Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Infection ?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware Infection ?

Unread postby Flat75 » March 16th, 2011, 12:10 pm

Folks,
whenever trying to open a google search result link I'm being redirected to some "attacker" rated pages ...
Need assistance ...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:05:35, on 16.03.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TrayServer] C:\PROGRA~1\MAGIX\VIDEO_~1\TrayServer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - Startup: AdbUpd.lnk = C:\Users\ASUS\AppData\Roaming\Adobe\AdobeUtil.exe
O4 - User Startup: winhelp.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 9208 bytes


Regards,
Thomas
Flat75
Active Member
 
Posts: 9
Joined: March 16th, 2011, 12:07 pm
Advertisement
Register to Remove

Re: Malware Infection ?

Unread postby Cypher » March 16th, 2011, 12:35 pm

Hi Thomas and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup your data - XP
Backup your data - Vista
Backup your data - windows 7


Please post an Uninstall list.

  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware Infection ?

Unread postby Flat75 » March 16th, 2011, 2:40 pm

Hi Cypher,

and thanks a lot in advance !

Here's the requested data:

7-Zip 9.15 beta
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2 - Deutsch
AIDA Bildschirmschoner
Amazon MP3-Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 2009
Ashampoo Burning Studio Elements 10.0.4
ASUS CopyProtect
ASUS Data Security Manager
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear eXtreme
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Touch Pad Extra
Asus_Camera_ScreenSaver
Atheros Client Installation Program
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
Audiograbber 1.83 SE
Avira AntiVir Personal - Free Antivirus
Batch JPEG Rotator v1.10
Bigle 3D
Bonjour
BRAdmin Professional 3
Brother MFL-Pro Suite MFC-5890CN
Catalyst Control Center - Branding
Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Der Herr der Ringe Online: Die Belagerung des Düsterwalds v03.0
DHTML Editing Component
DVD Shrink 3.2
Express Gate
FileZilla Client 3.3.5.1
Firebird SQL Server - MAGIX Edition
GIMP 2.6.10
Google Earth
Google Update Helper
Groundspeak Wherigo Builder
GSAK 7.7.2.56 (Final)
Hex-Editor MX
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICQ7.2
IrfanView (remove only)
iTunes
Java(TM) 6 Update 24
MAGIX 3D Maker (embeded)
MAGIX Foto Manager 9
MAGIX Fotobuch 3.6
MAGIX Online Druck Service
MAGIX Screenshare
MAGIX Video deluxe 15 Premium 8.0.0.62 (D)
MAGIX Xtreme Foto & Grafik Designer 5 Download-Version 5.0.405.1305 (D)
MAGIX Xtreme Foto Designer 6 6.0.25.0 (D)
MAGIX Xtreme Grafik Designer 5 Download-Version
McAfee Security Scan Plus
Melody Assistant
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Office Professional Edition 2003
Microsoft redistributable runtime DLLs VS2008 SP1(x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.15)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4.0 redistributable
Mufin MusicFinder Base 1.5.3.255 (D)
NB Probe
Nvu 1.0
Paint Shop Pro 5.03 CD
Pando Media Booster
PaperPort Image Printer
Puzzle 3.01
Quest for Glory II: Trial by Fire (2.0)
QuickTime
RarZilla Free Unrar
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Runes of Magic
Safari
SAP GUI for Windows 7.20
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Synaptics Pointing Device Driver
TightVNC 2.0.2
UltraCompare v7.20
UltraEdit 15.20 SE
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB2.0 UVC 1.3M WebCam
UUDeview for Windows
vcredist_x86
VLC media player 1.1.5
Winamp
WinFlash
Wireless Console 2
Zynga Toolbar

Note: The Zynga Toolbar has been there for month now and is used for Mafia Wars on Facebook. Never had any problems with that installed ...

Regards,
Thomas
Flat75
Active Member
 
Posts: 9
Joined: March 16th, 2011, 12:07 pm

Re: Malware Infection ?

Unread postby Cypher » March 16th, 2011, 2:57 pm

Hi Thomas.
Ok continue with the instructions below please.

Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
McAfee Security Scan Plus

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)


Next.

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.
  • Right click on TDSSKiller.exe and select "Run As Administrator" to run it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Logs/Information to Post in your Next Reply

  • RSIT log.txt and info.txt contents.
  • TDSSKiller log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware Infection ?

Unread postby Flat75 » March 17th, 2011, 12:23 am

Here's the log.txt output:


Logfile of random's system information tool 1.08 (written by random/random)
Run by ASUS at 2011-03-17 05:20:43
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 58 GB (38%) free of 153 GB
Total RAM: 3071 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 05:21:20, on 17.03.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Winamp\winamp.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ASUS\Downloads\RSIT.exe
C:\Program Files\trend micro\ASUS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TrayServer] C:\PROGRA~1\MAGIX\VIDEO_~1\TrayServer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: AdbUpd.lnk = C:\Users\ASUS\AppData\Roaming\Adobe\AdobeUtil.exe
O4 - User Startup: winhelp.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 9555 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2017770861-2900279305-2756778700-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2017770861-2900279305-2756778700-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{E3C043B4-A563-42DE-AA81-45BC713BD996}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
Zynga Toolbar - C:\Program Files\Zynga\tbZyn1.dll [2010-12-12 2735200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7b13ec3e-999a-4b70-b9cb-2617b8323822} - Zynga Toolbar - C:\Program Files\Zynga\tbZyn1.dll [2010-12-12 2735200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-09-09 6281760]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMedia.exe [2008-06-25 159744]
"ASUSTPE"=C:\Windows\system32\ASUSTPE.exe [2007-10-12 106496]
"ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2010-06-15 47672]
"ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe [2010-06-15 33136]
"Skytel"=C:\Windows\Skytel.exe [2008-09-09 1833504]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-12-09 74752]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-12 281768]
"tvncontrol"=C:\Program Files\TightVNC\tvnserver.exe [2010-07-08 815704]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"TrayServer"=C:\PROGRA~1\MAGIX\VIDEO_~1\TrayServer.exe [2008-08-07 90112]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-12-14 47904]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2008-07-09 29984]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2008-07-09 46368]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-04-11 1085440]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-12-21 86016]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-03-07 421160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Google Update"=C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-20 136176]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2010-11-20 2975640]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2011-01-05 133432]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []

C:\Users\ASUS\AppData\Local\Windows
winhelp.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
CPNP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"SoftwareSASGeneration"=1
"HideFastUserSwitching"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutorun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-03-17 05:20:43 ----D---- C:\rsit
2011-03-16 16:58:29 ----D---- C:\Program Files\Trend Micro
2011-03-16 05:13:01 ----A---- C:\Windows\system32\shsvcs.dll
2011-03-10 18:42:00 ----D---- C:\Program Files\iPod
2011-03-09 16:32:04 ----RD---- C:\Users\ASUS\AppData\Roaming\Brother
2011-03-09 05:22:49 ----A---- C:\Windows\system32\sbeio.dll
2011-03-09 05:22:49 ----A---- C:\Windows\system32\sbe.dll
2011-03-09 05:22:49 ----A---- C:\Windows\system32\EncDec.dll
2011-03-09 05:22:48 ----A---- C:\Windows\system32\mstscax.dll
2011-03-09 05:22:47 ----A---- C:\Windows\system32\mstsc.exe
2011-03-05 16:57:22 ----D---- C:\Program Files\Common Files\Java
2011-03-05 16:57:11 ----A---- C:\Windows\system32\javaws.exe
2011-03-05 16:57:11 ----A---- C:\Windows\system32\javaw.exe
2011-03-05 16:57:11 ----A---- C:\Windows\system32\java.exe
2011-03-03 16:04:40 ----D---- C:\Program Files\iTunes
2011-03-03 16:01:50 ----D---- C:\Program Files\Bonjour
2011-03-01 21:39:27 ----D---- C:\Users\ASUS\AppData\Roaming\Philipp Winterberg
2011-03-01 21:39:24 ----D---- C:\Program Files\RarZilla Free Unrar
2011-02-25 22:17:37 ----D---- C:\Program Files\AGD Interactive
2011-02-18 16:36:58 ----A---- C:\Windows\system32\usbaaplrc.dll
2011-02-18 16:36:58 ----A---- C:\Windows\system32\drivers\usbaapl.sys

======List of files/folders modified in the last 1 months======

2011-03-17 05:20:30 ----D---- C:\Windows\Temp
2011-03-17 05:19:58 ----RD---- C:\Program Files
2011-03-17 05:19:58 ----HD---- C:\ProgramData
2011-03-17 05:15:42 ----D---- C:\Users\ASUS\AppData\Roaming\Winamp
2011-03-17 05:14:02 ----D---- C:\Users\ASUS\AppData\Roaming\ICQ
2011-03-17 05:12:40 ----D---- C:\Windows\system32\Tasks
2011-03-17 05:12:26 ----A---- C:\Windows\system32\acovcnt.exe
2011-03-16 20:08:17 ----D---- C:\Windows\system32\drivers\etc
2011-03-16 16:58:30 ----SHD---- C:\Windows\Installer
2011-03-16 07:36:27 ----D---- C:\Windows\System32
2011-03-16 06:18:11 ----D---- C:\Windows\winsxs
2011-03-16 05:11:00 ----D---- C:\Windows\system32\catroot
2011-03-15 20:51:27 ----D---- C:\Users\ASUS\AppData\Roaming\gtk-2.0
2011-03-15 19:42:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-03-15 19:42:58 ----D---- C:\Windows\inf
2011-03-15 05:18:28 ----D---- C:\Windows\system32\catroot2
2011-03-13 17:04:59 ----D---- C:\Users\ASUS\AppData\Roaming\Adobe
2011-03-11 20:36:39 ----D---- C:\Windows\system32\WDI
2011-03-11 05:15:41 ----D---- C:\Windows
2011-03-10 18:41:59 ----D---- C:\Program Files\Common Files\Apple
2011-03-10 18:36:19 ----D---- C:\Windows\system32\drivers
2011-03-09 06:32:51 ----D---- C:\Windows\Debug
2011-03-07 21:02:27 ----D---- C:\Program Files\Mozilla Firefox
2011-03-05 16:57:22 ----D---- C:\Program Files\Common Files
2011-03-05 16:57:09 ----D---- C:\Program Files\Java
2011-03-03 16:04:51 ----D---- C:\Windows\Prefetch
2011-03-02 19:56:50 ----A---- C:\Windows\system32\mrt.exe
2011-03-01 20:28:49 ----D---- C:\Program Files\Runes of Magic
2011-02-26 13:41:13 ----D---- C:\Users\ASUS\AppData\Roaming\gsak
2011-02-26 13:39:24 ----D---- C:\Users\ASUS\AppData\Roaming\IDMComp
2011-02-24 08:17:24 ----RSD---- C:\Windows\assembly
2011-02-24 08:17:24 ----D---- C:\Windows\Microsoft.NET
2011-02-24 07:02:49 ----D---- C:\Windows\rescache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2007-08-11 29752]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-12-27 135096]
R1 FW1;SecuRemote Miniport; C:\Windows\system32\DRIVERS\fw.sys [2007-05-24 2234800]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-12-01 61960]
R2 CP_OMDRV;Check Point Office Mode Module; C:\Windows\System32\drivers\omdrv.sys [2007-05-24 36368]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient; C:\Windows\system32\DRIVERS\vnasc.sys [2007-05-24 110032]
R2 VPN-1;VPN-1 Module; C:\Windows\System32\drivers\vpn.sys [2007-05-24 673456]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-10 3839488]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-09-09 2167128]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-06-03 15928]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-11-10 57856]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
R3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-05-22 1772544]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-02-18 41984]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-12 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-12-13 267944]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-06-10 692224]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [2010-08-04 65536]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 SR_Service;Check Point VPN-1 Securemote service; C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe [2007-05-24 106586]
R2 SR_Watchdog;Check Point VPN-1 Securemote watchdog; C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe [2007-05-24 36955]
R2 tvnserver;TightVNC Server; C:\Program Files\TightVNC\tvnserver.exe [2010-07-08 815704]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2011-03-07 820520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-20 136176]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
Flat75
Active Member
 
Posts: 9
Joined: March 16th, 2011, 12:07 pm

Re: Malware Infection ?

Unread postby Flat75 » March 17th, 2011, 12:24 am

And here comes the info.txt:


info.txt logfile of random's system information tool 1.08 2011-03-17 05:21:23

======Uninstall list======

-->C:\Program Files\MAGIX\Speed2_burnR_mxcdr\unwise.exe
7-Zip 9.15 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10n_Plugin.exe -maintain plugin
Adobe Reader 9.4.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A94000000001}
AIDA Bildschirmschoner-->"C:\Windows\AIDA Bildschirmschoner Uninstaller\unins000.exe"
Amazon MP3-Downloader 1.0.9-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Apple Application Support-->MsiExec.exe /I{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}
Apple Mobile Device Support-->MsiExec.exe /I{CACAEB5F-174D-4C7C-AC56-A33289A807CA}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Ashampoo Burning Studio 2009-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 2009\unins000.exe"
Ashampoo Burning Studio Elements 10.0.4-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio Elements\unins000.exe"
ASUS CopyProtect-->MsiExec.exe /I{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}
ASUS Data Security Manager-->C:\Program Files\InstallShield Installation Information\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9
ASUS Power4Gear eXtreme-->MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}
ASUS SmartLogon-->MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}
ASUS Splendid Video Enhancement Technology-->MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D}
ASUS Touch Pad Extra-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB891739-2EB3-45A8-9CBD-941C255CECD4}\SETUP.EXE" -l0x9
Asus_Camera_ScreenSaver-->"C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe"
Atheros Client Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\setup.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Media-->MsiExec.exe /I{D1E5870E-E3E5-4475-98A6-ADD614524ADF}
ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly
Audiograbber 1.83 SE -->"C:\Program Files\Audiograbber\Uninstall.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Batch JPEG Rotator v1.10-->"C:\Program Files\Batch JPEG Rotator\unins000.exe"
Bigle 3D-->C:\Program Files\Bigle 3D\Uninst.exe
Bonjour-->MsiExec.exe /X{2A981294-F14C-4F0F-9627-D793270922F8}
BRAdmin Professional 3-->C:\Program Files\InstallShield Installation Information\{75C885D4-C758-4896-A3B4-90DA34B44C31}\setup.exe -runfromtemp -l0x0007 -uninst -removeonly
Brother MFL-Pro Suite MFC-5890CN-->"C:\Program Files\InstallShield Installation Information\{6E315D6D-0F1C-4C27-920B-807B4F57C8B2}\Setup.exe" -runfromtemp -l0x0007 UNINSTALL Reg=BH9_C5 -removeonly
Catalyst Control Center - Branding-->MsiExec.exe /I{E3A5DDF7-17BD-43F1-9EBA-BB136EEB17DC}
Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2-->MsiExec.exe /X{057f6911-35fd-4c8d-883f-11b8814480c9}
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Der Herr der Ringe Online: Die Belagerung des Düsterwalds v03.0-->"C:\Program Files\Codemasters\Der Herr der Ringe Online\unins000.exe"
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Express Gate-->MsiExec.exe /I{27D51A76-371D-48B6-B06E-4137A15B7583}
FileZilla Client 3.3.5.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Firebird SQL Server - MAGIX Edition-->MsiExec.exe /X{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}
GIMP 2.6.10-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Groundspeak Wherigo Builder-->MsiExec.exe /I{523D8C1B-3309-4F8E-A15B-6C0E8A0B7D72}
GSAK 7.7.2.56 (Final)-->"C:\Program Files\gsak\unins000.exe"
Hex-Editor MX-->"C:\Program Files\Hex-Editor MX\unins000.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ7.2-->"C:\Program Files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{2A697B53-0DE3-42DA-B41D-C3F804B1C538}
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
MAGIX 3D Maker (embeded)-->C:\Program Files\MAGIX\Common\3D_Maker_embeded\unwise.exe
MAGIX Foto Manager 9-->C:\Program Files\MAGIX\Foto_Manager_9\unwise.exe
MAGIX Fotobuch 3.6-->C:\Program Files\MAGIX\MAGIX Fotobuch\uninstall.exe
MAGIX Online Druck Service-->C:\Program Files\MAGIX\Online_Druck_Service\unwise.exe
MAGIX Screenshare-->C:\Program Files\MAGIX\PCVisit\unwise.exe
MAGIX Video deluxe 15 Premium 8.0.0.62 (D)-->C:\Program Files\MAGIX\Video_deluxe_15_Premium\unwise.exe
MAGIX Xtreme Foto & Grafik Designer 5 Download-Version 5.0.405.1305 (D)-->C:\Program Files\MAGIX\Xtreme Foto Grafik Designer 5 Download-Version\unwise.exe
MAGIX Xtreme Foto Designer 6 6.0.25.0 (D)-->C:\Program Files\MAGIX\Xtreme_Foto_Designer_6\unwise.exe
MAGIX Xtreme Grafik Designer 5 Download-Version-->MsiExec.exe /X{5A546C16-7231-424C-907B-0BE17EA6F633}
Melody Assistant-->C:\Program Files\Melody Assistant\Uninstal\Uninstal.exe
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110407-6000-11D3-8CFE-0150048383C9}
Microsoft redistributable runtime DLLs VS2008 SP1(x86)-->MsiExec.exe /I{A47A9101-6EB5-4314-BDA1-297880FBB908}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML4.0 redistributable-->MsiExec.exe /I{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}
Mufin MusicFinder Base 1.5.3.255 (D)-->C:\Program Files\MAGIX\Mufin MusicFinder\unwise.exe
NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9
Nvu 1.0-->"C:\Program Files\Nvu\unins000.exe"
Paint Shop Pro 5.03 CD-->C:\PROGRA~1\PAINTS~1\Unwise.exe C:\PROGRA~1\PAINTS~1\INSTALL.LOG
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018A522F1B2C}
Puzzle 3.01-->C:\Program Files\Puzzle301\SXUNINST.EXE
Quest for Glory II: Trial by Fire (2.0)-->"C:\Program Files\AGD Interactive\Quest for Glory II\unins000.exe"
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
RarZilla Free Unrar-->C:\Program Files\RarZilla Free Unrar\uninstall.exe
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\SETUP.exe" -l0x9 -removeonly
Runes of Magic-->"C:\Program Files\Runes of Magic\unins000.exe"
Safari-->MsiExec.exe /I{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}
SAP GUI for Windows 7.20-->"C:\Program Files\SAP\SAPsetup\setup\NwSapSetup.exe" /uninstall /product="ECL710+BW350+KW710+GUI710ISHMED+GUI710TWEAK+JNet+SAPGUI710" /TitleComponent:"SAPGUI710" /IgnoreMissingProducts
ScanSoft PaperPort 11-->MsiExec.exe /I{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TightVNC 2.0.2-->C:\Program Files\TightVNC\uninstall.exe
UltraCompare v7.20-->MsiExec.exe /I{A9E5C983-1B44-405D-9725-CD92C49863B3}
UltraEdit 15.20 SE-->MsiExec.exe /I{A8606865-6D52-44C1-82BD-A3C9A80222D4}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
USB2.0 UVC 1.3M WebCam-->C:\Windows\snuninst.exe /name='USB2.0 UVC 1.3M WebCam'
UUDeview for Windows-->C:\PROGRA~1\UUDeview\UNWISE.EXE C:\PROGRA~1\UUDeview\INSTALL.LOG
vcredist_x86-->MsiExec.exe /I{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}
VLC media player 1.1.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9
Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x0009 -removeonly
Zynga Toolbar-->C:\PROGRA~1\Zynga\UNWISE.EXE /U C:\PROGRA~1\Zynga\INSTALL.LOG

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: ASUS-PC
Event Code: 7036
Message: Dienst "Benachrichtigungsdienst für Systemereignisse" befindet sich jetzt im Status "Ausgeführt".
Record Number: 3675421
Source Name: Service Control Manager
Time Written: 20101214053048.000000-000
Event Type: Informationen
User:

Computer Name: ASUS-PC
Event Code: 7036
Message: Dienst "COM+-Ereignissystem" befindet sich jetzt im Status "Ausgeführt".
Record Number: 3675420
Source Name: Service Control Manager
Time Written: 20101214053048.000000-000
Event Type: Informationen
User:

Computer Name: ASUS-PC
Event Code: 7036
Message: Dienst "Softwarelizenzierung" befindet sich jetzt im Status "Ausgeführt".
Record Number: 3675419
Source Name: Service Control Manager
Time Written: 20101214053048.000000-000
Event Type: Informationen
User:

Computer Name: ASUS-PC
Event Code: 7036
Message: Dienst "Designs" befindet sich jetzt im Status "Ausgeführt".
Record Number: 3675418
Source Name: Service Control Manager
Time Written: 20101214053048.000000-000
Event Type: Informationen
User:

Computer Name: ASUS-PC
Event Code: 7036
Message: Dienst "Gruppenrichtlinienclient" befindet sich jetzt im Status "Ausgeführt".
Record Number: 3675417
Source Name: Service Control Manager
Time Written: 20101214053048.000000-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: ASUS-PC
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet.


Record Number: 498
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100730153633.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: WIN-KNRI7EZW3OQ
Event Code: 9009
Message: Der Desktopfenster-Manager wurde mit dem Code (0xc00002fe) abgebrochen.
Record Number: 497
Source Name: Desktop Window Manager
Time Written: 20100615045332.000000-000
Event Type: Informationen
User:

Computer Name: WIN-KNRI7EZW3OQ
Event Code: 8225
Message: Der VSS-Dienst wird aufgrund eines Ereignisses vom Dienststeuerungs-Manager heruntergefahren.
Record Number: 496
Source Name: VSS
Time Written: 20100615045332.000000-000
Event Type: Informationen
User:

Computer Name: WIN-KNRI7EZW3OQ
Event Code: 1013
Message: Der Windows-Suchdienst wurde normal beendet.

Record Number: 495
Source Name: Microsoft-Windows-Search
Time Written: 20100615045258.000000-000
Event Type: Informationen
User:

Computer Name: WIN-KNRI7EZW3OQ
Event Code: 1003
Message: Der Windows-Suchdienst wurde gestartet.

Record Number: 494
Source Name: Microsoft-Windows-Search
Time Written: 20100615045255.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: WIN-KNRI7EZW3OQ
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: WIN-KNRI7EZW3OQ$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT AUTHORITY
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x27c
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Netzwerkadresse: -
Port: -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 436
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100615045259.569600-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-KNRI7EZW3OQ
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT AUTHORITY
Anmelde-ID: 0x3e7

Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 435
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100615045251.644800-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-KNRI7EZW3OQ
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: WIN-KNRI7EZW3OQ$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Anmeldetyp: 5

Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT AUTHORITY
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x27c
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 434
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100615045251.644800-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-KNRI7EZW3OQ
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: WIN-KNRI7EZW3OQ$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT AUTHORITY
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x27c
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Netzwerkadresse: -
Port: -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 433
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100615045251.644800-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-KNRI7EZW3OQ
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
Sicherheits- ID: S-1-5-21-2017770861-2900279305-2756778700-500
Kontoname: Administrator
Domänenname: WIN-KNRI7EZW3OQ
Logon-ID: 0x39a09
Record Number: 432
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100615045249.882000-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"configsetroot"=%SystemRoot%\ConfigSetRoot
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Flat75
Active Member
 
Posts: 9
Joined: March 16th, 2011, 12:07 pm

Re: Malware Infection ?

Unread postby Flat75 » March 17th, 2011, 12:27 am

And now the TDSkiller output:


2011/03/17 05:25:49.0888 1104 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/17 05:25:50.0170 1104 ================================================================================
2011/03/17 05:25:50.0170 1104 SystemInfo:
2011/03/17 05:25:50.0170 1104
2011/03/17 05:25:50.0171 1104 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/17 05:25:50.0171 1104 Product type: Workstation
2011/03/17 05:25:50.0171 1104 ComputerName: ASUS-PC
2011/03/17 05:25:50.0171 1104 UserName: ASUS
2011/03/17 05:25:50.0171 1104 Windows directory: C:\Windows
2011/03/17 05:25:50.0171 1104 System windows directory: C:\Windows
2011/03/17 05:25:50.0171 1104 Processor architecture: Intel x86
2011/03/17 05:25:50.0171 1104 Number of processors: 2
2011/03/17 05:25:50.0171 1104 Page size: 0x1000
2011/03/17 05:25:50.0171 1104 Boot type: Normal boot
2011/03/17 05:25:50.0171 1104 ================================================================================
2011/03/17 05:25:50.0709 1104 Initialize success
2011/03/17 05:26:06.0000 3480 ================================================================================
2011/03/17 05:26:06.0000 3480 Scan started
2011/03/17 05:26:06.0000 3480 Mode: Manual;
2011/03/17 05:26:06.0000 3480 ================================================================================
2011/03/17 05:26:07.0135 3480 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/17 05:26:07.0200 3480 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/17 05:26:07.0272 3480 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/17 05:26:07.0317 3480 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/17 05:26:07.0357 3480 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/17 05:26:07.0516 3480 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/17 05:26:07.0565 3480 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/17 05:26:07.0661 3480 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/17 05:26:07.0725 3480 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/17 05:26:07.0780 3480 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/17 05:26:07.0820 3480 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/17 05:26:07.0892 3480 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/17 05:26:07.0921 3480 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/17 05:26:08.0096 3480 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/17 05:26:08.0137 3480 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/17 05:26:08.0201 3480 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
2011/03/17 05:26:08.0292 3480 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2011/03/17 05:26:08.0401 3480 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/17 05:26:08.0444 3480 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/03/17 05:26:08.0527 3480 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
2011/03/17 05:26:08.0745 3480 atikmdag (c87059b5cc23959efa8b17e2e526a21f) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/17 05:26:09.0019 3480 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/03/17 05:26:09.0050 3480 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/03/17 05:26:09.0156 3480 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/17 05:26:09.0222 3480 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/17 05:26:09.0282 3480 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/17 05:26:09.0331 3480 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/17 05:26:09.0360 3480 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/17 05:26:09.0457 3480 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/17 05:26:09.0483 3480 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/17 05:26:09.0514 3480 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/17 05:26:09.0542 3480 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/17 05:26:09.0581 3480 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/17 05:26:09.0619 3480 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/17 05:26:09.0685 3480 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/17 05:26:09.0743 3480 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/17 05:26:09.0792 3480 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/17 05:26:09.0890 3480 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/17 05:26:09.0919 3480 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/17 05:26:09.0943 3480 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/17 05:26:09.0992 3480 CP_OMDRV (7f1706911862276f5144984d07ba9e3b) C:\Windows\system32\drivers\omdrv.sys
2011/03/17 05:26:10.0032 3480 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/17 05:26:10.0067 3480 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/17 05:26:10.0198 3480 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/17 05:26:10.0310 3480 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/17 05:26:10.0417 3480 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/17 05:26:10.0480 3480 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/17 05:26:10.0548 3480 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/17 05:26:10.0656 3480 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/17 05:26:10.0745 3480 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/17 05:26:10.0814 3480 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/17 05:26:10.0899 3480 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/17 05:26:11.0039 3480 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/17 05:26:11.0099 3480 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/17 05:26:11.0158 3480 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/17 05:26:11.0182 3480 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/17 05:26:11.0217 3480 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/17 05:26:11.0252 3480 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/17 05:26:11.0300 3480 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/17 05:26:11.0405 3480 FW1 (e03a6d546c2cccfcf07ae8a1a0a9347d) C:\Windows\system32\DRIVERS\fw.sys
2011/03/17 05:26:11.0483 3480 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/17 05:26:11.0536 3480 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/17 05:26:11.0612 3480 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2011/03/17 05:26:11.0747 3480 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/17 05:26:11.0814 3480 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/17 05:26:11.0875 3480 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/17 05:26:11.0919 3480 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/17 05:26:12.0028 3480 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/17 05:26:12.0077 3480 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/17 05:26:12.0164 3480 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/17 05:26:12.0208 3480 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/17 05:26:12.0301 3480 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/17 05:26:12.0367 3480 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/17 05:26:12.0489 3480 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/17 05:26:12.0683 3480 IntcAzAudAddService (2e06052066ce4489cdfbfb8329ea52b1) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/17 05:26:12.0814 3480 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/17 05:26:12.0857 3480 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/17 05:26:12.0934 3480 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/17 05:26:13.0064 3480 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/17 05:26:13.0119 3480 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/17 05:26:13.0188 3480 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/17 05:26:13.0240 3480 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/17 05:26:13.0301 3480 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/17 05:26:13.0358 3480 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/17 05:26:13.0397 3480 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/17 05:26:13.0453 3480 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/17 05:26:13.0497 3480 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/03/17 05:26:13.0603 3480 kbfiltr (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/03/17 05:26:13.0667 3480 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/17 05:26:13.0742 3480 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/17 05:26:13.0801 3480 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/17 05:26:13.0836 3480 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/17 05:26:13.0877 3480 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/17 05:26:13.0958 3480 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/17 05:26:13.0993 3480 lullaby (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys
2011/03/17 05:26:14.0045 3480 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/17 05:26:14.0099 3480 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/17 05:26:14.0148 3480 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/17 05:26:14.0198 3480 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/17 05:26:14.0230 3480 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/17 05:26:14.0263 3480 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/17 05:26:14.0300 3480 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/17 05:26:14.0352 3480 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/17 05:26:14.0394 3480 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/17 05:26:14.0438 3480 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/17 05:26:14.0489 3480 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/17 05:26:14.0520 3480 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/17 05:26:14.0558 3480 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/17 05:26:14.0600 3480 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/17 05:26:14.0643 3480 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/17 05:26:14.0683 3480 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/17 05:26:14.0753 3480 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/17 05:26:14.0809 3480 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/17 05:26:14.0861 3480 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/17 05:26:14.0886 3480 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/17 05:26:14.0931 3480 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/17 05:26:14.0970 3480 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/17 05:26:15.0054 3480 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/17 05:26:15.0079 3480 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/17 05:26:15.0153 3480 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2011/03/17 05:26:15.0207 3480 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/17 05:26:15.0313 3480 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/17 05:26:15.0394 3480 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/17 05:26:15.0454 3480 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/17 05:26:15.0506 3480 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/17 05:26:15.0583 3480 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/17 05:26:15.0630 3480 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/17 05:26:15.0671 3480 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/17 05:26:15.0728 3480 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/17 05:26:15.0800 3480 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/17 05:26:15.0852 3480 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/17 05:26:15.0896 3480 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/17 05:26:15.0986 3480 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/17 05:26:16.0104 3480 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/17 05:26:16.0143 3480 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/17 05:26:16.0180 3480 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/17 05:26:16.0224 3480 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/17 05:26:16.0257 3480 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/17 05:26:16.0342 3480 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/17 05:26:16.0491 3480 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/17 05:26:16.0532 3480 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/17 05:26:16.0583 3480 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/17 05:26:16.0637 3480 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/17 05:26:16.0703 3480 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/03/17 05:26:16.0752 3480 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/17 05:26:16.0816 3480 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/17 05:26:16.0966 3480 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/17 05:26:17.0010 3480 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/17 05:26:17.0147 3480 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/17 05:26:17.0225 3480 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/17 05:26:17.0331 3480 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/17 05:26:17.0380 3480 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/17 05:26:17.0418 3480 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/17 05:26:17.0462 3480 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/17 05:26:17.0519 3480 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/17 05:26:17.0569 3480 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/17 05:26:17.0618 3480 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/17 05:26:17.0662 3480 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/17 05:26:17.0708 3480 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/17 05:26:17.0735 3480 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/17 05:26:17.0801 3480 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/17 05:26:17.0974 3480 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/17 05:26:18.0065 3480 RTSTOR (557d431125aa3d58f2d132fda1eb8255) C:\Windows\system32\drivers\RTSTOR.SYS
2011/03/17 05:26:18.0119 3480 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/17 05:26:18.0217 3480 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/17 05:26:18.0313 3480 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/17 05:26:18.0364 3480 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/17 05:26:18.0405 3480 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/17 05:26:18.0454 3480 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/17 05:26:18.0526 3480 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/17 05:26:18.0557 3480 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/17 05:26:18.0638 3480 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/17 05:26:18.0743 3480 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/17 05:26:18.0815 3480 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/17 05:26:18.0891 3480 SiSGbeLH (a029482be40def54df02fce751aa16dc) C:\Windows\system32\DRIVERS\SiSGB6.sys
2011/03/17 05:26:18.0955 3480 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/17 05:26:18.0997 3480 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/17 05:26:19.0062 3480 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/17 05:26:19.0178 3480 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
2011/03/17 05:26:19.0327 3480 SNP2UVC (a709dfa1674c1ed61ef7b5f29b38eeb1) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/03/17 05:26:19.0413 3480 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/17 05:26:19.0498 3480 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/17 05:26:19.0545 3480 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/17 05:26:19.0590 3480 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/17 05:26:19.0693 3480 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/03/17 05:26:19.0754 3480 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/03/17 05:26:19.0823 3480 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/17 05:26:19.0888 3480 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/17 05:26:19.0942 3480 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/17 05:26:19.0975 3480 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/17 05:26:20.0025 3480 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/17 05:26:20.0133 3480 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/03/17 05:26:20.0212 3480 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/17 05:26:20.0270 3480 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/17 05:26:20.0322 3480 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/17 05:26:20.0363 3480 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/17 05:26:20.0421 3480 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/17 05:26:20.0472 3480 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/17 05:26:20.0594 3480 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/17 05:26:20.0634 3480 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/17 05:26:20.0669 3480 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/17 05:26:20.0734 3480 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/17 05:26:20.0797 3480 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/17 05:26:20.0864 3480 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/17 05:26:20.0911 3480 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/17 05:26:20.0949 3480 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/17 05:26:21.0005 3480 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/17 05:26:21.0068 3480 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/17 05:26:21.0144 3480 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/17 05:26:21.0222 3480 usbccgp (a7cd5b4adea26765cab06bdab7b07b13) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/17 05:26:21.0277 3480 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/17 05:26:21.0328 3480 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/17 05:26:21.0382 3480 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/17 05:26:21.0440 3480 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/17 05:26:21.0486 3480 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/17 05:26:21.0542 3480 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/17 05:26:21.0583 3480 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/17 05:26:21.0649 3480 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/17 05:26:21.0716 3480 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/17 05:26:21.0760 3480 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/17 05:26:21.0800 3480 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/17 05:26:21.0837 3480 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/17 05:26:21.0892 3480 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/17 05:26:21.0946 3480 VNASC (5fb77241b22bfbdc2fdef011696701b2) C:\Windows\system32\DRIVERS\vnasc.sys
2011/03/17 05:26:21.0974 3480 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/17 05:26:22.0042 3480 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/17 05:26:22.0102 3480 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/17 05:26:22.0215 3480 VPN-1 (f93742fa61f8b204d9a70d2d4b333782) C:\Windows\System32\drivers\vpn.sys
2011/03/17 05:26:22.0285 3480 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/17 05:26:22.0362 3480 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/17 05:26:22.0413 3480 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/17 05:26:22.0457 3480 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/17 05:26:22.0520 3480 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/17 05:26:22.0599 3480 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/17 05:26:22.0760 3480 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/17 05:26:22.0855 3480 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/17 05:26:22.0922 3480 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/17 05:26:23.0011 3480 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/17 05:26:23.0072 3480 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/03/17 05:26:23.0150 3480 ================================================================================
2011/03/17 05:26:23.0150 3480 Scan finished
2011/03/17 05:26:23.0150 3480 ================================================================================
Flat75
Active Member
 
Posts: 9
Joined: March 16th, 2011, 12:07 pm

Re: Malware Infection ?

Unread postby Cypher » March 17th, 2011, 6:30 am

Hi Flat75.
Let me know if your searches are still redirected after doing the following.

Disable Avira anti-virus

  • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
  • Note: Don't forget to re-enable it after the fix.

Next.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



Logs/Information to Post in your Next Reply

  • ComboFix.txt.
  • Please give me an update on how your computer is performing.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware Infection ?

Unread postby Flat75 » March 17th, 2011, 11:37 am

Hi there,

everything's looking fine right know.
(At least as far as I can tell)

Google Links are no longer being redirected.

Thanks a lot for the great support !!

Regards,
Thomas
Flat75
Active Member
 
Posts: 9
Joined: March 16th, 2011, 12:07 pm

Re: Malware Infection ?

Unread postby Cypher » March 17th, 2011, 12:12 pm

Hi Thomas.
Did you run ComboFix?
I need to see the log it produced post it in your next reply.
It can be found at C:\ComboFix.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware Infection ?

Unread postby Flat75 » March 19th, 2011, 6:05 am

Here's the log output:


ComboFix 11-03-16.05 - ASUS 19.03.2011 10:43:11.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3071.2082 [GMT 1:00]
ausgeführt von:: c:\users\ASUS\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-19 bis 2011-03-19 ))))))))))))))))))))))))))))))
.
.
2011-03-19 09:53 . 2011-03-19 09:53 -------- d-----w- c:\users\ASUS\AppData\Local\temp
2011-03-19 09:53 . 2011-03-19 09:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-17 04:20 . 2011-03-17 04:21 -------- d-----w- C:\rsit
2011-03-16 15:58 . 2011-03-16 15:58 388096 ----a-r- c:\users\ASUS\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-16 15:58 . 2011-03-17 04:21 -------- d-----w- c:\program files\Trend Micro
2011-03-16 05:02 . 2011-03-19 06:53 -------- d--h--w- c:\users\ASUS\AppData\Local\Windows
2011-03-16 05:02 . 2011-03-16 05:02 -------- d--h--w- c:\users\ASUS\AppData\Local\Server
2011-03-03 15:01 . 2011-03-03 15:01 -------- d-----w- c:\program files\Bonjour
2011-03-01 20:39 . 2011-03-01 20:39 -------- d-----w- c:\users\ASUS\AppData\Roaming\Philipp Winterberg
2011-03-01 20:39 . 2011-03-01 20:39 -------- d-----w- c:\program files\RarZilla Free Unrar
2011-02-25 21:17 . 2011-02-25 21:17 -------- d-----w- c:\program files\AGD Interactive
2011-02-18 15:36 . 2011-02-18 15:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 06:30 . 2010-06-15 19:38 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-02-02 20:40 . 2010-08-09 20:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-01 19:26 . 2011-02-01 19:26 1409 ----a-w- c:\windows\Fonts\SToccata.fot
2011-01-20 16:37 . 2011-02-09 05:01 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 05:01 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 05:01 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 05:01 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-09 05:01 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 05:01 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-09 05:01 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 05:01 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 05:01 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 05:01 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 05:01 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 05:01 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 05:01 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 05:02 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 05:02 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 05:01 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 05:01 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 05:02 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 05:02 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 05:02 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 05:02 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 05:02 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 05:02 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 05:02 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 05:01 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 05:02 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 05:02 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 05:02 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-09 04:58 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 04:58 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 05:02 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 20:05 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-27 11:06 . 2010-08-09 19:27 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-12-12 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-12-12 17:52 2735200 ----a-w- c:\program files\Zynga\tbZyn1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-12-12 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-12-12 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-20 136176]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-11-20 2975640]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 6281760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2010-06-15 47672]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2010-06-15 33136]
"Skytel"="Skytel.exe" [2008-09-09 1833504]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-12 281768]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2010-07-08 815704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2008-08-07 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"HideFastUserSwitching"= 1 (0x1)
.
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\Brother\BRAdmin Professional 3\bratimer.exe [2010-08-04 65536]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [2007-05-24 2234800]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-12 135336]
S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2007-05-24 36368]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2010-07-08 815704]
S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [2007-05-24 110032]
S2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [2007-05-24 673456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 16:29]
.
2011-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 16:29]
.
2011-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2017770861-2900279305-2756778700-1000Core.job
- c:\users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-02 16:29]
.
2011-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2017770861-2900279305-2756778700-1000UA.job
- c:\users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-02 16:29]
.
2011-03-19 c:\windows\Tasks\User_Feed_Synchronization-{E3C043B4-A563-42DE-AA81-45BC713BD996}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ellp5gld.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-19 10:53
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
[0] 0x240489C4
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5628)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Zeit der Fertigstellung: 2011-03-19 10:56:05
ComboFix-quarantined-files.txt 2011-03-19 09:56
ComboFix2.txt 2011-03-18 11:43
ComboFix3.txt 2011-03-18 08:09
ComboFix4.txt 2011-03-17 15:29
.
Vor Suchlauf: 12 Verzeichnis(se), 61.189.705.728 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 61.182.959.616 Bytes frei
.
- - End Of File - - 9E2C743DA654171361905ED2209606A8
Flat75
Active Member
 
Posts: 9
Joined: March 16th, 2011, 12:07 pm

Re: Malware Infection ?

Unread postby Cypher » March 19th, 2011, 6:48 am

Hi Flat75.
Your log indicates that ComboFix has been run four times on your computer.
Please post the contents of the ComboFix-Quarantined-files.txt
You will find it in the C:\QooBox folder.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware Infection ?

Unread postby Flat75 » March 20th, 2011, 3:26 am

Hi there,

here you go:

2011-03-17 15:07:54 . 2011-03-19 09:51:26 6,202 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-03-17 14:56:22 . 2011-03-19 09:43:11 288 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-03-13 16:04:25 . 2011-03-13 16:04:59 0 ----a-w- C:\Qoobox\Quarantine\C\Users\ASUS\AppData\Roaming\Adobe\adb.cer.vir
2011-03-13 16:04:25 . 2011-03-13 16:04:59 773 ----a-w- C:\Qoobox\Quarantine\C\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdbUpd.lnk.vir
2011-03-13 16:04:25 . 2009-03-08 11:31:00 45,568 ----a-w- C:\Qoobox\Quarantine\C\Users\ASUS\AppData\Roaming\Adobe\AdobeUtil .exe.vir
2011-03-09 15:26:26 . 2011-03-09 15:26:26 62,464 ----a-w- C:\Qoobox\Quarantine\C\Users\ASUS\AppData\Roaming\Adobe\AdobeUtil.exe.vir
2010-10-17 18:16:13 . 2010-11-22 20:33:57 130 ----a-w- C:\Qoobox\Quarantine\C\Users\ASUS\AppData\Roaming\EurekaLog\EurekaLog.ini.vir
2010-10-17 18:15:45 . 2000-01-24 03:01:00 111,104 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\midas.dll.vir

Regards,
Thomas
Flat75
Active Member
 
Posts: 9
Joined: March 16th, 2011, 12:07 pm

Re: Malware Infection ?

Unread postby Flat75 » March 20th, 2011, 3:26 am

Hi there,

here you go:

2011-03-17 15:07:54 . 2011-03-19 09:51:26 6,202 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-03-17 14:56:22 . 2011-03-19 09:43:11 288 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-03-13 16:04:25 . 2011-03-13 16:04:59 0 ----a-w- C:\Qoobox\Quarantine\C\Users\ASUS\AppData\Roaming\Adobe\adb.cer.vir
2011-03-13 16:04:25 . 2011-03-13 16:04:59 773 ----a-w- C:\Qoobox\Quarantine\C\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdbUpd.lnk.vir
2011-03-13 16:04:25 . 2009-03-08 11:31:00 45,568 ----a-w- C:\Qoobox\Quarantine\C\Users\ASUS\AppData\Roaming\Adobe\AdobeUtil .exe.vir
2011-03-09 15:26:26 . 2011-03-09 15:26:26 62,464 ----a-w- C:\Qoobox\Quarantine\C\Users\ASUS\AppData\Roaming\Adobe\AdobeUtil.exe.vir
2010-10-17 18:16:13 . 2010-11-22 20:33:57 130 ----a-w- C:\Qoobox\Quarantine\C\Users\ASUS\AppData\Roaming\EurekaLog\EurekaLog.ini.vir
2010-10-17 18:15:45 . 2000-01-24 03:01:00 111,104 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\midas.dll.vir

Regards,
Thomas
Flat75
Active Member
 
Posts: 9
Joined: March 16th, 2011, 12:07 pm

Re: Malware Infection ?

Unread postby Cypher » March 20th, 2011, 6:02 am

Hi Thomas.
Have any of your searches been redirected recently?
I need you to run one more scan for me.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.0.1).
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)

Next.

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

Disable Avira anti-virus

  • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
  • Note: Don't forget to re-enable it after the below scan.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on how your computer is performing.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware