Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mebroot / Torpig Trojan


  • This topic is locked This topic is locked
9 replies to this topic

#1 langschan

langschan

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 11 July 2012 - 09:31 AM

Hello folks!

First a little introduction about what I’ve done before I found this forum:
I live in a dormitory and got a message from the internet service provider that my computer is infected by the Mebroot/Torpig Trojan. They blocked my internet access because of that Trojan. Yesterday I scanned my computer with the anti-virus programs “Avira Free Antivirus”, “Malwarebytes Anti-Malware” and “Spybot - Search and Destroy”. None of these programs was able to find the Trojan. The internet service provider advised GMER and Kaspersky TDSSKiller. With GMER I found “MBRoot/Sinowal@MBR code”, with Kaspersky TDSSKiller I found “Rootkit.Boot.Sinowal.b”. In Kaspersky TDSSKiller I chose the option “Cure”, rebooted the computer and searched again with GMER and Kapspersky TDSSKiller. Nothing was found, so I wrote a mail to the internet service provider that my computer was clean now and today my internet access was activated again.

Now my problem:
As I said GMER no longer shows “MBRoot/Sinowal@MBR code has been found” written in red after the scan anymore. But when I look closer there is still something that doesn’t sound that good (although it isn’t written in red, but in black letters): “malicious Win32: MBRoot code @ sector 320143323”.
Furthermore I can find the files “ibm00001.exe”, “ibm00003.exe”, “country.exe” and “ibm00001.dll” in my registry and I read that these files are signs of the Torpig Trojan.

I would like to know if the Mebroot/Torpig Trojan still is on my computer and - if that’s the case - what I should do to remove it. Should I remove the 4 files from my registry?
I hope you can help me with my problem.


Here’s the DDS.txt log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Pedder at 13:20:57 on 2012-07-11
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1512 [GMT 2:00]
.
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804FD0EC-FFA4-00EB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Programme\HP Deskjet F380\HP Software Update\HPWuSchd2.exe
C:\Programme\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\Programme\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\programme\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programme\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Start WingMan Profiler]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [nwiz] "c:\programme\nvidia corporation\nview\nwiz.exe" /installquiet
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HP Software Update] "c:\programme\hp deskjet f380\hp software update\HPWuSchd2.exe"
mRun: [CTCheck] "c:\programme\creative zen\zen media explorer\CTCheck.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [DivXUpdate] "c:\programme\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\programme\gemeinsame dateien\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\programme\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\programme\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\programme\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\logite~1.lnk - c:\programme\logitech\setpoint\SetPoint.exe
IE: Free YouTube Download - c:\dokumente und einstellungen\pedder\anwendungsdaten\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\pedder\anwendungsdaten\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\programme\icq 5\ICQLite.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\programme\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136568627140
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136568620046
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: Interfaces\{99CE5F40-35F7-4CF6-BFE9-88BE28E6050E} : NameServer = 131.174.78.16,131.174.78.17
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\pedder\anwendungsdaten\mozilla\firefox\profiles\0lvq3oq5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - plugin: c:\dokumente und einstellungen\all users\anwendungsdaten\id software\quakelive\npquakezero.dll
FF - plugin: c:\dokumente und einstellungen\all users\anwendungsdaten\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\dokumente und einstellungen\all users\anwendungsdaten\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\programme\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\programme\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\programme\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\programme\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\programme\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\programme\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\programme\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programme\veetle\player\npvlc.dll
FF - plugin: c:\programme\veetle\plugins\npVeetle.dll
FF - plugin: c:\programme\vlc player\npvlc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-14 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\avira\antivir desktop\sched.exe [2011-11-14 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\programme\avira\antivir desktop\avguard.exe [2011-11-14 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-17 83392]
R2 AVMPORT;AVMPORT;c:\windows\system32\drivers\avmport.sys [2005-12-24 59520]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-11-13 21992]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-2-29 12184]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programme\nvidia corporation\nvidia update core\daemonu.exe [2012-2-29 2348352]
R3 AVMNDSL;AVM DSL NDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmndsl.sys [2001-12-6 38608]
R3 AVMWAN;AVM NDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmwan.sys [2001-12-6 29968]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2005-12-24 28672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ALSysIO;ALSysIO;\??\c:\dokume~1\pedder\lokale~1\temp\alsysio.sys --> c:\dokume~1\pedder\lokale~1\temp\ALSysIO.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\atihdxp3.sys --> c:\windows\system32\drivers\AtihdXP3.sys [?]
S3 cpuz134;cpuz134;c:\programme\pc wizard 2010\pcwiz_x32.sys [2011-11-14 20328]
S3 d7c5195b-edc7-4e3e-8dc7-eeca1c9dfb0e;d7c5195b-edc7-4e3e-8dc7-eeca1c9dfb0e;\??\g:\player\cds300.dll --> g:\player\cds300.dll [?]
S3 ewzpp1qk.sys;ewzpp1qk.sys;\??\c:\windows\system32\drivers\ewzpp1qk.sys --> c:\windows\system32\drivers\ewzpp1qk.sys [?]
S3 FDSLBASE;AVM FRITZ!Card DSL (WinXP/2000);c:\windows\system32\drivers\fdslbase.sys [2005-12-24 868240]
S3 GPU-Z;GPU-Z;\??\c:\dokume~1\pedder\lokale~1\temp\gpu-z.sys --> c:\dokume~1\pedder\lokale~1\temp\GPU-Z.sys [?]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-2 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-2 12184]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\mozilla maintenance service\maintenanceservice.exe [2012-5-11 113120]
S3 NETFRITZ;AVM FRITZ!web PPP over ISDN;c:\windows\system32\drivers\netfritz.sys --> c:\windows\system32\drivers\NETFRITZ.SYS [?]
S3 NETFWDSL;AVM FRITZ!web DSL PPP;c:\windows\system32\drivers\netfwdsl.sys --> c:\windows\system32\drivers\NETFWDSL.SYS [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programme\sisoftware sandra lite 2012\RpcAgentSrv.exe [2011-11-14 93848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
=============== Created Last 30 ================
.
2012-07-11 05:44:40 -------- d-----w- c:\programme\Oracle
2012-07-10 17:59:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-10 15:41:20 -------- d-----w- c:\dokumente und einstellungen\pedder\anwendungsdaten\Malwarebytes
2012-07-10 15:41:12 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Malwarebytes
2012-07-10 15:41:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-10 15:41:11 -------- d-----w- c:\programme\Malwarebytes Anti-Malware
2012-07-10 15:39:52 -------- d-----w- c:\programme\Spybot - Search & Destroy
2012-07-10 15:39:52 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Spybot - Search & Destroy
2012-07-10 08:23:55 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-07-10 08:23:54 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-07-10 08:23:53 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-07-10 08:23:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-07-10 08:23:51 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-10 08:23:51 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-07-10 08:23:51 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-07-09 23:40:41 -------- d-----w- c:\windows\ie8updates
2012-07-02 18:26:02 -------- d-sh--w- c:\dokumente und einstellungen\pedder\PrivacIE
2012-06-27 15:58:47 -------- d-----w- c:\dokumente und einstellungen\pedder\.spss
2012-06-27 15:54:24 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\SPSS
2012-06-27 15:54:19 -------- d-----w- c:\programme\gemeinsame dateien\SPSSInc
2012-06-27 14:08:33 1024 ----a-w- c:\windows\system32\grcauth2.dll
2012-06-27 14:08:33 1024 ----a-w- c:\windows\system32\grcauth1.dll
2012-06-27 14:08:33 100 ----a-w- c:\windows\system32\prsgrc.dll
2012-06-27 14:08:00 -------- d-----w- c:\programme\Common~1
2012-06-26 08:17:36 7062 ----a-w- c:\windows\system32\audiopid.vxd
2012-06-18 21:12:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-18 21:12:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 09:38:25 -------- d-----w- c:\dokumente und einstellungen\pedder\lokale einstellungen\anwendungsdaten\Temp
.
==================== Find3M ====================
.
2012-06-27 15:53:42 205 ----a-w- c:\windows\system32\lsprst7.dll
2012-06-27 14:07:19 0 ----a-w- c:\windows\system32\ssprs.dll
2012-06-06 14:36:00 0 ----a-w- c:\windows\system32\RENB6.tmp
2012-06-06 14:36:00 0 ----a-w- c:\windows\system32\RENB5.tmp
2012-06-06 14:36:00 0 ----a-w- c:\windows\system32\RENB4.tmp
2012-06-06 14:35:45 0 ----a-w- c:\windows\system32\RENAD.tmp
2012-06-06 14:35:45 0 ----a-w- c:\windows\system32\RENAC.tmp
2012-06-06 14:35:45 0 ----a-w- c:\windows\system32\RENAB.tmp
2012-06-06 14:35:28 0 ----a-w- c:\windows\system32\RENA4.tmp
2012-06-06 14:35:28 0 ----a-w- c:\windows\system32\RENA3.tmp
2012-06-06 14:35:28 0 ----a-w- c:\windows\system32\RENA2.tmp
2012-06-06 14:35:09 0 ----a-w- c:\windows\system32\REN9C.tmp
2012-06-06 14:35:09 0 ----a-w- c:\windows\system32\REN9B.tmp
2012-06-06 14:35:09 0 ----a-w- c:\windows\system32\REN9A.tmp
2012-06-06 14:34:47 0 ----a-w- c:\windows\system32\REN95.tmp
2012-06-06 14:34:47 0 ----a-w- c:\windows\system32\REN94.tmp
2012-06-06 14:34:47 0 ----a-w- c:\windows\system32\REN93.tmp
2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:38 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19:38 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:34 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19:28 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18:58 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:01 604160 ----a-w- c:\windows\system32\crypt32.dll
2012-05-23 13:05:33 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-23 13:05:33 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-16 15:07:03 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:56:00 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:40:24 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-10 15:30:54 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-05 03:14:34 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14:34 2071424 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-04 17:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 17:29:22 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-04 17:29:16 687504 -c--a-w- c:\windows\system32\deployJava1.dll
2012-05-02 13:46:30 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-18 18:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-13 08:41:35 65536 ----a-w- c:\windows\DUMP4304.tmp
.
============= FINISH: 13:21:16,48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:11 AM

Posted 11 July 2012 - 02:46 PM

Good evening. :)

When you ran TDSSKiller it should have created a log saved to the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt. - i'd like a copy of the contents in your next reply.
Please check that you get the one with the right date and time. :)

As I said GMER no longer shows “MBRoot/Sinowal@MBR code has been found” written in red after the scan anymore. But when I look closer there is still something that doesn’t sound that good (although it isn’t written in red, but in black letters): “malicious Win32: MBRoot code @ sector 320143323”.

It is possible that this is just leftover junk from the infection, but we'll peek further in a while.

Furthermore I can find the files “ibm00001.exe”, “ibm00003.exe”, “country.exe” and “ibm00001.dll” in my registry and I read that these files are signs of the Torpig Trojan.

Can you tell me where exactly in the registry you find these file names?

So long, and thanks for all the fish.

 

 


#3 langschan

langschan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 11 July 2012 - 04:54 PM

Hello Noviciate!

Thank you for your help!

Can you tell me where exactly in the registry you find these file names?

I attached a screenshot of the registry because then you can see the rest of the files which are in this folder. At the bottom of the screenshot you can see where the folder is located.

When you ran TDSSKiller it should have created a log saved to the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt. - i'd like a copy of the contents in your next reply.
Please check that you get the one with the right date and time. :)

Here's the TDSSKiller.txt log:

19:52:49.0187 4028 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
19:52:49.0343 4028 ============================================================
19:52:49.0343 4028 Current date / time: 2012/07/10 19:52:49.0343
19:52:49.0343 4028 SystemInfo:
19:52:49.0343 4028
19:52:49.0343 4028 OS Version: 5.1.2600 ServicePack: 3.0
19:52:49.0343 4028 Product type: Workstation
19:52:49.0343 4028 ComputerName: TOP-RECHNER
19:52:49.0343 4028 UserName: Pedder
19:52:49.0343 4028 Windows directory: C:\WINDOWS
19:52:49.0343 4028 System windows directory: C:\WINDOWS
19:52:49.0343 4028 Processor architecture: Intel x86
19:52:49.0343 4028 Number of processors: 1
19:52:49.0343 4028 Page size: 0x1000
19:52:49.0343 4028 Boot type: Normal boot
19:52:49.0343 4028 ============================================================
19:52:50.0875 4028 Drive \Device\Harddisk0\DR0 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:52:50.0875 4028 ============================================================
19:52:50.0875 4028 \Device\Harddisk0\DR0:
19:52:50.0875 4028 MBR partitions:
19:52:50.0875 4028 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D4B139
19:52:50.0921 4028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B1B7, BlocksNum 0x2711637
19:52:50.0953 4028 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445C82D, BlocksNum 0x61A7927
19:52:50.0968 4028 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA604193, BlocksNum 0x8B4BE45
19:52:50.0968 4028 ============================================================
19:52:51.0046 4028 C: <-> \Device\Harddisk0\DR0\Partition0
19:52:51.0078 4028 E: <-> \Device\Harddisk0\DR0\Partition2
19:52:51.0109 4028 F: <-> \Device\Harddisk0\DR0\Partition3
19:52:51.0125 4028 D: <-> \Device\Harddisk0\DR0\Partition1
19:52:51.0125 4028 ============================================================
19:52:51.0125 4028 Initialize success
19:52:51.0125 4028 ============================================================
19:53:34.0265 2968 ============================================================
19:53:34.0265 2968 Scan started
19:53:34.0265 2968 Mode: Manual;
19:53:34.0265 2968 ============================================================
19:53:35.0484 2968 6to4 (d5a6658cbfbbf9a0f8827e83c9fde806) C:\WINDOWS\System32\6to4svc.dll
19:53:35.0500 2968 6to4 - ok
19:53:35.0531 2968 Abiosdsk - ok
19:53:35.0546 2968 abp480n5 - ok
19:53:35.0609 2968 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:53:35.0625 2968 ACPI - ok
19:53:35.0656 2968 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:53:35.0671 2968 ACPIEC - ok
19:53:35.0687 2968 adpu160m - ok
19:53:35.0734 2968 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:53:35.0765 2968 aec - ok
19:53:35.0812 2968 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:53:35.0812 2968 AFD - ok
19:53:35.0812 2968 Aha154x - ok
19:53:35.0828 2968 aic78u2 - ok
19:53:35.0843 2968 aic78xx - ok
19:53:35.0890 2968 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
19:53:35.0906 2968 ALCXSENS - ok
19:53:35.0953 2968 ALCXWDM (4d4593c10f2c90d48da9fd1b14ace825) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
19:53:35.0984 2968 ALCXWDM - ok
19:53:36.0015 2968 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
19:53:36.0031 2968 Alerter - ok
19:53:36.0062 2968 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
19:53:36.0062 2968 ALG - ok
19:53:36.0093 2968 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:53:36.0093 2968 AliIde - ok
19:53:36.0187 2968 ALSysIO - ok
19:53:36.0218 2968 AmdK8 (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:53:36.0218 2968 AmdK8 - ok
19:53:36.0234 2968 amsint - ok
19:53:36.0390 2968 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
19:53:36.0406 2968 AntiVirSchedulerService - ok
19:53:36.0437 2968 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
19:53:36.0437 2968 AntiVirService - ok
19:53:36.0484 2968 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
19:53:36.0484 2968 AppMgmt - ok
19:53:36.0500 2968 asc - ok
19:53:36.0515 2968 asc3350p - ok
19:53:36.0515 2968 asc3550 - ok
19:53:36.0843 2968 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:53:36.0843 2968 aspnet_state - ok
19:53:36.0875 2968 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:53:36.0875 2968 AsyncMac - ok
19:53:36.0906 2968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:53:36.0906 2968 atapi - ok
19:53:36.0921 2968 Atdisk - ok
19:53:37.0000 2968 Ati HotKey Poller (288e9f9cb529b4f7c6b58fc53940fb46) C:\WINDOWS\system32\Ati2evxx.exe
19:53:37.0062 2968 Ati HotKey Poller - ok
19:53:37.0515 2968 ati2mtag (913da327ad22c6fa44c41d36fd8cc570) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:53:37.0859 2968 ati2mtag - ok
19:53:38.0265 2968 AtiHDAudioService - ok
19:53:38.0296 2968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:53:38.0312 2968 Atmarpc - ok
19:53:38.0343 2968 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
19:53:38.0359 2968 AudioSrv - ok
19:53:38.0390 2968 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:53:38.0390 2968 audstub - ok
19:53:38.0421 2968 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:53:38.0421 2968 avgntflt - ok
19:53:38.0437 2968 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:53:38.0453 2968 avipbb - ok
19:53:38.0468 2968 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:53:38.0468 2968 avkmgr - ok
19:53:38.0500 2968 AVMNDSL (ccdb9e04a636fd3b639a9063337532be) C:\WINDOWS\system32\DRIVERS\avmndsl.sys
19:53:38.0500 2968 AVMNDSL - ok
19:53:38.0531 2968 AVMPORT (02568a764ef2c37cfa6f9c471e67d475) C:\WINDOWS\System32\drivers\avmport.sys
19:53:38.0546 2968 AVMPORT - ok
19:53:38.0562 2968 AVMWAN (eb0ef89ccd0191aec96cd6093fb9770f) C:\WINDOWS\system32\DRIVERS\avmwan.sys
19:53:38.0578 2968 AVMWAN - ok
19:53:38.0625 2968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:53:38.0625 2968 Beep - ok
19:53:38.0687 2968 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
19:53:38.0734 2968 BITS - ok
19:53:38.0781 2968 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
19:53:38.0796 2968 Browser - ok
19:53:38.0812 2968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:53:38.0828 2968 cbidf2k - ok
19:53:38.0828 2968 cd20xrnt - ok
19:53:38.0843 2968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:53:38.0875 2968 Cdaudio - ok
19:53:38.0906 2968 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:53:38.0921 2968 Cdfs - ok
19:53:38.0968 2968 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:53:38.0968 2968 Cdrom - ok
19:53:38.0984 2968 Changer - ok
19:53:39.0015 2968 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
19:53:39.0015 2968 CiSvc - ok
19:53:39.0031 2968 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
19:53:39.0046 2968 ClipSrv - ok
19:53:39.0171 2968 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:53:39.0203 2968 clr_optimization_v2.0.50727_32 - ok
19:53:39.0500 2968 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:53:39.0546 2968 clr_optimization_v4.0.30319_32 - ok
19:53:39.0562 2968 CmdIde - ok
19:53:39.0578 2968 COMSysApp - ok
19:53:39.0593 2968 Cpqarray - ok
19:53:39.0687 2968 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Programme\PC Wizard 2010\pcwiz_x32.sys
19:53:39.0703 2968 cpuz134 - ok
19:53:39.0734 2968 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
19:53:39.0765 2968 cpuz135 - ok
19:53:39.0781 2968 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
19:53:39.0796 2968 Creative Service for CDROM Access - ok
19:53:39.0843 2968 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
19:53:39.0859 2968 CryptSvc - ok
19:53:39.0859 2968 d7c5195b-edc7-4e3e-8dc7-eeca1c9dfb0e - ok
19:53:39.0875 2968 dac2w2k - ok
19:53:39.0890 2968 dac960nt - ok
19:53:39.0937 2968 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
19:53:39.0953 2968 DcomLaunch - ok
19:53:40.0015 2968 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
19:53:40.0062 2968 Dhcp - ok
19:53:40.0078 2968 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:53:40.0078 2968 Disk - ok
19:53:40.0093 2968 dmadmin - ok
19:53:40.0187 2968 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
19:53:40.0250 2968 dmboot - ok
19:53:40.0296 2968 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
19:53:40.0328 2968 dmio - ok
19:53:40.0359 2968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:53:40.0359 2968 dmload - ok
19:53:40.0390 2968 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
19:53:40.0406 2968 dmserver - ok
19:53:40.0437 2968 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:53:40.0437 2968 DMusic - ok
19:53:40.0468 2968 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
19:53:40.0484 2968 Dnscache - ok
19:53:40.0500 2968 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
19:53:40.0515 2968 Dot3svc - ok
19:53:40.0531 2968 dpti2o - ok
19:53:40.0546 2968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:53:40.0546 2968 drmkaud - ok
19:53:40.0593 2968 dtscsi (6461e57bb51a848aae26f52427b7cf9e) C:\WINDOWS\System32\Drivers\dtscsi.sys
19:53:40.0593 2968 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 6461e57bb51a848aae26f52427b7cf9e
19:53:40.0593 2968 dtscsi ( LockedFile.Multi.Generic ) - warning
19:53:40.0593 2968 dtscsi - detected LockedFile.Multi.Generic (1)
19:53:40.0656 2968 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
19:53:40.0671 2968 dvd43llh - ok
19:53:40.0703 2968 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
19:53:40.0718 2968 EapHost - ok
19:53:40.0750 2968 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
19:53:40.0765 2968 ERSvc - ok
19:53:40.0796 2968 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
19:53:40.0812 2968 Eventlog - ok
19:53:40.0843 2968 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
19:53:40.0859 2968 EventSystem - ok
19:53:40.0875 2968 ewzpp1qk.sys - ok
19:53:40.0921 2968 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:53:40.0953 2968 Fastfat - ok
19:53:40.0984 2968 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
19:53:41.0000 2968 FastUserSwitchingCompatibility - ok
19:53:41.0015 2968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:53:41.0031 2968 Fdc - ok
19:53:41.0078 2968 FDSLBASE (c9a374c555948347e9f32c757110eca4) C:\WINDOWS\system32\DRIVERS\fdslbase.sys
19:53:41.0109 2968 FDSLBASE - ok
19:53:41.0140 2968 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
19:53:41.0156 2968 Fips - ok
19:53:41.0187 2968 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:53:41.0187 2968 Flpydisk - ok
19:53:41.0250 2968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:53:41.0265 2968 FltMgr - ok
19:53:41.0359 2968 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:53:41.0375 2968 FontCache3.0.0.0 - ok
19:53:41.0406 2968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:53:41.0406 2968 Fs_Rec - ok
19:53:41.0421 2968 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:53:41.0437 2968 Ftdisk - ok
19:53:41.0453 2968 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:53:41.0468 2968 gameenum - ok
19:53:41.0500 2968 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
19:53:41.0500 2968 giveio - ok
19:53:41.0531 2968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:53:41.0546 2968 Gpc - ok
19:53:41.0625 2968 GPU-Z - ok
19:53:41.0703 2968 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:53:41.0718 2968 HDAudBus - ok
19:53:41.0781 2968 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:53:41.0781 2968 helpsvc - ok
19:53:41.0796 2968 hidgame (923ee4eef2582909a056904ca8026015) C:\WINDOWS\system32\DRIVERS\hidgame.sys
19:53:41.0796 2968 hidgame - ok
19:53:41.0828 2968 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
19:53:41.0843 2968 HidServ - ok
19:53:41.0859 2968 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:53:41.0875 2968 hidusb - ok
19:53:41.0906 2968 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
19:53:41.0921 2968 hkmsvc - ok
19:53:41.0937 2968 hpn - ok
19:53:41.0968 2968 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:53:41.0968 2968 HPZid412 - ok
19:53:41.0984 2968 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:53:42.0000 2968 HPZipr12 - ok
19:53:42.0015 2968 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:53:42.0031 2968 HPZius12 - ok
19:53:42.0062 2968 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:53:42.0078 2968 HTTP - ok
19:53:42.0109 2968 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
19:53:42.0125 2968 HTTPFilter - ok
19:53:42.0125 2968 i2omgmt - ok
19:53:42.0140 2968 i2omp - ok
19:53:42.0187 2968 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:53:42.0203 2968 i8042prt - ok
19:53:42.0328 2968 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:53:42.0343 2968 IDriverT - ok
19:53:42.0515 2968 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:53:42.0640 2968 idsvc - ok
19:53:42.0687 2968 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:53:42.0703 2968 Imapi - ok
19:53:42.0750 2968 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\System32\imapi.exe
19:53:42.0781 2968 ImapiService - ok
19:53:42.0796 2968 ini910u - ok
19:53:42.0812 2968 IntelIde - ok
19:53:42.0828 2968 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:53:42.0843 2968 ip6fw - ok
19:53:42.0875 2968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:53:42.0890 2968 IpFilterDriver - ok
19:53:42.0906 2968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:53:42.0937 2968 IpInIp - ok
19:53:42.0984 2968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:53:43.0015 2968 IpNat - ok
19:53:43.0062 2968 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:53:43.0078 2968 IPSec - ok
19:53:43.0109 2968 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
19:53:43.0125 2968 irda - ok
19:53:43.0140 2968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:53:43.0156 2968 IRENUM - ok
19:53:43.0171 2968 Irmon (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\System32\irmon.dll
19:53:43.0187 2968 Irmon - ok
19:53:43.0250 2968 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
19:53:43.0250 2968 irsir - ok
19:53:43.0281 2968 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:53:43.0296 2968 isapnp - ok
19:53:43.0328 2968 ithsgt (b7a5fadf67136fda7e8f25303565b674) C:\WINDOWS\system32\DRIVERS\ithsgt.sys
19:53:43.0343 2968 ithsgt - ok
19:53:43.0468 2968 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
19:53:43.0484 2968 JavaQuickStarterService - ok
19:53:43.0515 2968 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\WINDOWS\system32\DRIVERS\k750bus.sys
19:53:43.0531 2968 k750bus - ok
19:53:43.0546 2968 k750mdfl (f44521f63c0c00364fa3d59db980de6a) C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
19:53:43.0546 2968 k750mdfl - ok
19:53:43.0578 2968 k750mdm (e93323c3ed5e8923a177740a973c27b2) C:\WINDOWS\system32\DRIVERS\k750mdm.sys
19:53:43.0593 2968 k750mdm - ok
19:53:43.0609 2968 k750mgmt (9d5f5a70ca0b7c428efcd73db50e6ac7) C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
19:53:43.0609 2968 k750mgmt - ok
19:53:43.0640 2968 k750obex (81ca2d57b2c14f76f4ba80846784bb3d) C:\WINDOWS\system32\DRIVERS\k750obex.sys
19:53:43.0640 2968 k750obex - ok
19:53:43.0671 2968 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:53:43.0687 2968 Kbdclass - ok
19:53:43.0734 2968 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:53:43.0750 2968 kbdhid - ok
19:53:43.0796 2968 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:53:43.0828 2968 kmixer - ok
19:53:43.0859 2968 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:53:43.0859 2968 KSecDD - ok
19:53:43.0890 2968 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
19:53:43.0921 2968 lanmanserver - ok
19:53:43.0953 2968 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
19:53:43.0968 2968 lanmanworkstation - ok
19:53:43.0984 2968 LBeepKE (be2dc24d403643a2d1d98f33c7087b38) C:\WINDOWS\system32\Drivers\LBeepKE.sys
19:53:44.0015 2968 LBeepKE - ok
19:53:44.0015 2968 lbrtfdc - ok
19:53:44.0046 2968 LEqdUsb (717e6714bca808f2a372e636aff3d15a) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
19:53:44.0062 2968 LEqdUsb - ok
19:53:44.0093 2968 LHidEqd (2786f7b4003adff88ce28bc1800b5407) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
19:53:44.0109 2968 LHidEqd - ok
19:53:44.0140 2968 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
19:53:44.0156 2968 LHidFilt - ok
19:53:44.0187 2968 lilsgt (16767ea492b5d140e1de3679a65eae74) C:\WINDOWS\system32\DRIVERS\lilsgt.sys
19:53:44.0203 2968 lilsgt - ok
19:53:44.0234 2968 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
19:53:44.0250 2968 LmHosts - ok
19:53:44.0265 2968 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
19:53:44.0281 2968 LMouFilt - ok
19:53:44.0296 2968 LUsbFilt (ddfa88e36d5f8db5fbdbdddc4969db0a) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
19:53:44.0312 2968 LUsbFilt - ok
19:53:44.0375 2968 MDM (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
19:53:44.0390 2968 MDM - ok
19:53:44.0421 2968 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
19:53:44.0437 2968 Messenger - ok
19:53:44.0468 2968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:53:44.0468 2968 mnmdd - ok
19:53:44.0500 2968 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
19:53:44.0515 2968 mnmsrvc - ok
19:53:44.0531 2968 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
19:53:44.0531 2968 Modem - ok
19:53:44.0546 2968 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:53:44.0562 2968 Mouclass - ok
19:53:44.0578 2968 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:53:44.0593 2968 mouhid - ok
19:53:44.0625 2968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:53:44.0625 2968 MountMgr - ok
19:53:44.0656 2968 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:53:44.0671 2968 MozillaMaintenance - ok
19:53:44.0687 2968 mraid35x - ok
19:53:44.0734 2968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:53:44.0781 2968 MRxDAV - ok
19:53:44.0859 2968 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:53:44.0921 2968 MRxSmb - ok
19:53:44.0937 2968 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
19:53:44.0937 2968 MSDTC - ok
19:53:44.0968 2968 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:53:44.0984 2968 Msfs - ok
19:53:45.0015 2968 msgame (082a950191dde602bbea8ef4e5900251) C:\WINDOWS\system32\DRIVERS\msgame.sys
19:53:45.0031 2968 msgame - ok
19:53:45.0031 2968 MSIServer - ok
19:53:45.0062 2968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:53:45.0062 2968 MSKSSRV - ok
19:53:45.0078 2968 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:53:45.0078 2968 MSPCLOCK - ok
19:53:45.0093 2968 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:53:45.0093 2968 MSPQM - ok
19:53:45.0109 2968 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:53:45.0125 2968 mssmbios - ok
19:53:45.0156 2968 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
19:53:45.0156 2968 ms_mpu401 - ok
19:53:45.0187 2968 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:53:45.0203 2968 Mup - ok
19:53:45.0250 2968 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
19:53:45.0265 2968 napagent - ok
19:53:45.0328 2968 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:53:45.0375 2968 NDIS - ok
19:53:45.0406 2968 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:53:45.0421 2968 NdisTapi - ok
19:53:45.0437 2968 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:53:45.0453 2968 Ndisuio - ok
19:53:45.0484 2968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:53:45.0500 2968 NdisWan - ok
19:53:45.0515 2968 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:53:45.0531 2968 NDProxy - ok
19:53:45.0546 2968 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:53:45.0562 2968 NetBIOS - ok
19:53:45.0609 2968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:53:45.0656 2968 NetBT - ok
19:53:45.0687 2968 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
19:53:45.0703 2968 NetDDE - ok
19:53:45.0718 2968 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
19:53:45.0718 2968 NetDDEdsdm - ok
19:53:45.0734 2968 NETFRITZ - ok
19:53:45.0734 2968 NETFWDSL - ok
19:53:45.0765 2968 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
19:53:45.0781 2968 Netlogon - ok
19:53:45.0812 2968 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
19:53:45.0859 2968 Netman - ok
19:53:45.0984 2968 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:53:46.0015 2968 NetTcpPortSharing - ok
19:53:46.0046 2968 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
19:53:46.0062 2968 Nla - ok
19:53:46.0156 2968 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Programme\CDBurnerXP\NMSAccessU.exe
19:53:46.0171 2968 NMSAccess - ok
19:53:46.0187 2968 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:53:46.0203 2968 Npfs - ok
19:53:46.0296 2968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:53:46.0328 2968 Ntfs - ok
19:53:46.0343 2968 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
19:53:46.0343 2968 NtLmSsp - ok
19:53:46.0421 2968 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
19:53:46.0484 2968 NtmsSvc - ok
19:53:46.0515 2968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:53:46.0515 2968 Null - ok
19:53:50.0296 2968 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:53:53.0390 2968 nv - ok
19:53:53.0828 2968 NVSvc (971b4344aba9b79ed0e9d0bb2a5283c1) C:\WINDOWS\system32\nvsvc32.exe
19:53:53.0906 2968 NVSvc - ok
19:53:54.0078 2968 nvUpdatusService (4cde6d8e0a07dce9e568f58a5dc8086c) C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:53:54.0125 2968 nvUpdatusService - ok
19:53:54.0562 2968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:53:54.0562 2968 NwlnkFlt - ok
19:53:54.0578 2968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:53:54.0593 2968 NwlnkFwd - ok
19:53:54.0625 2968 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:53:54.0656 2968 NwlnkIpx - ok
19:53:54.0671 2968 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:53:54.0687 2968 NwlnkNb - ok
19:53:54.0703 2968 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:53:54.0718 2968 NwlnkSpx - ok
19:53:54.0734 2968 NwSapAgent (34f763fe20ea568062687bcdde72c830) C:\WINDOWS\System32\ipxsap.dll
19:53:54.0750 2968 NwSapAgent - ok
19:53:54.0828 2968 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
19:53:54.0828 2968 ose - ok
19:53:54.0875 2968 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
19:53:54.0890 2968 Parport - ok
19:53:54.0906 2968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:53:54.0921 2968 PartMgr - ok
19:53:54.0937 2968 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
19:53:54.0937 2968 ParVdm - ok
19:53:54.0968 2968 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
19:53:54.0984 2968 PCI - ok
19:53:54.0984 2968 PCIDump - ok
19:53:55.0000 2968 PCIIde - ok
19:53:55.0031 2968 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:53:55.0046 2968 Pcmcia - ok
19:53:55.0046 2968 PDCOMP - ok
19:53:55.0062 2968 PDFRAME - ok
19:53:55.0078 2968 PDRELI - ok
19:53:55.0093 2968 PDRFRAME - ok
19:53:55.0109 2968 perc2 - ok
19:53:55.0109 2968 perc2hib - ok
19:53:55.0156 2968 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
19:53:55.0171 2968 PlugPlay - ok
19:53:55.0203 2968 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe
19:53:55.0203 2968 Pml Driver HPZ12 - ok
19:53:55.0296 2968 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) C:\WINDOWS\system32\PnkBstrA.exe
19:53:55.0312 2968 PnkBstrA - ok
19:53:55.0328 2968 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
19:53:55.0328 2968 PolicyAgent - ok
19:53:55.0375 2968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:53:55.0375 2968 PptpMiniport - ok
19:53:55.0390 2968 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
19:53:55.0406 2968 Processor - ok
19:53:55.0437 2968 prodrv06 (bc91060f244722a5d1c0e8016d9b0173) C:\WINDOWS\System32\drivers\prodrv06.sys
19:53:55.0453 2968 prodrv06 - ok
19:53:55.0484 2968 prohlp02 (880dc7832fd1dd7411e608cad45cf4a1) C:\WINDOWS\system32\drivers\prohlp02.sys
19:53:55.0484 2968 prohlp02 - ok
19:53:55.0500 2968 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:53:55.0500 2968 ProtectedStorage - ok
19:53:55.0531 2968 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:53:55.0546 2968 PSched - ok
19:53:55.0578 2968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:53:55.0593 2968 Ptilink - ok
19:53:55.0609 2968 ql1080 - ok
19:53:55.0609 2968 Ql10wnt - ok
19:53:55.0625 2968 ql12160 - ok
19:53:55.0640 2968 ql1240 - ok
19:53:55.0656 2968 ql1280 - ok
19:53:55.0671 2968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:53:55.0687 2968 RasAcd - ok
19:53:55.0718 2968 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
19:53:55.0750 2968 RasAuto - ok
19:53:55.0781 2968 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
19:53:55.0781 2968 Rasirda - ok
19:53:55.0812 2968 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:53:55.0828 2968 Rasl2tp - ok
19:53:55.0890 2968 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
19:53:55.0937 2968 RasMan - ok
19:53:55.0953 2968 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:53:55.0968 2968 RasPppoe - ok
19:53:56.0000 2968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:53:56.0000 2968 Raspti - ok
19:53:56.0062 2968 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:53:56.0093 2968 Rdbss - ok
19:53:56.0109 2968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:53:56.0125 2968 RDPCDD - ok
19:53:56.0156 2968 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:53:56.0187 2968 rdpdr - ok
19:53:56.0234 2968 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:53:56.0265 2968 RDPWD - ok
19:53:56.0312 2968 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
19:53:56.0343 2968 RDSessMgr - ok
19:53:56.0375 2968 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:53:56.0390 2968 redbook - ok
19:53:56.0421 2968 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
19:53:56.0437 2968 RemoteAccess - ok
19:53:56.0468 2968 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
19:53:56.0484 2968 RemoteRegistry - ok
19:53:56.0515 2968 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
19:53:56.0515 2968 ROOTMODEM - ok
19:53:56.0546 2968 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
19:53:56.0546 2968 RpcLocator - ok
19:53:56.0593 2968 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
19:53:56.0593 2968 RpcSs - ok
19:53:56.0625 2968 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
19:53:56.0640 2968 RSVP - ok
19:53:56.0671 2968 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:53:56.0671 2968 SamSs - ok
19:53:56.0765 2968 SandraAgentSrv (15cb4bf35b93b2d26fce6a58de8a8a37) C:\Programme\SiSoftware Sandra Lite 2012\RpcAgentSrv.exe
19:53:56.0781 2968 SandraAgentSrv - ok
19:53:56.0812 2968 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
19:53:56.0843 2968 SCardSvr - ok
19:53:56.0906 2968 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
19:53:56.0937 2968 Schedule - ok
19:53:56.0968 2968 sdcplh (dac1594437cd44ff57fafc71256fe7f3) C:\WINDOWS\system32\drivers\sdcplh.sys
19:53:56.0968 2968 sdcplh - ok
19:53:57.0000 2968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:53:57.0000 2968 Secdrv - ok
19:53:57.0031 2968 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
19:53:57.0046 2968 seclogon - ok
19:53:57.0062 2968 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
19:53:57.0078 2968 SENS - ok
19:53:57.0109 2968 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:53:57.0125 2968 serenum - ok
19:53:57.0156 2968 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
19:53:57.0171 2968 Serial - ok
19:53:57.0250 2968 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
19:53:57.0265 2968 sfdrv01 - ok
19:53:57.0281 2968 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
19:53:57.0281 2968 sfhlp01 - ok
19:53:57.0312 2968 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
19:53:57.0312 2968 sfhlp02 - ok
19:53:57.0328 2968 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:53:57.0359 2968 Sfloppy - ok
19:53:57.0375 2968 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
19:53:57.0375 2968 sfvfs02 - ok
19:53:57.0453 2968 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
19:53:57.0500 2968 SharedAccess - ok
19:53:57.0531 2968 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
19:53:57.0531 2968 ShellHWDetection - ok
19:53:57.0546 2968 Simbad - ok
19:53:57.0562 2968 Sparrow - ok
19:53:57.0593 2968 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\WINDOWS\system32\speedfan.sys
19:53:57.0609 2968 speedfan - ok
19:53:57.0640 2968 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:53:57.0640 2968 splitter - ok
19:53:57.0671 2968 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:53:57.0687 2968 Spooler - ok
19:53:57.0734 2968 sptd (04c3df6852a5e77371edde99f1cf0960) C:\WINDOWS\system32\Drivers\sptd.sys
19:53:57.0750 2968 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 04c3df6852a5e77371edde99f1cf0960
19:53:57.0750 2968 sptd ( LockedFile.Multi.Generic ) - warning
19:53:57.0750 2968 sptd - detected LockedFile.Multi.Generic (1)
19:53:57.0781 2968 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
19:53:57.0781 2968 sr - ok
19:53:57.0843 2968 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
19:53:57.0890 2968 srservice - ok
19:53:57.0921 2968 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:53:57.0937 2968 Srv - ok
19:53:57.0968 2968 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
19:53:57.0984 2968 SSDPSRV - ok
19:53:58.0015 2968 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:53:58.0031 2968 ssmdrv - ok
19:53:58.0062 2968 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
19:53:58.0062 2968 StarOpen - ok
19:53:58.0125 2968 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
19:53:58.0171 2968 stisvc - ok
19:53:58.0203 2968 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:53:58.0203 2968 swenum - ok
19:53:58.0250 2968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:53:58.0265 2968 swmidi - ok
19:53:58.0281 2968 SwPrv - ok
19:53:58.0296 2968 symc810 - ok
19:53:58.0312 2968 symc8xx - ok
19:53:58.0312 2968 sym_hi - ok
19:53:58.0328 2968 sym_u3 - ok
19:53:58.0359 2968 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:53:58.0375 2968 sysaudio - ok
19:53:58.0406 2968 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
19:53:58.0421 2968 SysmonLog - ok
19:53:58.0484 2968 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
19:53:58.0531 2968 TapiSrv - ok
19:53:58.0593 2968 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:53:58.0609 2968 Tcpip - ok
19:53:58.0671 2968 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
19:53:58.0703 2968 Tcpip6 - ok
19:53:58.0734 2968 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:53:58.0750 2968 TDPIPE - ok
19:53:58.0765 2968 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:53:58.0781 2968 TDTCP - ok
19:53:58.0796 2968 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:53:58.0812 2968 TermDD - ok
19:53:58.0875 2968 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
19:53:58.0875 2968 TermService - ok
19:53:58.0906 2968 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
19:53:58.0906 2968 Themes - ok
19:53:58.0953 2968 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe
19:53:58.0953 2968 TlntSvr - ok
19:53:58.0968 2968 TosIde - ok
19:53:59.0000 2968 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
19:53:59.0031 2968 TrkWks - ok
19:53:59.0062 2968 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
19:53:59.0078 2968 tunmp - ok
19:53:59.0109 2968 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:53:59.0125 2968 Udfs - ok
19:53:59.0156 2968 ULI5261XP (ce2dd5efb0f773382376faaf9f506542) C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS
19:53:59.0156 2968 ULI5261XP - ok
19:53:59.0171 2968 ultra - ok
19:53:59.0234 2968 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:53:59.0296 2968 Update - ok
19:53:59.0359 2968 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
19:53:59.0390 2968 upnphost - ok
19:53:59.0421 2968 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
19:53:59.0437 2968 UPS - ok
19:53:59.0468 2968 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:53:59.0484 2968 usbccgp - ok
19:53:59.0515 2968 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:53:59.0515 2968 usbehci - ok
19:53:59.0546 2968 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:53:59.0593 2968 usbhub - ok
19:53:59.0609 2968 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:53:59.0625 2968 usbohci - ok
19:53:59.0640 2968 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:53:59.0656 2968 usbprint - ok
19:53:59.0687 2968 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:53:59.0703 2968 usbscan - ok
19:53:59.0734 2968 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:53:59.0750 2968 USBSTOR - ok
19:53:59.0828 2968 usnjsvc (c5b70a6aa947667ce0e5fc84a05ec8b6) C:\Programme\MSN Messenger\usnsvc.exe
19:53:59.0828 2968 usnjsvc - ok
19:53:59.0859 2968 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:53:59.0875 2968 VgaSave - ok
19:53:59.0890 2968 ViaIde - ok
19:53:59.0921 2968 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
19:53:59.0921 2968 VolSnap - ok
19:54:00.0000 2968 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
19:54:00.0046 2968 VSS - ok
19:54:00.0093 2968 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\System32\w32time.dll
19:54:00.0140 2968 W32Time - ok
19:54:00.0187 2968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:54:00.0187 2968 Wanarp - ok
19:54:00.0265 2968 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
19:54:00.0281 2968 Wdf01000 - ok
19:54:00.0296 2968 WDICA - ok
19:54:00.0328 2968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:54:00.0343 2968 wdmaud - ok
19:54:00.0375 2968 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
19:54:00.0406 2968 WebClient - ok
19:54:00.0484 2968 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:54:00.0515 2968 winmgmt - ok
19:54:00.0546 2968 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
19:54:00.0562 2968 WmBEnum - ok
19:54:00.0578 2968 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
19:54:00.0593 2968 WmdmPmSN - ok
19:54:00.0609 2968 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
19:54:00.0625 2968 WmFilter - ok
19:54:00.0671 2968 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
19:54:00.0703 2968 Wmi - ok
19:54:00.0750 2968 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:54:00.0765 2968 WmiApSrv - ok
19:54:00.0812 2968 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys
19:54:00.0812 2968 WmVirHid - ok
19:54:00.0828 2968 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
19:54:00.0875 2968 WmXlCore - ok
19:54:00.0921 2968 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:54:00.0921 2968 WpdUsb - ok
19:54:01.0312 2968 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:54:01.0375 2968 WPFFontCache_v0400 - ok
19:54:01.0406 2968 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
19:54:01.0406 2968 wscsvc - ok
19:54:01.0437 2968 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
19:54:01.0437 2968 wuauserv - ok
19:54:01.0468 2968 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:54:01.0468 2968 WudfPf - ok
19:54:01.0500 2968 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:54:01.0500 2968 WudfRd - ok
19:54:01.0531 2968 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:54:01.0546 2968 WudfSvc - ok
19:54:01.0625 2968 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
19:54:01.0687 2968 WZCSVC - ok
19:54:01.0687 2968 xcpip - ok
19:54:01.0718 2968 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
19:54:01.0734 2968 xmlprov - ok
19:54:01.0734 2968 xpsec - ok
19:54:01.0765 2968 MBR (0x1B8) (eeadaf356113e54427e990a5bcad82b5) \Device\Harddisk0\DR0
19:54:01.0765 2968 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
19:54:01.0765 2968 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
19:54:01.0781 2968 Boot (0x1200) (f990d8e3622b8485d59af55623b18673) \Device\Harddisk0\DR0\Partition0
19:54:01.0781 2968 \Device\Harddisk0\DR0\Partition0 - ok
19:54:01.0796 2968 Boot (0x1200) (ed739a215934c6e47d5618bfb782d5a8) \Device\Harddisk0\DR0\Partition1
19:54:01.0796 2968 \Device\Harddisk0\DR0\Partition1 - ok
19:54:01.0812 2968 Boot (0x1200) (acedba1f84194c27e15d18d1345f435e) \Device\Harddisk0\DR0\Partition2
19:54:01.0828 2968 \Device\Harddisk0\DR0\Partition2 - ok
19:54:01.0843 2968 Boot (0x1200) (bc5d63b7ea68d47be85d8b9da7ff8939) \Device\Harddisk0\DR0\Partition3
19:54:01.0843 2968 \Device\Harddisk0\DR0\Partition3 - ok
19:54:01.0843 2968 ============================================================
19:54:01.0843 2968 Scan finished
19:54:01.0843 2968 ============================================================
19:54:01.0859 1144 Detected object count: 3
19:54:01.0859 1144 Actual detected object count: 3
19:59:47.0781 1144 dtscsi ( LockedFile.Multi.Generic ) - skipped by user
19:59:47.0781 1144 dtscsi ( LockedFile.Multi.Generic ) - User select action: Skip
19:59:47.0781 1144 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:59:47.0781 1144 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:59:48.0265 1144 \Device\Harddisk0\DR0\# - copied to quarantine
19:59:48.0265 1144 \Device\Harddisk0\DR0 - copied to quarantine
19:59:48.0296 1144 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
19:59:48.0296 1144 \Device\Harddisk0\DR0 - ok
19:59:48.0296 1144 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
19:59:55.0312 0580 Deinitialize success

Attached Files



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:11 AM

Posted 12 July 2012 - 02:49 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#5 langschan

langschan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 13 July 2012 - 03:09 AM

Hello!

Here's the list of found threats (ESET):
C:\Dokumente und Einstellungen\Pedder\Desktop\pdfcreator-1_3_2_setup.exe Win32/OpenCandy application
F:\Downloads\2\TempFileCleaner_4_0_2_Setup_exe.exe a variant of Win32/InstallCore.D application

Contents of OTL.txt:
OTL logfile created on: 13.07.2012 09:30:20 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = F:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 66,26% Memory free
4,85 Gb Paging File | 4,29 Gb Available in Paging File | 88,50% Paging File free
Paging file location(s): D:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14,65 Gb Total Space | 2,59 Gb Free Space | 17,70% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 12,18 Gb Free Space | 62,35% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 19,70 Gb Free Space | 40,35% Space Free | Partition Type: NTFS
Drive F: | 69,65 Gb Total Space | 3,98 Gb Free Space | 5,72% Space Free | Partition Type: NTFS

Computer Name: TOP-RECHNER | User Name: Pedder | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.13 09:15:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.scr
PRC - [2012.06.18 23:13:52 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.23 15:05:34 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2012.05.10 17:30:54 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.10 17:30:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.10 17:30:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.10 17:30:54 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.02.10 06:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.01.17 11:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.03.05 00:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.11.06 12:08:10 | 000,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative ZEN\ZEN Media Explorer\CTCheck.exe
PRC - [2006.03.03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006.02.19 03:41:10 | 000,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\HP Deskjet F380\HP Software Update\hpwuSchd2.exe
PRC - [2004.07.27 18:01:36 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Modules (No Company Name) ==========

MOD - [2012.06.18 23:13:50 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.05.10 17:30:54 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.02.10 06:10:00 | 001,568,576 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nview\nView.dll
MOD - [2012.02.10 06:10:00 | 000,357,184 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nview\nvShell.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.03.05 00:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2008.04.14 08:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.05.07 18:28:48 | 000,057,451 | ---- | M] () -- C:\Programme\ICQ 5\ICQLiteShell.dll
MOD - [2004.11.02 22:16:40 | 000,121,856 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.06.18 23:13:51 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.10 17:30:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.10 17:30:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.02.10 06:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.05 00:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008.11.06 13:37:22 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware Sandra Lite 2012\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2006.03.03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETFWDSL.SYS -- (NETFWDSL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETFRITZ.SYS -- (NETFRITZ)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Pedder\LOKALE~1\Temp\GPU-Z.sys -- (GPU-Z)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewzpp1qk.sys -- (ewzpp1qk.sys)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\Player\cds300.dll -- (d7c5195b-edc7-4e3e-8dc7-eeca1c9dfb0e)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Pedder\LOKALE~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012.05.10 17:30:54 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.10 17:30:54 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.23 15:30:08 | 000,162,432 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ithsgt.sys -- (ithsgt)
DRV - [2011.09.23 15:30:07 | 000,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lilsgt.sys -- (lilsgt)
DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 08:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011.09.02 08:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011.09.02 08:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011.09.02 08:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011.07.29 00:20:10 | 007,084,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.12.18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010.11.09 16:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010.07.09 13:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Programme\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.04.14 01:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005.12.24 23:28:27 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)
DRV - [2005.12.24 23:25:52 | 000,664,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2005.12.07 17:21:28 | 000,055,168 | ---- | M] (Macrovision Europe Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sdcplh.sys -- (sdcplh)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.03.22 21:36:40 | 000,028,672 | ---- | M] (ULi Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULILAN51.SYS -- (ULI5261XP)
DRV - [2005.03.09 16:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.02.11 11:24:24 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2005.02.11 11:22:48 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005.02.11 11:21:10 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005.02.11 11:21:02 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.02.11 11:19:20 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2004.08.02 22:09:18 | 000,635,281 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.04.14 12:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004.04.14 12:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004.04.14 12:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004.04.14 12:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004.02.24 12:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004.01.26 17:36:35 | 000,095,552 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.01.26 17:01:28 | 000,052,224 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2001.12.06 02:00:00 | 000,868,240 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fdslbase.sys -- (FDSLBASE) AVM FRITZ!Card DSL (WinXP/2000)
DRV - [2001.12.06 02:00:00 | 000,038,608 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmndsl.sys -- (AVMNDSL)
DRV - [2001.12.06 02:00:00 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [2001.10.23 01:00:00 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avmport.sys -- (AVMPORT)
DRV - [2001.08.23 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.08.23 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001.08.17 15:02:40 | 000,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame)
DRV - [2001.08.17 15:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)
DRV - [2001.08.17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.web.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Programme\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VLC Player\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VLC Player\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.23 14:52:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.18 23:13:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.07.11 07:44:30 | 000,000,000 | ---D | M]

[2010.10.11 15:38:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\Mozilla\Extensions
[2012.05.23 11:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\Mozilla\Firefox\Profiles\0lvq3oq5.default\extensions
[2011.08.29 20:42:51 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\Mozilla\Firefox\Profiles\0lvq3oq5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.20 02:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.18 23:13:52 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.05.23 15:05:38 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll
[2012.03.05 00:40:07 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.05 00:40:07 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.05 00:40:07 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.05 00:40:07 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.05 00:40:07 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.05 00:40:07 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.02.26 15:43:57 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTCheck] C:\Programme\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Programme\HP Deskjet F380\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Start WingMan Profiler] File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2012.07.10 23:07:42 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2012.07.10 23:07:42 | 000,000,000 | ---D | M]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ 5\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQ 5\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab (EPUImageControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136568627140 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136568620046 (MUWebControl Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99CE5F40-35F7-4CF6-BFE9-88BE28E6050E}: NameServer = 131.174.78.16,131.174.78.17
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Pedder\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Pedder\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.24 01:39:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.13 00:46:26 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.07.13 00:42:10 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Pedder\Recent
[2012.07.11 07:54:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2012.07.11 07:44:40 | 000,000,000 | ---D | C] -- C:\Programme\Oracle
[2012.07.10 19:59:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.07.10 17:41:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\Malwarebytes
[2012.07.10 17:41:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware
[2012.07.10 17:41:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.07.10 17:41:11 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.10 17:41:11 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes Anti-Malware
[2012.07.10 17:39:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2012.07.10 17:39:52 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2012.07.10 17:39:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2012.07.10 01:40:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012.07.02 20:26:02 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Pedder\PrivacIE
[2012.06.29 02:08:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Stronghold
[2012.06.27 20:15:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Pedder\My Documents
[2012.06.27 17:58:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Pedder\.spss
[2012.06.27 17:55:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SPSS Inc
[2012.06.27 17:54:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SPSS
[2012.06.27 17:54:19 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\SPSSInc
[2012.06.27 16:08:00 | 000,000,000 | ---D | C] -- C:\Programme\Common~1
[2012.06.14 11:38:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Pedder\Lokale Einstellungen\Anwendungsdaten\Temp
[2012.06.14 10:29:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Pedder\Desktop\Hurricane 2012
[9 C:\Dokumente und Einstellungen\Pedder\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Pedder\Desktop\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 D:\Eigene Dateien\*.tmp files -> D:\Eigene Dateien\*.tmp -> ]
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.12 10:13:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.11 23:55:15 | 000,093,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Pedder\Desktop\Screenshot registry.jpg
[2012.07.11 22:22:01 | 000,242,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.11 22:04:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.11 12:54:33 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Pedder\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.11 08:08:19 | 000,516,772 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.11 08:08:19 | 000,493,440 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.11 08:08:19 | 000,100,924 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.11 08:08:19 | 000,083,984 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.10 23:27:55 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Pedder\defogger_reenable
[2012.07.10 23:06:33 | 004,166,454 | ---- | M] () -- C:\Dokumente und Einstellungen\Pedder\Desktop\Quarantaine netwerk.bmp
[2012.07.09 18:55:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.29 20:28:01 | 000,000,083 | ---- | M] () -- C:\WINDOWS\wwp.INI
[2012.06.27 17:53:42 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2012.06.27 17:53:42 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2012.06.27 17:53:42 | 000,000,016 | -H-- | M] () -- C:\WINDOWS\System32\servdat.slm
[2012.06.27 17:53:42 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2012.06.27 16:08:33 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\grcauth2.dll
[2012.06.27 16:08:33 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\grcauth1.dll
[2012.06.27 16:08:33 | 000,000,114 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.tgz
[2012.06.27 16:08:33 | 000,000,100 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.dll
[2012.06.27 16:07:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2012.06.27 16:06:21 | 000,000,000 | ---- | M] () -- C:\law.sp
[9 C:\Dokumente und Einstellungen\Pedder\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Pedder\Desktop\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 D:\Eigene Dateien\*.tmp files -> D:\Eigene Dateien\*.tmp -> ]
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.11 23:55:15 | 000,093,016 | ---- | C] () -- C:\Dokumente und Einstellungen\Pedder\Desktop\Screenshot registry.jpg
[2012.07.10 23:27:45 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Pedder\defogger_reenable
[2012.07.10 23:05:48 | 004,166,454 | ---- | C] () -- C:\Dokumente und Einstellungen\Pedder\Desktop\Quarantaine netwerk.bmp
[2012.06.27 16:08:33 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2012.06.27 16:08:33 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2012.06.27 16:08:33 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.tgz
[2012.06.27 16:08:33 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2012.06.27 16:06:21 | 000,000,000 | ---- | C] () -- C:\law.sp
[2012.06.26 10:17:36 | 000,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd
[2012.06.05 17:40:37 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI
[2012.03.20 14:33:22 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2012.03.01 19:33:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.29 00:46:40 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011.12.02 16:39:19 | 000,006,047 | ---- | C] () -- C:\Dokumente und Einstellungen\Pedder\.recently-used.xbel
[2011.11.28 13:12:54 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.11.28 13:12:54 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.11.28 13:12:54 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.11.28 13:12:20 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011.11.28 12:55:40 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.11.28 12:55:40 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.11.19 21:42:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.11.19 21:41:58 | 000,234,855 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.11.15 01:09:14 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2011.11.15 01:09:14 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2011.11.15 00:08:38 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.11.01 16:43:09 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.10.25 22:21:48 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll
[2011.09.23 15:30:08 | 000,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys
[2011.09.23 15:30:07 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys
[2011.07.28 18:49:12 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011.06.23 21:58:46 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.06.23 21:58:46 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.05.17 23:28:40 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Pedder\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2011.04.29 16:18:48 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe
[2010.10.06 01:23:54 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Pedder\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.10.01 23:26:16 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010.10.01 23:26:16 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010.10.01 23:26:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010.10.01 23:26:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2010.10.01 23:26:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2010.10.01 23:26:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2010.10.01 23:24:52 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010.10.01 23:24:52 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009.03.11 13:10:13 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\PnkBstrK.sys
[2006.04.29 16:14:15 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Pedder\.gtk-bookmarks
[2006.03.03 19:59:39 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.01.01 22:53:49 | 000,000,203 | ---- | C] () -- C:\Dokumente und Einstellungen\Pedder\default.pls
[2005.12.24 03:34:36 | 000,083,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Pedder\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011.11.15 00:08:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2009.03.17 17:33:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software
[2012.03.19 22:09:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI
[2006.01.19 14:02:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap
[2010.11.19 03:00:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap Games
[2011.03.25 15:26:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2012.06.27 17:54:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SPSS
[2012.03.20 19:00:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
[2012.01.09 18:56:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\.minecraft
[2011.04.28 23:06:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\BitTorrent
[2011.11.15 00:08:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\Canneverbe Limited
[2011.07.24 22:27:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\DisplayTune
[2011.11.28 12:40:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\DVDVideoSoft
[2010.12.06 13:34:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\DVDVideoSoftIEHelpers
[2006.03.11 16:11:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\FRITZ!
[2011.12.02 16:33:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\gtk-2.0
[2011.11.15 00:27:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\HandBrake
[2008.09.01 22:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\ICQ
[2005.12.28 23:28:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\ICQLite
[2009.03.11 13:16:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\id Software
[2006.08.21 17:04:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\Leadertech
[2005.12.25 14:57:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\Opera
[2012.06.06 16:42:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\Oracle
[2011.10.19 20:42:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\Rupan
[2011.06.23 22:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\SecondLife
[2006.09.11 13:58:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\VanDale

========== Purity Check ==========



< End of report >

#6 langschan

langschan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 13 July 2012 - 03:11 AM

Contents of Extras.txt:
OTL Extras logfile created on: 13.07.2012 09:30:20 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = F:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 66,26% Memory free
4,85 Gb Paging File | 4,29 Gb Available in Paging File | 88,50% Paging File free
Paging file location(s): D:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 14,65 Gb Total Space | 2,59 Gb Free Space | 17,70% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 12,18 Gb Free Space | 62,35% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 19,70 Gb Free Space | 40,35% Space Free | Partition Type: NTFS
Drive F: | 69,65 Gb Total Space | 3,98 Gb Free Space | 5,72% Space Free | Partition Type: NTFS

Computer Name: TOP-RECHNER | User Name: Pedder | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VLC Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VLC Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1 -- [2012.07.10 23:07:42 | 000,000,000 | ---D | M]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Programme\ICQ 5\ICQLite.exe" = C:\Programme\ICQ 5\ICQLite.exe:*:Enabled:ICQ Lite
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule
"C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP Deskjet F380\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP Deskjet F380\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP Deskjet F380\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP Deskjet F380\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpqnrs08.exe" = C:\Programme\HP Deskjet F380\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\SopCast\adv\SopAdver.exe" = C:\Dokumente und Einstellungen\Pedder\Anwendungsdaten\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component -- (TVU networks)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\TVAnts\Tvants.exe" = C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.)
"E:\Pro Evolution Soccer 2009\pes2009.exe" = E:\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"E:\Re-Volt\revolt.exe" = E:\Re-Volt\revolt.exe:*:Enabled:revolt -- ()
"E:\Pro Evolution Soccer 6\PES6.exe" = E:\Pro Evolution Soccer 6\PES6.exe:*:Enabled:pes6.exe
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"E:\Blobby Volley\volley.exe" = E:\Blobby Volley\volley.exe:*:Enabled:volley -- ()
"E:\Flatout 2\FlatOut2.exe" = E:\Flatout 2\FlatOut2.exe:*:Enabled:FlatOut2 -- ()
"C:\Programme\SPSS 18\paswstat.exe" = C:\Programme\SPSS 18\paswstat.exe:*:Disabled:Statistics18:exe
"F:\Spiele\Second Life\SLVoice.exe" = F:\Spiele\Second Life\SLVoice.exe:*:Enabled:SLVoice
"F:\Spiele\Pro Evolution Soccer 2011\pes2011.exe" = F:\Spiele\Pro Evolution Soccer 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011
"E:\Pro Evolution Soccer 2011\pes2011.exe" = E:\Pro Evolution Soccer 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011
"C:\Programme\SiSoftware Sandra Lite 2012\RpcAgentSrv.exe" = C:\Programme\SiSoftware Sandra Lite 2012\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"E:\Trackmania\TmForever.exe" = E:\Trackmania\TmForever.exe:*:Enabled:TmForever -- ()
"E:\Pro Evolution Soccer 2010\pes2010.exe" = E:\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"E:\Worms World Party\wwp.exe" = E:\Worms World Party\wwp.exe:*:Enabled:Worms World Party -- (Team17 Software Ltd)
"F:\SPSS 18\paswstat.exe" = F:\SPSS 18\paswstat.exe:*:Disabled:Statistics18:exe -- (SPSS Inc.)
"F:\SPSS 18\WinWrapIDE.exe" = F:\SPSS 18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"F:\SPSS 18\paswstat.com" = F:\SPSS 18\paswstat.com:*:Disabled:Statistics18:com -- (SPSS Inc.)
"F:\Downloads\Age of Empires 2\empires2.exe" = F:\Downloads\Age of Empires 2\empires2.exe:*:Enabled:Age of Empires II
"E:\Age of Empires 2\empires2.exe" = E:\Age of Empires 2\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"F:\Downloads\Age of Empires 2\Age of Empires 2\empires2.exe" = F:\Downloads\Age of Empires 2\Age of Empires 2\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}" = Deus Ex - Invisible War
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 5
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{487A5853-C956-46A1-BC04-6ECD28387142}" = Metaphon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{83622A51-877C-4FB8-92BB-2572B3B4F4B8}" = OOBE06_Exp2
"{85CC78F7-8364-4E66-A2D0-A216A53EC4BD}" = Samsung yepp YP-T5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BA10AC78-E687-4523-8B93-540428FC256F}" = Fahrenheit
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite (Testversion) 2012
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DE08F927-6261-4A43-8D50-FCFDB3EFAC6D}" = Quake Live Mozilla Plugin
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Accent ZIP Password Recovery_is1" = Accent ZIP Password Recovery 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"DivX Setup" = DivX-Setup
"DVD43_is1" = DVD43 v4.6.0
"FLVPlayer" = FLV Player 1.3.3
"Free Studio_is1" = Free Studio version 5.1.7
"GoogleVideoPlayer" = Google Video Player
"HandBrake" = HandBrake 0.9.5
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"ie8" = Windows Internet Explorer 8
"IPA/SAM Phonetic Fonts_is1" = IPA/SAM Phonetics Fonts
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 11.62.1347" = Opera 11.62
"PC Wizard 2010_is1" = PC Wizard 2010.1.96
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 15.0" = RealPlayer
"Re-Volt" = Re-Volt
"SopCast" = SopCast 1.1.0
"SpeedFan" = SpeedFan (remove only)
"SysInfo" = Creative Systeminformationen
"TiaPlus" = TiaPlus
"TmNationsForever_is1" = TmNationsForever
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.5.4
"Van Dale Grote woordenboeken Duits" = Van Dale Grote woordenboeken Duits
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 2.0.2
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR Archivierer
"xp-AntiSpy" = xp-AntiSpy 3.9-1
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zattoo4" = Zattoo4 4.0.5
"ZENcast Organizer" = ZENcast Organizer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02.05.2012 16:42:54 | Computer Name = TOP-RECHNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul wmvcore.dll, Version 11.0.5721.5275, Fehleradresse 0x000d3d79.

Error - 10.05.2012 11:25:59 | Computer Name = TOP-RECHNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avgnt.exe, Version 12.1.0.17, fehlgeschlagenes
Modul msvcr100.dll, Version 10.0.40219.325, Fehleradresse 0x0008d6fd.

Error - 28.05.2012 17:39:34 | Computer Name = TOP-RECHNER | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5

Error - 28.05.2012 17:39:57 | Computer Name = TOP-RECHNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avgnt.exe, Version 12.3.0.15, fehlgeschlagenes
Modul msvcr100.dll, Version 10.0.40219.325, Fehleradresse 0x0008d6fd.

Error - 05.06.2012 12:14:34 | Computer Name = TOP-RECHNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wwp.exe, Version 1.0.0.0, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x000370dc.

Error - 05.06.2012 12:14:53 | Computer Name = TOP-RECHNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wwp.exe, Version 1.0.0.0, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x000370dc.

Error - 05.06.2012 12:17:17 | Computer Name = TOP-RECHNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wwp.exe, Version 1.0.0.0, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x000370dc.

Error - 07.06.2012 10:56:33 | Computer Name = TOP-RECHNER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msimn.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul mshtml.dll, Version 8.0.6001.18702, Fehleradresse 0x0002df60.

Error - 09.07.2012 20:09:14 | Computer Name = TOP-RECHNER | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 11.07.2012 02:14:54 | Computer Name = TOP-RECHNER | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ System Events ]
Error - 11.07.2012 04:28:40 | Computer Name = TOP-RECHNER | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error - 11.07.2012 07:25:47 | Computer Name = TOP-RECHNER | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 11.07.2012 07:26:15 | Computer Name = TOP-RECHNER | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 11.07.2012 07:26:38 | Computer Name = TOP-RECHNER | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 11.07.2012 07:27:31 | Computer Name = TOP-RECHNER | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 11.07.2012 07:27:40 | Computer Name = TOP-RECHNER | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 11.07.2012 12:45:22 | Computer Name = TOP-RECHNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Legacy Modem Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058

Error - 11.07.2012 13:58:48 | Computer Name = TOP-RECHNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Legacy Modem Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058

Error - 11.07.2012 16:24:24 | Computer Name = TOP-RECHNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Legacy Modem Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058

Error - 12.07.2012 04:15:14 | Computer Name = TOP-RECHNER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Legacy Modem Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058


< End of report >

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:11 AM

Posted 14 July 2012 - 02:32 PM

Good evening. :)

Did you by any chance run a search recently on your system for the filenames that appear in the registry key picture that you attached?

So long, and thanks for all the fish.

 

 


#8 langschan

langschan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 16 July 2012 - 02:23 PM

Hello Noviciate!
Sorry for my late reaction, I was not at home during the weekend.
I didn't find the filenames on my system and found out that the existence of the files in my registry just means that I searched for these files (I'm so dumb...). :) So these files are not on my computer.
However my computer works a lot slower (especially when it boots and the first few minutes) since I used all those malware-software. I can't exactly remember after which software this began. Is it possible that it has something to do with Defogger?

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:11 AM

Posted 16 July 2012 - 02:37 PM

Good evening. :)

Install Date: 24.12.2005

I suspect that the slowness is in part due to the length of time that the installation has been running - I reinstall mine about every six months to keep it running sweetly and yours is a lot older than that. It is also possible that the infection has caused some damage to Windows and this is having a negative effect on your system.

The following steps will serve as a spring clean for your PC. Not all of them will be of benefit to your PC as this is a general post, but the overall effect should be positive.

1) Go to Start > Control Panel > Add/Remove Programs and remove any programs that you no longer use and then reboot your PC.

2) Download TFC by OldTimer from here and save it to your Desktop.

  • You will need to close all open programs and save any work as TFC will require a reboot.
  • Double-click TFC.exe to run it. (Note: If you are using Vista, right-click the file and select Run As Administrator from the menu that appears).
  • Click the Start button to begin. Depending on how often you clean temp files, execution time could be anywhere from a few seconds to a minute or two - just sit back and enjoy the view.
  • Once it has finished it should reboot your PC all by itself. If it does not, please manually reboot.
  • Once rebooted your PC will run like a Cray supercomputer, or at least have less junk on the hard drive - OT's not a miracle worker you know!
  • Please note that this tool will empty the Recycle Bin as part of it's actions. If you have anything in there that you haven't finished with, move it first.

3) Double click My Computer.
Right click the disc drive you wish to check.
Click Properties.
In the Properties dialog box, click the Tools Tab.
Under Error-checking, click the Check Now button.
In the "Check Disc Local Disk (C:)" dialog box, check both Automatically fix file system errors and Scan for and attempt recovery of bad sectors, and then click Start.

This will look for and attempt to repair any errors that your hard drive has.

4) Defragment your hard drive. A tutorial for disc defragmentation is available here.

I happen to prefer a third-party defrag tool to the one that Windows offers. You can read about it, and find a linky, here - it's free too!

Let me know how you get on.

So long, and thanks for all the fish.

 

 


#10 langschan

langschan
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 19 July 2012 - 10:05 AM

Hello! I followed your 4 steps but still the computer is very slow. While booting even the windows startup sound isn't played smoothly but like staccato... :)
I guess someday I'll just have to buy a new computer. Anyway thank you very much for your help and support!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users