Hi, der Scan hatte etwas länger gedauert als erwartet, etwas verspätet, dennoch auch hier wieder die 2 logs:
GMER Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-29 19:24:02
Windows 5.1.2600 Service Pack 3
Running: f5kdxfsn.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\pxtdypow.sys
---- System - GMER 1.0.15 ----
SSDT B877417E ZwCreateKey
SSDT B8774174 ZwCreateThread
SSDT B8774183 ZwDeleteKey
SSDT B877418D ZwDeleteValueKey
SSDT spsa.sys ZwEnumerateKey [0xB7EC5DA4]
SSDT spsa.sys ZwEnumerateValueKey [0xB7EC6132]
SSDT B8774192 ZwLoadKey
SSDT spsa.sys ZwOpenKey [0xB7EA70C0]
SSDT B8774160 ZwOpenProcess
SSDT B8774165 ZwOpenThread
SSDT spsa.sys ZwQueryKey [0xB7EC620A]
SSDT spsa.sys ZwQueryValueKey [0xB7EC608A]
SSDT B877419C ZwReplaceKey
SSDT B8774197 ZwRestoreKey
SSDT B8774188 ZwSetValueKey
INT 0x63 ? 8AFC8BF8
INT 0x63 ? 8AFC8BF8
INT 0x73 ? 8AF56F00
INT 0x73 ? 8AD07BF8
INT 0x73 ? 8AD07BF8
INT 0x73 ? 8AF56F00
INT 0x83 ? 8AD07BF8
INT 0x83 ? 8AD07BF8
INT 0x83 ? 8AD07BF8
INT 0xA4 ? 8AD07BF8
INT 0xB4 ? 8AD07BF8
---- Kernel code sections - GMER 1.0.15 ----
? spsa.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB315C3A0, 0x59FFE5, 0xE8000020]
.text USBPORT.SYS!DllUnload B30FC8AC 5 Bytes JMP 8AD071D8
.text a7gvoar2.SYS B3083386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a7gvoar2.SYS B30833AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a7gvoar2.SYS B30833C4 3 Bytes [00, 80, 02]
.text a7gvoar2.SYS B30833C9 1 Byte [30]
.text a7gvoar2.SYS B30833C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text win32k.sys!FONTOBJ_pxoGetXform + 108AC BF85FA00 1 Byte [00]
.text win32k.sys!FONTOBJ_pxoGetXform + 108AC BF85FA00 142 Bytes [00, 00, C0, EB, D7, 53, 56, ...]
.text win32k.sys!FONTOBJ_pxoGetXform + 1093B BF85FA8F 43 Bytes [00, 39, 9E, 98, 00, 00, 00, ...]
.text win32k.sys!FONTOBJ_pxoGetXform + 10968 BF85FABC 77 Bytes [01, 77, 44, 3B, 05, A0, D5, ...]
.text win32k.sys!FONTOBJ_pxoGetXform + 109B6 BF85FB0A 10 Bytes [3B, C3, 74, 12, 66, FF, 80, ...]
.text ...
.text win32k.sys!EngStretchBlt + 23 BF862161 2 Bytes [45, 08]
.text win32k.sys!EngStretchBlt + 26 BF862164 70 Bytes [55, 0C, 8D, 48, F0, F7, D8, ...]
.text win32k.sys!EngStretchBlt + 6D BF8621AB 42 Bytes [73, 3C, 83, FE, 09, 0F, 84, ...]
.text win32k.sys!EngStretchBlt + 98 BF8621D6 143 Bytes [8B, 4E, 04, 3B, 4E, 0C, 0F, ...]
.text win32k.sys!EngStretchBlt + 128 BF862266 1 Byte [08]
.text ...
.text win32k.sys!EngCreatePalette + 54 BF866231 5 Bytes [8B, 18, 83, 65, F8]
.text win32k.sys!EngCreatePalette + 5A BF866237 14 Bytes [85, F6, 74, 0B, 68, 02, 00, ...]
.text win32k.sys!EngCreatePalette + 69 BF866246 37 Bytes CALL BF82E242 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation)
.text win32k.sys!EngCreatePalette + 90 BF86626D 4 Bytes [3D, 9D, 02, 00]
.text win32k.sys!EngCreatePalette + 95 BF866272 30 Bytes [74, 14, F6, 41, 1E, 40, 8B, ...]
.text ...
.text win32k.sys!EngCreateSemaphore + 1E BF86C8D9 46 Bytes [35, 80, C2, 9A, BF, FF, 15, ...]
.text win32k.sys!EngCreateSemaphore + 4D BF86C908 52 Bytes [C1, C1, E0, 04, 03, 05, 48, ...]
.text win32k.sys!EngCreateSemaphore + 82 BF86C93D 51 Bytes [F8, F3, A5, 33, C9, 5F, 66, ...]
.text win32k.sys!EngCreateSemaphore + B6 BF86C971 14 Bytes [55, 8B, EC, 8B, 01, 5D, FF, ...] {PUSH EBP; MOV EBP, ESP; MOV EAX, [ECX]; POP EBP; JMP [EAX+0x59c]; NOP ; NOP }
.text win32k.sys!EngCreateSemaphore + C7 BF86C982 5 Bytes [8B, FF, 55, 8B, EC] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP}
.text ...
.text win32k.sys!EngEraseSurface + 17 BF86FE57 12 Bytes [4E, 1C, 6A, 00, 6A, 00, 89, ...]
.text win32k.sys!EngEraseSurface + 24 BF86FE64 6 Bytes CALL BF8053BE \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation)
.text win32k.sys!EngEraseSurface + 2B BF86FE6B 147 Bytes [FF, 75, 10, 6A, 00, FF, 75, ...]
.text win32k.sys!EngEraseSurface + BF BF86FEFF 12 Bytes [85, 68, FE, FF, FF, 8D, 85, ...]
.text win32k.sys!EngEraseSurface + CC BF86FF0C 1 Byte [6C]
.text ...
.text win32k.sys!EngCreateDeviceSurface + 12F BF875C06 35 Bytes [9D, D0, 01, 00, 8B, 45, F0, ...]
.text win32k.sys!EngCreateDeviceSurface + 153 BF875C2A 93 Bytes CALL 48875C2F
.text win32k.sys!EngCreateDeviceSurface + 1B3 BF875C8A 70 Bytes CALL 48875C94
.text win32k.sys!EngCreateDeviceSurface + 1FB BF875CD2 30 Bytes [8B, 87, A8, 06, 00, 00, 89, ...]
.text win32k.sys!EngCreateDeviceSurface + 21A BF875CF1 94 Bytes CALL 4A875CF7
.text ...
.text win32k.sys!EngGetCurrentCodePage + 35 BF8798D6 24 Bytes [FF, FF, 8B, B5, 38, FF, FF, ...]
.text win32k.sys!EngGetCurrentCodePage + 4E BF8798EF 30 Bytes CALL BF80179B \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation)
.text win32k.sys!EngGetCurrentCodePage + 6E BF87990F 42 Bytes JMP BF879AE1 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation)
.text win32k.sys!EngGetCurrentCodePage + 99 BF87993A 78 Bytes JMP BF879AE5 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation)
.text win32k.sys!EngGetCurrentCodePage + E9 BF87998A 20 Bytes [FF, 89, 5D, FC, 8B, 45, 0C, ...]
.text ...
.text win32k.sys!EngFntCacheLookUp + 3D BF8872C8 26 Bytes [33, C0, EB, F6, 8B, 4D, 1C, ...]
.text win32k.sys!EngFntCacheLookUp + 58 BF8872E3 34 Bytes [03, 02, 83, C2, 04, EB, EF, ...]
.text win32k.sys!EngFntCacheLookUp + 7C BF887307 12 Bytes [8B, 0C, 91, 8B, 71, 10, 03, ...]
.text win32k.sys!EngFntCacheLookUp + 89 BF887314 70 Bytes [00, 03, 31, 69, F6, 01, 01, ...]
.text win32k.sys!EngFntCacheLookUp + D1 BF88735C 26 Bytes [50, 08, 3B, 51, 10, 73, EB, ...]
.text ...
.text win32k.sys!EngFntCacheAlloc + 79 BF8877A0 19 Bytes [CB, 2B, 4A, 14, 89, 48, 14, ...] {RETF ; SUB ECX, [EDX+0x14]; MOV [EAX+0x14], ECX; MOV EAX, [0xbf9a6ccc]; MOV DWORD [EAX+0x34], 0x1}
.text win32k.sys!EngFntCacheAlloc + 8D BF8877B4 46 Bytes CALL BF801978 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation)
.text win32k.sys!EngFntCacheAlloc + BC BF8877E3 78 Bytes [15, 33, C9, 81, FE, 93, 52, ...]
.text win32k.sys!EngFntCacheAlloc + 10B BF887832 77 Bytes [00, 6A, 04, 5A, 39, 55, 0C, ...]
.text win32k.sys!EngFntCacheAlloc + 159 BF887880 131 Bytes [0C, 1B, C0, 40, 5E, 5F, 5D, ...]
.text ...
.text win32k.sys!EngWideCharToMultiByte + B7 BF888EB8 16 Bytes [C0, 24, 8B, 18, 8B, B3, E8, ...] {SHL BYTE [EBX+ECX*4], 0x18; MOV ESI, [EBX+0x1e8]; ADD EBX, 0x1e0}
.text win32k.sys!EngWideCharToMultiByte + C8 BF888EC9 10 Bytes [83, C6, 07, C1, EE, 03, 68, ...]
.text win32k.sys!EngWideCharToMultiByte + D3 BF888ED4 54 Bytes [83, C6, 0C, 56, 6A, 00, E8, ...]
.text win32k.sys!EngWideCharToMultiByte + 10A BF888F0B 130 Bytes [43, 08, 89, 47, 04, C7, 47, ...]
.text win32k.sys!EngWideCharToMultiByte + 18D BF888F8E 34 Bytes [FC, 66, 83, F8, FF, 73, 62, ...]
.text ...
.text win32k.sys!EngMultiByteToUnicodeN + 1D BF88AE01 42 Bytes [53, 7C, F7, FF, 83, 26, 00, ...]
.text win32k.sys!EngMultiByteToUnicodeN + 48 BF88AE2C 97 Bytes [57, 8D, 45, FC, 50, 57, 68, ...]
.text win32k.sys!EngMultiByteToUnicodeN + AA BF88AE8E 103 Bytes [FF, 55, 8B, EC, A1, 78, C5, ...]
.text win32k.sys!EngMultiByteToUnicodeN + 112 BF88AEF6 96 Bytes [7D, 0C, 8B, 45, 08, 89, 45, ...]
.text win32k.sys!EngMultiByteToUnicodeN + 173 BF88AF57 103 Bytes [F0, F3, A5, 83, 4D, FC, FF, ...]
.text ...
.text win32k.sys!EngFindImageProcAddress + 34 BF88EA84 17 Bytes [83, C4, 0C, 85, C0, 74, A3, ...] {ADD ESP, 0xc; TEST EAX, EAX; JZ 0xffffffffffffffaa; CMP DWORD [ESI+0x14], 0x0; PUSH EBX; JZ 0x6c; MOV EAX, [ESI+0x14]}
.text win32k.sys!EngFindImageProcAddress + 46 BF88EA96 56 Bytes [50, 18, 8B, 78, 20, 8B, 58, ...]
.text win32k.sys!EngFindImageProcAddress + 7F BF88EACF 20 Bytes [46, 08, 50, FF, 75, 0C, E8, ...]
.text win32k.sys!EngFindImageProcAddress + 95 BF88EAE5 19 Bytes [FF, 45, 08, 8B, 45, 08, 3B, ...]
.text win32k.sys!EngFindImageProcAddress + A9 BF88EAF9 63 Bytes [90, 90, 90, 90, 90, FF, 25, ...]
.text ...
.text win32k.sys!EngLoadImage + 1E BF88EBE4 11 Bytes [90, 00, 00, 8B, 0D, 28, D7, ...] {NOP ; ADD [EAX], AL; MOV ECX, [0xbf9ad728]; MOV ESI, EAX}
.text win32k.sys!EngLoadImage + 2A BF88EBF0 3 Bytes CALL BF80197B \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation)
.text win32k.sys!EngLoadImage + 2E BF88EBF4 139 Bytes [8B, C6, 5E, 5D, C2, 04, 00, ...]
.text win32k.sys!EngLoadImage + BA BF88EC80 48 Bytes [55, 8B, EC, FF, 75, 08, 8D, ...]
.text win32k.sys!EngLoadImage + EB BF88ECB1 10 Bytes [15, F4, E0, 98, BF, E9, D0, ...] {ADC EAX, 0xbf98e0f4; JMP 0x9da}
.text ...
.text win32k.sys!EngQueryPerformanceFrequency + 44 BF890AC3 23 Bytes JMP BF8924D7 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation)
.text win32k.sys!EngQueryPerformanceFrequency + 5C BF890ADB 281 Bytes JMP BF8916FB \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation)
.text win32k.sys!EngQueryPerformanceFrequency + 176 BF890BF5 81 Bytes CALL BF82C825 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation)
.text win32k.sys!EngQueryPerformanceFrequency + 1C8 BF890C47 30 Bytes [85, F8, FE, FF, FF, 8B, 49, ...]
.text win32k.sys!EngQueryPerformanceFrequency + 1E7 BF890C66 40 Bytes [39, B5, EC, FE, FF, FF, 74, ...]
.text ...
.text win32k.sys!EngUnloadImage + 7 BF892B1E 2 Bytes JMP BF8965F6 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation)
.text win32k.sys!EngUnloadImage + B BF892B22 5 Bytes [90, 90, 90, 90, 90] {NOP ; NOP ; NOP ; NOP ; NOP }
.text win32k.sys!EngCreateEvent + 1 BF892B28 139 Bytes [FF, 55, 8B, EC, 56, 6A, 0C, ...]
.text win32k.sys!EngQuerySystemAttribute + 49 BF892BB4 44 Bytes [BE, 45, F0, 8B, 4D, 0C, 89, ...]
.text win32k.sys!EngQuerySystemAttribute + 76 BF892BE1 89 Bytes CALL A865A1E5
.text win32k.sys!EngQuerySystemAttribute + D0 BF892C3B 45 Bytes [00, 8B, 47, 20, B9, 36, 25, ...]
.text win32k.sys!EngQuerySystemAttribute + FF BF892C6A 56 Bytes [8B, 46, 3C, B9, B1, 28, 96, ...]
.text win32k.sys!EngQuerySystemAttribute + 141 BF892CAC 3 Bytes [8B, 45, 0C] {MOV EAX, [EBP+0xc]}
.text ...
.text win32k.sys!EngFindResource + 3 BF894D8A 15 Bytes [8B, EC, FF, 75, 14, 8B, 45, ...] {MOV EBP, ESP; PUSH DWORD [EBP+0x14]; MOV EAX, [EBP+0x8]; PUSH DWORD [EBP+0x10]; PUSH DWORD [EBP+0xc]; PUSH EAX}
.text win32k.sys!EngFindResource + 13 BF894D9A 16 Bytes CALL BF894DA8 \SystemRoot\System32\win32k.sys (Mehrbenutzer-Win32-Treiber/Microsoft Corporation)
.text win32k.sys!EngFindResource + 24 BF894DAB 69 Bytes [FF, 55, 8B, EC, FF, 75, 18, ...]
.text win32k.sys!EngFindResource + 6A BF894DF1 2 Bytes [03, 8D]
.text win32k.sys!EngFindResource + 6D BF894DF4 12 Bytes [F4, 50, FF, 75, 08, E8, 21, ...] {HLT ; PUSH EAX; PUSH DWORD [EBP+0x8]; CALL 0xfffffffffffff92b; TEST EAX, EAX}
.text ...
.text win32k.sys!EngLoadModule + 2 BF895718 16 Bytes [55, 8B, EC, 6A, 00, FF, 75, ...]
.text win32k.sys!EngLoadModule + 13 BF895729 86 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text win32k.sys!EngLoadModule + 6A BF895780 54 Bytes [C0, 0F, 84, 94, 00, 00, 00, ...]
.text win32k.sys!EngLoadModule + A1 BF8957B7 9 Bytes [FF, 83, 7D, 0C, 00, 89, 5D, ...]
.text win32k.sys!EngLoadModule + AB BF8957C1 71 Bytes [37, EF, FF, FF, FF, 75, 08, ...]
.text ...
.text win32k.sys!EngFreeModule + 55 BF8958E9 11 Bytes [5E, 5D, C2, 04, 00, 90, 90, ...]
.text win32k.sys!EngFreeModule + 61 BF8958F5 59 Bytes [55, 8B, EC, 56, 8B, 75, 08, ...]
.text win32k.sys!EngFreeModule + 9D BF895931 96 Bytes [55, 8B, EC, 51, 83, 65, FC, ...]
.text win32k.sys!EngFreeModule + FE BF895992 8 Bytes [43, 14, 8B, 46, 08, 89, 43, ...]
.text win32k.sys!EngFreeModule + 107 BF89599B 78 Bytes [46, 0C, 57, 89, 43, 1C, 8B, ...]
.text ...
.text win32k.sys!EngGetLastError + 43 BF899675 58 Bytes [73, 10, FF, 15, 64, E1, 98, ...]
.text win32k.sys!EngGetLastError + 7E BF8996B0 41 Bytes [55, 14, 8D, 3C, 02, 8B, D1, ...]
.text win32k.sys!EngGetLastError + A8 BF8996DA 36 Bytes [55, E4, 83, C2, 18, 8B, 4B, ...]
.text win32k.sys!EngGetLastError + CD BF8996FF 64 Bytes [70, 10, 8B, 01, 89, 58, 18, ...]
.text win32k.sys!EngGetLastError + 10E BF899740 60 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text ...
.text win32k.sys!EngGradientFill + 9 BF89BAFE 142 Bytes [45, 08, 53, 8B, D8, 56, F7, ...]
.text win32k.sys!EngGradientFill + 98 BF89BB8D 39 Bytes [F8, 85, FF, 0F, 84, 31, FD, ...]
.text win32k.sys!EngGradientFill + C0 BF89BBB5 1 Byte [20]
.text win32k.sys!EngGradientFill + C0 BF89BBB5 150 Bytes [20, FF, 75, 1C, FF, 75, 18, ...]
.text win32k.sys!EngGradientFill + 157 BF89BC4C 159 Bytes [FF, A5, A5, A5, A5, 89, 5D, ...]
.text ...
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xAFB5F300, 0x25D4C, 0xE0000060]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAFB00300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8358300, 0x1BEE, 0xE8000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spsa.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spsa.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spsa.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spsa.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spsa.sys
IAT \SystemRoot\System32\Drivers\a7gvoar2.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a7gvoar2.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a7gvoar2.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a7gvoar2.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a7gvoar2.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a7gvoar2.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a7gvoar2.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a7gvoar2.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a7gvoar2.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a7gvoar2.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a7gvoar2.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a7gvoar2.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a7gvoar2.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a7gvoar2.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a7gvoar2.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB7E9C] spsa.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8AF521F8
Device \FileSystem\Udfs \UdfsCdRom 8AB471F8
Device \FileSystem\Udfs \UdfsDisk 8AB471F8
Device \Driver\usbohci \Device\USBPDO-0 8AD061F8
Device \Driver\usbohci \Device\USBPDO-1 8AD061F8
Device \Driver\usbehci \Device\USBPDO-2 8AD051F8
Device \Driver\usbohci \Device\USBPDO-3 8AD061F8
Device \Driver\usbohci \Device\USBPDO-4 8AD061F8
Device \Driver\usbehci \Device\USBPDO-5 8AD051F8
Device \Driver\usbohci \Device\USBPDO-6 8AD061F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AF541F8
Device \Driver\Cdrom \Device\CdRom0 8AD0C1F8
Device \Driver\Cdrom \Device\CdRom1 8AD0C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B7E20B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 89EA81F8
Device \Driver\NetBT \Device\NetbiosSmb 89EA81F8
Device \Driver\sptd \Device\1521529292 spsa.sys
Device \Driver\PCI_PNP3042 \Device\0000005e spsa.sys
Device \Driver\usbohci \Device\USBFDO-0 8AD061F8
Device \Driver\usbohci \Device\USBFDO-1 8AD061F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89EA4500
Device \Driver\usbehci \Device\USBFDO-2 8AD051F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89EA4500
Device \Driver\usbohci \Device\USBFDO-3 8AD061F8
Device \Driver\usbohci \Device\USBFDO-4 8AD061F8
Device \Driver\Ftdisk \Device\FtControl 8AF541F8
Device \Driver\usbehci \Device\USBFDO-5 8AD051F8
Device \Driver\usbohci \Device\USBFDO-6 8AD061F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8AF531F8
Device \Driver\a7gvoar2 \Device\Scsi\a7gvoar21Port5Path0Target0Lun0 8AD0B1F8
Device \Driver\a7gvoar2 \Device\Scsi\a7gvoar21 8AD0B1F8
Device \FileSystem\Cdfs \Cdfs 8A339500
Device \FileSystem\Cdfs \Cdfs B0201BCE
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???i????? ???????Q???????Q??C:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client?8?5???????????ic??255.0.0.0???MS Software Shadow Copy Provider?O??? ?????????????i?????O?a??????????T??????????K??? ???????i?????i?????a?a????????N???????ar?????i?&???????????u?????sve????N??i???C????DUME??{8ECC055D-047F-11D1-A537-0000F8753ED1}?Tem??? ???i??? ?????52f??nltdi???? ?????????????i?????7??????????????&????????????????????i??????1????l???????p??? ??1????-?????2f5??? ???????i???????????a?2????????H??? ??????UME?????i???????????????4???????????????????? ???ra??? ???????j???????????i?????????????????S?S???i??{8ECC055D-047F-11D1-A537-0000F8753ED1}??T.??71???????i???b?????????h???????i?&?????i?&??6960:UDP:*:Enabled:League of Legends Launcher???STORAGE\VOLUMESNAPSHOT\2&2AA31D5D&0&HARDDISKVOLUMESNAPSHOT1??R???R?S?S?\?h?h?e?i?5???i???????j???????????V???????Z??? ?????????????i?????b??????????2??? ??????top?????????????????????i???????g????? ???????i???????????7???????? ?X???????????- ?????i????C:\Programme\NetLimiter 2 P
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA5 0x1D 0x4A 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA8 0xDB 0x49 0xDF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x21 0x8C 0x14 0x3C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x06 0xD1 0xB9 0xE4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA5 0x1D 0x4A 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA8 0xDB 0x49 0xDF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x21 0x8C 0x14 0x3C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x06 0xD1 0xB9 0xE4 ...
---- EOF - GMER 1.0.15 ---- Und OSAM: Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:39:57 on 29.09.2010
OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.10
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Pando" - "Pando Networks" - C:\Programme\Pando Networks\Media Booster\PMB.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv11.sys
"aev8m2xd" (aev8m2xd) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\aev8m2xd.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"ATITool Overclocking Utility" (ATITool) - ? - C:\WINDOWS\System32\DRIVERS\ATITool.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"BVRPMPR5 NDIS Protocol Driver" (BVRPMPR5) - "Avanquest Software" - C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
"Cardex" (Cardex) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\TBPANEL.SYS
"catchme" (catchme) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"cpuz132" (cpuz132) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\cpuz132_x32.sys
"DNINDIS5 NDIS Protocol Driver" (DNINDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\DNINDIS5.SYS
"GarenaPEngine" (GarenaPEngine) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\WOC53.tmp (File found, but it contains no detailed information)
"gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\gdrv.sys
"GGSAFER Driver" (GGSAFERDriver) - ? - C:\Programme\Garena\plugins\UI\safedrv.sys (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"Logitech SetPoint Keyboard Driver" (L8042Kbd) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys
"Logitech SetPoint KMDF HID Filter Driver" (LHidFilt) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys
"Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies" - C:\WINDOWS\System32\drivers\npf.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys
"SetPoint Mouse Filter Driver" (LMouKE) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\LMouKE.Sys
"SetPoint PS/2 Mouse Filter Driver" (L8042mou) - "Logitech, Inc." - C:\WINDOWS\System32\DRIVERS\L8042mou.Sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information)
"TAP-Win32 Adapter V9 (Tunngle)" (tap0901t) - "Tunngle.net" - C:\WINDOWS\System32\DRIVERS\tap0901t.sys
"TBPanel" (TBPanel) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\TBPanel.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"wsimd Service" (WSIMD) - "Atheros Communications, Inc." - C:\WINDOWS\System32\DRIVERS\wsimd.sys
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"QIP 2005" - "The Author of QIP" - C:\Programme\QIP\qip.exe
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} "DeviceVM Url Search Hook" - "DeviceVM Inc." - C:\WINDOWS\system32\dvmurl.dll
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{784797A8-342D-4072-9486-03C8D0F2F0A1} "Battlefield Heroes Updater" - "EA Digital Illusions CE AB" - C:\WINDOWS\Downloaded Program Files\BFHUpdater.dll / https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_20\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{95289393-33EA-4F8D-B952-483415B9C955} "QIPBHO Class" - "qip.ru" - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll
[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"NETGEAR WN111v2 Setup-Assistent.lnk" - "NETGEAR" - C:\Programme\NETGEAR\WN111v2\WN111V2.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
"GAINWARD" - "Gainward Co." - C:\Programme\EXPERTool\TBPanel.exe /A
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"FaxCenterServer" - ? - "C:\Programme\Lexmark Fax Solutions\fm3032.exe" /s (File found, but it contains no detailed information)
"JMB36X IDE Setup" - ? - C:\WINDOWS\RaidTool\xInsIDE.exe (File found, but it contains no detailed information)
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Lexmark Print-2-Fax Port" - ? - C:\WINDOWS\system32\LXPRMON.DLL (File found, but it contains no detailed information)
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information)
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Atheros Configuration Service" (ACS) - "Atheros" - C:\WINDOWS\system32\acs.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - C:\Programme\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
"ES lite Service for program management." (ES lite Service) - ? - C:\Programme\Gigabyte\EasySaver\ESSVR.EXE (File found, but it contains no detailed information)
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Jumpstart Wifi Protected Setup" (jswpsapi) - "Atheros Communications, Inc." - C:\Programme\NETGEAR\WN111v2\jswpsapi.exe
"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Programme\LogMeIn Hamachi\hamachi-2.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NMSAccess" (NMSAccess) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies" - C:\Programme\WinPcap\rpcapd.exe
"TunngleService" (TunngleService) - "Tunngle.net GmbH" - C:\Programme\Tunngle\TnglCtrl.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |