|  | 
| 
 | |||||||
| Log-Analyse und Auswertung: Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. | 
|  | 
|  30.03.2011, 00:07 | #1 | 
|  |   Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Hallo, ich habe seit einigen Tagen ein Problem mit den oben genannten Schädlingen. Es fing an, als ich eine Website besuchte & kurz danach mein Browser (Firefox) abstürzte. Habe mir nichts dabei gedacht, da er desöfteren mal abstürzt. Am nächsten Tag als ich den PC anmachte, kamen dann zum ersten mal Meldungen von AntiVir, dass sowohl Ramnit.C und HTML/Drop.Agent.AB gefunden wurden. Als ich die Meldung entweder mit "Löschen" oder "Zugriff verweigern" schloss, kamen direkt 2 Neue. Es waren immer nur HTML-Dateien. Der Ordner war immer "Temporary Internet Files" in C://Users/***/AppData/blablabla.. Hier war jedoch nichts, darauf entdeckte ich den versteckten Ordner "content.IE5". Google-Recherchen haben ergeben dass dieser Ordner unbedenklich geleert werden kann. Dies habe ich getan und es war Ruhe. Später am selben Tag kamen die Meldungen wieder, diesmal aus einem anderen "Temp" Ordner (ebenfalls ein "Temp. Internet Files" Unterordner war dort drin). Nachdem ich diesen auch geleert habe war wieder Ruhe. Heute morgen kamen erneut Meldungen, jedoch von einer .EXE Datei in einem weiteren Temp-Ordner. Nachdem ich diese löschte war Ruhe bis jetzt. Alle Funde waren immer in Unterordnern des Verzeichnisses C://Users/***/AppData, nie außerhalb von diesem Verzeichnis. Ich hoffe ich habe es verständlich genug erklärt, auch wenn es ein wenig verwirrend klingt. Nun würde ich gerne wissen, ob mein System infiziert ist und ich irgendetwas Bösartiges auf dem Rechner habe oder ob ich die vereinzelten Dateien schnell genug entsorgt habe ohne dass sich etwas groß ausgeweitet habe, falls das überhaupt möglich ist. Mir ist nämlich durchaus klar, dass es nicht unbedingt heißt dass es weg ist, nur weil die Anzeichen und Meldungen dafür weg sind. Ich habe nun mal die benötigten Scans gemacht und würde mich freuen wenn jemand sich das mal angucken konnte, ob sich da was eingenistet hat. Windows 7 läuft ca seit einem halben Jahr und habe seitdem noch keine Scans oder so durchgeführt, hatte aber auch noch nie Probleme. Schon einmal vielen Dank im Vorraus! Otl.txt Code: 
  ATTFilter OTL logfile created on: 29.03.2011 23:52:01 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\*****\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 71,00 Mb Available Physical Memory | 14,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 76,69 Gb Total Space | 8,66 Gb Free Space | 11,30% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.03.29 23:42:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe PRC - [2011.03.23 20:38:32 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.09.23 19:14:29 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.09.23 19:14:29 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2007.04.19 16:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe ========== Modules (SafeList) ========== MOD - [2011.03.29 23:42:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe MOD - [2010.12.18 07:29:18 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll ========== Win32 Services (SafeList) ========== SRV - [2011.03.04 00:06:52 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.09.23 19:14:29 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.09.23 19:14:29 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.04.19 16:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device) ========== Driver Services (SafeList) ========== DRV - [2010.10.03 15:54:15 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.12.07 23:07:06 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.09.23 19:14:29 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam) DRV - [2007.06.25 11:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM) DRV - [2006.11.08 04:09:00 | 000,077,772 | R--- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rockusb.sys -- (rockusb) DRV - [2006.11.02 01:36:42 | 001,523,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.09.28 14:10:52 | 000,011,648 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gggen.sys -- (gggen) DRV - [2003.10.15 17:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 7D A3 40 C0 E8 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009 FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009.10.28 20:51:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.23 20:38:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.23 20:38:38 | 000,000,000 | ---D | M] [2009.08.24 00:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2011.03.29 19:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions [2009.12.28 02:35:46 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2011.01.06 18:55:08 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2011.01.11 13:44:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.02.10 19:41:25 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2011.01.06 18:55:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.07.05 21:19:21 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2011.02.10 19:43:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.02.10 19:42:28 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\firebug@software.joehewitt.com [2011.02.10 19:43:05 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\foxyproxy@eric.h.jung [2010.10.31 16:39:39 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\nasanightlaunch@example.com [2010.10.31 16:39:49 | 000,000,000 | ---D | M] (Personas) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\personas@christopher.beard [2010.10.24 18:57:25 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\vshare@toolbar [2009.10.28 20:59:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.08.26 00:08:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2010.06.27 13:31:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.27 13:31:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.27 13:31:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.27 13:31:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.27 13:31:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.10 22:44:49 | 000,001,190 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 images.alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 mermaidconsulting.dk # alcohol 120% O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Programme\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk - C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe - (Philips) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Lexmark 1200 Series - hkey= - key= - File not found MsConfig - StartUpReg: NapsterShell - hkey= - key= - File not found MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Valve\Steam\Steam.exe (Valve Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "startup" - 2 ========== Files/Folders - Created Within 30 Days ========== [2011.03.29 23:50:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.03.29 23:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.03.29 23:50:06 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.03.29 23:41:36 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\*****\Desktop\Erunt-setup.exe [2011.03.29 23:41:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2011.03.29 23:41:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\TFC.exe [2011.03.28 02:59:10 | 000,000,000 | ---D | C] -- C:\Users\*****\kskkabxn [2011.03.27 22:25:04 | 002,066,439 | ---- | C] (murb.com ) -- C:\Users\*****\Desktop\ICQ Status Checker 1.7 Setup.exe [2011.03.15 18:35:48 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\iphone-bilder [2011.03.06 18:52:53 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Silla - Sillainstinkt (2011) [2011.03.02 17:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES [2011.03.02 17:20:57 | 000,000,000 | ---D | C] -- C:\Programme\EA GAMES [2010.03.12 04:47:48 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll [2010.03.12 04:47:48 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll [2010.03.12 04:47:48 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll [2010.03.12 04:47:48 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll [2010.03.12 04:47:48 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll [2010.03.12 04:47:48 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll [2010.03.12 04:47:48 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll [2010.03.12 04:47:48 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll [2010.03.12 04:47:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll [2010.03.12 04:47:47 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll [2010.03.12 04:47:47 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll [2010.03.12 04:47:47 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe [2010.03.12 04:47:47 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll [2010.03.12 04:47:47 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe [2010.03.12 04:47:47 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe ========== Files - Modified Within 30 Days ========== [2011.03.29 23:50:08 | 000,000,894 | ---- | M] () -- C:\Users\*****\Desktop\NTREGOPT.lnk [2011.03.29 23:50:08 | 000,000,875 | ---- | M] () -- C:\Users\*****\Desktop\ERUNT.lnk [2011.03.29 23:42:47 | 000,301,568 | ---- | M] () -- C:\Users\*****\Desktop\g2m3e4r.exe [2011.03.29 23:42:36 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\*****\Desktop\Erunt-setup.exe [2011.03.29 23:42:14 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\TFC.exe [2011.03.29 23:42:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2011.03.29 23:37:43 | 000,377,280 | ---- | M] () -- C:\Users\*****\Desktop\Load.exe [2011.03.29 23:08:08 | 000,019,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.29 23:08:08 | 000,019,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.29 22:57:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.29 22:57:22 | 402,104,320 | -HS- | M] () -- C:\hiberfil.sys [2011.03.28 16:19:14 | 000,648,466 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.28 16:19:14 | 000,611,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.28 16:19:14 | 000,128,724 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.28 16:19:14 | 000,105,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.28 02:24:05 | 002,092,375 | ---- | M] () -- C:\Users\*****\Desktop\Norris_kittens.gif [2011.03.27 22:24:00 | 002,042,105 | ---- | M] () -- C:\Users\*****\Desktop\icq_status_checker17.zip [2011.03.24 19:40:39 | 000,349,173 | ---- | M] () -- C:\Users\*****\Desktop\Deutsch_-_Abi_.pdf [2011.03.22 17:47:29 | 000,407,095 | ---- | M] () -- C:\Users\*****\Desktop\193551_173517192699699_100001242598946_430179_7930050_o.jpg [2011.03.16 01:03:30 | 000,080,374 | ---- | M] () -- C:\Users\*****\Desktop\01_breno_gross.jpg [2011.03.15 18:56:02 | 000,613,401 | ---- | M] () -- C:\Users\*****\Desktop\Unbenannt2.png [2011.03.15 18:50:00 | 000,656,921 | ---- | M] () -- C:\Users\*****\Desktop\Unbenannt.png [2011.03.15 18:05:00 | 001,128,402 | ---- | M] () -- C:\Users\*****\Desktop\haftbefehl.wav [2011.03.13 18:01:53 | 000,000,124 | ---- | M] () -- C:\Users\*****\Documents\ax_files.xml [2011.03.13 13:36:01 | 000,009,241 | ---- | M] () -- C:\Users\*****\Desktop\Anleitung.html [2011.03.11 23:19:58 | 002,979,245 | ---- | M] () -- C:\Users\*****\Desktop\Echte Musik- H.A.F.T [Full Version_High Quality] Haftbefehl.mp3 [2011.03.11 23:13:31 | 002,855,947 | ---- | M] () -- C:\Users\*****\Desktop\Criz feat Haftbefehl Unter Tatverdacht.mp3 [2011.03.11 23:06:27 | 001,235,799 | ---- | M] () -- C:\Users\*****\Desktop\jaftcriut.rar [2011.03.11 23:05:10 | 006,376,571 | ---- | M] () -- C:\Users\*****\Desktop\Haftbefehl feat. Twin, Criz & Silla - Columbine.mp3 [2011.03.10 20:08:15 | 000,048,286 | ---- | M] () -- C:\Users\*****\Desktop\IMG_0109 (Large).JPG [2011.03.10 19:48:46 | 002,810,562 | ---- | M] () -- C:\Users\*****\Desktop\IMG_0109.JPG_effected.jpg [2011.03.10 19:33:05 | 008,559,997 | ---- | M] () -- C:\Users\*****\Desktop\IMG_0109.JPG [2011.03.08 01:24:39 | 000,005,912 | ---- | M] () -- C:\Users\*****\Desktop\c366cc4f0ddea1a830a8cb42187f7f11.dlc [2011.03.04 23:22:05 | 166,689,481 | ---- | M] () -- C:\Users\*****\Desktop\Si-Sill.rar [2011.03.02 17:27:42 | 000,000,532 | ---- | M] () -- C:\Windows\eReg.dat [2011.03.02 17:27:21 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk ========== Files Created - No Company Name ========== [2011.03.29 23:50:08 | 000,000,894 | ---- | C] () -- C:\Users\*****\Desktop\NTREGOPT.lnk [2011.03.29 23:50:08 | 000,000,875 | ---- | C] () -- C:\Users\*****\Desktop\ERUNT.lnk [2011.03.29 23:41:37 | 000,301,568 | ---- | C] () -- C:\Users\*****\Desktop\g2m3e4r.exe [2011.03.29 23:37:11 | 000,377,280 | ---- | C] () -- C:\Users\*****\Desktop\Load.exe [2011.03.28 02:24:05 | 002,092,375 | ---- | C] () -- C:\Users\*****\Desktop\Norris_kittens.gif [2011.03.27 22:22:48 | 002,042,105 | ---- | C] () -- C:\Users\*****\Desktop\icq_status_checker17.zip [2011.03.24 19:40:33 | 000,349,173 | ---- | C] () -- C:\Users\*****\Desktop\Deutsch_-_Abi_.pdf [2011.03.22 17:47:08 | 000,407,095 | ---- | C] () -- C:\Users\*****\Desktop\193551_173517192699699_100001242598946_430179_7930050_o.jpg [2011.03.16 01:03:30 | 000,080,374 | ---- | C] () -- C:\Users\*****\Desktop\01_breno_gross.jpg [2011.03.15 18:56:01 | 000,613,401 | ---- | C] () -- C:\Users\*****\Desktop\Unbenannt2.png [2011.03.15 18:47:55 | 000,656,921 | ---- | C] () -- C:\Users\*****\Desktop\Unbenannt.png [2011.03.15 18:04:59 | 001,128,402 | ---- | C] () -- C:\Users\*****\Desktop\haftbefehl.wav [2011.03.13 13:41:20 | 000,009,241 | ---- | C] () -- C:\Users\*****\Desktop\Anleitung.html [2011.03.11 23:19:01 | 002,979,245 | ---- | C] () -- C:\Users\*****\Desktop\Echte Musik- H.A.F.T [Full Version_High Quality] Haftbefehl.mp3 [2011.03.11 23:12:15 | 002,855,947 | ---- | C] () -- C:\Users\*****\Desktop\Criz feat Haftbefehl Unter Tatverdacht.mp3 [2011.03.11 23:07:30 | 001,430,288 | ---- | C] () -- C:\Users\*****\Desktop\Criz feat Haftbefehl Unter Tatverdacht.mp3 [2011.03.11 23:06:05 | 001,235,799 | ---- | C] () -- C:\Users\*****\Desktop\jaftcriut.rar [2011.03.11 23:02:37 | 006,376,571 | ---- | C] () -- C:\Users\*****\Desktop\Haftbefehl feat. Twin, Criz & Silla - Columbine.mp3 [2011.03.10 20:08:14 | 000,048,286 | ---- | C] () -- C:\Users\*****\Desktop\IMG_0109 (Large).JPG [2011.03.10 19:47:42 | 002,810,562 | ---- | C] () -- C:\Users\*****\Desktop\IMG_0109.JPG_effected.jpg [2011.03.10 19:29:54 | 008,559,997 | ---- | C] () -- C:\Users\*****\Desktop\IMG_0109.JPG [2011.03.08 01:24:37 | 000,005,912 | ---- | C] () -- C:\Users\*****\Desktop\c366cc4f0ddea1a830a8cb42187f7f11.dlc [2011.03.04 22:14:59 | 166,689,481 | ---- | C] () -- C:\Users\*****\Desktop\Si-Sill.rar [2011.03.02 17:46:39 | 003,462,144 | ---- | C] () -- C:\Users\*****\Desktop\BF1942MiniImage-RixN.mdf [2011.03.02 17:46:39 | 000,000,682 | ---- | C] () -- C:\Users\*****\Desktop\BF1942MiniImage-RixN.mds [2011.03.02 17:27:42 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat [2011.03.02 17:27:21 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk [2011.01.31 22:15:06 | 000,000,600 | ---- | C] () -- C:\Users\*****\AppData\Roaming\winscp.rnd [2010.07.19 21:42:43 | 000,000,871 | ---- | C] () -- C:\Users\*****\AppData\Local\Tempwconfig.vbs [2010.07.07 15:07:17 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010.06.11 14:50:28 | 000,200,704 | ---- | C] () -- C:\Windows\sel3110.exe [2010.06.11 14:50:28 | 000,032,528 | ---- | C] () -- C:\Windows\amcap.exe [2010.06.11 14:50:27 | 000,040,960 | ---- | C] () -- C:\Windows\CleanDev.exe [2010.06.09 18:34:21 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2010.04.30 17:42:57 | 000,000,144 | ---- | C] () -- C:\Users\*****\AppData\Roaming\default.pls [2010.03.12 04:47:48 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll [2010.03.12 04:47:48 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll [2010.02.23 23:00:41 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.10 18:42:23 | 000,000,076 | ---- | C] () -- C:\Windows\dellstat.ini [2009.09.10 18:42:14 | 000,000,092 | ---- | C] () -- C:\Windows\lexstat.ini [2009.09.06 23:27:13 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2009.09.04 16:32:58 | 000,000,017 | ---- | C] () -- C:\Users\*****\AppData\Local\resmon.resmoncfg [2009.08.27 21:04:44 | 000,557,003 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2009.08.27 21:04:32 | 000,811,835 | ---- | C] () -- C:\Windows\System32\ff_x264.dll [2009.08.27 21:03:52 | 004,456,201 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2009.08.25 20:07:36 | 000,328,334 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll [2009.08.25 19:38:04 | 000,425,040 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2009.08.25 18:56:56 | 000,829,781 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.08.25 18:37:02 | 000,146,098 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2009.08.23 22:39:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.08.23 18:18:43 | 000,233,472 | ---- | C] () -- C:\Windows\System32\cmirmdrv.exe [2009.08.23 18:18:43 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmirmdrv.dll [2009.08.23 18:16:02 | 000,003,305 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.08.11 22:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe [2009.07.14 10:47:43 | 000,648,466 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,128,724 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,285,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,611,134 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,105,314 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.06.02 19:15:44 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2009.06.02 19:15:18 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll [2009.06.02 19:15:04 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2009.06.02 19:14:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2009.06.02 19:14:30 | 000,486,400 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2009.06.02 19:13:58 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2009.06.02 19:13:50 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2009.06.02 19:11:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2009.06.02 19:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.01.11 00:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll [2009.01.11 00:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll [2009.01.11 00:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll [2009.01.11 00:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll [2009.01.11 00:16:04 | 000,335,872 | ---- | C] () -- C:\Windows\System32\gdsmux.exe [2009.01.11 00:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll [2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll [2009.01.11 00:15:36 | 000,103,424 | ---- | C] () -- C:\Windows\System32\dsmux.exe [2009.01.11 00:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll [2009.01.11 00:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll [2009.01.11 00:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll [2009.01.11 00:15:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe [2009.01.11 00:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2009.01.11 00:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2008.12.04 00:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini [2007.02.07 19:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini [2006.06.07 15:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll [2006.03.07 13:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll [2006.01.10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll [2006.01.10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll [2002.08.08 06:11:30 | 000,319,488 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe [2000.03.29 16:17:42 | 000,005,824 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== LOP Check ========== [2010.10.23 18:43:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Audacity [2010.07.03 12:53:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bump Technologies, Inc [2010.01.05 21:21:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CoSoSys [2010.07.07 15:01:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite [2010.02.24 00:04:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dev-Cpp [2010.03.08 20:34:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\flightgear.org [2010.03.08 20:47:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\fltk.org [2009.10.19 22:18:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GrabPro [2011.03.29 18:28:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2010.04.15 23:15:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ImgBurn [2010.03.16 16:44:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ManyCam [2009.09.16 21:49:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MyPhoneExplorer [2009.10.19 22:44:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Orbit [2010.11.18 23:27:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Weaverslave [2011.02.06 18:40:39 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.03.29 19:13:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.02.19 15:45:25 | 000,000,000 | ---D | M] -- C:\0e43fd6a2253abe81638137a78ad3e [2011.03.28 21:52:44 | 000,000,000 | ---D | M] -- C:\1f5e52860a533b3ecbc90fbfae094d7a [2009.10.15 01:47:26 | 000,000,000 | ---D | M] -- C:\ATI [2009.08.23 18:35:52 | 000,000,000 | -HSD | M] -- C:\Boot [2010.09.28 12:52:21 | 000,000,000 | ---D | M] -- C:\c1743efabefd10f84ef0 [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.08.23 17:46:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.10.19 22:36:10 | 000,000,000 | ---D | M] -- C:\downloads [2010.03.12 04:46:41 | 000,000,000 | ---D | M] -- C:\lexmark [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2009.10.28 20:49:42 | 000,000,000 | ---D | M] -- C:\Philips [2011.03.29 23:50:06 | 000,000,000 | R--D | M] -- C:\Programme [2010.11.13 19:50:27 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.08.23 17:46:27 | 000,000,000 | -HSD | M] -- C:\Programme [2009.08.23 17:46:28 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.03.29 18:40:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.10.28 20:58:12 | 000,000,000 | ---D | M] -- C:\temp [2009.08.23 17:46:53 | 000,000,000 | R--D | M] -- C:\Users [2011.03.29 23:50:50 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-29 16:41:22 ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 < End of report > Code: 
  ATTFilter OTL Extras logfile created on: 29.03.2011 23:52:01 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\*****\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,00 Mb Total Physical Memory | 71,00 Mb Available Physical Memory | 14,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,69 Gb Total Space | 8,66 Gb Free Space | 11,30% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.4 Build #4561 Banner Remover 1.1
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Ultra Edition HD
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.106.00
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71414EC2-0684-4A15-A85A-E0E259D117AF}" = Microangelo Toolset 6
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0A8A6F-FC9E-796F-CC5D-290161F8E92A}" = ATI Catalyst Install Manager
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.7
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AF7EA205-4E09-4889-B58F-16B02707E841}" = SmartStore.biz 3.5
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1" = Shutdown Manager
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{E9A5B341-167D-4042-8854-46F671F94049}" = Medieval CUE Splitter
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1B1BB41-2494-4FC2-BEF7-9C282B6815A8}" = Image Resizer Powertoy Clone for Windows
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AVIConverter" = AVIConverter 5.1.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"C-Media Audio Driver" = C-Media WDM Audio Driver
"DivX Setup.divx.com" = DivX-Setup
"D-Link VGA Webcam" = D-Link VGA Webcam
"Easy Video Downloader_is1" = Easy Video Downloader v. 2.0
"EAX Unified" = EAX Unified
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FLV Player" = FLV Player 2.0 (build 25)
"GoldWave v5.50" = GoldWave v5.50
"Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 1.1.0.12
"ImgBurn" = ImgBurn
"JDownloader" = JDownloader
"Lexmark 1200 Series" = Lexmark 1200 Series
"MacroX" = MacroX 3.1
"Mafia" = Mafia
"Mafia Game" = Mafia Game
"ManyCam" = ManyCam 2.4 (remove only)
"Media Player - Codec Pack" = Media Player Codec Pack 3.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies  
"Polipo" = Polipo 1.0.4.1
"QIP 2005 8095 Jeak-Edition" = QIP 2005 8095 Jeak-Edition
"San Andreas Radio_is1" = San Andreas Radio V1.0
"SopCast" = SopCast 3.3.2
"ThiefGoldDeinstallKey" = Dark Project: Der Meisterdieb Director's Cut
"Tor" = Tor 0.2.1.26
"Vidalia" = Vidalia 0.2.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.9
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 24.03.2011 13:47:56 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 9.0.0.2823,
 Zeitstempel: 0x3720dbd6  Name des fehlerhaften Moduls: WINWORD.EXE, Version: 9.0.0.2823,
 Zeitstempel: 0x3720dbd6  Ausnahmecode: 0xc0000094  Fehleroffset: 0x003889d7  ID des fehlerhaften
 Prozesses: 0xc80  Startzeit der fehlerhaften Anwendung: 0x01cbea4b83f906fd  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office\WINWORD.EXE  Pfad
 des fehlerhaften Moduls: C:\Program Files\Microsoft Office\Office\WINWORD.EXE  Berichtskennung:
 d968acb4-563e-11e0-b147-00138f4a0910
 
Error - 24.03.2011 15:52:09 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc suite\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.03.2011 11:20:14 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc suite\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.03.2011 20:59:37 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.4095,
 Zeitstempel: 0x000707f3  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab44  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00028ab2  ID des fehlerhaften
 Prozesses: 0x13c  Startzeit der fehlerhaften Anwendung: 0x01cbecaf461daf0c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: a6a42c2a-58d6-11e0-80f2-00138f4a0910
 
Error - 28.03.2011 11:17:20 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc suite\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.03.2011 12:21:21 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ.exe, Version: 7.4.0.4561, Zeitstempel:
 0x000707f3  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x20041b06  ID des fehlerhaften Prozesses:
 0x8cc  Startzeit der fehlerhaften Anwendung: 0x01cbed5236c6b7e4  Pfad der fehlerhaften
 Anwendung: C:\Program Files\ICQ7.4\ICQ.exe  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 6a876746-5957-11e0-8903-00138f4a0910
 
Error - 28.03.2011 14:52:52 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 9.0.0.2823,
 Zeitstempel: 0x000707f3  Name des fehlerhaften Moduls: WINWORD.EXE, Version: 9.0.0.2823,
 Zeitstempel: 0x000707f3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x003a2a74  ID des fehlerhaften
 Prozesses: 0x850  Startzeit der fehlerhaften Anwendung: 0x01cbed79499cacec  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office\WINWORD.EXE  Pfad
 des fehlerhaften Moduls: C:\Program Files\Microsoft Office\Office\WINWORD.EXE  Berichtskennung:
 9575f3da-596c-11e0-a0f2-00138f4a0910
 
Error - 28.03.2011 15:55:07 | Computer Name = *****-PC | Source = System Restore | ID = 8210
Description = 
 
Error - 29.03.2011 12:22:50 | Computer Name = *****-PC | Source = System Restore | ID = 8210
Description = 
 
Error - 29.03.2011 13:02:29 | Computer Name = *****-PC | Source = System Restore | ID = 8209
Description = 
 
[ System Events ]
Error - 29.03.2011 12:30:57 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Defender" wurde nicht richtig gestartet.
 
Error - 29.03.2011 12:33:17 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
 nicht richtig heruntergefahren werden.
 
Error - 29.03.2011 12:35:14 | Computer Name = *****-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 29.03.2011 12:35:18 | Computer Name = *****-PC | Source = ati2mtag | ID = 52225
Description = 
 
Error - 29.03.2011 16:57:28 | Computer Name = *****-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?03.?2011 um 20:44:28 unerwartet heruntergefahren.
 
Error - 29.03.2011 16:57:16 | Computer Name = *****-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 29.03.2011 16:57:24 | Computer Name = *****-PC | Source = ati2mtag | ID = 52225
Description = 
 
Error - 29.03.2011 17:14:50 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PLFlash DeviceIoControl Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 29.03.2011 17:18:01 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 29.03.2011 17:20:35 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "StarWind AE Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
 
< End of report >
         Code: 
  ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-30 00:39:22
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ExcelStor_Technology_J880 rev.PF2OA21B
Running: g2m3e4r.exe; Driver: C:\Users\*****\AppData\Local\Temp\ugloipog.sys
---- System - GMER 1.0.15 ----
SSDT            8DFFA3CC                                                                                                            ZwCreateThread
SSDT            8DFFA3B8                                                                                                            ZwOpenProcess
SSDT            8DFFA3BD                                                                                                            ZwOpenThread
SSDT            8DFFA3C7                                                                                                            ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text           ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                     82A45589 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82A6A092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 34C                                                                                 82A7195C 4 Bytes  [CC, A3, FF, 8D]
.text           ntkrnlpa.exe!RtlSidHashLookup + 4E8                                                                                 82A71AF8 4 Bytes  [B8, A3, FF, 8D]
.text           ntkrnlpa.exe!RtlSidHashLookup + 508                                                                                 82A71B18 4 Bytes  [BD, A3, FF, 8D]
.text           ntkrnlpa.exe!RtlSidHashLookup + 7B8                                                                                 82A71DC8 4 Bytes  [C7, A3, FF, 8D]
.text           sptd.sys                                                                                                            86A03000 8 Bytes  [A6, F1, E1, 82, A0, 57, E1, ...]
.text           sptd.sys                                                                                                            86A03009 23 Bytes  [57, E1, 82, 48, 7B, E1, 82, ...]
.text           sptd.sys                                                                                                            86A03024 4 Bytes  [32, 25, B3, 86]
.text           sptd.sys                                                                                                            86A0302C 188 Bytes  [4C, 3D, C6, 82, 15, 44, C0, ...]
.text           sptd.sys                                                                                                            86A030E9 235 Bytes  [0B, A4, 82, 1C, 8E, AB, 82, ...]
.text           ...                                                                                                                 
.sptd2          C:\Windows\System32\Drivers\sptd.sys                                                                                entry point in ".sptd2" section [0x86AFAD38]
?               C:\Windows\System32\Drivers\sptd.sys                                                                                Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text           USBPORT.SYS!DllUnload                                                                                               8C825CA0 5 Bytes  JMP 85113410 
---- Devices - GMER 1.0.15 ----
Device          \FileSystem\Ntfs \Ntfs                                                                                              83FDA1F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    85117430
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    85117430
Device          \Driver\ACPI_HAL \Device\00000045                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    85117430
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                    85117430
Device          \Driver\usbehci \Device\USBPDO-4                                                                                    8511B430
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device          \Driver\cdrom \Device\CdRom0                                                                                        8505B430
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                         83FD71F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  83FD71F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  83FD71F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2                                                                         83FD71F8
Device          \Driver\cdrom \Device\CdRom1                                                                                        8505B430
Device          \Driver\cdrom \Device\CdRom2                                                                                        8505B430
Device          \Driver\cdrom \Device\CdRom3                                                                                        8505B430
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             8508F430
Device          \Driver\PCI_PNP1390 \Device\0000004b                                                                                sptd.sys
Device          \Driver\vsmraid \Device\RaidPort0                                                                                   83FD81F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    85117430
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    85117430
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    85117430
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                    85117430
Device          \Driver\usbehci \Device\USBFDO-4                                                                                    8511B430
Device          \Driver\asfjs438 \Device\Scsi\asfjs4381Port3Path0Target1Lun0                                                        85133430
Device          \Driver\asfjs438 \Device\Scsi\asfjs4381Port3Path0Target0Lun0                                                        85133430
Device          \Driver\asfjs438 \Device\Scsi\asfjs4381                                                                             85133430
Device          \Driver\asfjs438 \Device\Scsi\asfjs4381Port3Path0Target2Lun0                                                        85133430
---- Registry - GMER 1.0.15 ----
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xD2 0x47 0x6D 0x11 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x66 0x13 0xAD 0x7C ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x69 0x93 0x5F 0x97 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x6B 0xD6 0xBC 0xF7 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                0x2E 0x89 0x3B 0x4B ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                     C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xC7 0x7C 0x03 0xAB ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x66 0x13 0xAD 0x7C ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x69 0x93 0x5F 0x97 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x6B 0xD6 0xBC 0xF7 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                    0x2E 0x89 0x3B 0x4B ...
---- Files - GMER 1.0.15 ----
File            C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb                                                              0 bytes
---- EOF - GMER 1.0.15 ----
         Code: 
  ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6209
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
30.03.2011 01:33:38
mbam-log-2011-03-30 (01-33-38).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146292
Laufzeit: 11 Minute(n), 0 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         Geändert von henneh (30.03.2011 um 00:36 Uhr) | 
|  31.03.2011, 14:31 | #2 | 
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ 
				__________________ | 
|  31.03.2011, 18:45 | #3 | 
|  |   Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Nein, das war das erste Mal, dass ich einen Scan durchgeführt habe, ältere Logs existieren nicht. Habe aber nochmal einen Vollscan durchgeführt, da der aus dem ersten Post nur ein Quickscan war.__________________ Habe die ICQ-Nummern in den Ordnernamen unkenntlich gemacht, ist aber eigentlich nur eines von diesen Scherzprogrammen, dass ich schon seit Jahren im ICQ Ordner habe. Code: 
  ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6224
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
31.03.2011 17:55:34
mbam-log-2011-03-31 (17-55-34).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 252813
Laufzeit: 1 Stunde(n), 24 Minute(n), 40 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\*****\Desktop\Sachen\ICQ Lite\*****\*****\spass.exe (PUP.Joke.Schock) -> Quarantined and deleted successfully.
          | 
|  31.03.2011, 19:23 | #4 | 
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code: 
  ATTFilter :OTL
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
[2010.02.19 15:45:25 | 000,000,000 | ---D | M] -- C:\0e43fd6a2253abe81638137a78ad3e
[2011.03.28 21:52:44 | 000,000,000 | ---D | M] -- C:\1f5e52860a533b3ecbc90fbfae094d7a
[2010.09.28 12:52:21 | 000,000,000 | ---D | M] -- C:\c1743efabefd10f84ef0
[2010.06.11 14:50:28 | 000,200,704 | ---- | C] () -- C:\Windows\sel3110.exe
[2010.06.11 14:50:28 | 000,032,528 | ---- | C] () -- C:\Windows\amcap.exe
[2010.06.11 14:50:27 | 000,040,960 | ---- | C] () -- C:\Windows\CleanDev.exe
[2010.07.19 21:42:43 | 000,000,871 | ---- | C] () -- C:\Users\*****\AppData\Local\Tempwconfig.vbs
[2011.03.28 02:59:10 | 000,000,000 | ---D | C] -- C:\Users\*****\kskkabxn
:Commands
[purity]
[resethosts]
[emptytemp]
         Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. 
				__________________ Logfiles bitte immer in CODE-Tags posten   | 
|  31.03.2011, 22:48 | #5 | 
|  |   Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Hier der Log nach dem OTL-Fix: Code: 
  ATTFilter All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:8FF81EB0 deleted successfully.
C:\0e43fd6a2253abe81638137a78ad3e folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\Graphics folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\Client folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\3082 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\3076 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\2070 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\2052 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1055 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1053 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1049 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1046 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1045 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1044 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1043 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1042 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1041 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1040 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1038 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1037 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1036 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1035 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1033 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1032 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1031 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1030 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1029 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1028 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1025 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a folder moved successfully.
C:\c1743efabefd10f84ef0 folder moved successfully.
C:\Windows\sel3110.exe moved successfully.
C:\Windows\amcap.exe moved successfully.
C:\Windows\CleanDev.exe moved successfully.
C:\Users\*****\AppData\Local\Tempwconfig.vbs moved successfully.
C:\Users\*****\kskkabxn folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: *****
->Temp folder emptied: 377936 bytes
->Temporary Internet Files folder emptied: 30793747 bytes
->Java cache emptied: 618636 bytes
->FireFox cache emptied: 101440857 bytes
->Flash cache emptied: 4060 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1824 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 127,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 03312011_233627
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
          | 
|  01.04.2011, 13:16 | #6 | 
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix 
 
 
 
 
 Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! 
				__________________ --> Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? | 
|  01.04.2011, 14:21 | #7 | 
|  |   Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Hier die Log von ComboFix: Code: 
  ATTFilter ComboFix 11-03-31.04 - ***** 01.04.2011  14:56:31.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.511.164 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\cofi.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-01 bis 2011-04-01  ))))))))))))))))))))))))))))))
.
.
2011-04-01 13:11 . 2011-04-01 13:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-29 21:50 . 2011-03-29 21:50	--------	d-----w-	c:\program files\ERUNT
2011-03-29 16:21 . 2011-04-01 12:28	--------	d-----w-	c:\windows\system32\wbem\repository
2011-03-09 17:23 . 2010-12-18 05:30	2690560	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 17:23 . 2010-12-18 05:26	1034240	----a-w-	c:\windows\system32\mstsc.exe
2011-03-09 17:22 . 2011-02-19 05:33	802304	----a-w-	c:\windows\system32\FntCache.dll
2011-03-09 17:22 . 2011-02-19 05:32	1074176	----a-w-	c:\windows\system32\DWrite.dll
2011-03-09 17:22 . 2011-02-19 05:32	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-03-09 17:22 . 2010-12-23 05:28	642048	----a-w-	c:\windows\system32\CPFilters.dll
2011-03-09 17:22 . 2010-12-23 05:28	850432	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 17:22 . 2010-12-23 05:28	534528	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 17:22 . 2010-12-23 05:24	199680	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-02 15:26 . 1998-06-17 17:07	57344	----a-w-	c:\windows\system32\Mfc42loc.dll
2011-03-02 15:20 . 2011-03-02 15:22	--------	d-----w-	c:\program files\EA GAMES
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 05:45 . 2011-02-09 13:08	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 17:11 . 2009-10-03 13:48	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-01-07 07:31 . 2011-02-23 11:45	442880	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 11:45	288256	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-09 13:09	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 13:09	294400	----a-w-	c:\windows\system32\atmfd.dll
2011-01-05 05:37 . 2011-02-09 13:12	428032	----a-w-	c:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-09 13:12	2329088	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-02-10 119608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk
backup=c:\windows\pss\Philips GoGear VIBE Device Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32	203264	----a-w-	c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50	1144104	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 06:31	1840424	----a-w-	c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-10 23:40	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 13:29	2221352	----a-w-	c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50	155648	----a-w-	c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-11-20 13:29	360448	----a-w-	c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 17:42	1242448	----a-w-	c:\program files\Valve\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-25 22:08	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AMDMSRIO;AMDMSRIO;c:\users\*****\AppData\Local\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys [x]
R3 gggen;Generic USB Flash Driver;c:\windows\system32\DRIVERS\gggen.sys [2006-09-28 11648]
R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-11-08 77772]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-03 436792]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-09-23 108289]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\tpowwhbj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-ICQ - c:\program files\ICQ7.0\ICQ.exe
MSConfigStartUp-Lexmark 1200 Series - c:\program files\Lexmark 1200 Series\lxczbmgr.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
AddRemove-D-Link VGA Webcam - c:\windows\CleanDev.exe
AddRemove-NeroVision!UninstallKey - c:\windows\UNNeroVision.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-01  15:16:04
ComboFix-quarantined-files.txt  2011-04-01 13:16
.
Vor Suchlauf: 11 Verzeichnis(se), 12.238.970.880 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 12.021.170.176 Bytes frei
.
- - End Of File - - 91D76EE8A5ACD7EC70594C183F6F303A
          | 
|  01.04.2011, 14:46 | #8 | 
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html  
				__________________ Logfiles bitte immer in CODE-Tags posten   | 
|  01.04.2011, 14:59 | #9 | 
|  |   Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? 1 wurde entdeckt, habe aber nichts gemacht und das bei skip gelassen. Code: 
  ATTFilter 2011/04/01 15:52:34.0836 1960	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/01 15:52:35.0649 1960	================================================================================
2011/04/01 15:52:35.0649 1960	SystemInfo:
2011/04/01 15:52:35.0649 1960	
2011/04/01 15:52:35.0649 1960	OS Version: 6.1.7600 ServicePack: 0.0
2011/04/01 15:52:35.0649 1960	Product type: Workstation
2011/04/01 15:52:35.0649 1960	ComputerName: *****-PC
2011/04/01 15:52:35.0649 1960	UserName: *****
2011/04/01 15:52:35.0649 1960	Windows directory: C:\Windows
2011/04/01 15:52:35.0649 1960	System windows directory: C:\Windows
2011/04/01 15:52:35.0649 1960	Processor architecture: Intel x86
2011/04/01 15:52:35.0649 1960	Number of processors: 1
2011/04/01 15:52:35.0649 1960	Page size: 0x1000
2011/04/01 15:52:35.0649 1960	Boot type: Normal boot
2011/04/01 15:52:35.0649 1960	================================================================================
2011/04/01 15:52:46.0946 1960	Initialize success
2011/04/01 15:52:56.0508 3636	================================================================================
2011/04/01 15:52:56.0508 3636	Scan started
2011/04/01 15:52:56.0508 3636	Mode: Manual; 
2011/04/01 15:52:56.0508 3636	================================================================================
2011/04/01 15:52:56.0915 3636	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/01 15:52:57.0102 3636	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/01 15:52:57.0243 3636	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/01 15:52:57.0383 3636	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/01 15:52:57.0540 3636	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/01 15:52:57.0665 3636	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/01 15:52:57.0836 3636	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/01 15:52:57.0961 3636	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/01 15:52:58.0086 3636	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/01 15:52:58.0258 3636	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/01 15:52:58.0368 3636	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/01 15:52:58.0477 3636	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/01 15:52:58.0618 3636	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/01 15:52:58.0852 3636	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/01 15:52:58.0977 3636	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/01 15:52:59.0133 3636	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/01 15:52:59.0274 3636	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/01 15:52:59.0430 3636	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/01 15:52:59.0649 3636	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/01 15:52:59.0758 3636	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/01 15:52:59.0899 3636	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/01 15:53:00.0008 3636	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/01 15:53:00.0196 3636	ati2mtag        (e36d69e40c1db6a0f6ae9e3e68ba775a) C:\Windows\system32\DRIVERS\ati2mtag.sys
2011/04/01 15:53:00.0430 3636	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/04/01 15:53:00.0555 3636	avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/01 15:53:00.0696 3636	avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/01 15:53:00.0883 3636	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/01 15:53:01.0040 3636	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/01 15:53:01.0211 3636	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/01 15:53:01.0477 3636	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/01 15:53:01.0633 3636	bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/01 15:53:01.0758 3636	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/01 15:53:01.0883 3636	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/01 15:53:02.0024 3636	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/01 15:53:02.0149 3636	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/01 15:53:02.0258 3636	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/01 15:53:02.0399 3636	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/01 15:53:02.0524 3636	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/01 15:53:02.0790 3636	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/01 15:53:02.0930 3636	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/01 15:53:03.0086 3636	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/01 15:53:03.0196 3636	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/01 15:53:03.0383 3636	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/01 15:53:03.0508 3636	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/01 15:53:03.0680 3636	cmuda           (e5adeef2c0db43964223f408f1fcc97e) C:\Windows\system32\drivers\cmuda.sys
2011/04/01 15:53:03.0852 3636	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/01 15:53:03.0993 3636	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/01 15:53:04.0133 3636	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/01 15:53:04.0274 3636	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/01 15:53:04.0446 3636	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/04/01 15:53:04.0633 3636	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/01 15:53:04.0774 3636	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/01 15:53:04.0930 3636	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/01 15:53:05.0118 3636	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/01 15:53:05.0258 3636	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/01 15:53:05.0524 3636	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/01 15:53:05.0821 3636	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/01 15:53:05.0946 3636	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/01 15:53:06.0118 3636	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/01 15:53:06.0243 3636	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/01 15:53:06.0368 3636	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/01 15:53:06.0555 3636	FETNDIS         (f5cb6cb6d12f495516be27cffccde4bf) C:\Windows\system32\DRIVERS\fetnd6.sys
2011/04/01 15:53:06.0665 3636	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/01 15:53:06.0805 3636	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/01 15:53:06.0915 3636	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/01 15:53:07.0102 3636	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/01 15:53:07.0274 3636	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/01 15:53:07.0399 3636	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/01 15:53:07.0540 3636	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/01 15:53:07.0665 3636	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/01 15:53:07.0821 3636	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/01 15:53:07.0961 3636	gggen           (47740536b261eeb6fae5c16ef2fd769c) C:\Windows\system32\DRIVERS\gggen.sys
2011/04/01 15:53:08.0086 3636	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/01 15:53:08.0211 3636	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/01 15:53:08.0336 3636	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/01 15:53:08.0446 3636	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/01 15:53:08.0602 3636	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/01 15:53:08.0743 3636	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/01 15:53:08.0915 3636	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/01 15:53:09.0040 3636	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/01 15:53:09.0180 3636	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/01 15:53:09.0305 3636	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/01 15:53:09.0461 3636	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/01 15:53:09.0618 3636	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/01 15:53:09.0774 3636	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/01 15:53:09.0883 3636	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/01 15:53:10.0024 3636	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/01 15:53:10.0165 3636	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/01 15:53:10.0305 3636	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/01 15:53:10.0446 3636	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/01 15:53:10.0571 3636	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/01 15:53:10.0696 3636	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/01 15:53:10.0836 3636	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/01 15:53:10.0961 3636	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/01 15:53:11.0102 3636	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/01 15:53:11.0227 3636	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/01 15:53:11.0430 3636	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/01 15:53:11.0602 3636	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/01 15:53:11.0743 3636	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/01 15:53:11.0883 3636	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/01 15:53:12.0008 3636	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/01 15:53:12.0149 3636	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/01 15:53:12.0336 3636	ManyCam         (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys
2011/04/01 15:53:12.0493 3636	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/01 15:53:12.0633 3636	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/01 15:53:12.0790 3636	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/01 15:53:12.0946 3636	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/01 15:53:13.0071 3636	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/01 15:53:13.0227 3636	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/01 15:53:13.0336 3636	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/01 15:53:13.0461 3636	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/01 15:53:13.0586 3636	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/01 15:53:13.0743 3636	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/01 15:53:13.0868 3636	mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/01 15:53:14.0008 3636	mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/01 15:53:14.0149 3636	mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/01 15:53:14.0274 3636	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/01 15:53:14.0399 3636	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/01 15:53:14.0571 3636	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/01 15:53:14.0696 3636	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/01 15:53:14.0821 3636	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/01 15:53:14.0977 3636	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/01 15:53:15.0102 3636	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/01 15:53:15.0243 3636	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/01 15:53:15.0368 3636	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/01 15:53:15.0508 3636	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/01 15:53:15.0618 3636	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/01 15:53:15.0743 3636	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/01 15:53:15.0868 3636	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/01 15:53:16.0008 3636	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/01 15:53:16.0149 3636	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/01 15:53:16.0305 3636	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/01 15:53:16.0430 3636	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/01 15:53:16.0555 3636	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/01 15:53:16.0680 3636	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/01 15:53:16.0836 3636	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/01 15:53:16.0993 3636	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/01 15:53:17.0149 3636	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/01 15:53:17.0352 3636	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/01 15:53:17.0540 3636	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/01 15:53:17.0665 3636	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/01 15:53:17.0852 3636	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/01 15:53:17.0993 3636	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/01 15:53:18.0118 3636	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/01 15:53:18.0243 3636	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/01 15:53:18.0383 3636	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/01 15:53:18.0508 3636	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/01 15:53:18.0649 3636	ovt519          (4cdadec3dc1300ee1d313ea5494e6472) C:\Windows\system32\Drivers\ov519vid.sys
2011/04/01 15:53:18.0821 3636	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/01 15:53:18.0930 3636	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/01 15:53:19.0071 3636	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/01 15:53:19.0211 3636	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/01 15:53:19.0336 3636	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/01 15:53:19.0461 3636	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/01 15:53:19.0602 3636	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/01 15:53:19.0727 3636	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/01 15:53:20.0055 3636	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/01 15:53:20.0180 3636	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/01 15:53:20.0336 3636	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/01 15:53:20.0508 3636	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/01 15:53:20.0665 3636	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/01 15:53:20.0790 3636	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/01 15:53:20.0915 3636	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/01 15:53:21.0040 3636	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/01 15:53:21.0180 3636	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/01 15:53:21.0321 3636	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/01 15:53:21.0446 3636	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/01 15:53:21.0571 3636	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/01 15:53:21.0711 3636	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/01 15:53:21.0852 3636	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/01 15:53:21.0993 3636	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/04/01 15:53:22.0133 3636	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/01 15:53:22.0274 3636	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/01 15:53:22.0399 3636	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/01 15:53:22.0540 3636	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/01 15:53:22.0711 3636	rockusb         (068832f52bc5926f8c7833915d6dcaa5) C:\Windows\system32\DRIVERS\rockusb.sys
2011/04/01 15:53:22.0883 3636	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/01 15:53:23.0055 3636	s117bus         (1f561844318914e7eb6e54673a4cc54c) C:\Windows\system32\DRIVERS\s117bus.sys
2011/04/01 15:53:23.0180 3636	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/01 15:53:23.0321 3636	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/01 15:53:23.0446 3636	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/01 15:53:23.0618 3636	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/01 15:53:23.0805 3636	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/01 15:53:23.0930 3636	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/01 15:53:24.0040 3636	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/01 15:53:24.0211 3636	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/01 15:53:24.0321 3636	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/01 15:53:24.0446 3636	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/01 15:53:24.0555 3636	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/01 15:53:24.0711 3636	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/01 15:53:24.0821 3636	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/01 15:53:24.0946 3636	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/01 15:53:25.0118 3636	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/01 15:53:25.0352 3636	sptd            (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
2011/04/01 15:53:25.0352 3636	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
2011/04/01 15:53:25.0383 3636	sptd - detected Locked file (1)
2011/04/01 15:53:25.0508 3636	srv             (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/01 15:53:25.0649 3636	srv2            (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/01 15:53:25.0790 3636	srvnet          (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/01 15:53:25.0946 3636	ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/01 15:53:26.0133 3636	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/01 15:53:26.0274 3636	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/01 15:53:26.0399 3636	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/01 15:53:26.0524 3636	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/01 15:53:26.0758 3636	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/01 15:53:26.0961 3636	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/01 15:53:27.0133 3636	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/01 15:53:27.0243 3636	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/01 15:53:27.0352 3636	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/01 15:53:27.0477 3636	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/01 15:53:27.0586 3636	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/01 15:53:27.0805 3636	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/01 15:53:27.0946 3636	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/01 15:53:28.0055 3636	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/01 15:53:28.0180 3636	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/01 15:53:28.0336 3636	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/01 15:53:28.0477 3636	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/01 15:53:28.0586 3636	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/01 15:53:28.0774 3636	USBAAPL         (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/01 15:53:28.0930 3636	usbaudio        (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/04/01 15:53:29.0196 3636	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/01 15:53:29.0540 3636	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/01 15:53:29.0665 3636	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/01 15:53:29.0805 3636	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/01 15:53:29.0946 3636	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/01 15:53:30.0071 3636	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/01 15:53:30.0196 3636	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/01 15:53:30.0305 3636	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/01 15:53:30.0430 3636	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/01 15:53:30.0571 3636	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/01 15:53:30.0711 3636	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/01 15:53:30.0836 3636	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/01 15:53:30.0961 3636	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/01 15:53:31.0102 3636	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/01 15:53:31.0211 3636	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/01 15:53:31.0368 3636	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/01 15:53:31.0493 3636	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/01 15:53:31.0618 3636	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/01 15:53:31.0743 3636	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/01 15:53:31.0868 3636	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/01 15:53:31.0993 3636	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/01 15:53:32.0133 3636	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/01 15:53:32.0274 3636	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/04/01 15:53:32.0430 3636	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/01 15:53:32.0571 3636	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/01 15:53:32.0602 3636	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/01 15:53:32.0790 3636	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/01 15:53:32.0915 3636	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/01 15:53:33.0165 3636	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/01 15:53:33.0274 3636	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/01 15:53:33.0524 3636	WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/01 15:53:33.0649 3636	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/01 15:53:33.0852 3636	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/01 15:53:34.0024 3636	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/01 15:53:34.0165 3636	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/01 15:53:34.0305 3636	================================================================================
2011/04/01 15:53:34.0305 3636	Scan finished
2011/04/01 15:53:34.0305 3636	================================================================================
2011/04/01 15:53:34.0352 2072	Detected object count: 1
2011/04/01 15:54:04.0008 2072	Locked file(sptd) - User select action: Skip 
2011/04/01 15:54:08.0524 2840	================================================================================
          | 
|  01.04.2011, 15:25 | #10 | 
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.  GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop. 
 
				__________________ Logfiles bitte immer in CODE-Tags posten   | 
|  01.04.2011, 18:51 | #11 | 
|  |   Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? So, habe alle drei Scans durchgeführt. Bei Osam war einiges Rot gefärbt, hoffe mal ist nichts schlimmes   Gmer-Log: Code: 
  ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-01 19:25:53
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ExcelStor_Technology_J880 rev.PF2OA21B
Running: g2m3e4r.exe; Driver: C:\Users\*****\AppData\Local\Temp\ugloipog.sys
---- System - GMER 1.0.15 ----
SSDT            8C92C314                                                                                                            ZwCreateThread
SSDT            8C92C300                                                                                                            ZwOpenProcess
SSDT            8C92C305                                                                                                            ZwOpenThread
SSDT            8C92C30F                                                                                                            ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text           ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                     82A4F589 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82A74092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 34C                                                                                 82A7B95C 4 Bytes  [14, C3, 92, 8C]
.text           ntkrnlpa.exe!RtlSidHashLookup + 4E8                                                                                 82A7BAF8 4 Bytes  [00, C3, 92, 8C]
.text           ntkrnlpa.exe!RtlSidHashLookup + 508                                                                                 82A7BB18 1 Byte  [05]
.text           ntkrnlpa.exe!RtlSidHashLookup + 508                                                                                 82A7BB18 4 Bytes  [05, C3, 92, 8C]
.text           ntkrnlpa.exe!RtlSidHashLookup + 7B8                                                                                 82A7BDC8 4 Bytes  [0F, C3, 92, 8C]
.text           sptd.sys                                                                                                            86A34000 8 Bytes  [A6, 91, E2, 82, A0, F7, E1, ...]
.text           sptd.sys                                                                                                            86A34009 23 Bytes  [F7, E1, 82, 48, 1B, E2, 82, ...]
.text           sptd.sys                                                                                                            86A34024 4 Bytes  [32, 35, B6, 86]
.text           sptd.sys                                                                                                            86A3402C 188 Bytes  [4C, DD, C6, 82, 15, E4, C0, ...]
.text           sptd.sys                                                                                                            86A340E9 235 Bytes  [AB, A4, 82, 1C, 2E, AC, 82, ...]
.text           ...                                                                                                                 
.sptd2          C:\Windows\System32\Drivers\sptd.sys                                                                                entry point in ".sptd2" section [0x86B2BD38]
?               C:\Windows\System32\Drivers\sptd.sys                                                                                Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text           USBPORT.SYS!DllUnload                                                                                               8BEF9CA0 5 Bytes  JMP 850EF410 
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !
?               C:\Users\*****\AppData\Local\Temp\catchme.sys                                                                       Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
Device          \FileSystem\Ntfs \Ntfs                                                                                              83FDA1F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    850F3430
Device          \Driver\ACPI_HAL \Device\00000045                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    850F3430
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    850F3430
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                    850F3430
Device          \Driver\usbehci \Device\USBPDO-4                                                                                    850FB430
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device          \Driver\cdrom \Device\CdRom0                                                                                        8503F430
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                         83FD71F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  83FD71F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  83FD71F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2                                                                         83FD71F8
Device          \Driver\cdrom \Device\CdRom1                                                                                        8503F430
Device          \Driver\cdrom \Device\CdRom2                                                                                        8503F430
Device          \Driver\cdrom \Device\CdRom3                                                                                        8503F430
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             85073430
Device          \Driver\PCI_PNP6372 \Device\0000004b                                                                                sptd.sys
Device          \Driver\vsmraid \Device\RaidPort0                                                                                   83FD81F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    850F3430
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    850F3430
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    850F3430
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                    850F3430
Device          \Driver\usbehci \Device\USBFDO-4                                                                                    850FB430
Device          \Driver\NetBT \Device\NetBT_Tcpip_{209D62F5-A7AB-4BC9-9B13-5BF7B985813A}                                            85073430
Device          \Driver\a1e6jqqg \Device\Scsi\a1e6jqqg1Port3Path0Target2Lun0                                                        85103430
Device          \Driver\a1e6jqqg \Device\Scsi\a1e6jqqg1Port3Path0Target0Lun0                                                        85103430
Device          \Driver\a1e6jqqg \Device\Scsi\a1e6jqqg1                                                                             85103430
Device          \Driver\a1e6jqqg \Device\Scsi\a1e6jqqg1Port3Path0Target1Lun0                                                        85103430
---- Registry - GMER 1.0.15 ----
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xF8 0x1D 0xAC 0x9E ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x66 0x13 0xAD 0x7C ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x69 0x93 0x5F 0x97 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x6B 0xD6 0xBC 0xF7 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                0x2E 0x89 0x3B 0x4B ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                     C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xC3 0xF2 0xE0 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x66 0x13 0xAD 0x7C ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x69 0x93 0x5F 0x97 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x6B 0xD6 0xBC 0xF7 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                    0x2E 0x89 0x3B 0x4B ...
---- EOF - GMER 1.0.15 ----
         Code: 
  ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:36:01 on 01.04.2011 OS: Windows 7 Ultimate Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\Windows\system32\AxSWindC.cpl "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "vp6dec_settings.cpl" - ? - C:\Windows\system32\vp6dec_settings.cpl (File found, but it contains no detailed information) "vp7dec_settings.cpl" - ? - C:\Windows\system32\vp7dec_settings.cpl (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a1e6jqqg" (a1e6jqqg) - "Advanced Micro Devices" - C:\Windows\system32\drivers\a1e6jqqg.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "AMDMSRIO" (AMDMSRIO) - ? - C:\Users\*****\AppData\Local\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys (File not found) "ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\Windows\System32\DRIVERS\ati2mtag.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\*****\AppData\Local\Temp\catchme.sys (File not found) "Driver for rockusb Device" (rockusb) - "Fuzhou Rockchip Electronics Co,Ltd." - C:\Windows\System32\DRIVERS\rockusb.sys "Generic USB Flash Driver" (gggen) - "Sony Ericsson Mobile Communications" - C:\Windows\System32\DRIVERS\gggen.sys "mbr" (mbr) - ? - C:\cofi\mbr.sys (Hidden registry entry, rootkit activity | File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "ugloipog" (ugloipog) - ? - C:\Users\*****\AppData\Local\Temp\ugloipog.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Windows\system32\mmfinfo.dll (File found, but it contains no detailed information) {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Windows\system32\mmfinfo.dll (File found, but it contains no detailed information) {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Windows\system32\mmfinfo.dll (File found, but it contains no detailed information) {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Windows\system32\mmfinfo.dll (File found, but it contains no detailed information) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL {4CF20B46-D006-4B90-A64B-DBAA9470EFBE} "PhotoToysClone" - "Brice Lambson" - C:\Program Files\Brice Lambson\PhotoToysClone\PhotoToysClone.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {11222041-111B-46E3-BD29-EFB2449479B1} "IEPlugin Class" - "ArcSoft, Inc." - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4 -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "1200 Series Port" - " " - C:\Windows\system32\lxczlmpm.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "lxcz_device" (lxcz_device) - " " - C:\Windows\system32\lxczcoms.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code: 
  ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:			
Windows Version:		Windows 7 Ultimate Edition
Windows Information:		 (build 7600), 32-bit
Logical Drives Mask:		0x0000007c
Kernel Drivers (total 192):
  0x82A0C000 \SystemRoot\system32\ntkrnlpa.exe
  0x82E1C000 \SystemRoot\system32\halmacpi.dll
  0x80B9D000 \SystemRoot\system32\kdcom.dll
  0x86813000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x8681E000 \SystemRoot\system32\PSHED.dll
  0x8682F000 \SystemRoot\system32\BOOTVID.dll
  0x86837000 \SystemRoot\system32\CLFS.SYS
  0x86879000 \SystemRoot\system32\CI.dll
  0x86924000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x86995000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x86A33000 \SystemRoot\System32\Drivers\sptd.sys
  0x86B46000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x86B4F000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x86B75000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x86BBD000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x86BC5000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x86BD0000 \SystemRoot\system32\DRIVERS\pci.sys
  0x86A00000 \SystemRoot\System32\drivers\partmgr.sys
  0x86A11000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x869A3000 \SystemRoot\System32\drivers\volmgrx.sys
  0x86A21000 \SystemRoot\system32\DRIVERS\viaide.sys
  0x869EE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x86C35000 \SystemRoot\System32\drivers\mountmgr.sys
  0x86C4B000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x86C54000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x86C77000 \SystemRoot\system32\DRIVERS\vsmraid.sys
  0x86C9C000 \SystemRoot\system32\DRIVERS\storport.sys
  0x86CE3000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x86CEC000 \SystemRoot\system32\drivers\fltmgr.sys
  0x86D20000 \SystemRoot\system32\drivers\fileinfo.sys
  0x86E03000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x86F32000 \SystemRoot\System32\Drivers\msrpc.sys
  0x86F5D000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x86F70000 \SystemRoot\System32\Drivers\cng.sys
  0x86FCD000 \SystemRoot\System32\drivers\pcw.sys
  0x86FDB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x86D31000 \SystemRoot\system32\drivers\ndis.sys
  0x87003000 \SystemRoot\system32\drivers\NETIO.SYS
  0x87041000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x87066000 \SystemRoot\System32\drivers\tcpip.sys
  0x871AF000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x871E0000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x87233000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x87272000 \SystemRoot\System32\Drivers\spldr.sys
  0x8727A000 \SystemRoot\System32\drivers\rdyboost.sys
  0x872A7000 \SystemRoot\System32\Drivers\mup.sys
  0x872B7000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x872BF000 \SystemRoot\system32\DRIVERS\gagp30kx.sys
  0x872D0000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x87302000 \SystemRoot\system32\DRIVERS\disk.sys
  0x87313000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8736A000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x87389000 \SystemRoot\System32\Drivers\Null.SYS
  0x87390000 \SystemRoot\System32\Drivers\Beep.SYS
  0x87397000 \SystemRoot\System32\drivers\vga.sys
  0x873A3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x873C4000 \SystemRoot\System32\drivers\watchdog.sys
  0x873D1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x873D9000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x873E1000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x873E9000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x87200000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8720E000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x87225000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8BC3F000 \SystemRoot\system32\drivers\afd.sys
  0x8BC99000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8BCCB000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x8BCD2000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8BCF1000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8BD19000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8BD2C000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8BD3C000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8BD42000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8BD83000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8BD8D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8BD97000 \SystemRoot\System32\drivers\discache.sys
  0x8BE0C000 \SystemRoot\system32\drivers\csc.sys
  0x8BE70000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8BE88000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x8BE96000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8BEB2000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x8BEB4000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8AC33000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
  0x8ADB6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8ADBC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8BED5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8ADC7000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C01F000 \SystemRoot\system32\drivers\cmuda.sys
  0x8C165000 \SystemRoot\system32\drivers\portcls.sys
  0x8C194000 \SystemRoot\system32\drivers\drmk.sys
  0x8C1AD000 \SystemRoot\system32\drivers\ks.sys
  0x8C1E1000 \SystemRoot\system32\DRIVERS\fetnd6.sys
  0x8BF20000 \SystemRoot\System32\Drivers\a1e6jqqg.SYS
  0x8C1EC000 \SystemRoot\system32\DRIVERS\amdk8.sys
  0x8C000000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x8C00D000 \SystemRoot\system32\DRIVERS\ManyCam.sys
  0x8ADD6000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x8ADE4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x8AC00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8C013000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8BF59000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8AC18000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8BF7B000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8BF92000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8ADF6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x8BFA9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8BFB6000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8C1FE000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8BFC3000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8BDA3000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8BFD1000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8BFE2000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8BFEF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8BE00000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x8BDE7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x96300000 \SystemRoot\System32\win32k.sys
  0x8BC00000 \SystemRoot\System32\drivers\Dxapi.sys
  0x96550000 \SystemRoot\System32\drivers\dxg.sys
  0x8BC0A000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x96580000 \SystemRoot\System32\TSDDD.dll
  0x96290000 \SystemRoot\System32\ati2dvag.dll
  0x96590000 \SystemRoot\System32\ati2cqag.dll
  0x96200000 \SystemRoot\System32\atikvmag.dll
  0x88500000 \SystemRoot\System32\ati3duag.dll
  0x888A0000 \SystemRoot\System32\ativvaxx.dll
  0x8BC15000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8BC20000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8BC33000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8AC30000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8BCFF000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x87338000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8BD0A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8734F000 \SystemRoot\system32\drivers\luafv.sys
  0x871E9000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x86FE4000 \SystemRoot\system32\drivers\WudfPf.sys
  0x86DE8000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x86C00000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x97A0C000 \SystemRoot\system32\drivers\HTTP.sys
  0x97A91000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x97AAA000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x97ABC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x97ADF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x97B1A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x97B4D000 \SystemRoot\system32\drivers\peauth.sys
  0x97BE4000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x86C13000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x97BEE000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9E829000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9E878000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9E933000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0x9E935000 \??\C:\Users\*****\AppData\Local\Temp\catchme.sys
  0x9E9C0000 \??\C:\Users\*****\AppData\Local\Temp\ugloipog.sys
  0x77D00000 \Windows\System32\ntdll.dll
  0x48260000 \Windows\System32\smss.exe
  0x77F40000 \Windows\System32\apisetschema.dll
  0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
  0x00B70000 \Windows\System32\autochk.exe
  0x77F10000 \Windows\System32\sechost.dll
  0x77B00000 \Windows\System32\iertutil.dll
  0x77E60000 \Windows\System32\rpcrt4.dll
  0x779C0000 \Windows\System32\urlmon.dll
  0x77930000 \Windows\System32\clbcatq.dll
  0x77E50000 \Windows\System32\nsi.dll
  0x77910000 \Windows\System32\imm32.dll
  0x77840000 \Windows\System32\msctf.dll
  0x777B0000 \Windows\System32\oleaut32.dll
  0x77750000 \Windows\System32\difxapi.dll
  0x76B00000 \Windows\System32\shell32.dll
  0x76A60000 \Windows\System32\advapi32.dll
  0x77E40000 \Windows\System32\lpk.dll
  0x76A10000 \Windows\System32\Wldap32.dll
  0x76A00000 \Windows\System32\psapi.dll
  0x769F0000 \Windows\System32\normaliz.dll
  0x76920000 \Windows\System32\user32.dll
  0x76870000 \Windows\System32\msvcrt.dll
  0x76830000 \Windows\System32\ws2_32.dll
  0x76750000 \Windows\System32\kernel32.dll
  0x76700000 \Windows\System32\gdi32.dll
  0x76680000 \Windows\System32\comdlg32.dll
  0x76650000 \Windows\System32\imagehlp.dll
  0x764F0000 \Windows\System32\ole32.dll
  0x763F0000 \Windows\System32\wininet.dll
  0x76350000 \Windows\System32\usp10.dll
  0x761B0000 \Windows\System32\setupapi.dll
  0x76150000 \Windows\System32\shlwapi.dll
  0x76120000 \Windows\System32\cfgmgr32.dll
  0x760F0000 \Windows\System32\wintrust.dll
  0x76060000 \Windows\System32\comctl32.dll
  0x76040000 \Windows\System32\devobj.dll
  0x75F20000 \Windows\System32\crypt32.dll
  0x75ED0000 \Windows\System32\KernelBase.dll
  0x75EC0000 \Windows\System32\msasn1.dll
Processes (total 44):
       0 System Idle Process
       4 System
     264 C:\Windows\System32\smss.exe
     348 csrss.exe
     388 C:\Windows\System32\wininit.exe
     396 csrss.exe
     436 C:\Windows\System32\winlogon.exe
     480 C:\Windows\System32\services.exe
     492 C:\Windows\System32\lsass.exe
     500 C:\Windows\System32\lsm.exe
     600 C:\Windows\System32\svchost.exe
     676 C:\Windows\System32\svchost.exe
     724 C:\Windows\System32\svchost.exe
     804 C:\Windows\System32\svchost.exe
     844 C:\Windows\System32\svchost.exe
    1040 C:\Windows\System32\svchost.exe
    1188 C:\Windows\System32\svchost.exe
    1280 C:\Windows\System32\spoolsv.exe
    1320 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1340 C:\Windows\System32\svchost.exe
    1440 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    1464 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1488 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1532 C:\Program Files\Bonjour\mDNSResponder.exe
    1584 C:\Windows\System32\svchost.exe
    1624 C:\Windows\System32\lxczcoms.exe
    1648 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    1720 C:\Windows\System32\IoctlSvc.exe
    1748 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    1784 C:\Windows\System32\svchost.exe
    2088 C:\Windows\System32\taskhost.exe
    2200 C:\Windows\System32\dwm.exe
    2408 C:\Windows\System32\rundll32.exe
    2424 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2600 C:\Windows\System32\SearchIndexer.exe
    2804 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3040 C:\Windows\System32\svchost.exe
    3976 C:\Windows\System32\svchost.exe
    1472 C:\Windows\explorer.exe
     880 C:\Program Files\Mozilla Firefox\firefox.exe
    3688 C:\Windows\System32\audiodg.exe
     672 C:\Users\*****\Desktop\MBRCheck.exe
    3500 C:\Windows\System32\conhost.exe
    3672 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
PhysicalDrive0 Model Number: ExcelStorTechnologyJ880, Rev: PF2OA21B
      Size  Device Name          MBR Status
  --------------------------------------------
     76 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
          | 
|  01.04.2011, 19:32 | #12 | 
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! 
				__________________ Logfiles bitte immer in CODE-Tags posten   | 
|  02.04.2011, 00:23 | #13 | 
|  |   Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Das Programm SUPER AntiSpyware ist bei mir jedes Mal nach dem Starten abgestürzt. Es hat sich immer wieder beim Update-Fenster aufgehangen, deshalb konnte ich den Scan nicht durchführen. MBAM hat beim Vollscan nichts gefunden, während des Scans kamen jedoch Meldungen von AntiVir, danach habe ich AntiVir ausgeschaltet. Die Meldungen von AntiVir poste ich hier ebenfalls mit. MBAM: Code: 
  ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6240
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
02.04.2011 00:51:07
mbam-log-2011-04-02 (00-51-07).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 255811
Laufzeit: 2 Stunde(n), 24 Minute(n), 50 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         Code: 
  ATTFilter In der Datei 'C:\lexmark\drivers\1200\Applications\AIOC\LXCZcfg.dll'
wurde ein Virus oder unerwünschtes Programm 'W32/Ramnit.C' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\lexmark\drivers\1200\Applications\AIOC\LXCZcfg.dll'
wurde ein Virus oder unerwünschtes Programm 'W32/Ramnit.C' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\lexmark\drivers\1200\drivers\win_xp2k\i386\LXCZcoin.dll'
wurde ein Virus oder unerwünschtes Programm 'W32/Ramnit.C' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\lexmark\drivers\1200\drivers\win_xp2k\i386\LXCZhcp.dll'
wurde ein Virus oder unerwünschtes Programm 'W32/Ramnit.C' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern
AntiVir Guard wurde deaktiviert.
          | 
|  02.04.2011, 13:51 | #14 | 
| /// Winkelfunktion /// TB-Süch-Tiger™       |   Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Sind Fehlalarme => Treiber von Lexmark! Hast du was von Lexmark, Drucker/Scanner?  
				__________________ Logfiles bitte immer in CODE-Tags posten   | 
|  02.04.2011, 17:53 | #15 | 
|  |   Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Ja, hatte mal einen Lexmark Drucker, da der aber nicht mehr existiert, hab ich die Treiber & das Programm nun gelöscht.  | 
|  | 
| Themen zu Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? | 
| 0x00000001, adblock, adobe, alternate, antivir, autorun, avgntflt.sys, avira, bho, bonjour, browser, converter, defender, downloader, error, explorer, firefox, flash player, format, install.exe, internet, jdownloader, langs, launch, location, locker, logfile, mozilla, nicht gefunden, ntdll.dll, oldtimer, plug-in, problem, prozessor, registry, rundll, saver, searchplugins, security, shell32.dll, software, sptd.sys, start menu, system, usbport.sys, webcheck |