Platform Software\IFXTCS.exe -- (IFXTCS)
SRV - [2011.02.13 18:16:01 | 001,103,136 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Programme\Infineon\Security Platform Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2011.02.13 18:15:59 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2011.02.13 17:33:58 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2011.01.10 14:23:04 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.06 02:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.18 12:25:36 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.03.10 14:39:35 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.02.13 18:16:59 | 000,039,712 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2011.02.13 18:03:07 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) Intel(R)
DRV - [2011.01.10 14:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.06 02:46:36 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010.01.13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.12.03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.04.17 11:03:06 | 000,201,264 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC BE 6F 35 C1 E8 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.10 20:39:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.10 20:39:05 | 000,000,000 | ---D | M]
 
[2011.02.21 19:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.03.10 20:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hmy4df5k.default\extensions
[2011.03.09 22:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.09 22:54:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.09 22:54:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.21 19:37:46 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2011.03.09 22:54:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKCU..\Run: [A9YA3MI1CF] C:\Users\Vijay\AppData\Local\Temp\Cvm.exe (Jordan Russell)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [odbcutil] C:\Users\Vijay\AppData\Local\Temp\Eap3host.dll ()
O4 - Startup: C:\Users\Vijay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://sslvpn.ethz.ch/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Deployer hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\Shell - "" = AutoRun
O33 - MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.24 18:44:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.03.24 18:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.03.24 18:44:23 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.03.24 18:35:29 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\***\Desktop\Erunt-setup.exe
[2011.03.24 18:35:29 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.03.24 18:35:29 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2011.03.24 15:06:18 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2011.03.24 15:04:42 | 000,125,440 | ---- | C] (Jordan Russell) -- C:\Windows\Cwemea.exe
[2011.03.24 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Snagit
[2011.03.24 14:34:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\assembly
[2011.03.24 14:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit 10
[2011.03.24 14:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2011.03.24 14:33:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TechSmith
[2011.03.24 14:33:53 | 000,000,000 | ---D | C] -- C:\Programme\TechSmith
[2011.03.11 00:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011.03.10 14:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.03.10 14:48:27 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works
[2011.03.10 14:47:51 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio
[2011.03.10 14:47:51 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2011.03.10 14:46:12 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2011.03.10 14:45:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2011.03.10 14:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.03.10 14:44:45 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.03.10 14:39:35 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.03.10 14:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.03.10 14:39:29 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2011.03.10 14:38:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.03.10 14:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.03.10 13:51:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics
[2011.03.10 10:02:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.03.09 22:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.03.09 22:55:07 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.03.09 22:54:48 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.03.07 12:36:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Ironclad Games
[2011.03.07 12:34:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}
[2011.03.07 12:27:49 | 000,000,000 | ---D | C] -- C:\Programme\Sins of a Solar Empire
[2011.03.07 12:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sins of a Solar Empire
[2011.03.07 12:27:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Stardock
[2011.03.03 13:08:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera
[2011.03.03 13:08:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera
[2011.03.03 13:08:54 | 000,000,000 | ---D | C] -- C:\Programme\Opera
[2011.03.03 12:38:49 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2011.03.03 12:38:18 | 000,000,000 | ---D | C] -- C:\Programme\MSECache
[2011.03.02 11:33:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\CutePDF Writer
[2011.03.02 11:23:34 | 000,000,000 | ---D | C] -- C:\Programme\GPLGS
[2011.03.02 11:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
[2011.03.02 11:23:03 | 000,000,000 | ---D | C] -- C:\Programme\Acro Software
[2011.03.02 10:36:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MathWorks
[2011.03.02 10:36:23 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MATLAB
[2011.03.02 00:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
[2011.03.02 00:18:56 | 000,000,000 | ---D | C] -- C:\Programme\MATLAB
[2011.02.24 06:52:22 | 000,000,000 | ---D | C] -- C:\6e76aa05-bb81-4e62-8301-91d5e4310d99
[2011.02.24 04:58:02 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2011.02.24 04:49:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.02.23 14:50:22 | 000,000,000 | ---D | C] -- C:\Neuer Ordner
[2011.02.23 12:06:50 | 000,000,000 | ---D | C] -- C:\Users\Vijay\AppData\Local\Cisco
[2011.02.23 12:06:03 | 000,000,000 | ---D | C] -- C:\Programme\Cisco
[2011.02.23 12:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2011.02.23 12:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.24 18:46:26 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.24 18:46:26 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.24 18:44:47 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.24 18:44:47 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.24 18:44:47 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.24 18:44:47 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.24 18:44:28 | 000,001,078 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.03.24 18:44:24 | 000,000,898 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2011.03.24 18:44:24 | 000,000,879 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk
[2011.03.24 18:40:39 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.03.24 18:40:39 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.03.24 18:40:38 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.03.24 18:40:37 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2011.03.24 18:40:35 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2011.03.24 18:40:33 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\pfasoq.job
[2011.03.24 18:40:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.24 18:40:21 | 2309,877,760 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.24 18:39:05 | 000,301,568 | ---- | M] () -- C:\Users\***\Desktop\g2m3e4r.exe
[2011.03.24 18:39:04 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\***\Desktop\Erunt-setup.exe
[2011.03.24 18:39:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.03.24 18:39:04 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2011.03.24 18:14:19 | 000,742,874 | ---- | M] () -- C:\Users\***\Desktop\Load.exe
[2011.03.24 15:29:25 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2011.03.24 15:04:35 | 000,125,440 | ---- | M] (Jordan Russell) -- C:\Windows\Cwemea.exe
[2011.03.24 15:04:32 | 000,149,504 | RHS- | M] () -- C:\Windows\System32\GfxUI9.dll
[2011.03.18 12:25:36 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.14 14:42:44 | 000,365,461 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe
[2011.03.14 07:02:24 | 000,044,412 | ---- | M] () -- C:\Users\***\Desktop\loesung03.pdf
[2011.03.14 06:59:52 | 000,011,072 | ---- | M] () -- C:\Users\***\Desktop\serie03.pdf
[2011.03.14 06:13:38 | 000,410,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.13 12:36:01 | 000,009,241 | ---- | M] () -- C:\Users\***\Desktop\Anleitung.html
[2011.03.10 14:39:35 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.03.03 13:08:56 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.03.02 00:38:35 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\MATLAB R2010b.lnk
[2011.02.24 04:49:54 | 284,758,121 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2011.03.24 18:44:28 | 000,001,078 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.03.24 18:44:24 | 000,000,898 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2011.03.24 18:44:24 | 000,000,879 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk
[2011.03.24 18:35:30 | 000,301,568 | ---- | C] () -- C:\Users\***\Desktop\g2m3e4r.exe
[2011.03.24 18:14:18 | 000,742,874 | ---- | C] () -- C:\Users\***\Desktop\Load.exe
[2011.03.24 15:04:39 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.03.24 15:04:38 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.03.24 15:04:36 | 000,000,246 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.03.24 15:04:32 | 000,149,504 | RHS- | C] () -- C:\Windows\System32\GfxUI9.dll
[2011.03.24 15:04:32 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\pfasoq.job
[2011.03.23 17:50:09 | 005,036,439 | ---- | C] () -- C:\Users\***\Desktop\Brisby & Jingles - L amour Toujours (Hans-O-Matik Bigroom Electro Mix) www.mp3kings.pl.mp3
[2011.03.14 07:02:24 | 000,044,412 | ---- | C] () -- C:\Users\***\Desktop\loesung03.pdf
[2011.03.14 06:59:52 | 000,011,072 | ---- | C] () -- C:\Users\***\Desktop\serie03.pdf
[2011.03.13 12:41:20 | 000,009,241 | ---- | C] () -- C:\Users\***\Desktop\Anleitung.html
[2011.03.13 12:16:23 | 000,365,461 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe
[2011.03.10 10:03:52 | 000,002,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2011.03.03 13:08:56 | 000,001,791 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.03.03 13:08:56 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.03.03 12:38:51 | 000,002,567 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
[2011.03.02 11:23:04 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011.03.02 00:38:35 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\MATLAB R2010b.lnk
[2011.03.02 00:38:12 | 000,002,364 | ---- | C] () -- C:\Windows\System32\mscomctl.dep
[2011.03.02 00:38:11 | 000,002,362 | ---- | C] () -- C:\Windows\System32\mscomct2.dep
[2011.03.02 00:38:05 | 000,645,120 | ---- | C] () -- C:\Windows\System32\config.gms
[2011.02.24 04:49:54 | 284,758,121 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.02.13 18:05:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.02.13 17:49:32 | 000,189,796 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2011.02.13 17:49:32 | 000,001,112 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011.02.13 17:49:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011.02.13 17:49:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011.02.13 17:49:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011.02.13 17:49:32 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011.02.13 17:28:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.13 17:06:15 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2011.02.13 17:05:25 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009.12.02 19:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009.07.14 09:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,410,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
 
========== LOP Check ==========
 
[2011.03.10 14:42:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.02.13 17:45:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeviceDoctorSoftware
[2011.02.21 20:49:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro
[2011.02.13 18:21:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Infineon
[2011.02.13 17:40:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder
[2011.03.03 13:08:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.03.24 18:34:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2011.02.21 19:37:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense
[2011.03.24 18:40:33 | 000,000,306 | -HS- | M] () -- C:\Windows\Tasks\pfasoq.job
[2009.07.14 05:53:46 | 000,021,796 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.03.24 18:40:39 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.03.24 18:40:38 | 000,000,246 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.03.24 18:40:39 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.02.13 17:16:08 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.02.24 06:52:22 | 000,000,000 | ---D | M] -- C:\6e76aa05-bb81-4e62-8301-91d5e4310d99
[2011.02.13 17:04:25 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.02.13 17:15:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.03.24 18:14:10 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.02.13 17:18:38 | 000,000,000 | ---D | M] -- C:\Intel
[2011.03.10 14:44:45 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.02.23 14:50:22 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.03.24 18:44:23 | 000,000,000 | R--D | M] -- C:\Programme
[2011.03.24 15:28:28 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.02.13 17:15:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.02.13 17:15:47 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.03.24 18:15:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.02.13 17:15:57 | 000,000,000 | R--D | M] -- C:\Users
[2011.03.24 18:44:50 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-14 20:59:33
 
< End of report >

--- --- ---

Extras.txt:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 24.03.2011 18:46:38 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Vijay\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 84.34 Gb Free Space | 56.58% Space Free | Partition Type: NTFS
 
Computer Name: VJ | User Name: Vijay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F47A74B-217C-445A-BB73-8BF94611CB8F}" = Infineon TPM Professional Package
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{835A6F5F-BC13-48DF-BEBE-8D80B419D145}" = Cisco AnyConnect VPN Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EEEFE7A9-293E-4F5F-A114-81731A9C3826}" = Intel(R) Network Connections 14.2.100.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"InfraRecorder" = InfraRecorder
"MatlabR2010b" = MATLAB R2010b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Opera 11.01.1190" = Opera 11.01
"Orbit_is1" = Orbit Downloader
"PROSetDX" = Intel(R) Network Connections 14.2.100.0
"Sins of a Solar Empire" = Sins of a Solar Empire
"WinLiveSuite" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.03.2011 15:25:30 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\Vista64\vncutil64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 14.03.2011 15:25:32 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\WDM\vncutil64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 21.03.2011 20:21:11 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\Vista64\RAVBg64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 21.03.2011 20:21:12 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\Vista64\RAVCpl64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 21.03.2011 20:21:13 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\Vista64\vncutil64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 21.03.2011 20:21:15 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\WDM\vncutil64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 23.03.2011 19:31:30 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\Vista64\RAVBg64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 23.03.2011 19:31:30 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\Vista64\RAVCpl64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 23.03.2011 19:31:31 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\Vista64\vncutil64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 23.03.2011 19:31:33 | Computer Name = VJ | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\Vijay\AppData\Local\Temp\temp1_audio_realtek_6.0.1.5938_w7x64w7x86_a[1].zip\audio_realtek_alc268_6.0.1.5938_win7x86x64\WDM\vncutil64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
[ Cisco AnyConnect VPN Client Events ]
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2116 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
601 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
189 Invoked Function: CNetEnvironment::testNetwork Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2116 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7411 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4076
Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 24.03.2011 08:30:24 | Computer Name = VJ | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2116 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 24.03.2011 13:39:42 | Computer Name = VJ | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
[ System Events ]
Error - 24.03.2011 10:28:04 | Computer Name = VJ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 24.03.2011 10:28:06 | Computer Name = VJ | Source = DCOM | ID = 10005
Description = 
 
Error - 24.03.2011 10:28:05 | Computer Name = VJ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 24.03.2011 10:28:05 | Computer Name = VJ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 24.03.2011 10:28:05 | Computer Name = VJ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 24.03.2011 10:28:06 | Computer Name = VJ | Source = DCOM | ID = 10005
Description = 
 
Error - 24.03.2011 10:28:06 | Computer Name = VJ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 24.03.2011 10:28:07 | Computer Name = VJ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 24.03.2011 10:28:07 | Computer Name = VJ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 24.03.2011 10:28:07 | Computer Name = VJ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
 
< End of report >

--- --- ---

Gmer.txt:
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-24 20:00:10
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G1 rev.0040020C
Running: g2m3e4r.exe; Driver: C:\Users\Vijay\AppData\Local\Temp\pxldypow.sys
 
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C50589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C75092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
 
---- User code sections - GMER 1.0.15 ----
 
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!CreateWindowExW 76830E51 5 Bytes JMP 6E2B818F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!DialogBoxIndirectParamW 76854AA7 5 Bytes JMP 6E3DFE68 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!DialogBoxParamW 7685564A 5 Bytes JMP 6E1D4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!DialogBoxParamA 7686CF6A 5 Bytes JMP 6E3DFE05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!DialogBoxIndirectParamA 7686D29C 5 Bytes JMP 6E3DFECB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!MessageBoxIndirectA 7687E8C9 5 Bytes JMP 6E3DFD9A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!MessageBoxIndirectW 7687E9C3 5 Bytes JMP 6E3DFD2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!MessageBoxExA 7687EA29 5 Bytes JMP 6E3DFCCD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[912] USER32.dll!MessageBoxExW 7687EA4D 5 Bytes JMP 6E3DFC6B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!UnhookWindowsHookEx 7682CC7B 5 Bytes JMP 6E2C83A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!CallNextHookEx 7682CC8F 5 Bytes JMP 6E2A9D8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!CreateWindowExW 76830E51 5 Bytes JMP 6E2B818F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!SetWindowsHookExW 7683210A 5 Bytes JMP 6E264643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!DialogBoxIndirectParamW 76854AA7 5 Bytes JMP 6E3DFE68 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!DialogBoxParamW 7685564A 5 Bytes JMP 6E1D4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!DialogBoxParamA 7686CF6A 5 Bytes JMP 6E3DFE05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!DialogBoxIndirectParamA 7686D29C 5 Bytes JMP 6E3DFECB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!MessageBoxIndirectA 7687E8C9 5 Bytes JMP 6E3DFD9A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!MessageBoxIndirectW 7687E9C3 5 Bytes JMP 6E3DFD2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!MessageBoxExA 7687EA29 5 Bytes JMP 6E3DFCCD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] USER32.dll!MessageBoxExW 7687EA4D 5 Bytes JMP 6E3DFC6B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] ole32.dll!OleLoadFromStream 76685BF6 5 Bytes JMP 6E3E01BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3296] ole32.dll!CoCreateInstance 766D590C 5 Bytes JMP 6E2B8C7D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 
---- EOF - GMER 1.0.15 ----

--- --- ---

cosinus · 25.03.2011, 15:27

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

vijay · 25.03.2011, 16:12

Hatte ich bisher nicht installiert. hab jetzt einen Quickscan gemacht und der hat so einiges gefunden

das Log dazu ist hier.

mbam-log-2011-03-25 (16-05-10):

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6169

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25.03.2011 16:05:10
mbam-log-2011-03-25 (16-05-10).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148924
Laufzeit: 3 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
c:\Users\***\AppData\Local\Temp\Cvn.exe (Trojan.Downloader) -> 1984 -> Unloaded process successfully.
c:\Windows\Cwemea.exe (Trojan.Downloader) -> 1552 -> Unloaded process successfully.
c:\Users\***\AppData\Local\Temp\Cvm.exe (Trojan.Downloader) -> 3520 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\Users\***\AppData\Local\Temp\Eap3host.dll (Spyware.Agent) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\A9YA3MI1CF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Z7HRPUZG3M (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\odbcutil (Spyware.Agent) -> Value: odbcutil -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\A9YA3MI1CF (Trojan.Downloader) -> Value: A9YA3MI1CF -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Local\Temp\Cvn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\Eap3host.dll (Spyware.Agent) -> Delete on reboot.
c:\Windows\Cwemea.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\Cvm.exe (Trojan.Downloader) -> Delete on reboot.
c:\Users\***\AppData\Local\Temp\Cvl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

cosinus · 25.03.2011, 18:04

Zitat:

Art des Suchlaufs: Quick-Scan

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

vijay · 26.03.2011, 07:47

so gemacht, ältere logs gibt es nicht.

Malewarebytes log:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6172

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.03.2011 02:46:36
mbam-log-2011-03-26 (02-46-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 372376
Laufzeit: 1 Stunde(n), 7 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\hmy4df5k.default\Cache\8ea60163d01 (Trojan.Downloader) -> Quarantined and deleted successfully.

cosinus · 26.03.2011, 18:45

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
[2011.02.24 06:52:22 | 000,000,000 | ---D | C] -- C:\6e76aa05-bb81-4e62-8301-91d5e4310d99
[2011.03.07 12:34:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\Shell - "" = AutoRun
O33 - MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\Shell\install\command - "" = G:\SETUP.EXE
O4 - HKCU..\Run: [odbcutil] C:\Users\Vijay\AppData\Local\Temp\Eap3host.dll ()
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKCU..\Run: [A9YA3MI1CF] C:\Users\Vijay\AppData\Local\Temp\Cvm.exe (Jordan Russell)
O4 - HKLM..\Run: [] File not found
:Files
C:\Windows\Tasks\*.job
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

vijay · 27.03.2011, 06:21

so gemachr, hier das log dazu.

OTL-Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\6e76aa05-bb81-4e62-8301-91d5e4310d99 folder moved successfully.
C:\ProgramData\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16} folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{853aef62-4b14-11e0-9172-001c7e3bbabc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{853aef62-4b14-11e0-9172-001c7e3bbabc}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{853aef62-4b14-11e0-9172-001c7e3bbabc}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{853aef62-4b14-11e0-9172-001c7e3bbabc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{853aef62-4b14-11e0-9172-001c7e3bbabc}\ not found.
File G:\SETUP.EXE not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\odbcutil not found.
File C:\Users\Vijay\AppData\Local\Temp\Eap3host.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IFXSPMGT deleted successfully.
C:\Programme\Infineon\Security Platform Software\IFXSPMGT.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\A9YA3MI1CF not found.
File C:\Users\Vijay\AppData\Local\Temp\Cvm.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
C:\Windows\Tasks\pfasoq.job moved successfully.
C:\Windows\Tasks\RegistryBooster.job moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Vijay
->Temp folder emptied: 358566656 bytes
->Temporary Internet Files folder emptied: 100909288 bytes
->Java cache emptied: 463037 bytes
->FireFox cache emptied: 68444334 bytes
->Opera cache emptied: 4412499 bytes
->Flash cache emptied: 28454 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9191276 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 517.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 03272011_071424

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 27.03.2011, 20:00

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

vijay · 30.03.2011, 06:30

sorry, hatte die letzten paar tage etwas viel um die ohren, aber nun bin ich dazu gekommen.

hier das log.

ComboFix:

Code:

ATTFilter

ComboFix 11-03-29.03 - Vijay 30.03.2011   0:37.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.41.1031.18.2937.2170 [GMT 2:00]
ausgeführt von:: c:\users\Vijay\Desktop\cofi.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-28 bis 2011-03-29  ))))))))))))))))))))))))))))))
.
.
2011-03-29 22:43 . 2011-03-29 22:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-29 20:55 . 2011-03-29 20:55	--------	d-----w-	c:\program files\CCleaner
2011-03-27 13:19 . 2011-03-28 15:48	--------	d-----w-	c:\users\Vijay\AppData\Roaming\gtk-2.0
2011-03-27 13:16 . 2011-03-27 13:16	--------	d-----w-	c:\users\Vijay\.thumbnails
2011-03-27 09:04 . 2011-03-28 15:48	--------	d-----w-	c:\users\Vijay\.gimp-2.6
2011-03-27 09:04 . 2011-03-27 09:04	--------	d-----w-	c:\program files\GIMP-2.0
2011-03-27 05:14 . 2011-03-27 05:14	--------	d-----w-	C:\_OTL
2011-03-25 14:54 . 2011-03-25 14:54	--------	d-----w-	c:\users\Vijay\AppData\Roaming\Malwarebytes
2011-03-25 14:54 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-25 14:54 . 2011-03-25 14:54	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-25 14:54 . 2011-03-25 14:54	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-03-25 14:54 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-25 06:01 . 2011-03-25 06:01	--------	d-----w-	c:\windows\Sun
2011-03-24 21:04 . 2011-03-24 21:04	--------	d-----w-	c:\users\Vijay\AppData\Roaming\Uniblue
2011-03-24 21:04 . 2011-03-24 21:04	--------	dc-h--w-	c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-03-24 21:04 . 2011-03-24 21:04	--------	d-----w-	c:\program files\Uniblue
2011-03-24 21:04 . 2011-03-24 21:04	--------	d-----w-	c:\users\Vijay\AppData\Local\PackageAware
2011-03-24 17:44 . 2011-03-24 17:44	--------	d-----w-	c:\program files\ERUNT
2011-03-24 14:06 . 2011-03-24 14:06	--------	d--h--w-	c:\windows\AxInstSV
2011-03-24 14:04 . 2011-03-24 14:04	149504	--sha-r-	c:\windows\system32\GfxUI9.dll
2011-03-24 13:34 . 2011-03-24 13:34	--------	d-----w-	c:\users\Vijay\AppData\Local\assembly
2011-03-24 13:33 . 2011-03-24 13:33	--------	d-----w-	c:\programdata\TechSmith
2011-03-24 13:33 . 2011-03-24 13:33	--------	d-----w-	c:\users\Vijay\AppData\Local\TechSmith
2011-03-24 13:33 . 2011-03-24 13:33	--------	d-----w-	c:\program files\TechSmith
2011-03-13 11:16 . 2011-03-14 13:42	365461	----a-w-	c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe
2011-03-10 23:22 . 2011-03-10 23:22	--------	d-----w-	c:\programdata\Hewlett-Packard
2011-03-10 23:22 . 2009-07-14 01:15	280064	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2011-03-10 18:21 . 2011-03-10 18:21	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2011-03-10 13:49 . 2008-11-10 10:41	32656	----a-w-	c:\windows\system32\msonpmon.dll
2011-03-10 13:49 . 2006-10-26 18:56	33104	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-03-10 13:48 . 2011-03-13 21:25	--------	d-----w-	c:\program files\Microsoft Works
2011-03-10 13:46 . 2011-03-10 13:46	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2011-03-10 13:45 . 2011-03-19 09:02	--------	d-----w-	c:\users\Vijay\AppData\Local\Microsoft Help
2011-03-10 13:45 . 2011-03-14 20:59	--------	d-----w-	c:\programdata\Microsoft Help
2011-03-10 13:44 . 2011-03-10 13:44	--------	d-----r-	C:\MSOCache
2011-03-10 13:39 . 2011-03-10 13:39	218688	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-10 13:39 . 2011-03-10 13:40	--------	d-----w-	c:\program files\DAEMON Tools Lite
2011-03-10 13:38 . 2011-03-10 13:42	--------	d-----w-	c:\users\Vijay\AppData\Roaming\DAEMON Tools Lite
2011-03-10 13:38 . 2011-03-10 13:38	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2011-03-10 12:51 . 2011-03-10 12:51	--------	d-----w-	c:\users\Vijay\AppData\Local\Diagnostics
2011-03-09 21:55 . 2011-03-09 21:55	--------	d-----w-	c:\program files\Common Files\Java
2011-03-09 21:54 . 2011-03-09 21:54	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-03-09 21:54 . 2011-03-09 21:54	472808	----a-w-	c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-09 21:54 . 2011-03-09 21:54	--------	d-----w-	c:\program files\Java
2011-03-09 17:42 . 2011-02-19 05:32	1074176	----a-w-	c:\windows\system32\DWrite.dll
2011-03-09 17:42 . 2011-02-19 05:33	802304	----a-w-	c:\windows\system32\FntCache.dll
2011-03-09 17:42 . 2011-02-19 05:32	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-03-09 17:42 . 2010-12-23 05:28	850432	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 17:42 . 2010-12-23 05:28	642048	----a-w-	c:\windows\system32\CPFilters.dll
2011-03-09 17:42 . 2010-12-23 05:28	534528	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 17:42 . 2010-12-23 05:24	199680	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 17:41 . 2010-12-18 05:30	2690560	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 17:41 . 2010-12-18 05:26	1034240	----a-w-	c:\windows\system32\mstsc.exe
2011-03-07 11:36 . 2011-03-07 11:36	--------	d-----w-	c:\users\Vijay\AppData\Local\Ironclad Games
2011-03-07 11:27 . 2011-03-07 11:34	--------	d-----w-	c:\program files\Sins of a Solar Empire
2011-03-07 11:27 . 2011-03-07 11:27	--------	d-----w-	c:\users\Vijay\AppData\Local\Stardock
2011-03-03 15:45 . 2009-07-14 01:15	90624	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL
2011-03-03 12:08 . 2011-03-03 12:08	--------	d-----w-	c:\users\Vijay\AppData\Local\Opera
2011-03-03 12:08 . 2011-03-03 12:08	--------	d-----w-	c:\program files\Opera
2011-03-03 11:38 . 2011-03-09 16:48	--------	d-----w-	c:\program files\MSECache
2011-03-02 10:33 . 2011-03-17 15:12	--------	d-----w-	c:\users\Vijay\AppData\Local\CutePDF Writer
2011-03-02 10:23 . 2011-03-02 10:23	--------	d-----w-	c:\program files\GPLGS
2011-03-02 10:23 . 2009-11-05 07:39	87552	----a-w-	c:\windows\system32\cpwmon2k.dll
2011-03-02 10:23 . 2011-03-02 10:23	--------	d-----w-	c:\program files\Acro Software
2011-03-02 09:36 . 2011-03-02 09:36	--------	d-----w-	c:\users\Vijay\AppData\Roaming\MathWorks
2011-03-01 23:38 . 2004-03-01 21:05	407104	----a-w-	c:\windows\system32\MSHFLXGD.OCX
2011-03-01 23:38 . 2004-02-11 13:37	203976	----a-w-	c:\windows\system32\RICHTX32.OCX
2011-03-01 23:38 . 2004-07-29 20:35	1077344	----a-w-	c:\windows\system32\mscomctl.ocx
2011-03-01 23:38 . 2002-02-14 09:26	647872	----a-w-	c:\windows\system32\mscomct2.ocx
2011-03-01 23:18 . 2011-03-01 23:18	--------	d-----w-	c:\program files\MATLAB
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-29 15:06 . 2011-02-13 16:05	17408	----a-w-	c:\windows\system32\rpcnetp.exe
2011-03-29 15:06 . 2011-02-13 16:34	58288	----a-w-	c:\windows\system32\rpcnet.dll
2011-03-24 14:29 . 2011-02-13 16:06	17408	----a-w-	c:\windows\system32\rpcnetp.dll
2011-03-18 11:25 . 2011-02-13 17:51	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-11 07:22 . 2010-06-24 10:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-13 17:16 . 2011-02-13 17:16	39712	----a-w-	c:\windows\system32\drivers\psd.sys
2011-02-13 17:03 . 2011-02-13 17:07	252440	----a-w-	c:\windows\system32\PROUnstl.exe
2011-02-13 17:03 . 2009-06-03 16:39	61632	----a-w-	c:\windows\system32\NicInstY.dll
2011-02-13 17:03 . 2009-06-12 17:20	221912	----a-w-	c:\windows\system32\drivers\e1y6232.sys
2011-02-13 17:03 . 2009-05-26 09:05	28792	----a-w-	c:\windows\system32\NicCo36.dll
2011-02-13 17:03 . 2007-12-14 12:06	121440	----a-w-	c:\windows\system32\e1000msg.dll
2011-02-13 16:58 . 2011-02-13 16:58	230496	----a-w-	c:\windows\system32\PRONtObj.dll
2011-02-13 16:58 . 2011-02-13 16:58	111840	----a-w-	c:\windows\system32\drivers\iANSW60.sys
2011-02-13 16:34 . 2011-02-13 16:34	13160	----a-w-	c:\windows\system32\Upgrd.exe
2011-02-13 16:33 . 2011-02-13 16:34	58288	------w-	c:\windows\system32\rpcnet.exe
2011-02-03 05:45 . 2011-02-13 17:28	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 16:11 . 2011-02-13 16:29	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-02-02 16:10 . 2011-02-13 16:29	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD414E80-0F44-4797-B4AD-FFB74051D981}\mpengine.dll
2011-01-10 13:23 . 2011-02-13 17:51	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-01-07 07:31 . 2011-02-23 05:52	442880	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 05:52	288256	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-13 17:33	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-13 17:33	294400	----a-w-	c:\windows\system32\atmfd.dll
2011-01-05 05:37 . 2011-02-13 17:33	428032	----a-w-	c:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-13 17:33	2329088	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-03-14 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-15 7739936]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-04-14 217088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Vijay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Anleitung.exe [2011-3-14 365461]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-14 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-10 218688]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2011-02-13 39712]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-05-06 583360]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2011-02-13 221912]
.
.
.
------- Zusätzlicher Suchlauf -------
.
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
DPF: Deployer - hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn.ethz.ch/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Vijay\AppData\Roaming\Mozilla\Firefox\Profiles\hmy4df5k.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-Sins of a Solar Empire - c:\programdata\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}\setup.exe
AddRemove-{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41} - c:\programdata\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-03-30  00:44:26
ComboFix-quarantined-files.txt  2011-03-29 22:44
.
Vor Suchlauf: 9 Verzeichnis(se), 96'068'808'704 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 95'974'150'144 Bytes frei
.
- - End Of File - - 71DC26037A6905346988CE3C1D30808B

cosinus · 30.03.2011, 11:49

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

vijay · 30.03.2011, 12:51

Das tool sagt, dass keine infektion gefunden wurde:

TDSSkiller:

Code:

ATTFilter

2011/03/30 13:47:32.0171 5068	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/30 13:47:32.0171 5068	================================================================================
2011/03/30 13:47:32.0171 5068	SystemInfo:
2011/03/30 13:47:32.0171 5068	
2011/03/30 13:47:32.0171 5068	OS Version: 6.1.7600 ServicePack: 0.0
2011/03/30 13:47:32.0171 5068	Product type: Workstation
2011/03/30 13:47:32.0171 5068	ComputerName: VJ
2011/03/30 13:47:32.0171 5068	UserName: Vijay
2011/03/30 13:47:32.0171 5068	Windows directory: C:\Windows
2011/03/30 13:47:32.0171 5068	System windows directory: C:\Windows
2011/03/30 13:47:32.0171 5068	Processor architecture: Intel x86
2011/03/30 13:47:32.0171 5068	Number of processors: 2
2011/03/30 13:47:32.0171 5068	Page size: 0x1000
2011/03/30 13:47:32.0171 5068	Boot type: Normal boot
2011/03/30 13:47:32.0171 5068	================================================================================
2011/03/30 13:47:32.0436 5068	Initialize success
2011/03/30 13:47:37.0381 0732	================================================================================
2011/03/30 13:47:37.0381 0732	Scan started
2011/03/30 13:47:37.0381 0732	Mode: Manual; 
2011/03/30 13:47:37.0381 0732	================================================================================
2011/03/30 13:47:38.0660 0732	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/30 13:47:38.0707 0732	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/30 13:47:38.0769 0732	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/30 13:47:38.0832 0732	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/30 13:47:39.0003 0732	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/30 13:47:39.0081 0732	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/30 13:47:39.0159 0732	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/03/30 13:47:39.0347 0732	AgereSoftModem  (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/03/30 13:47:39.0471 0732	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/30 13:47:39.0534 0732	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/03/30 13:47:39.0690 0732	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/30 13:47:39.0799 0732	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/03/30 13:47:39.0893 0732	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/30 13:47:39.0955 0732	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/30 13:47:40.0033 0732	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/30 13:47:40.0080 0732	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/30 13:47:40.0173 0732	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/30 13:47:40.0283 0732	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/30 13:47:40.0423 0732	ApfiltrService  (d024bf7b3b76df9a5598b49fb0d17775) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/03/30 13:47:40.0517 0732	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/03/30 13:47:40.0610 0732	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/03/30 13:47:40.0641 0732	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/30 13:47:40.0704 0732	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/30 13:47:40.0953 0732	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/30 13:47:41.0078 0732	ATSwpWDF        (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
2011/03/30 13:47:41.0203 0732	avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/03/30 13:47:41.0281 0732	avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/03/30 13:47:41.0421 0732	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/03/30 13:47:41.0515 0732	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/30 13:47:41.0577 0732	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/03/30 13:47:41.0733 0732	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/30 13:47:41.0811 0732	bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/30 13:47:41.0874 0732	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/30 13:47:41.0921 0732	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/30 13:47:42.0030 0732	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/03/30 13:47:42.0123 0732	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/30 13:47:42.0201 0732	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/30 13:47:42.0295 0732	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/30 13:47:42.0420 0732	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/30 13:47:42.0654 0732	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/30 13:47:42.0732 0732	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/30 13:47:42.0810 0732	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/30 13:47:42.0919 0732	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/03/30 13:47:43.0044 0732	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/30 13:47:43.0122 0732	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/30 13:47:43.0200 0732	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/03/30 13:47:43.0293 0732	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/30 13:47:43.0403 0732	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/30 13:47:43.0465 0732	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/30 13:47:43.0574 0732	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/03/30 13:47:43.0746 0732	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/03/30 13:47:43.0824 0732	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/03/30 13:47:43.0917 0732	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/03/30 13:47:44.0120 0732	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/03/30 13:47:44.0229 0732	dtsoftbus01     (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/03/30 13:47:44.0510 0732	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/30 13:47:44.0651 0732	e1yexpress      (44a91d98d6719b49bcd649a863225b5c) C:\Windows\system32\DRIVERS\e1y6232.sys
2011/03/30 13:47:44.0978 0732	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/03/30 13:47:45.0181 0732	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/30 13:47:45.0275 0732	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/30 13:47:45.0353 0732	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/03/30 13:47:45.0399 0732	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/03/30 13:47:45.0509 0732	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/30 13:47:45.0587 0732	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/03/30 13:47:45.0805 0732	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/03/30 13:47:45.0867 0732	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/30 13:47:45.0930 0732	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/03/30 13:47:46.0039 0732	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/03/30 13:47:46.0086 0732	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/30 13:47:46.0195 0732	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/30 13:47:46.0257 0732	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/30 13:47:46.0382 0732	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/30 13:47:46.0476 0732	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/03/30 13:47:46.0523 0732	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/30 13:47:46.0632 0732	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/30 13:47:46.0710 0732	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/30 13:47:46.0757 0732	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/30 13:47:46.0850 0732	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/30 13:47:46.0944 0732	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/30 13:47:47.0022 0732	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/03/30 13:47:47.0240 0732	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/30 13:47:47.0349 0732	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/30 13:47:47.0443 0732	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/30 13:47:48.0441 0732	igfx            (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/30 13:47:48.0769 0732	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/30 13:47:49.0143 0732	IntcAzAudAddService (e846f87239c4a92b14a56f8b90b24383) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/30 13:47:49.0377 0732	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/30 13:47:49.0455 0732	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/30 13:47:49.0565 0732	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/30 13:47:49.0705 0732	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/30 13:47:49.0799 0732	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/03/30 13:47:49.0877 0732	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/03/30 13:47:49.0923 0732	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/30 13:47:49.0986 0732	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/30 13:47:50.0079 0732	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/30 13:47:50.0157 0732	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/30 13:47:50.0235 0732	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/30 13:47:50.0329 0732	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/30 13:47:50.0454 0732	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/30 13:47:50.0547 0732	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/30 13:47:50.0625 0732	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/30 13:47:50.0688 0732	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/30 13:47:50.0750 0732	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/30 13:47:50.0844 0732	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/03/30 13:47:50.0937 0732	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/30 13:47:51.0047 0732	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/30 13:47:51.0140 0732	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/03/30 13:47:51.0187 0732	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/30 13:47:51.0281 0732	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/30 13:47:51.0374 0732	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/30 13:47:51.0437 0732	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/03/30 13:47:51.0483 0732	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/30 13:47:51.0577 0732	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/30 13:47:51.0749 0732	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/03/30 13:47:51.0842 0732	mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/30 13:47:51.0967 0732	mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/30 13:47:52.0014 0732	mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/30 13:47:52.0092 0732	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/30 13:47:52.0279 0732	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/30 13:47:52.0482 0732	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/03/30 13:47:52.0575 0732	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/30 13:47:52.0685 0732	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/30 13:47:52.0809 0732	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/30 13:47:52.0965 0732	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/30 13:47:53.0075 0732	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/03/30 13:47:53.0231 0732	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/03/30 13:47:53.0433 0732	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/30 13:47:53.0543 0732	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/03/30 13:47:53.0730 0732	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/30 13:47:53.0792 0732	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/03/30 13:47:53.0886 0732	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/30 13:47:53.0964 0732	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/03/30 13:47:54.0057 0732	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/30 13:47:54.0120 0732	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/30 13:47:54.0229 0732	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/30 13:47:54.0276 0732	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/30 13:47:54.0323 0732	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/03/30 13:47:54.0401 0732	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/30 13:47:54.0479 0732	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/30 13:47:55.0383 0732	NETw5s32        (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
2011/03/30 13:47:56.0039 0732	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/03/30 13:47:56.0288 0732	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/30 13:47:56.0351 0732	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/03/30 13:47:56.0413 0732	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/30 13:47:56.0507 0732	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/03/30 13:47:56.0678 0732	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/03/30 13:47:56.0756 0732	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/30 13:47:56.0819 0732	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/30 13:47:56.0912 0732	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/30 13:47:57.0021 0732	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/30 13:47:57.0084 0732	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/03/30 13:47:57.0115 0732	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/03/30 13:47:57.0146 0732	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/30 13:47:57.0209 0732	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/03/30 13:47:57.0255 0732	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/30 13:47:57.0380 0732	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/30 13:47:57.0443 0732	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/03/30 13:47:57.0489 0732	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/03/30 13:47:57.0645 0732	PersonalSecureDrive (ce90b67ca2e16af5a71a5680f8287ca8) C:\Windows\System32\drivers\psd.sys
2011/03/30 13:47:57.0786 0732	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/30 13:47:57.0848 0732	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/03/30 13:47:57.0911 0732	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/30 13:47:58.0051 0732	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/30 13:47:58.0191 0732	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/30 13:47:58.0238 0732	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/30 13:47:58.0285 0732	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/30 13:47:58.0410 0732	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/30 13:47:58.0550 0732	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/30 13:47:58.0613 0732	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/30 13:47:58.0722 0732	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/30 13:47:58.0800 0732	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/30 13:47:58.0878 0732	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/30 13:47:58.0956 0732	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/30 13:47:59.0174 0732	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/03/30 13:47:59.0299 0732	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/30 13:47:59.0408 0732	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/30 13:47:59.0471 0732	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/03/30 13:47:59.0595 0732	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/03/30 13:47:59.0767 0732	rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/03/30 13:47:59.0876 0732	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/30 13:47:59.0970 0732	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/03/30 13:48:00.0079 0732	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/30 13:48:00.0188 0732	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/30 13:48:00.0360 0732	sdbus           (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/30 13:48:00.0469 0732	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/30 13:48:00.0563 0732	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/30 13:48:00.0641 0732	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/03/30 13:48:00.0687 0732	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/30 13:48:00.0953 0732	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/30 13:48:01.0062 0732	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/30 13:48:01.0124 0732	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/30 13:48:01.0202 0732	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/30 13:48:01.0343 0732	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/03/30 13:48:01.0608 0732	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/30 13:48:01.0733 0732	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/30 13:48:01.0951 0732	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/03/30 13:48:02.0060 0732	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/03/30 13:48:02.0247 0732	srv             (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/30 13:48:02.0357 0732	srv2            (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/30 13:48:02.0497 0732	srvnet          (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/30 13:48:02.0606 0732	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/03/30 13:48:02.0731 0732	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/30 13:48:02.0825 0732	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/03/30 13:48:02.0949 0732	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/03/30 13:48:03.0121 0732	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/30 13:48:03.0433 0732	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/03/30 13:48:03.0729 0732	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/30 13:48:03.0963 0732	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/30 13:48:04.0073 0732	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/03/30 13:48:04.0119 0732	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/03/30 13:48:04.0260 0732	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/30 13:48:04.0338 0732	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/30 13:48:04.0447 0732	TPM             (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
2011/03/30 13:48:04.0509 0732	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/30 13:48:04.0603 0732	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/30 13:48:04.0759 0732	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/30 13:48:04.0884 0732	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/30 13:48:04.0978 0732	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/30 13:48:05.0056 0732	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/30 13:48:05.0118 0732	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/30 13:48:05.0368 0732	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/30 13:48:05.0461 0732	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/30 13:48:05.0539 0732	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/30 13:48:05.0617 0732	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/30 13:48:05.0680 0732	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/30 13:48:05.0758 0732	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/30 13:48:05.0836 0732	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/30 13:48:05.0960 0732	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/30 13:48:06.0179 0732	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/30 13:48:06.0304 0732	usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/03/30 13:48:06.0382 0732	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/30 13:48:06.0475 0732	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/30 13:48:06.0553 0732	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/03/30 13:48:06.0600 0732	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/30 13:48:06.0678 0732	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/03/30 13:48:06.0787 0732	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/03/30 13:48:06.0928 0732	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/30 13:48:07.0021 0732	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/03/30 13:48:07.0068 0732	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/03/30 13:48:07.0146 0732	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/30 13:48:07.0286 0732	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/03/30 13:48:07.0349 0732	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/30 13:48:07.0442 0732	vpnva           (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys
2011/03/30 13:48:07.0552 0732	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/30 13:48:07.0630 0732	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/03/30 13:48:07.0692 0732	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/03/30 13:48:07.0786 0732	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/30 13:48:07.0895 0732	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/30 13:48:07.0910 0732	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/30 13:48:07.0973 0732	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/03/30 13:48:08.0004 0732	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/30 13:48:08.0160 0732	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/30 13:48:08.0222 0732	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/03/30 13:48:08.0300 0732	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/30 13:48:08.0363 0732	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/30 13:48:08.0472 0732	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/03/30 13:48:08.0550 0732	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/30 13:48:08.0628 0732	================================================================================
2011/03/30 13:48:08.0628 0732	Scan finished
2011/03/30 13:48:08.0628 0732	================================================================================

cosinus · 30.03.2011, 15:29

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

vijay · 31.03.2011, 17:35

So die probleme haben sich in der zwischenzeit etwas verändert, die popups sind nach den ersten schritten hier verschwunden, dafür wurde ich auf googel häufig auf werbeseiten weitergeleitet und heute wurde das system unter wildem rumspringen zwischen laufenden programmen runtergefahren.

hier die gewünschten logs:

gmer:

Code:

ATTFilter

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-31 18:20:16
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G1 rev.0040020C
Running: g2m3e4r.exe; Driver: C:\Users\Vijay\AppData\Local\Temp\pxldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                                        82C8D589 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                 82CB2092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE            peauth.sys                                                                                                                             A9F7102C 102 Bytes  CALL B5C9F8BB 

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!CreateWindowExW                                                        764B0E51 5 Bytes  JMP 6CF4818F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!DrawTextExW                                                            764B7BDD 5 Bytes  JMP 02CFC8DF 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!DrawTextW                                                              764B8220 5 Bytes  JMP 02CFC71B 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!SetClipboardData                                                       764C4979 5 Bytes  JMP 02CFC392 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!DrawTextA                                                              764CA482 5 Bytes  JMP 02CFC63F 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!DrawTextExA                                                            764CA4B9 5 Bytes  JMP 02CFC7F7 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!DialogBoxIndirectParamW                                                764D4AA7 5 Bytes  JMP 6D06FE68 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!DialogBoxParamW                                                        764D564A 5 Bytes  JMP 02CFB9F5 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!DialogBoxParamA                                                        764ECF6A 5 Bytes  JMP 6D06FE05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!DialogBoxIndirectParamA                                                764ED29C 5 Bytes  JMP 6D06FECB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!MessageBoxIndirectA                                                    764FE8C9 5 Bytes  JMP 6D06FD9A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!MessageBoxIndirectW                                                    764FE9C3 5 Bytes  JMP 6D06FD2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!MessageBoxExA                                                          764FEA29 5 Bytes  JMP 6D06FCCD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] USER32.dll!MessageBoxExW                                                          764FEA4D 5 Bytes  JMP 6D06FC6B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] GDI32.dll!ExtTextOutW                                                             76458053 5 Bytes  JMP 02CFCAAC 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] GDI32.dll!GetGlyphIndicesW                                                        7645B521 5 Bytes  JMP 02CFCF2D 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] GDI32.dll!ExtTextOutA                                                             76460158 5 Bytes  JMP 02CFC9C7 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] GDI32.dll!TextOutA                                                                76460878 5 Bytes  JMP 02CFC4A5 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] GDI32.dll!TextOutW                                                                764714B9 5 Bytes  JMP 02CFC572 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] GDI32.dll!GetGlyphIndicesA                                                        7647BC42 5 Bytes  JMP 02CFCE63 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!closesocket                                                            757B3BED 5 Bytes  JMP 02CFC304 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!recv                                                                   757B47DF 5 Bytes  JMP 02CFC093 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!GetAddrInfoW                                                           757B60F5 2 Bytes  JMP 02CFB696 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!GetAddrInfoW + 3                                                       757B60F8 2 Bytes  [54, 8D]
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!getaddrinfo                                                            757B6737 5 Bytes  JMP 02CFB5B6 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!WSASend                                                                757B68A7 5 Bytes  JMP 02CFC13D 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!WSARecv                                                                757BC29F 5 Bytes  JMP 02CFC20E 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!send                                                                   757BC4C8 5 Bytes  JMP 02CFBFED 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!WSAAsyncGetHostByName                                                  757C6D2A 5 Bytes  JMP 02CFB91A 
.text           C:\Program Files\Internet Explorer\iexplore.exe[892] ws2_32.DLL!gethostbyname                                                          757C7133 5 Bytes  JMP 02CFB4F9 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!CreateDialogParamW                                                    764A9BFF 5 Bytes  JMP 6CE9C570 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!EnableWindow                                                          764AA72E 5 Bytes  JMP 6CE9C4EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!GetAsyncKeyState                                                      764AC09A 5 Bytes  JMP 6CE5D6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!UnhookWindowsHookEx                                                   764ACC7B 5 Bytes  JMP 6CF583A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!CallNextHookEx                                                        764ACC8F 5 Bytes  JMP 6CF39D8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!CreateWindowExW                                                       764B0E51 5 Bytes  JMP 6CF4818F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!SetWindowsHookExW                                                     764B210A 5 Bytes  JMP 6CEF4643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!GetKeyState                                                           764B4FDA 5 Bytes  JMP 6CE9D762 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!IsDialogMessageW                                                      764B6F06 5 Bytes  JMP 6CE64284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!DrawTextExW                                                           764B7BDD 5 Bytes  JMP 01B0C8DF 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!DrawTextW                                                             764B8220 5 Bytes  JMP 01B0C71B 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!CreateDialogParamA                                                    764C3E79 5 Bytes  JMP 6D070A5E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!IsDialogMessage                                                       764C407A 5 Bytes  JMP 6D0702FF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!SetClipboardData                                                      764C4979 5 Bytes  JMP 01B0C392 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!CreateDialogIndirectParamA                                            764C9110 5 Bytes  JMP 6D070A95 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!DrawTextA                                                             764CA482 5 Bytes  JMP 01B0C63F 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!DrawTextExA                                                           764CA4B9 5 Bytes  JMP 01B0C7F7 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!CreateDialogIndirectParamW                                            764D08AD 5 Bytes  JMP 6D070ACC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!DialogBoxIndirectParamW                                               764D4AA7 5 Bytes  JMP 6D06FE68 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!EndDialog                                                             764D555C 5 Bytes  JMP 6CE65AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!DialogBoxParamW                                                       764D564A 5 Bytes  JMP 01B0B9F5 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!SetKeyboardState                                                      764D6B52 5 Bytes  JMP 6D070664 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!SendInput                                                             764D7055 5 Bytes  JMP 6D071228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!SetCursorPos                                                          764EC1D8 5 Bytes  JMP 6D071280 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!DialogBoxParamA                                                       764ECF6A 5 Bytes  JMP 6D06FE05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!DialogBoxIndirectParamA                                               764ED29C 5 Bytes  JMP 6D06FECB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!MessageBoxIndirectA                                                   764FE8C9 5 Bytes  JMP 6D06FD9A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!MessageBoxIndirectW                                                   764FE9C3 5 Bytes  JMP 6D06FD2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!MessageBoxExA                                                         764FEA29 5 Bytes  JMP 6D06FCCD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!MessageBoxExW                                                         764FEA4D 5 Bytes  JMP 6D06FC6B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] USER32.dll!keybd_event                                                           764FEC9B 5 Bytes  JMP 6D0715B3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] GDI32.dll!ExtTextOutW                                                            76458053 5 Bytes  JMP 01B0CAAC 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] GDI32.dll!GetGlyphIndicesW                                                       7645B521 5 Bytes  JMP 01B0CF2D 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] GDI32.dll!ExtTextOutA                                                            76460158 5 Bytes  JMP 01B0C9C7 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] GDI32.dll!TextOutA                                                               76460878 5 Bytes  JMP 01B0C4A5 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] GDI32.dll!TextOutW                                                               764714B9 5 Bytes  JMP 01B0C572 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] GDI32.dll!GetGlyphIndicesA                                                       7647BC42 5 Bytes  JMP 01B0CE63 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] SHELL32.dll!SHChangeNotification_Lock + 45BA                                     7660B440 4 Bytes  [11, 36, 39, 6E]
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] SHELL32.dll!SHChangeNotification_Lock + 45C2                                     7660B448 8 Bytes  [5F, 35, 39, 6E, D0, 73, 38, ...]
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] ole32.dll!OleLoadFromStream                                                      76155BF6 5 Bytes  JMP 6D0701BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] ole32.dll!CoCreateInstance                                                       761A590C 5 Bytes  JMP 6CF48C7D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!closesocket                                                           757B3BED 5 Bytes  JMP 01B0C304 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!recv                                                                  757B47DF 5 Bytes  JMP 01B0C093 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!GetAddrInfoW                                                          757B60F5 2 Bytes  JMP 01B0B696 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!GetAddrInfoW + 3                                                      757B60F8 2 Bytes  [35, 8C]
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!getaddrinfo                                                           757B6737 5 Bytes  JMP 01B0B5B6 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!WSASend                                                               757B68A7 5 Bytes  JMP 01B0C13D 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!WSARecv                                                               757BC29F 5 Bytes  JMP 01B0C20E 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!send                                                                  757BC4C8 5 Bytes  JMP 01B0BFED 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!WSAAsyncGetHostByName                                                 757C6D2A 5 Bytes  JMP 01B0B91A 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5112] WS2_32.dll!gethostbyname                                                         757C7133 5 Bytes  JMP 01B0B4F9 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\system32\rpcnet.exe[612] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                      [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rpcnet.exe[612] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                     [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rpcnet.exe[612] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                   [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rpcnet.exe[612] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                    [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rpcnet.exe[612] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                                    [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rpcnet.exe[612] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                                    [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1476] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                  [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1476] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                   [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1476] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                 [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1476] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1476] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                                 [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1476] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                                 [75265E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                        [73982494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                   [73965624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                  [739656E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                         [7398250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                               [73978573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                 [73974D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                [739750CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                               [739751A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                                      [739766D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                [739782CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                           [73978819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                         [7397907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                               [7397E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1960] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                   [73974C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                 [6E379F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW]                      [6E383932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                   [6E381ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                   [6E37C028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW]             [6E383B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose]                        [6E38595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW]                    [6E3847A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW]                   [6E384EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA]                   [6E381D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW]         [6E37F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                   [6E379F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                     [6E381BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW]                      [6E3806BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW]       [6E37FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                    [6E381ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                      [6E381A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW]                         [6E380043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW]                       [6E380CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW]                       [6E383932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                      [6E381BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                    [6E379F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW]                       [6E3806BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                    [6E381BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW]                     [6E380CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW]                    [6E382ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA]        [6E37F1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW]        [6E37F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW]      [6E37FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                    [6E381A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                  [6E381ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW]                  [6E384EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW]                   [6E3847A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW]              [6E37DF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW]                     [6E3806BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW]                     [6E383932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW]              [6E37DCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA]              [6E37DE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA]                     [6E380571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                  [6E379F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]                  [6E381D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA]              [6E37DBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA]                     [6E3841F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose]                       [6E38595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA]                   [6E384735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA]                  [6E384B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA]                      [6E38823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW]                 [6E3889C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW]                       [6E388584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW]                  [6E387E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW]            [6E388CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W]                [6E3890D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW]                     [6E387C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA]                     [6E388D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW]                 [6E387F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW]           [6E38794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW]               [6E387D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW]                    [6E388898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW]              [6E3886C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW]                  [6E388760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW]               [6E387EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW]               [6E389B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW]                  [6E38958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA]                  [6E3899D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW]            [6E388026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA]                 [6E387F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA]                   [6E387AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW]                    [6E3897FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW]                [6E387BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW]                    [6E389C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW]                 [6E3898B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW]                   [6E3877ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW]             [6E3896FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW]                  [6E3881EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW]               [6E3880BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW]                      [6E388286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW]                     [6E388D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW]                  [6E387DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW]                     [6E388F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW]                   [6E38892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW]                  [6E389A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW]                  [6E3892E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW]                      [6E389E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW]                   [6E388E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW]                   [6E387B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW]                      [6E389029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW]                [6E38789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW]                       [6E3883BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW]            [6E38861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW]          [6E388A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW]                 [6E388454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW]            [6E3884EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW]                   [6E389974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW]                     [6E388EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile]               [6E37D9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu]                    [02A89DB2] C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitcth/Orbitdownloader.com)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW]                        [6E380F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW]                          [6E381904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW]              [6E38141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                    [6E381A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW]                 [6E3809C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW]      [6E37FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW]     [6E37F834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW]  [6E37F084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW]                     [6E3827FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                    [6E381BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW]        [6E37F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW]           [6E37EB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA]               [6E37E563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW]                    [6E382ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW]                       [6E3827DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW]                  [6E37E901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW]                       [6E380043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW]       [6E37EE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                      [6E381BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                      [6E381A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW]                   [6E389974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA]                   [6E389916] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA]          [6E388A0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA]                     [6E388D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW]                   [6E388E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW]               [6E387D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA]                      [6E388FCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA]                      [6E389E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW]                      [6E389029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW]                      [6E389E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW]                     [6E387C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                  [6E379F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                  [6E379F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[5112] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress]                  [6E379F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004c                                                                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

osam:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:29:31 on 31.03.2011

OS: Windows 7  (Build 7600), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"IfxSpMgt.cpl" - "Infineon Technologies AG" - C:\Program Files\Infineon\Security Platform Software\IfxSpMgt.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Vijay\AppData\Local\Temp\catchme.sys  (File not found)
"pxldypow" (pxldypow) - ? - C:\Users\Vijay\AppData\Local\Temp\pxldypow.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{E08BF9C5-191E-4B15-8F67-2622B4DB5580} "PSDShCtrl Class" - "Infineon Technologies AG" - C:\Program Files\Infineon\Security Platform Software\PSDShExt.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "Snagit" - "TechSmith Corporation" - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
{CF74B903-3389-469c-B3B6-0204D204FCBD} "SnagItShellExt Class" - "TechSmith Corporation" - C:\Program Files\TechSmith\Snagit 10\SnagitShellExt.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{55963676-2F5E-4BAF-AC28-CF26AA587566} "Cisco AnyConnect VPN Client Web Control" - "Cisco Systems, Inc." - C:\Windows\system32\vpnweb.ocx / https://sslvpn.ethz.ch/CACHE/stc/1/binaries/vpnweb.cab
Deployer "Deployer" - ? -   (File not found | COM-object registry key not found) / hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10m.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} "Snagit" - "TechSmith Corporation" - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Program Files\Orbitdownloader\orbitcth.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{00C6482D-C502-44C8-8409-FCE54AD9C208} "SnagIt Toolbar Loader" - "TechSmith Corporation" - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Vijay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"ERUNT AutoBackup.lnk" - ? - C:\Program Files\ERUNT\AUTOBACK.EXE  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Anleitung.exe" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"RegistryBooster" - "Uniblue Systems Limited" - "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"CutePDF Writer Monitor" - ? - C:\Windows\system32\cpwmon2k.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Personal Secure Drive-Dienst" (PersonalSecureDriveService) - "Infineon Technologies AG" - C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe
"Remote Procedure Call (RPC) Net" (rpcnet) - "Absolute Software Corp." - C:\Windows\system32\rpcnet.exe
"Security Platform Management Service" (IFXSpMgtSrv) - ? - C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe  (File not found)
"Trusted Platform Core Service" (IFXTCS) - "Infineon Technologies AG" - C:\Program Files\Infineon\Security Platform Software\ifxtcs.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRCheck:

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Professional
Windows Information:		 (build 7600), 32-bit
Base Board Manufacturer:	TOSHIBA
BIOS Manufacturer:		TOSHIBA
System Manufacturer:		TOSHIBA
System Product Name:		TECRA A10
Logical Drives Mask:		0x0000005c

Kernel Drivers (total 165):
  0x82C4A000 \SystemRoot\system32\ntkrnlpa.exe
  0x82C13000 \SystemRoot\system32\halmacpi.dll
  0x80BB5000 \SystemRoot\system32\kdcom.dll
  0x83202000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8327A000 \SystemRoot\system32\PSHED.dll
  0x8328B000 \SystemRoot\system32\BOOTVID.dll
  0x83293000 \SystemRoot\system32\CLFS.SYS
  0x832D5000 \SystemRoot\system32\CI.dll
  0x83380000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x833F1000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8AA2F000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x8AA77000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x8AA80000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x8AA88000 \SystemRoot\system32\DRIVERS\pci.sys
  0x8AAB2000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x8AABD000 \SystemRoot\System32\drivers\partmgr.sys
  0x8AACE000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8AAD6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8AAE1000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x8AAF1000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8AB3C000 \SystemRoot\system32\DRIVERS\pcmcia.sys
  0x8AB6A000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8AB80000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x8AB89000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x8ABAC000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x8ABB6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x8ABC4000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x8AC1D000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8AC51000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8AC62000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8AD91000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8ADBC000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8AE0F000 \SystemRoot\System32\Drivers\cng.sys
  0x8AE6C000 \SystemRoot\System32\drivers\pcw.sys
  0x8AE7A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8AE83000 \SystemRoot\system32\drivers\ndis.sys
  0x8AF3A000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8AF78000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8B00D000 \SystemRoot\System32\drivers\tcpip.sys
  0x8B156000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8B187000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x8B190000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8B1CF000 \SystemRoot\System32\Drivers\spldr.sys
  0x8AF9D000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8B1D7000 \SystemRoot\System32\Drivers\mup.sys
  0x8B1E7000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8AFCA000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8B1EF000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8ADCF000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8AC11000 \SystemRoot\System32\drivers\psd.sys
  0x8ABCD000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8ABEC000 \SystemRoot\System32\Drivers\Null.SYS
  0x8ABF3000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8AA00000 \SystemRoot\System32\drivers\vga.sys
  0x8AA0C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8FC1A000 \SystemRoot\System32\drivers\watchdog.sys
  0x8FC27000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8FC2F000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8FC37000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x8FC3F000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8FC4A000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8FC58000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8FC6F000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8FC7A000 \SystemRoot\system32\drivers\afd.sys
  0x8FCD4000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8FD06000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x8FD0D000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8FD2C000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x8FD3D000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8FD4B000 \SystemRoot\system32\DRIVERS\serial.sys
  0x8FD65000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
  0x8FDA0000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8FDB3000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8FDC3000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x92836000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x92877000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x92881000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x9288B000 \SystemRoot\System32\drivers\discache.sys
  0x92897000 \SystemRoot\system32\drivers\csc.sys
  0x928FB000 \SystemRoot\System32\Drivers\dfsc.sys
  0x92913000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x92921000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x92947000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x92C37000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x9363A000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x936F1000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x9372A000 \SystemRoot\system32\DRIVERS\e1y6232.sys
  0x93764000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x9376F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x937BA000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x937C9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x93E15000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
  0x94491000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x9449B000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x944C7000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0x944E0000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
  0x94531000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x94549000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x94556000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x9458C000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x94599000 \SystemRoot\system32\drivers\tpm.sys
  0x945A5000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x945AF000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x945B3000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x945C5000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x945D2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x945E4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x93E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x93600000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x93622000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x937E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x93554000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x93E0B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x945FC000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x9356B000 \SystemRoot\system32\DRIVERS\ks.sys
  0x9359F000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x935AD000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x92C00000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x94827000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x94ACB000 \SystemRoot\system32\drivers\portcls.sys
  0x94AFA000 \SystemRoot\system32\drivers\drmk.sys
  0x94C14000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0x94D1A000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x94D1C000 \SystemRoot\system32\drivers\modem.sys
  0x94D29000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x94D40000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x94D64000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x94D71000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x94D7C000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x94D86000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x94B13000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
  0x95D00000 \SystemRoot\System32\win32k.sys
  0x94D97000 \SystemRoot\System32\drivers\Dxapi.sys
  0x94DA1000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x94DAC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x94DBF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x94DC6000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x95F60000 \SystemRoot\System32\TSDDD.dll
  0x95F90000 \SystemRoot\System32\cdd.dll
  0x94DDC000 \SystemRoot\system32\drivers\luafv.sys
  0x94BB0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x94BC5000 \SystemRoot\system32\drivers\WudfPf.sys
  0x94C00000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x92968000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x94BDF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x94800000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA9E3C000 \SystemRoot\system32\drivers\HTTP.sys
  0xA9EC1000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA9EDA000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA9EEC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA9F0F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA9F4A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA9F65000 \SystemRoot\system32\drivers\peauth.sys
  0xA9E00000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA9E0A000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA9E2B000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x929AE000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xAE00D000 \SystemRoot\System32\DRIVERS\srv.sys
  0xAE0C8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0xAE122000 \SystemRoot\system32\DRIVERS\monitor.sys
  0xAE12D000 \??\C:\Users\Vijay\AppData\Local\Temp\pxldypow.sys
  0x771C0000 \Windows\System32\ntdll.dll
  0x47B30000 \Windows\System32\smss.exe
  0x77400000 \Windows\System32\apisetschema.dll
  0x000C0000 \Windows\System32\autochk.exe

Processes (total 73):
       0 System Idle Process
       4 System
     224 C:\Windows\System32\smss.exe
     368 csrss.exe
     408 C:\Windows\System32\wininit.exe
     416 csrss.exe
     464 C:\Windows\System32\services.exe
     480 C:\Windows\System32\lsass.exe
     488 C:\Windows\System32\lsm.exe
     596 C:\Windows\System32\svchost.exe
     680 C:\Windows\System32\svchost.exe
     732 C:\Windows\System32\svchost.exe
     780 C:\Windows\System32\svchost.exe
     820 C:\Windows\System32\svchost.exe
     952 C:\Windows\System32\winlogon.exe
     992 C:\Windows\System32\svchost.exe
    1140 C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    1168 C:\Windows\System32\svchost.exe
    1360 C:\Windows\System32\spoolsv.exe
    1372 C:\Windows\System32\taskeng.exe
    1404 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1428 C:\Windows\System32\svchost.exe
    1476 C:\Windows\System32\rundll32.exe
    1560 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1640 C:\Windows\System32\svchost.exe
    1692 C:\Windows\System32\taskhost.exe
    1748 C:\Windows\System32\dwm.exe
    1780 C:\Windows\System32\taskeng.exe
    1824 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1852 C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
    1860 C:\Program Files\Infineon\Security Platform Software\IFXTCS.exe
    1960 C:\Windows\explorer.exe
    1992 C:\Windows\System32\conhost.exe
     348 C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe
     612 C:\Windows\System32\rpcnet.exe
    1040 C:\Windows\System32\svchost.exe
    2028 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2112 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2432 C:\Windows\System32\igfxtray.exe
    2440 C:\Windows\System32\hkcmd.exe
    2448 C:\Windows\System32\igfxpers.exe
    2468 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2552 C:\Program Files\Apoint2K\Apoint.exe
    2572 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2688 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2696 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    2744 C:\Program Files\Skype\Phone\Skype.exe
    2752 C:\Program Files\DAEMON Tools Lite\DTLite.exe
    2780 C:\Program Files\Windows Sidebar\sidebar.exe
    2848 C:\Windows\System32\StikyNot.exe
    3372 C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
    3464 C:\Windows\System32\SearchIndexer.exe
    3664 C:\Windows\System32\svchost.exe
    2640 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    2828 C:\Program Files\Apoint2K\ApMsgFwd.exe
    2604 C:\Program Files\Apoint2K\ApntEx.exe
    4004 C:\Windows\System32\conhost.exe
    3520 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4276 C:\Windows\System32\svchost.exe
    5320 dllhost.exe
    5804 C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe
     892 C:\Program Files\Internet Explorer\iexplore.exe
    5112 C:\Program Files\Internet Explorer\iexplore.exe
    6096 C:\Program Files\Orbitdownloader\orbitdm.exe
    5644 C:\Program Files\Orbitdownloader\orbitnet.exe
    4612 C:\Program Files\Internet Explorer\iexplore.exe
    2528 C:\Windows\System32\SearchProtocolHost.exe
    5508

cosinus · 31.03.2011, 17:51

Das von MBRCheck ist unvollständig.

vijay · 01.04.2011, 10:41

MBRCheck:

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Professional
Windows Information:		 (build 7600), 32-bit
Base Board Manufacturer:	TOSHIBA
BIOS Manufacturer:		TOSHIBA
System Manufacturer:		TOSHIBA
System Product Name:		TECRA A10
Logical Drives Mask:		0x0000005c

Kernel Drivers (total 165):
  0x82C01000 \SystemRoot\system32\ntkrnlpa.exe
  0x83011000 \SystemRoot\system32\halmacpi.dll
  0x80BA1000 \SystemRoot\system32\kdcom.dll
  0x83231000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x832A9000 \SystemRoot\system32\PSHED.dll
  0x832BA000 \SystemRoot\system32\BOOTVID.dll
  0x832C2000 \SystemRoot\system32\CLFS.SYS
  0x83304000 \SystemRoot\system32\CI.dll
  0x8AA0F000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8AA80000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8AA8E000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x8AAD6000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x8AADF000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x8AAE7000 \SystemRoot\system32\DRIVERS\pci.sys
  0x8AB11000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x8AB1C000 \SystemRoot\System32\drivers\partmgr.sys
  0x8AB2D000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8AB35000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8AB40000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x8AB50000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8AB9B000 \SystemRoot\system32\DRIVERS\pcmcia.sys
  0x8ABC9000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8ABDF000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x833AF000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x8ABE8000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x8ABF2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x8AA00000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x8AC3C000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8AC70000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8AC81000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8ADB0000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8ADDB000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8AE29000 \SystemRoot\System32\Drivers\cng.sys
  0x8AE86000 \SystemRoot\System32\drivers\pcw.sys
  0x8AE94000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8AE9D000 \SystemRoot\system32\drivers\ndis.sys
  0x8AF54000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8AF92000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8B019000 \SystemRoot\System32\drivers\tcpip.sys
  0x8B162000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8B193000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x8B19C000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8B1DB000 \SystemRoot\System32\Drivers\spldr.sys
  0x8AFB7000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8B1E3000 \SystemRoot\System32\Drivers\mup.sys
  0x8B1F3000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8AC00000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8B000000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8AE00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x833D2000 \SystemRoot\System32\drivers\psd.sys
  0x833DB000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8B011000 \SystemRoot\System32\Drivers\Null.SYS
  0x83200000 \SystemRoot\System32\Drivers\Beep.SYS
  0x83207000 \SystemRoot\System32\drivers\vga.sys
  0x8FE0B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8FE2C000 \SystemRoot\System32\drivers\watchdog.sys
  0x8FE39000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8FE41000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8FE49000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x8FE51000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8FE5C000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8FE6A000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8FE81000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8FE8C000 \SystemRoot\system32\drivers\afd.sys
  0x8FEE6000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8FF18000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x8FF1F000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8FF3E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x8FF4F000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8FF5D000 \SystemRoot\system32\DRIVERS\serial.sys
  0x8FF77000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
  0x8FFB2000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8FFC5000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8FFD5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x92821000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x92862000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x9286C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x92876000 \SystemRoot\System32\drivers\discache.sys
  0x92882000 \SystemRoot\system32\drivers\csc.sys
  0x928E6000 \SystemRoot\System32\Drivers\dfsc.sys
  0x928FE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x9290C000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x92932000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x92E1A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x93737000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x92953000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x9298C000 \SystemRoot\system32\DRIVERS\e1y6232.sys
  0x937EE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x92C1E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x92C69000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x92C78000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x93C14000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
  0x94290000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x9429A000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x942C6000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0x942DF000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
  0x94330000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x94348000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x94355000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
  0x9438B000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x94398000 \SystemRoot\system32\drivers\tpm.sys
  0x943A4000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x943AE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x943B2000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x943C4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x943D1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x943E3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x93C00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x92C97000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x92CB9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x92CD1000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x92CE8000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x92CFF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x93C0B000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x92D09000 \SystemRoot\system32\DRIVERS\ks.sys
  0x92D3D000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x92D4B000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x92D8F000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x94820000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x94AC4000 \SystemRoot\system32\drivers\portcls.sys
  0x94AF3000 \SystemRoot\system32\drivers\drmk.sys
  0x9442D000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0x94533000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x94535000 \SystemRoot\system32\drivers\modem.sys
  0x94542000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x94559000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x94B0C000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
  0x96180000 \SystemRoot\System32\win32k.sys
  0x9457D000 \SystemRoot\System32\drivers\Dxapi.sys
  0x94587000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x94594000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x9459F000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x945A9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x945BA000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x945C5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x945D8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x945DF000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x945EA000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x963E0000 \SystemRoot\System32\TSDDD.dll
  0x96020000 \SystemRoot\System32\cdd.dll
  0x94400000 \SystemRoot\system32\drivers\luafv.sys
  0x94BA9000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x94BBE000 \SystemRoot\system32\drivers\WudfPf.sys
  0x9441B000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x92DA0000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x94BD8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x94BE8000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xAA224000 \SystemRoot\system32\drivers\HTTP.sys
  0xAA2A9000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xAA2C2000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xAA2D4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xAA2F7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xAA332000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xAA365000 \SystemRoot\system32\drivers\peauth.sys
  0xAA200000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x929C6000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xAA20A000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xAEE3D000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xAEE8C000 \SystemRoot\System32\DRIVERS\srv.sys
  0xAEEDD000 \SystemRoot\system32\drivers\spsys.sys
  0xAEF47000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x770E0000 \Windows\System32\ntdll.dll
  0x477D0000 \Windows\System32\smss.exe
  0x77320000 \Windows\System32\apisetschema.dll
  0x00DF0000 \Windows\System32\autochk.exe

Processes (total 71):
       0 System Idle Process
       4 System
     224 C:\Windows\System32\smss.exe
     368 csrss.exe
     408 C:\Windows\System32\wininit.exe
     420 csrss.exe
     468 C:\Windows\System32\services.exe
     480 C:\Windows\System32\lsass.exe
     488 C:\Windows\System32\lsm.exe
     596 C:\Windows\System32\svchost.exe
     680 C:\Windows\System32\svchost.exe
     732 C:\Windows\System32\svchost.exe
     780 C:\Windows\System32\svchost.exe
     804 C:\Windows\System32\svchost.exe
     876 C:\Windows\System32\audiodg.exe
     944 C:\Windows\System32\svchost.exe
     972 C:\Windows\System32\winlogon.exe
    1144 C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    1168 C:\Windows\System32\svchost.exe
    1364 C:\Windows\System32\spoolsv.exe
    1372 C:\Windows\System32\taskeng.exe
    1408 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1428 C:\Windows\System32\svchost.exe
    1484 C:\Windows\System32\rundll32.exe
    1556 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1600 C:\Windows\System32\svchost.exe
    1624 C:\Program Files\Infineon\Security Platform Software\IFXTCS.exe
    1688 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1712 C:\Windows\System32\taskhost.exe
    1800 C:\Windows\System32\dwm.exe
    1836 C:\Windows\explorer.exe
    1844 C:\Windows\System32\conhost.exe
    1884 C:\Windows\System32\taskeng.exe
    1936 C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
     364 C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe
     540 C:\Windows\System32\rpcnet.exe
    1320 C:\Windows\System32\svchost.exe
    2040 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2312 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2500 C:\Windows\System32\igfxtray.exe
    2516 C:\Windows\System32\hkcmd.exe
    2528 C:\Windows\System32\igfxpers.exe
    2536 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2544 C:\Program Files\Apoint2K\Apoint.exe
    2556 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2584 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2628 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    2812 C:\Program Files\Skype\Phone\Skype.exe
    2820 C:\Program Files\DAEMON Tools Lite\DTLite.exe
    2828 C:\Program Files\Windows Sidebar\sidebar.exe
    2904 C:\Windows\System32\StikyNot.exe
    3264 C:\Windows\System32\SearchIndexer.exe
    3548 C:\Windows\System32\svchost.exe
    3884 C:\Program Files\Apoint2K\ApMsgFwd.exe
    3928 C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
    3940 C:\Program Files\Apoint2K\ApntEx.exe
    3972 C:\Windows\System32\conhost.exe
    2124 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2432 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    3892 C:\Program Files\Internet Explorer\iexplore.exe
    1244 C:\Windows\System32\SearchProtocolHost.exe
    3812 C:\Windows\System32\SearchFilterHost.exe
    2352 C:\Windows\System32\svchost.exe
    4512 C:\Program Files\Internet Explorer\iexplore.exe
    4528 WmiPrvSE.exe
    4704 C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe
    4936 dllhost.exe
    5980 C:\Windows\System32\sppsvc.exe
    2344 C:\Users\Vijay\Desktop\MBRCheck.exe
    3688 C:\Windows\System32\conhost.exe
    5024 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000025`a0b00000

PhysicalDrive0 Model Number: FUJITSUMHZ2320BHG1, Rev: 0040020C

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

25.03.2011, 15:27	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Ständige Werbe pop-ups bei IE8 Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ __________________

30.03.2011, 11:49	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Ständige Werbe pop-ups bei IE8 Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html __________________ Logfiles bitte immer in CODE-Tags posten

31.03.2011, 17:51	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Ständige Werbe pop-ups bei IE8 Das von MBRCheck ist unvollständig. __________________ Logfiles bitte immer in CODE-Tags posten

Ständige Werbe pop-ups bei IE8

Log-Analyse und Auswertung: Ständige Werbe pop-ups bei IE8