Trojaner-Board - windows\system32\drivers\sptd.sys

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - windows\system32\drivers\sptd.sys - Rootkit Modification (https://www.trojaner-board.de/99827-windows-system32-drivers-sptd-sys-rootkit-modification.html)

windows\system32\drivers\sptd.sys - Rootkit Modification

Hey Leute,

habe gestern meinen Rechner hochgefahren und plötzlich poppte ein Fenster(1.jpg) von Aast5 auf, in dem stand das eine bedrohliche Datei gefunden worden sei. Und zwar handelt es sich hierbei um einen Rootkit names sptd.sys, der sich im windows\system32\drivers\ verzeichnis befindet.
Habe dann halt erstmal auf löschen geklickt, dann öffnet sich kurze Zeit später ein weiteres Fenster (2.jpg) indem es mehrmals die besagte Datei indentifiziert hat. Nach nochmaligen Löschen, öffnet sich Bild 3.jpg und ich habe eine Startzeitprüfung gemacht.
Nach dem Neustarten dann passiert das gleiche wieder!

Mit Google habe ich herausgefunden das es etwas mit Cloneprogrammen zutun hat, speziell wurde Deamon Tools genannt. Das hatte ich auch mal drauf aber eigentlich gelöscht dachte ich. Zudem kam die Meldung auch erst jetzt ganz plötzlich und ist davor noch nie aufgetreten.

Habe bisher Avast5 einen Scan machen lassen, der die Datei immer wieder findet(4.jpg), im besagten Ordner kann ich die Datei aber nicht finden.

Ich denke mal als Einleitung reicht das hier. Bin für jede Hilfe offen die mich weiter bringt :)

Code:

Betriebssystemname        Microsoft® Windows Vista™ Home Premium

Version        6.0.6002 Service Pack 2 Build 6002

Zusätzliche Betriebssystembeschreibung         Nicht verfügbar

Betriebssystemhersteller        Microsoft Corporation

Systemname        ***

Systemhersteller        ASUSTeK Computer Inc.

Systemmodell        F5SR

Systemtyp        X86-basierter PC

Prozessor        Intel(R) Core(TM)2 Duo CPU     P8400  @ 2.26GHz, 2266 MHz, 2 Kern(e), 2 logische(r) Prozessor(en)

BIOS-Version/-Datum        American Megatrends Inc. 206, 12.12.2008

SMBIOS-Version        2.4

Windows-Verzeichnis        C:\Windows

Systemverzeichnis        C:\Windows\system32

Startgerät        \Device\HarddiskVolume2

Gebietsschema        Deutschland

Hardwareabstraktionsebene        Version = "6.0.6002.18005"

Benutzername        ***\***

Zeitzone        Mitteleuropäische Sommerzeit

Installierter physikalischer Speicher (RAM)        4,00 GB

Gesamter realer Speicher        3,00 GB

Verfügbarer realer Speicher        1,77 GB

Gesamter virtueller Speicher        6,19 GB

Verfügbarer virtueller Speicher        5,08 GB

Größe der Auslagerungsdatei        3,29 GB

Auslagerungsdatei        C:\pagefile.sys

SPTD ist ein Treiber, der zB von den DaemonTools für die Verwaltung virtueller optischer Laufwerke benötigt wird. Und ja, das Teil nistet sich wie ein Rootkit ein, ist aber kein schädliches Rootkit.

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL-Custom:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox.

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hey,
also hier die Logs, hat ein wenig länger gedauert.

Extras Logfile OTL:
OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 02.06.2011 19:15:00 - Run 1

OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\***\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19048)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,52% Memory free

6,19 Gb Paging File | 5,08 Gb Available in Paging File | 82,04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,04 Gb Total Space | 10,48 Gb Free Space | 7,03% Space Free | Partition Type: NTFS

Drive D: | 139,28 Gb Total Space | 6,06 Gb Free Space | 4,35% Space Free | Partition Type: NTFS

 

Computer Name: *** | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0CDB2725-289D-4ED9-A3B7-2047909FD013}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{1134834A-7BEF-4EF8-82F2-5BBE7A0AFD4E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{1A384342-F487-45E1-BB05-586020560851}" = lport=139 | protocol=6 | dir=in | app=system | 

"{1AC791BB-9410-44D9-9897-642610987351}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 

"{3246BA19-C51B-438D-B5D0-5AE3957C90E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{3A4FDD34-8792-4BD2-86D9-0061198DB9B4}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{4D6F2272-4961-4F00-A143-D83274D209C0}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe | 

"{538D9597-70F4-494A-9988-C346C918C3B3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{542A65AB-DF17-4CA0-9442-904F39C21E3C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 

"{635AB57C-6D36-41C9-997D-A8B34D05AC68}" = lport=138 | protocol=17 | dir=in | app=system | 

"{7FC65E79-031C-4EFE-93BF-D57D1B0DE15D}" = rport=138 | protocol=17 | dir=out | app=system | 

"{8645AD10-4A92-4200-A8C4-4A47662CC23F}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 

"{9B5E7BD6-2DF5-43FF-A448-48B19F8B1B44}" = rport=137 | protocol=17 | dir=out | app=system | 

"{9CBEDAA5-5586-4D71-99AB-374E85DA58C9}" = rport=445 | protocol=6 | dir=out | app=system | 

"{B02FA881-643E-485F-8793-932748D7F10F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{B335299A-1E1D-4ABC-9677-BAE166DBDDE4}" = rport=139 | protocol=6 | dir=out | app=system | 

"{BF15584E-07EA-4E9A-906B-34A8D7930855}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 

"{D2521475-969F-42FB-86FE-0EA17A1E0FD9}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface | 

"{D9AD0B88-A277-45BF-B148-8AF3671782B7}" = lport=137 | protocol=17 | dir=in | app=system | 

"{E870AF03-C0D6-4CB1-AB39-D59B45CB3EEB}" = lport=445 | protocol=6 | dir=in | app=system | 

"{FD4958C8-4C25-4015-81D9-4CAF7037DA6F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 

"{FDF96227-1597-4875-8E60-C8189386C1B2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0CF5C79A-6DD8-4165-837E-C5326FAE878C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{1FB6BD92-942C-4285-AA83-01E1F6298ADA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{27A99362-7BDC-433F-B7EA-BBC9F4E6B56B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{296A7740-EC15-43AE-B918-7ED40C866CBF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{35B41AC4-7AFB-4D9F-BAD6-7414618818E7}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe | 

"{3B4E8A78-E4BA-4EE3-AE12-8470650A508E}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 

"{3F3FB793-A918-4907-B4EF-CD2CED805F97}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{582AC351-392F-4B5F-B93C-7D1E96202617}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{5C47A05F-A3A7-4BA7-9F32-FAEF3648DD18}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{619ADFC2-E7A7-42E1-A4D0-A8266F29BE04}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{6C90D5AE-C52C-4AB5-B0E5-00BCCCCA6B43}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{6E2616D0-84F6-4E1A-A4DC-5F5613116BB1}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 

"{71BE8019-380B-4954-8167-0380D282D668}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 

"{8F44B892-103C-47FE-B39A-69A27DEDFB82}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{90727149-04A4-450A-A6B8-FFA4D65571BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{9346F820-AFB8-45B0-84DA-CFE00B0C98CD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{9F26E6B9-3312-42B6-8ED8-6C443490FA2C}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\daniel.schurr@gmx.net\day of defeat\hl.exe | 

"{9F7B6A1D-0F48-4F2B-9C3C-834D43DD4B22}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\daniel.schurr@gmx.net\day of defeat\hl.exe | 

"{A6DD2AF4-EC08-43E6-A0FE-929BFE9AC932}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{AAB3C215-974D-4AED-BFB4-86CAE05C6B23}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 

"{B2F0E916-93B4-4F4B-8F64-F62F40415F88}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{B5D793D9-A97C-4341-AD4D-4D10849CFA7C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{B6426013-D262-4154-90A4-C41C75F415C4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{C02DF333-D5E0-4D1C-A7FB-D3F2DA6B8438}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{CD72F80C-2634-487A-A3B1-3FBE4EEDBA55}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x86\rpcsandrasrv.exe | 

"{CEBA02BA-4556-4C3A-80F6-3ED39586CFFB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{D9AAD8E3-A0A3-4FA5-B797-9300186B4798}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{D9E13536-F712-455D-BEC7-4663917372C2}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 

"{DB48D943-CC23-4885-8333-A04B2F1F91DE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{E2768921-8D47-42FF-968C-382374BBC4A3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{E4AC9472-9977-4E46-BAF6-FBED1575AB16}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{E72C83BB-CFEA-44F8-8031-0ECA80659CF9}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{07620C4F-0964-4086-A872-C9C12E418E52}" = DJ_SF_03_D4300_Software

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing

"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager

"{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese

"{24EFA94F-F3D6-4386-8824-B54712C9DC88}" = D4300_Help

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23

"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French

"{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish

"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch

"{387D9916-BD27-480f-8CF0-3228832BBAA2}" = HP Deskjet D4300 Printer Driver Software 10.0 Rel .3

"{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module

"{42C7C4D8-033E-44F9-BF34-43808A0686CC}" = D4300

"{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins

"{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC

"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery

"{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech

"{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish

"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{58F14BA8-F5EE-45E3-B759-43488557E272}" = Windows Phone Support Tool

"{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek

"{59BDB81E-9BB8-476E-A0A4-EE053A7FCBCB}" = PDF-XChange Viewer

"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp

"{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian

"{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{69464949-AD9C-4C98-933F-C32FFC86F3C8}" = Doomsday

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect

"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding

"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune

"{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai

"{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar

"{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian

"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes

"{886F91D5-4B45-45DC-938E-6B0276C6B015}" = Solid Edge V20

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport

"{8B0A7592-2AE0-48EA-A327-6EB7DAB25E4A}" = DJ_SF_03_D4300_Software_Min

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007

"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007

"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007

"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007

"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007

"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007

"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007

"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007

"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007

"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007

"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007

"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007

"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007

"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007

"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007

"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007

"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007

"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007

"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010

"{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III

"{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility

"{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian

"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme

"{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish

"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French

"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch

"{ACA0919C-BF7F-41A6-943E-C853EF9A247B}_is1" = DMP Mod Doomsday-Armageddon 21.0 Farbige Techbilder

"{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply

"{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese

"{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista

"{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian

"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media

"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish

"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2

"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish

"{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common

"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 GOLD

"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra

"{DBBA19C5-6EB4-4753-B881-189CF6ACB9CD}" = OpenVPN

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E60A3FF1-856E-4DD2-BFC6-FD9B976FE1C5}" = DJ_SF_03_D4300_ProductContext

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard

"{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver

"avast" = avast! Free Antivirus

"DD-DAIM" = DD-DAIM

"DMP Mod 10.0 Doomsday-Armageddon" = DMP Mod 10.0 Doomsday-Armageddon 10.0 

"DMP Mod 19.0 Doomsday-Armageddon" = DMP Mod 19.0 Doomsday-Armageddon 19.0 

"DMP Mod 20.0 Doomsday-Armageddon" = DMP Mod 20.0 Doomsday-Armageddon 20.0 

"DMP Mod Version 11.0 Hearts of Iron 2" = DMP Mod Version 11.0 Hearts of Iron 2 DMP 11.0 

"DMP Mod Version 12.0 Hearts of Iron 2" = DMP Mod Version 12.0 Hearts of Iron 2 DMP 12.0 

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324

"Hamachi" = Hamachi 1.0.3.0

"HijackThis" = HijackThis 2.0.2

"HP Imaging Device Functions" = HP Imaging Device Functions 10.0

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HP Smart Web Printing" = HP Smart Web Printing

"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0

"HPExtendedCapabilities" = HP Customer Participation Program 10.0

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III

"JDownloader" = JDownloader

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)

"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010

"Opera 11.11.2109" = Opera 11.11

"Picasa 3" = Picasa 3

"PROHYBRIDR" = 2007 Microsoft Office system

"Shop for HP Supplies" = Shop for HP Supplies

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Uninstall_is1" = Uninstall 1.0.0.1

"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam

"VLC media player" = VLC media player 0.9.9

"VLC play! Server_is1" = VLC play! Server 1.1

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"Zune" = Zune

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 01.06.2011 07:53:57 | Computer Name = ***| Source = EventSystem | ID = 4621

Description = 

 

Error - 01.06.2011 07:59:51 | Computer Name = ***| Source = WinMgmt | ID = 10

Description = 

 

Error - 01.06.2011 10:06:48 | Computer Name =*** | Source = WinMgmt | ID = 10

Description = 

 

Error - 01.06.2011 12:17:18 | Computer Name =*** | Source = WinMgmt | ID = 10

Description = 

 

Error - 01.06.2011 12:26:16 | Computer Name =*** | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0062-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet

 werden.  

 

Error - 01.06.2011 12:28:30 | Computer Name = *** | Source = EventSystem | ID = 4621

Description = 

 

Error - 02.06.2011 08:09:28 | Computer Name = *** | Source = WinMgmt | ID = 10

Description = 

 

Error - 02.06.2011 09:43:41 | Computer Name = *** | Source = EventSystem | ID = 4621

Description = 

 

Error - 02.06.2011 10:04:44 | Computer Name = *** | Source = WinMgmt | ID = 10

Description = 

 

Error - 02.06.2011 13:06:57 | Computer Name = *** | Source = WinMgmt | ID = 10

Description = 

 

[ OSession Events ]

Error - 17.08.2010 05:29:47 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 11.12.2010 07:33:49 | Computer Name = dani-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 02.06.2011 08:09:42 | Computer Name = *** | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 02.06.2011 08:09:42 | Computer Name = ***| Source = Service Control Manager | ID = 7026

Description = 

 

Error - 02.06.2011 08:10:26 | Computer Name =*** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 02.06.2011 10:02:47 | Computer Name = *** | Source = Application Popup | ID = 875

Description = Treiber sfdrv01.sys konnte nicht geladen werden.

 

Error - 02.06.2011 10:05:03 | Computer Name = ***| Source = Service Control Manager | ID = 7022

Description = 

 

Error - 02.06.2011 10:05:03 | Computer Name = *** | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 02.06.2011 13:05:02 | Computer Name = *** | Source = Application Popup | ID = 875

Description = Treiber sfdrv01.sys konnte nicht geladen werden.

 

Error - 02.06.2011 13:07:11 | Computer Name = *** | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 02.06.2011 13:07:11 | Computer Name = *** | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 02.06.2011 13:07:55 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

[ TuneUp Events ]

Error - 06.12.2010 13:01:40 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-06 18:01:40', '\device\harddiskvolume2\program

 files\malwarebytes' anti-malware\mbam.exe','3188',0)

 

Error - 06.12.2010 13:26:50 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-06 18:26:50', '\device\harddiskvolume2\program

 files\malwarebytes' anti-malware\mbam.exe','5584',0)

 

Error - 23.12.2010 15:22:02 | Computer Name = ***| Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-23 20:22:02', '\device\harddiskvolume2\program

 files\malwarebytes' anti-malware\unins000.exe','4648',0)

 

Error - 31.05.2011 12:51:45 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-31 18:51:45', '\device\harddiskvolume2\program

 files\malwarebytes' anti-malware\mbam.exe','5920',0)

 

Error - 31.05.2011 12:53:00 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-31 18:53:00', '\device\harddiskvolume2\program

 files\malwarebytes' anti-malware\mbam.exe','5508',0)

 

Error - 31.05.2011 13:06:25 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-31 19:06:25', '\device\harddiskvolume2\program

 files\malwarebytes' anti-malware\mbam.exe','5508',0)

 

Error - 31.05.2011 13:39:31 | Computer Name = ***| Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-05-31 19:39:31', '\device\harddiskvolume2\program

 files\malwarebytes' anti-malware\mbam.exe','5080',0)

 

Error - 01.06.2011 10:07:21 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-06-01 16:07:21', '\device\harddiskvolume2\program

 files\malwarebytes' anti-malware\mbam.exe','5240',0)

 

Error - 01.06.2011 10:08:06 | Computer Name = ***| Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-06-01 16:08:06', '\device\harddiskvolume2\programdata\malwarebytes\malwarebytes'

 anti-malware\mbam-setup.exe','5612',0)

 

Error - 01.06.2011 10:09:17 | Computer Name = ***| Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-06-01 16:09:17', '\device\harddiskvolume2\program

 files\malwarebytes' anti-malware\mbam.exe','5940',0)

 

 

< End of report >

--- --- ---

[/code]

OTL Logfile:
OTL Logfile:

Code:

OTL logfile created on: 02.06.2011 19:15:00 - Run 1

OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\dani\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19048)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,52% Memory free

6,19 Gb Paging File | 5,08 Gb Available in Paging File | 82,04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,04 Gb Total Space | 10,48 Gb Free Space | 7,03% Space Free | Partition Type: NTFS

Drive D: | 139,28 Gb Total Space | 6,06 Gb Free Space | 4,35% Space Free | Partition Type: NTFS

 

Computer Name: DANI-PC | User Name: dani | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.06.02 14:36:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

PRC - [2011.05.10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2011.05.05 20:43:42 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010.12.02 20:48:28 | 000,462,848 | ---- | M] (ageye GbR) -- C:\Program Files\ageye\VLC play! Server\VLCplayServer.exe

PRC - [2010.11.11 14:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.06.18 08:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe

PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2008.01.07 10:25:13 | 004,853,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe

PRC - [2007.10.12 07:44:28 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.06.02 14:36:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\dani\Desktop\OTL.exe

MOD - [2011.05.10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll

MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (ACDaemon)

SRV - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011.02.28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010.12.25 01:31:16 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010.11.11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)

SRV - [2010.11.11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV - [2010.11.11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV - [2010.04.24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2010.04.24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010.01.30 12:19:23 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)

SRV - [2010.01.30 12:19:18 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2009.08.10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007.05.18 12:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

SRV - [2007.02.06 04:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.05.10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011.05.10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011.05.10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011.05.10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011.05.10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011.05.10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011.01.01 13:46:08 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010.04.24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2010.04.24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2010.04.24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2010.04.24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys -- (SANDRA)

DRV - [2009.06.11 20:14:29 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2009.04.28 21:53:57 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)

DRV - [2009.04.28 21:53:56 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)

DRV - [2008.06.03 08:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)

DRV - [2008.05.29 20:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby)

DRV - [2008.03.09 16:58:41 | 003,533,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2007.10.01 08:59:45 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2007.08.11 06:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)

DRV - [2007.07.24 21:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)

DRV - [2007.06.20 05:12:17 | 000,047,616 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)

DRV - [2006.12.14 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)

DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

DRV - [2006.10.01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801)

DRV - [2005.03.03 19:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2005.02.23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - prefs.js..network.proxy.type: 2

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.05 20:43:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.05 20:43:48 | 000,000,000 | ---D | M]

 

[2009.08.28 03:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dani\AppData\Roaming\mozilla\Extensions

[2009.08.28 03:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dani\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

[2011.06.02 14:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dani\AppData\Roaming\mozilla\Firefox\Profiles\r40js1v1.default\extensions

[2010.05.20 22:12:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\dani\AppData\Roaming\mozilla\Firefox\Profiles\r40js1v1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.11.25 22:49:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\dani\AppData\Roaming\mozilla\Firefox\Profiles\r40js1v1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2011.03.25 21:09:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\dani\AppData\Roaming\mozilla\Firefox\Profiles\r40js1v1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2010.12.06 18:50:10 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\dani\AppData\Roaming\mozilla\Firefox\Profiles\r40js1v1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010.12.05 14:37:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\dani\AppData\Roaming\mozilla\Firefox\Profiles\r40js1v1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(38)

[2011.05.30 20:33:57 | 000,001,056 | ---- | M] () -- C:\Users\dani\AppData\Roaming\Mozilla\Firefox\Profiles\r40js1v1.default\searchplugins\icqplugin.xml

[2011.02.06 21:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2009.09.19 11:23:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.12.06 18:55:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.02.06 21:43:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2009.03.31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll

[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2011.01.11 13:22:42 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

[2011.05.05 20:43:45 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.05.05 20:43:45 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.05.05 20:43:45 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.05.05 20:43:45 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.05.05 20:43:45 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)

O4 - Startup: C:\Users\dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VLC play! Server.lnk = C:\Program Files\ageye\VLC play! Server\VLCplayServer.exe (ageye GbR)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\dani\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\dani\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\dani\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{0f38fdde-3e41-11df-8126-002354623135}\Shell\AutoRun\command - "" = H:\Menu.exe

O33 - MountPoints2\{11468d40-159d-11e0-8820-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{11468d40-159d-11e0-8820-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe

O33 - MountPoints2\{295c0b7d-539d-11de-9038-002354623135}\Shell - "" = AutoRun

O33 - MountPoints2\{295c0b7d-539d-11de-9038-002354623135}\Shell\AutoRun\command - "" = G:\autoplay.exe

O33 - MountPoints2\{47a1c498-144c-11e0-8f15-002354623135}\Shell - "" = AutoRun

O33 - MountPoints2\{47a1c498-144c-11e0-8f15-002354623135}\Shell\AutoRun\command - "" = I:\setup.exe

O33 - MountPoints2\{e331fcbe-1440-11e0-8ce2-002354623135}\Shell - "" = AutoRun

O33 - MountPoints2\{e331fcbe-1440-11e0-8ce2-002354623135}\Shell\AutoRun\command - "" = F:\autorunmenu.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {59DC1004-42BC-4C4A-590E-815A06EC7313} - Browser Customizations

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.06.02 14:36:34 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\dani\Desktop\OTL.exe

[2011.05.31 19:15:13 | 000,645,632 | ---- | C] (OldTimer Tools) -- C:\Users\dani\Desktop\OTS.exe

[2011.05.31 18:49:21 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.05.31 18:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.05.31 18:49:18 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.05.31 18:46:35 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\dani\Desktop\mbam-setup-1.50.1.1100.exe

[2011.05.24 18:52:07 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2011.05.18 19:56:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Procter_gamble

[2011.05.17 20:57:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2F32CDF7-00A6-4397-864A-096C3466C5DA}

[2011.05.16 09:05:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Hotmail

[2011.05.14 16:38:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B7858982-E89F-4FED-84EF-A2FB1D0CA99E}

[2011.05.12 20:33:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ECAC77A5-0E60-4BC1-81A7-3689B4D7C654}

[2011.05.11 16:17:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B6AD6F74-9D01-432D-8CD7-5DCFA4AC0300}

[2011.05.09 19:07:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{66116B64-24A0-43D9-B582-2D3BF857AE50}

[2011.05.07 21:03:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B7B624D3-618B-4C42-B0D7-A7BAF63CEBB8}

[2011.05.07 10:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace

[2011.05.05 23:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ageye

[2011.05.05 23:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\ageye

[2011.05.05 23:39:21 | 000,724,935 | ---- | C] (ageye GbR                                                   ) -- C:\Users\***\Desktop\vlcplayserver_1.1.exe

[2011.05.04 20:06:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{17724F29-BEFF-4C9D-923C-C8ADBB6ACF1C}

[2008.06.03 08:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.06.02 19:21:25 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.06.02 19:09:49 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job

[2011.06.02 19:09:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.06.02 19:05:31 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.06.02 19:05:31 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.06.02 19:05:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.06.02 14:36:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2011.06.02 14:15:08 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3CDFAA12-AB5C-4A00-A36F-295ADAD51018}.job

[2011.06.01 18:28:02 | 000,027,190 | ---- | M] () -- C:\Users\***\Desktop\Frequently asked questions.odt

[2011.06.01 18:27:27 | 000,053,897 | ---- | M] () -- C:\Users\***\Desktop\Kalkulation_Runde5.ods

[2011.06.01 13:20:45 | 000,037,845 | ---- | M] () -- C:\Users\***\Desktop\2.jpg

[2011.06.01 13:19:29 | 000,032,390 | ---- | M] () -- C:\Users\***\Desktop\1.jpg

[2011.06.01 13:16:05 | 000,025,149 | ---- | M] () -- C:\Users\***\Desktop\3.jpg

[2011.06.01 13:15:36 | 000,059,600 | ---- | M] () -- C:\Users\***\Desktop\4.jpg

[2011.05.31 19:15:22 | 000,645,632 | ---- | M] (OldTimer Tools) -- C:\Users\dani\Desktop\OTS.exe

[2011.05.31 18:46:49 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\dani\Desktop\mbam-setup-1.50.1.1100.exe

[2011.05.30 17:59:41 | 000,629,186 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.05.30 17:59:41 | 000,596,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.05.30 17:59:41 | 000,126,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.05.30 17:59:41 | 000,104,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.05.30 17:58:38 | 000,316,956 | ---- | M] () -- C:\Users\***\Desktop\Mibi Kurs.pdf

[2011.05.30 17:57:27 | 000,245,663 | ---- | M] () -- C:\Users\***\Desktop\Mibi Kurs.odt

[2011.05.30 00:57:29 | 000,041,984 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.05.26 17:25:12 | 000,046,130 | ---- | M] () -- C:\Users\***\Desktop\Calculation_Green_SieheTotaleNachfrage2.ods

[2011.05.26 16:50:00 | 000,039,576 | ---- | M] () -- C:\Users\***\Desktop\Calculation_Green2.ods

[2011.05.24 18:52:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2011.05.20 23:48:10 | 016,111,389 | ---- | M] () -- C:\Users\***\Desktop\Italien_1940_Mai_30.eug

[2011.05.19 12:48:55 | 000,028,386 | ---- | M] () -- C:\Users\***\Desktop\Optionen Runde 4.odt

[2011.05.18 22:30:37 | 016,130,101 | ---- | M] () -- C:\Users\***\Desktop\Italien_1940_Mai_7 xxx.eug

[2011.05.18 19:49:53 | 013,304,806 | ---- | M] () -- C:\Users\***\Desktop\Procter_gamble.zip

[2011.05.16 09:05:20 | 001,404,234 | ---- | M] () -- C:\Users\***\Desktop\Hotmail.zip

[2011.05.10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2011.05.10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2011.05.10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2011.05.10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2011.05.10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2011.05.10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2011.05.10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2011.05.10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2011.05.09 20:29:27 | 000,079,849 | ---- | M] () -- C:\Users\***\Desktop\216443_212684722094298_100000583148127_749754_2942354_n.jpg

[2011.05.07 10:20:41 | 000,076,570 | ---- | M] () -- C:\Users\***\Desktop\PdfPrint.pdf

[2011.05.07 10:14:09 | 000,044,567 | ---- | M] () -- C:\Users\***\Desktop\B10419-2660_54877939_8MWBL3_145469-20110508-PDFTICKET 19 .pdf

[2011.05.07 01:49:35 | 000,007,846 | ---- | M] () -- C:\Users\***\Desktop\OpenDocument Text (neu).odt

[2011.05.06 12:35:05 | 000,733,188 | ---- | M] () -- C:\Users\***\Desktop\tox 3.pdf

[2011.05.06 12:33:59 | 002,216,156 | ---- | M] () -- C:\Users\***\Desktop\tox 2.pdf

[2011.05.06 12:32:15 | 003,270,670 | ---- | M] () -- C:\Users\***\Desktop\tox 1.pdf

[2011.05.05 23:40:41 | 000,001,876 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VLC play! Server.lnk

[2011.05.05 23:39:30 | 000,724,935 | ---- | M] (ageye GbR                                                   ) -- C:\Users\***\Desktop\vlcplayserver_1.1.exe

[2011.05.05 12:47:50 | 000,029,177 | ---- | M] () -- C:\Users\***\Desktop\Strategie_Green_AOI.odt

[2011.05.04 22:33:45 | 000,767,892 | ---- | M] () -- C:\Users\***\Desktop\Vorlesung Grundlagenmodul Slide Selection 1104.pdf

[2011.05.04 19:26:22 | 000,047,810 | ---- | M] () -- C:\Users\***\Desktop\***.jpg

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.06.01 18:28:01 | 000,027,190 | ---- | C] () -- C:\Users\***\Desktop\Frequently asked questions.odt

[2011.06.01 17:41:27 | 000,053,897 | ---- | C] () -- C:\Users\***\Desktop\Kalkulation_Runde5.ods

[2011.06.01 13:16:05 | 000,037,845 | ---- | C] () -- C:\Users\***\Desktop\2.jpg

[2011.06.01 13:16:05 | 000,025,149 | ---- | C] () -- C:\Users\***\Desktop\3.jpg

[2011.06.01 13:15:36 | 000,059,600 | ---- | C] () -- C:\Users\***\Desktop\4.jpg

[2011.06.01 13:15:36 | 000,032,390 | ---- | C] () -- C:\Users\***\Desktop\1.jpg

[2011.05.30 17:58:36 | 000,316,956 | ---- | C] () -- C:\Users\***\Desktop\Mibi Kurs.pdf

[2011.05.30 17:57:26 | 000,245,663 | ---- | C] () -- C:\Users\***\Desktop\Mibi Kurs.odt

[2011.05.26 16:58:04 | 000,046,130 | ---- | C] () -- C:\Users\***\Desktop\Calculation_Green_SieheTotaleNachfrage2.ods

[2011.05.23 10:15:42 | 016,111,389 | ---- | C] () -- C:\Users\***\Desktop\Italien_1940_Mai_30.eug

[2011.05.20 18:19:00 | 016,130,101 | ---- | C] () -- C:\Users\***\Desktop\Italien_1940_Mai_7 xxx.eug

[2011.05.18 19:49:34 | 013,304,806 | ---- | C] () -- C:\Users\***\Desktop\Procter_gamble.zip

[2011.05.18 09:07:05 | 000,028,386 | ---- | C] () -- C:\Users\***\Desktop\Optionen Runde 4.odt

[2011.05.17 10:05:58 | 000,039,576 | ---- | C] () -- C:\Users\***\Desktop\Calculation_Green2.ods

[2011.05.16 09:05:16 | 001,404,234 | ---- | C] () -- C:\Users\***\Desktop\Hotmail.zip

[2011.05.09 20:29:26 | 000,079,849 | ---- | C] () -- C:\Users\***\Desktop\216443_212684722094298_100000583148127_749754_2942354_n.jpg

[2011.05.07 10:20:40 | 000,076,570 | ---- | C] () -- C:\Users\***\Desktop\PdfPrint.pdf

[2011.05.07 10:14:07 | 000,044,567 | ---- | C] () -- C:\Users\***\Desktop\B10419-2660_54877939_8MWBL3_145469-20110508-PDFTICKET 19 .pdf

[2011.05.07 01:09:46 | 000,007,846 | ---- | C] () -- C:\Users\***\Desktop\OpenDocument Text (neu).odt

[2011.05.06 12:35:05 | 000,733,188 | ---- | C] () -- C:\Users\dani\Desktop\tox 3.pdf

[2011.05.06 12:33:59 | 002,216,156 | ---- | C] () -- C:\Users\dani\Desktop\tox 2.pdf

[2011.05.06 12:32:14 | 003,270,670 | ---- | C] () -- C:\Users\dani\Desktop\tox 1.pdf

[2011.05.05 23:40:41 | 000,001,876 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VLC play! Server.lnk

[2011.05.05 12:47:49 | 000,029,177 | ---- | C] () -- C:\Users\***\Desktop\Strategie_Green_AOI.odt

[2011.05.04 19:26:20 | 000,047,810 | ---- | C] () -- C:\Users\***\Desktop\anna.jpg

[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2011.01.13 10:14:46 | 000,000,983 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2010.12.05 19:22:45 | 000,000,036 | ---- | C] () -- C:\Users\dani\AppData\Local\housecall.guid.cache

[2010.09.06 20:52:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.07.10 13:21:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0.17074596067894565.exe

[2010.05.20 18:42:02 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe

[2010.04.29 21:39:24 | 000,000,600 | ---- | C] () -- C:\Users\dani\AppData\Local\PUTTY.RND

[2010.04.11 20:54:53 | 000,167,936 | ---- | C] () -- C:\Windows\A4.dll

[2010.04.11 20:54:53 | 000,045,056 | ---- | C] () -- C:\Windows\GetKey.dll

[2010.04.11 20:44:39 | 000,001,841 | ---- | C] () -- C:\ProgramData\HijackThis.lnk

[2010.03.14 13:39:56 | 000,008,385 | ---- | C] () -- C:\Windows\System32\SETUP.INI

[2010.03.10 18:30:32 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2009.10.15 18:24:01 | 000,000,604 | ---- | C] () -- C:\Windows\Edofma.INI

[2009.08.16 16:29:18 | 000,438,272 | ---- | C] () -- C:\Windows\System32\PaintX.dll

[2009.06.05 21:30:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.06.05 21:30:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.05.03 20:39:16 | 000,041,984 | ---- | C] () -- C:\Users\dani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.04.28 21:53:57 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2009.04.28 21:53:56 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

[2009.04.28 21:15:47 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll

[2009.04.28 21:15:47 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll

[2009.04.13 21:54:46 | 000,000,680 | ---- | C] () -- C:\Users\dani\AppData\Local\d3d9caps.dat

[2009.04.13 21:21:51 | 000,179,179 | ---- | C] () -- C:\Windows\hphins27.dat

[2009.02.25 01:16:36 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe

[2009.02.25 01:16:26 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe

[2009.02.25 00:43:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.02.24 23:19:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.07.02 05:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll

[2008.05.22 19:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg

[2008.04.16 13:11:34 | 000,629,186 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.04.16 13:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.04.16 13:11:34 | 000,126,640 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.04.16 13:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini

[2008.03.09 16:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2008.03.09 15:32:51 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2008.03.04 13:01:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe

[2008.02.28 04:14:03 | 000,168,886 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007.12.13 02:04:20 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl27.dat

[2007.10.01 08:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2007.08.06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe

[2007.05.09 09:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 003,785,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,596,440 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,104,256 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2004.10.26 22:24:32 | 000,130,016 | ---- | C] () -- C:\Windows\System32\KM1630AQ.DRV

[2004.04.21 22:52:28 | 000,000,263 | ---- | C] () -- C:\Windows\System32\KCMV3D.INI

[2003.06.20 23:22:44 | 000,024,311 | ---- | C] () -- C:\Windows\System32\KM311910.DAT

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.12.23 21:02:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe

[2011.01.22 22:55:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer

[2009.05.10 23:14:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arcsoft

[2009.08.22 21:14:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari

[2009.03.31 21:23:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI

[2009.10.30 16:48:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus

[2009.12.12 16:02:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink

[2009.06.07 23:17:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite

[2009.09.20 12:28:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX

[2011.05.30 19:53:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss

[2010.12.05 00:10:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.03.10 20:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo

[2009.04.16 09:06:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google

[2009.12.04 22:10:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hamachi

[2009.04.13 21:58:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HP

[2011.04.06 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ

[2009.03.31 21:22:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities

[2009.05.03 14:54:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield

[2009.03.31 21:23:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia

[2010.12.06 19:01:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs

[2011.05.09 15:16:20 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft

[2009.04.24 15:42:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla

[2009.05.12 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2009.04.25 08:37:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera

[2010.12.06 20:09:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan

[2009.05.03 15:27:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scilab

[2009.05.09 22:10:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skinux

[2011.05.17 20:02:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype

[2011.05.17 18:13:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM

[2011.05.28 12:59:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client

[2009.06.26 21:25:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Symantec

[2010.07.09 03:29:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP

[2009.04.28 19:55:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software

[2010.05.03 20:39:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unigraphics Solutions

[2010.06.12 03:25:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc

[2009.04.28 19:50:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2010.06.04 10:53:16 | 000,010,134 | R--- | M] () -- C:\Users\dani\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A9662AE0

@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:010ADD2C
 

< End of report >

--- --- ---

[/code]

Code:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org
 

Datenbank Version: 6744
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19048
 

01.06.2011 18:11:38

mbam-log-2011-06-01 (18-11-38).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)

Durchsuchte Objekte: 545123

Laufzeit: 1 Stunde(n), 59 Minute(n), 52 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Zitat:

C:\Program Files\ageye\VLC play! Server\VLCplayServer.exe

Was soll denn das sein? Offizieller VLC-PLayer ist das ja wohl nicht!

Hey,
ne das ist nicht der VLC-Playern, sondern das Gegenstück von einer Windows Phone 7 App. Damit ist es möglich den VLC-Player mit dem Handy anzusteuern, also Lautstärke regeln.
Wird das denn als gefährlich angezeigt?

Danke übrigens schonmal für die Hilfe!!

Nein ich wollte nur wissen was das ist.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

SRV - File not found [On_Demand | Stopped] --  -- (ACDaemon)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{0f38fdde-3e41-11df-8126-002354623135}\Shell\AutoRun\command - "" = H:\Menu.exe

O33 - MountPoints2\{11468d40-159d-11e0-8820-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{11468d40-159d-11e0-8820-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe

O33 - MountPoints2\{295c0b7d-539d-11de-9038-002354623135}\Shell - "" = AutoRun

O33 - MountPoints2\{295c0b7d-539d-11de-9038-002354623135}\Shell\AutoRun\command - "" = G:\autoplay.exe

O33 - MountPoints2\{47a1c498-144c-11e0-8f15-002354623135}\Shell - "" = AutoRun

O33 - MountPoints2\{47a1c498-144c-11e0-8f15-002354623135}\Shell\AutoRun\command - "" = I:\setup.exe

O33 - MountPoints2\{e331fcbe-1440-11e0-8ce2-002354623135}\Shell - "" = AutoRun

O33 - MountPoints2\{e331fcbe-1440-11e0-8ce2-002354623135}\Shell\AutoRun\command - "" = F:\autorunmenu.exe

[2011.05.04 20:06:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{17724F29-BEFF-4C9D-923C-C8ADBB6ACF1C}

[2010.07.10 13:21:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0.17074596067894565.exe

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A9662AE0

@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:010ADD2C

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

hey,

ich hab ein Problem mit OTL. Ich wollte es ausführen da wurde es von avast als Trojaner erkannt und hat es automatisch gelöscht. Runterladen klappt nun nicht mehr da es immer wieder gelöscht wird.

Kannst du mir das vllt gepackt per Mail schicken? Dann kann ich es runterladen, internet trennen und avast ausmachen. Vllt klappt das ja.

Du kannst avast auch so vorher deaktivieren. Und nein, nur weil man eine Verbindung zum Internet hat, fliegen die Schädlinge nicht einfach so auf dem Rechner, man kann auch sicher ohne Virenscanner im Internet surfen.

OK, scheint geklappt zu haben! Hier der Log:

Code:

========== OTL ==========

Service ACDaemon stopped successfully!

Service ACDaemon deleted successfully!

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f38fdde-3e41-11df-8126-002354623135}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f38fdde-3e41-11df-8126-002354623135}\ not found.

File H:\Menu.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11468d40-159d-11e0-8820-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11468d40-159d-11e0-8820-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11468d40-159d-11e0-8820-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11468d40-159d-11e0-8820-806e6f6e6963}\ not found.

File F:\autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{295c0b7d-539d-11de-9038-002354623135}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{295c0b7d-539d-11de-9038-002354623135}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{295c0b7d-539d-11de-9038-002354623135}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{295c0b7d-539d-11de-9038-002354623135}\ not found.

File G:\autoplay.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47a1c498-144c-11e0-8f15-002354623135}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47a1c498-144c-11e0-8f15-002354623135}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47a1c498-144c-11e0-8f15-002354623135}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47a1c498-144c-11e0-8f15-002354623135}\ not found.

File I:\setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e331fcbe-1440-11e0-8ce2-002354623135}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e331fcbe-1440-11e0-8ce2-002354623135}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e331fcbe-1440-11e0-8ce2-002354623135}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e331fcbe-1440-11e0-8ce2-002354623135}\ not found.

File F:\autorunmenu.exe not found.

C:\Users\***\AppData\Local\{17724F29-BEFF-4C9D-923C-C8ADBB6ACF1C} folder moved successfully.

C:\Windows\System32\0.17074596067894565.exe moved successfully.

ADS C:\ProgramData\Temp:A9662AE0 deleted successfully.

ADS C:\ProgramData\Temp:010ADD2C deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.23.0 log created on 06032011_162033

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hey,

habs durchlaufen lassen und danach direkt auf neustarten geklickt, von daher hab ich kein Log mehr. Hab nur den Log nach dem Neustart.

Code:

2011/06/04 14:25:24.0304 3256        TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24

2011/06/04 14:25:24.0546 3256        ================================================================================

2011/06/04 14:25:24.0546 3256        SystemInfo:

2011/06/04 14:25:24.0546 3256        

2011/06/04 14:25:24.0547 3256        OS Version: 6.0.6002 ServicePack: 2.0

2011/06/04 14:25:24.0547 3256        Product type: Workstation

2011/06/04 14:25:24.0547 3256        ComputerName: DANI-PC

2011/06/04 14:25:24.0547 3256        UserName: dani

2011/06/04 14:25:24.0547 3256        Windows directory: C:\Windows

2011/06/04 14:25:24.0547 3256        System windows directory: C:\Windows

2011/06/04 14:25:24.0547 3256        Processor architecture: Intel x86

2011/06/04 14:25:24.0547 3256        Number of processors: 2

2011/06/04 14:25:24.0547 3256        Page size: 0x1000

2011/06/04 14:25:24.0547 3256        Boot type: Normal boot

2011/06/04 14:25:24.0547 3256        ================================================================================

2011/06/04 14:25:25.0952 3256        Initialize success

2011/06/04 14:26:19.0337 2492        ================================================================================

2011/06/04 14:26:19.0337 2492        Scan started

2011/06/04 14:26:19.0337 2492        Mode: Manual; 

2011/06/04 14:26:19.0337 2492        ================================================================================

2011/06/04 14:26:20.0179 2492        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2011/06/04 14:26:20.0363 2492        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2011/06/04 14:26:20.0502 2492        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2011/06/04 14:26:20.0587 2492        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2011/06/04 14:26:20.0728 2492        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2011/06/04 14:26:20.0879 2492        AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2011/06/04 14:26:20.0958 2492        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2011/06/04 14:26:21.0050 2492        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/06/04 14:26:21.0104 2492        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2011/06/04 14:26:21.0179 2492        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2011/06/04 14:26:21.0277 2492        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2011/06/04 14:26:21.0376 2492        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2011/06/04 14:26:21.0427 2492        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

2011/06/04 14:26:21.0557 2492        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2011/06/04 14:26:21.0589 2492        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2011/06/04 14:26:21.0755 2492        AsDsm           (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys

2011/06/04 14:26:21.0910 2492        ASMMAP          (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys

2011/06/04 14:26:22.0084 2492        aswFsBlk        (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys

2011/06/04 14:26:22.0204 2492        aswMonFlt       (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys

2011/06/04 14:26:22.0302 2492        aswRdr          (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys

2011/06/04 14:26:22.0393 2492        aswSnx          (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys

2011/06/04 14:26:22.0492 2492        aswSP           (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys

2011/06/04 14:26:22.0753 2492        aswTdi          (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys

2011/06/04 14:26:22.0896 2492        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/06/04 14:26:23.0108 2492        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2011/06/04 14:26:23.0347 2492        athr            (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys

2011/06/04 14:26:23.0886 2492        atikmdag        (8ae1745bfc7d383daa3f82fe8d7be7c0) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/06/04 14:26:24.0124 2492        atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys

2011/06/04 14:26:24.0227 2492        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/06/04 14:26:24.0276 2492        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2011/06/04 14:26:24.0355 2492        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

2011/06/04 14:26:24.0391 2492        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/06/04 14:26:24.0468 2492        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/06/04 14:26:24.0578 2492        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/06/04 14:26:24.0808 2492        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/06/04 14:26:24.0905 2492        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/06/04 14:26:24.0954 2492        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/06/04 14:26:25.0047 2492        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/06/04 14:26:25.0091 2492        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/06/04 14:26:25.0207 2492        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2011/06/04 14:26:25.0301 2492        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

2011/06/04 14:26:25.0480 2492        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2011/06/04 14:26:25.0644 2492        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/06/04 14:26:25.0697 2492        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2011/06/04 14:26:25.0807 2492        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/06/04 14:26:25.0891 2492        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2011/06/04 14:26:25.0934 2492        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2011/06/04 14:26:26.0131 2492        DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2011/06/04 14:26:26.0183 2492        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2011/06/04 14:26:26.0422 2492        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/06/04 14:26:26.0578 2492        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

2011/06/04 14:26:26.0817 2492        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/06/04 14:26:26.0897 2492        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2011/06/04 14:26:26.0959 2492        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2011/06/04 14:26:27.0011 2492        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

2011/06/04 14:26:27.0093 2492        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2011/06/04 14:26:27.0206 2492        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2011/06/04 14:26:27.0340 2492        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2011/06/04 14:26:27.0438 2492        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/06/04 14:26:27.0472 2492        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/06/04 14:26:27.0524 2492        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/06/04 14:26:27.0604 2492        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2011/06/04 14:26:27.0758 2492        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/06/04 14:26:27.0849 2492        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2011/06/04 14:26:28.0057 2492        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/06/04 14:26:28.0176 2492        hamachi         (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys

2011/06/04 14:26:28.0234 2492        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/06/04 14:26:28.0395 2492        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/06/04 14:26:28.0525 2492        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/06/04 14:26:28.0575 2492        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/06/04 14:26:28.0784 2492        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2011/06/04 14:26:28.0847 2492        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

2011/06/04 14:26:29.0037 2492        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2011/06/04 14:26:29.0093 2492        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2011/06/04 14:26:29.0141 2492        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/06/04 14:26:29.0200 2492        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2011/06/04 14:26:29.0343 2492        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/06/04 14:26:29.0953 2492        IntcAzAudAddService (b795745f7e51aa20d46753ec5a811aca) C:\Windows\system32\drivers\RTKVHDA.sys

2011/06/04 14:26:30.0110 2492        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2011/06/04 14:26:30.0142 2492        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/06/04 14:26:30.0257 2492        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/06/04 14:26:30.0414 2492        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

2011/06/04 14:26:30.0463 2492        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/06/04 14:26:30.0551 2492        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/06/04 14:26:30.0586 2492        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2011/06/04 14:26:30.0778 2492        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/06/04 14:26:30.0898 2492        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/06/04 14:26:30.0956 2492        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/06/04 14:26:31.0041 2492        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/06/04 14:26:31.0086 2492        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

2011/06/04 14:26:31.0172 2492        kbfiltr         (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys

2011/06/04 14:26:31.0281 2492        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2011/06/04 14:26:31.0505 2492        lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys

2011/06/04 14:26:31.0681 2492        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/06/04 14:26:31.0784 2492        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2011/06/04 14:26:31.0863 2492        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2011/06/04 14:26:31.0966 2492        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2011/06/04 14:26:32.0060 2492        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/06/04 14:26:32.0099 2492        lullaby         (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys

2011/06/04 14:26:32.0181 2492        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2011/06/04 14:26:32.0286 2492        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2011/06/04 14:26:32.0352 2492        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/06/04 14:26:32.0397 2492        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/06/04 14:26:32.0485 2492        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/06/04 14:26:32.0550 2492        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/06/04 14:26:32.0708 2492        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/06/04 14:26:32.0889 2492        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

2011/06/04 14:26:32.0955 2492        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/06/04 14:26:33.0050 2492        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/06/04 14:26:33.0124 2492        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2011/06/04 14:26:33.0234 2492        mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/06/04 14:26:33.0324 2492        mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/06/04 14:26:33.0373 2492        mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/06/04 14:26:33.0467 2492        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

2011/06/04 14:26:33.0575 2492        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

2011/06/04 14:26:33.0652 2492        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/06/04 14:26:33.0683 2492        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/06/04 14:26:33.0886 2492        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/06/04 14:26:33.0937 2492        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/06/04 14:26:33.0993 2492        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/06/04 14:26:34.0088 2492        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2011/06/04 14:26:34.0247 2492        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/06/04 14:26:34.0327 2492        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/06/04 14:26:34.0424 2492        MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys

2011/06/04 14:26:34.0571 2492        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2011/06/04 14:26:34.0762 2492        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2011/06/04 14:26:35.0020 2492        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2011/06/04 14:26:35.0086 2492        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/06/04 14:26:35.0187 2492        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/06/04 14:26:35.0347 2492        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/06/04 14:26:35.0593 2492        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/06/04 14:26:35.0841 2492        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/06/04 14:26:35.0949 2492        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2011/06/04 14:26:36.0079 2492        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/06/04 14:26:36.0135 2492        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2011/06/04 14:26:36.0244 2492        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/06/04 14:26:36.0494 2492        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2011/06/04 14:26:36.0547 2492        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/06/04 14:26:36.0589 2492        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/06/04 14:26:36.0640 2492        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2011/06/04 14:26:36.0682 2492        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2011/06/04 14:26:36.0743 2492        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2011/06/04 14:26:37.0012 2492        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/06/04 14:26:37.0088 2492        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/06/04 14:26:37.0196 2492        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2011/06/04 14:26:37.0324 2492        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/06/04 14:26:37.0470 2492        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2011/06/04 14:26:37.0577 2492        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

2011/06/04 14:26:37.0698 2492        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/06/04 14:26:37.0880 2492        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/06/04 14:26:38.0005 2492        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/06/04 14:26:38.0063 2492        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

2011/06/04 14:26:38.0118 2492        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2011/06/04 14:26:38.0204 2492        PxHelp20        (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys

2011/06/04 14:26:38.0403 2492        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2011/06/04 14:26:38.0526 2492        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/06/04 14:26:38.0572 2492        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/06/04 14:26:38.0600 2492        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/06/04 14:26:38.0696 2492        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/06/04 14:26:38.0790 2492        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/06/04 14:26:38.0837 2492        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2011/06/04 14:26:38.0900 2492        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2011/06/04 14:26:39.0006 2492        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/06/04 14:26:39.0138 2492        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

2011/06/04 14:26:39.0175 2492        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/06/04 14:26:39.0253 2492        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2011/06/04 14:26:39.0410 2492        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/06/04 14:26:39.0467 2492        RTSTOR          (557d431125aa3d58f2d132fda1eb8255) C:\Windows\system32\drivers\RTSTOR.SYS

2011/06/04 14:26:39.0645 2492        SANDRA          (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys

2011/06/04 14:26:39.0892 2492        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/06/04 14:26:40.0066 2492        sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

2011/06/04 14:26:40.0134 2492        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/06/04 14:26:40.0244 2492        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/06/04 14:26:40.0309 2492        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/06/04 14:26:40.0364 2492        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/06/04 14:26:40.0476 2492        sfdrv01         (00de597b81b381053cb5b21a7f20e365) C:\Windows\system32\drivers\sfdrv01.sys

2011/06/04 14:26:40.0533 2492        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

2011/06/04 14:26:40.0574 2492        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

2011/06/04 14:26:40.0708 2492        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

2011/06/04 14:26:40.0782 2492        sfhlp02         (64b9ab76f1b16eb059cb6cdd906c067a) C:\Windows\system32\drivers\sfhlp02.sys

2011/06/04 14:26:40.0839 2492        sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/06/04 14:26:40.0926 2492        sfsync02        (798d918d8f20380008277ce3ce5319d1) C:\Windows\system32\drivers\sfsync02.sys

2011/06/04 14:26:41.0038 2492        Sftfs           (cc895997c0995a07b6b2779a3b21918b) C:\Windows\system32\DRIVERS\Sftfslh.sys

2011/06/04 14:26:41.0111 2492        Sftplay         (cf5e9798637795db59697f5e40fca993) C:\Windows\system32\DRIVERS\Sftplaylh.sys

2011/06/04 14:26:41.0161 2492        Sftredir        (4c8076ff8938b365eeec9123969e0350) C:\Windows\system32\DRIVERS\Sftredirlh.sys

2011/06/04 14:26:41.0204 2492        Sftvol          (6095a5f221eca9dada2c9ee80ec0d92d) C:\Windows\system32\DRIVERS\Sftvollh.sys

2011/06/04 14:26:41.0362 2492        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2011/06/04 14:26:41.0457 2492        SiSGbeLH        (a029482be40def54df02fce751aa16dc) C:\Windows\system32\DRIVERS\SiSGB6.sys

2011/06/04 14:26:41.0518 2492        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2011/06/04 14:26:41.0566 2492        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2011/06/04 14:26:41.0692 2492        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2011/06/04 14:26:41.0784 2492        smserial        (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys

2011/06/04 14:26:42.0224 2492        SNP2UVC         (0302bc619d4a723317e7f8eb0c362bd3) C:\Windows\system32\DRIVERS\snp2uvc.sys

2011/06/04 14:26:42.0295 2492        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/06/04 14:26:42.0402 2492        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

2011/06/04 14:26:42.0505 2492        srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys

2011/06/04 14:26:42.0709 2492        srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys

2011/06/04 14:26:42.0895 2492        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/06/04 14:26:43.0033 2492        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/06/04 14:26:43.0133 2492        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/06/04 14:26:43.0262 2492        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/06/04 14:26:43.0335 2492        SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys

2011/06/04 14:26:43.0391 2492        tap0801         (0c82061920a2de35d33c2c2bb83b1e98) C:\Windows\system32\DRIVERS\tap0801.sys

2011/06/04 14:26:43.0531 2492        Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2011/06/04 14:26:43.0698 2492        Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2011/06/04 14:26:43.0803 2492        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2011/06/04 14:26:43.0946 2492        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/06/04 14:26:44.0092 2492        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/06/04 14:26:44.0256 2492        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2011/06/04 14:26:44.0425 2492        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2011/06/04 14:26:44.0527 2492        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/06/04 14:26:44.0628 2492        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/06/04 14:26:44.0767 2492        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2011/06/04 14:26:44.0833 2492        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2011/06/04 14:26:45.0037 2492        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2011/06/04 14:26:45.0144 2492        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2011/06/04 14:26:45.0244 2492        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2011/06/04 14:26:45.0292 2492        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/06/04 14:26:45.0341 2492        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/06/04 14:26:45.0399 2492        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/06/04 14:26:45.0544 2492        USBAAPL         (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

2011/06/04 14:26:45.0618 2492        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/06/04 14:26:45.0718 2492        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/06/04 14:26:45.0783 2492        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/06/04 14:26:45.0889 2492        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2011/06/04 14:26:46.0027 2492        usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

2011/06/04 14:26:46.0187 2492        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/06/04 14:26:46.0364 2492        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2011/06/04 14:26:46.0471 2492        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/06/04 14:26:46.0585 2492        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/06/04 14:26:46.0693 2492        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

2011/06/04 14:26:46.0872 2492        VClone          (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys

2011/06/04 14:26:46.0989 2492        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/06/04 14:26:47.0038 2492        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/06/04 14:26:47.0099 2492        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2011/06/04 14:26:47.0156 2492        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2011/06/04 14:26:47.0217 2492        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2011/06/04 14:26:47.0274 2492        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/06/04 14:26:47.0377 2492        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2011/06/04 14:26:47.0437 2492        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2011/06/04 14:26:47.0533 2492        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2011/06/04 14:26:47.0624 2492        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/06/04 14:26:47.0756 2492        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/04 14:26:47.0788 2492        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/04 14:26:48.0011 2492        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2011/06/04 14:26:48.0210 2492        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/06/04 14:26:48.0459 2492        WinUSB          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys

2011/06/04 14:26:48.0551 2492        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/06/04 14:26:48.0825 2492        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/06/04 14:26:48.0962 2492        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/06/04 14:26:49.0071 2492        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/06/04 14:26:49.0123 2492        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/06/04 14:26:49.0336 2492        yukonwlh        (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys

2011/06/04 14:26:49.0492 2492        MBR (0x1B8)     (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0

2011/06/04 14:26:49.0509 2492        ================================================================================

2011/06/04 14:26:49.0509 2492        Scan finished

2011/06/04 14:26:49.0509 2492        ================================================================================

2011/06/04 14:26:49.0524 1380        Detected object count: 0

2011/06/04 14:26:49.0524 1380        Actual detected object count: 0

Es hat auf jedenfall etwas gefunden und gelöscht. Und auf meine eigenen Dateien kann ich zugreifen, deshalb hab ich Unhide nicht extra ausgeführt.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

[code]
Combofix Logfile:

Code:

ComboFix 11-06-05.01 - dani 05.06.2011  14:00:04.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1906 [GMT 2:00]

ausgeführt von:: c:\users\dani\Desktop\cofi.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\iuoidiosri.exe

c:\iuoidiosri.exe\config.bin

c:\windows\system32\setup.ini

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-05-05 bis 2011-06-05  ))))))))))))))))))))))))))))))

.

.

2011-06-05 11:57 . 2011-06-05 11:57        --------        d-----w-        C:\32788R22FWJFW

2011-06-03 14:20 . 2011-06-03 14:20        --------        d-----w-        C:\_OTL

2011-06-03 12:23 . 2011-05-09 20:46        6962000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5519886E-B10B-4A66-8E44-509DCD13BE66}\mpengine.dll

2011-05-31 16:49 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-31 16:49 . 2011-05-29 07:11        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-05-24 16:52 . 2011-05-10 12:03        441176        ----a-w-        c:\windows\system32\drivers\aswSnx.sys

2011-05-17 18:57 . 2011-05-17 18:57        --------        d-----w-        c:\users\dani\AppData\Local\{2F32CDF7-00A6-4397-864A-096C3466C5DA}

2011-05-14 14:38 . 2011-05-14 14:38        --------        d-----w-        c:\users\dani\AppData\Local\{B7858982-E89F-4FED-84EF-A2FB1D0CA99E}

2011-05-12 18:33 . 2011-05-12 18:33        --------        d-----w-        c:\users\dani\AppData\Local\{ECAC77A5-0E60-4BC1-81A7-3689B4D7C654}

2011-05-11 14:17 . 2011-05-11 14:18        --------        d-----w-        c:\users\dani\AppData\Local\{B6AD6F74-9D01-432D-8CD7-5DCFA4AC0300}

2011-05-11 11:59 . 2011-04-07 12:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2011-05-09 17:07 . 2011-05-09 17:08        --------        d-----w-        c:\users\dani\AppData\Local\{66116B64-24A0-43D9-B582-2D3BF857AE50}

2011-05-07 19:03 . 2011-05-07 19:03        --------        d-----w-        c:\users\dani\AppData\Local\{B7B624D3-618B-4C42-B0D7-A7BAF63CEBB8}

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-10 12:10 . 2010-06-29 09:56        40112        ----a-w-        c:\windows\avastSS.scr

2011-05-10 12:10 . 2010-04-20 09:13        199304        ----a-w-        c:\windows\system32\aswBoot.exe

2011-05-10 12:03 . 2010-04-20 09:14        307928        ----a-w-        c:\windows\system32\drivers\aswSP.sys

2011-05-10 12:02 . 2010-04-20 09:14        49240        ----a-w-        c:\windows\system32\drivers\aswTdi.sys

2011-05-10 11:59 . 2010-04-20 09:14        25432        ----a-w-        c:\windows\system32\drivers\aswRdr.sys

2011-05-10 11:59 . 2010-04-20 09:14        53592        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2011-05-10 11:59 . 2010-04-20 09:14        19544        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys

2011-04-09 16:55 . 2011-04-09 16:55        15453336        ----a-w-        c:\windows\system32\xlive.dll

2011-04-09 16:55 . 2011-04-09 16:55        13642904        ----a-w-        c:\windows\system32\xlivefnt.dll

2011-03-17 02:00 . 2011-03-17 02:00        108144        ----a-w-        c:\windows\system32\CmdLineExt.dll

2011-03-12 21:55 . 2011-04-27 14:04        876032        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-03-10 17:03 . 2011-04-15 08:11        1162240        ----a-w-        c:\windows\system32\mfc42u.dll

2011-03-10 17:03 . 2011-04-15 08:11        1136640        ----a-w-        c:\windows\system32\mfc42.dll

2011-03-09 13:30 . 2010-06-24 10:33        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2008-07-02 03:28 . 2008-07-02 03:28        61440        ----a-w-        c:\program files\Common Files\CPInstallAction.dll

2009-03-31 20:47 . 2009-08-07 21:19        324976        ----a-w-        c:\program files\mozilla firefox\components\coFFPlgn.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10        122512        ----a-w-        c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 01:08        143360        ----a-w-        c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]

"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

.

c:\users\dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

VLC play! Server.lnk - c:\program files\ageye\VLC play! Server\VLCplayServer.exe [2011-5-5 462848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

"ICQ"="c:\program files\ICQ7.2\ICQ.exe" silent loginmode=4

"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

"ASUS Camera ScreenSaver"=c:\windows\AsScrProlog.exe

"ATKMEDIA"=c:\program files\ASUS\ATK Media\DMedia.exe

"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe"

"openvpn-gui"=c:\program files\OpenVPN\bin\openvpn-gui.exe

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

"ASUS Screen Saver Protector"=c:\windows\ASScrPro.exe

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 93848]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 268528]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-23 550760]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-23 195944]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-23 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]

S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 18:14        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2011-06-05 c:\windows\Tasks\1-Klick-Wartung.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]

.

2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 20:59]

.

2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 20:59]

.

2011-06-04 c:\windows\Tasks\User_Feed_Synchronization-{3CDFAA12-AB5C-4A00-A36F-295ADAD51018}.job

- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\dani\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\users\dani\AppData\Roaming\Mozilla\Firefox\Profiles\r40js1v1.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

FF - prefs.js: network.proxy.type - 2

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-14851473.sys

SafeBoot-WudfPf

SafeBoot-WudfRd

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-06-05 14:09

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

.

C:\ADSM_PData_0150

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 1

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-06-05  14:12:18

ComboFix-quarantined-files.txt  2011-06-05 12:12

.

Vor Suchlauf: 10 Verzeichnis(se), 11.564.052.480 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 11.478.540.288 Bytes frei

.

Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11

- - End Of File - - 08281A169C21FDAFDBEDC5C35F21BD99

--- --- ---

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Folder::

C:\32788R22FWJFW

c:\users\dani\AppData\Local\{2F32CDF7-00A6-4397-864A-096C3466C5DA}

c:\users\dani\AppData\Local\{B7858982-E89F-4FED-84EF-A2FB1D0CA99E}

c:\users\dani\AppData\Local\{ECAC77A5-0E60-4BC1-81A7-3689B4D7C654}

c:\users\dani\AppData\Local\{B6AD6F74-9D01-432D-8CD7-5DCFA4AC0300}

c:\users\dani\AppData\Local\{66116B64-24A0-43D9-B582-2D3BF857AE50}

c:\users\dani\AppData\Local\{B7B624D3-618B-4C42-B0D7-A7BAF63CEBB8}

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!