| |
| |||||||
Log-Analyse und Auswertung: Vista Home Security 2012 Scareware restlos entfernt ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.06.2011, 12:56
| #1 |
 |  Vista Home Security 2012 Scareware restlos entfernt ? Hallo, ich hatte Vista Home Security 2012 Scareware auf meinen PC. Mit Hilfe von " Malwarebytes Anti-Malware " und "Spybot - Search & Destroy" konnte ich die Scareware entfernen, sodass keine Popups mehr aufgehen die melden das mein PC angeblich Virenverseucht ist und ich die Software kaufen soll. Bin mir allerdings nicht sicher ob jetzt wirklich alles restlos entfernt wurde und der PC wieder sicher ist. Deshalb hier mein Logfile. defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:45 on 17/06/2011 (Benjamin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- |
|
17.06.2011, 13:02
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Vista Home Security 2012 Scareware restlos entfernt ? CustomScan mit OTL
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
17.06.2011, 15:09
| #3 |
| | Vista Home Security 2012 Scareware restlos entfernt ? hier das Ergebniss von OTL
__________________OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.06.2011 15:17:54 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Benjamin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 63,11% Memory free
7,64 Gb Paging File | 6,92 Gb Available in Paging File | 90,58% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4000 4095 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 37,28 Gb Free Space | 53,99% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 58,10 Gb Free Space | 83,00% Space Free | Partition Type: NTFS
Computer Name: BENJAMIN-PC | User Name: Benjamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39306899-28CE-44B0-89AE-2B83CB3B0E33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7BFE9264-103A-4BD4-82B8-95AFFB4A798E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A8AE81E9-3052-4996-9CA1-8A320C1F5A8F}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{EDCAFB87-FCA0-47CE-80DA-AFF713857874}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D5DC8F-753A-4B94-9046-76CD48A5F9AE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1687C288-1D47-4CBB-AF5F-1BAB05F62C77}" = protocol=6 | dir=in | app=c:\program files\smart pc utilities\vista services optimizer\updateagent.exe |
"{19678497-61A3-4031-9453-DB5CB65D8198}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{23661545-2F58-462B-A55E-E9938A226428}" = protocol=17 | dir=in | app=c:\program files\smart pc utilities\vista services optimizer\servicesoptimizer.exe |
"{259480CC-F410-46B3-AB58-637F4F6E4477}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{2669ECBF-F671-47D6-9246-98D8BBB179C1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{376E55B8-457A-43CB-9119-FCBE369BB192}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{383F6896-5EFE-464B-A7FF-4BD991C92C18}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{40146A54-94A8-4C76-8D61-7933585B1D8E}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{5CF85196-860F-444F-8024-0F14A7455314}" = protocol=6 | dir=in | app=c:\program files\smart pc utilities\vista services optimizer\servicesoptimizer.exe |
"{63820155-5768-42DE-8BEE-381C4B08DE29}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{6CE52238-1606-4694-8FA3-2CBB5DB61C7A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{94866FA3-1B1A-407B-A894-E2823433B5A4}" = protocol=17 | dir=in | app=c:\program files\smart pc utilities\vista services optimizer\webupdate.exe |
"{98FEAB15-C6FB-4792-8CE6-0CDD2BDD15C6}" = protocol=6 | dir=in | app=c:\program files\smart pc utilities\vista services optimizer\webupdate.exe |
"{9BB153FA-B5AD-479D-8A93-A6E36664DCA8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AD62C039-5F5E-427A-8FCD-F8D695936A5E}" = protocol=17 | dir=in | app=c:\program files\smart pc utilities\vista services optimizer\updateagent.exe |
"{CB907DE1-1DC6-48E5-9D98-7781F5F3E93D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-dede-win-update-downloader.exe |
"{DE79AAEF-AAC8-445F-8A52-66702EC95333}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EDCCC6EA-BE69-40D1-8286-8C3D0EFCD490}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F03E235D-3AD9-4C17-B800-B1A8CE2D455A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-dede-win-update-downloader.exe |
"TCP Query User{01D59E42-C117-480D-8996-0007E871470B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{CED539B2-4B68-484F-8B20-CE47EFDEA9E2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{36D10377-4713-4F30-82D9-428478E5E6B4}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D7F4BF1F-F036-4792-9782-A41DA5D32C5E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A419C1-0509-4967-87F9-8761D8D6765D}" = ccc-core-static
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1EBE1FE9-A341-3E9B-84C2-ABBB25F313E7}" = Catalyst Control Center Graphics Full New
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{61EE011A-A8D9-C1BD-962D-6342A371B1DB}" = ccc-utility
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6A179A95-BA3E-8E61-D15F-A1DCC6ADBFD9}" = Catalyst Control Center Graphics Previews Vista
"{6F481C0F-B941-5E3F-CABD-0F23E718DF2C}" = Catalyst Control Center Core Implementation
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C9C4474-74D6-42F4-A6D3-C9BD5C8871D3}" = Anno 1404
"{80B55F0E-5933-B1E8-4F05-4C386A2E61BD}" = Catalyst Control Center InstallProxy
"{82C0D164-1456-0361-4F39-58435427AFCB}" = Catalyst Control Center Graphics Full Existing
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BCD9811-1084-4941-0222-F993DB70F182}" = ATI Catalyst Install Manager
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A72E0107-CFC5-16FB-BEA6-A74B94425ADD}" = CCC Help English
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BF313243-28F5-2434-0B5B-FAA0B8B30B1C}" = Catalyst Control Center Graphics Light
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D6F8B656-4127-D525-8893-8653D72DD136}" = Catalyst Control Center Graphics Previews Common
"{DB4DF8B5-E448-45E5-1C6C-0C276F828E10}" = Skins
"{DE6A3D43-B716-9973-9E2E-4620237464C4}" = Catalyst Control Center HydraVision Full
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAFC9FF9-56BE-414D-B637-537E7D06E7B9}" = Serif PhotoPlus 11
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"7-Zip" = 7-Zip 9.21beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Picasa 3" = Picasa 3
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.01
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"UseNeXT_is1" = UseNeXT
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Winamp" = Winamp (remove only)
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.06.2011 08:32:41 | Computer Name = Benjamin-PC | Source = RasClient | ID = 20227
Description =
Error - 14.06.2011 08:40:22 | Computer Name = Benjamin-PC | Source = RasClient | ID = 20227
Description =
Error - 14.06.2011 20:03:49 | Computer Name = Benjamin-PC | Source = EventSystem | ID = 4609
Description =
Error - 16.06.2011 12:21:41 | Computer Name = Benjamin-PC | Source = McLogEvent | ID = 5004
Description =
Error - 16.06.2011 12:21:41 | Computer Name = Benjamin-PC | Source = McLogEvent | ID = 5022
Description =
Error - 16.06.2011 12:21:41 | Computer Name = Benjamin-PC | Source = McLogEvent | ID = 5004
Description =
Error - 16.06.2011 12:21:41 | Computer Name = Benjamin-PC | Source = McLogEvent | ID = 5022
Description =
Error - 16.06.2011 19:28:42 | Computer Name = Benjamin-PC | Source = VSS | ID = 8194
Description =
Error - 17.06.2011 05:45:17 | Computer Name = Benjamin-PC | Source = VSS | ID = 8194
Description =
Error - 17.06.2011 05:56:56 | Computer Name = Benjamin-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 16.06.2011 14:47:16 | Computer Name = Benjamin-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 16.06.2011 14:47:24 | Computer Name = Benjamin-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 16.06.2011 15:58:05 | Computer Name = Benjamin-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 16.06.2011 15:58:49 | Computer Name = Benjamin-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 16.06.2011 17:57:10 | Computer Name = Benjamin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.06.2011 um 23:55:41 unerwartet heruntergefahren.
Error - 16.06.2011 18:06:01 | Computer Name = Benjamin-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 16.06.2011 18:08:25 | Computer Name = Benjamin-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 16.06.2011 18:41:48 | Computer Name = Benjamin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 17.06.2011 um 00:39:48 unerwartet heruntergefahren.
Error - 17.06.2011 04:24:18 | Computer Name = Benjamin-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 17.06.2011 05:29:40 | Computer Name = Benjamin-PC | Source = DCOM | ID = 10010
Description =
[ TuneUp Events ]
Error - 28.02.2009 06:24:27 | Computer Name = Benjamin-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 28.02.2009 06:24:32 | Computer Name = Benjamin-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 28.02.2009 17:35:33 | Computer Name = Benjamin-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
< End of report >
|
|
19.06.2011, 20:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vista Home Security 2012 Scareware restlos entfernt ? Sind "nur" die Extras, ich brauch auch die OTL.txt
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.06.2011, 10:31
| #5 |
| | Vista Home Security 2012 Scareware restlos entfernt ? Inhalt der OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 21.06.2011 10:57:33 - Run 2 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\x\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 51,43% Memory free 7,64 Gb Paging File | 6,75 Gb Available in Paging File | 88,37% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 4000 4095 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,05 Gb Total Space | 23,15 Gb Free Space | 33,52% Space Free | Partition Type: NTFS Drive D: | 70,00 Gb Total Space | 53,39 Gb Free Space | 76,27% Space Free | Partition Type: NTFS Computer Name: x-PC | User Name: x | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.17 15:16:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe PRC - [2010.11.02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.06.28 18:54:42 | 000,073,728 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe PRC - [2007.01.30 10:41:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2007.01.24 12:05:20 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2007.01.05 11:31:20 | 000,049,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2006.11.09 03:57:00 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.10.05 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe ========== Modules (SafeList) ========== MOD - [2011.06.17 15:16:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.06.17 22:27:45 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.11.02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP) SRV - [2007.06.28 18:54:42 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2006.10.05 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - [2011.06.17 11:57:03 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.06.17 11:57:01 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011.06.16 23:46:29 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1) DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.08.28 16:27:55 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm) DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.06.07 17:25:07 | 000,081,408 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV86.sys -- (SSHDRV86) DRV - [2007.05.06 10:07:05 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2007.02.08 00:22:28 | 002,315,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2007.02.08 00:22:28 | 002,315,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.01.05 01:14:58 | 000,153,984 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\CLBUDF.sys -- (CLBUDF) DRV - [2006.12.21 18:53:08 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CLBStor.sys -- (CLBStor) DRV - [2006.12.19 10:01:00 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.11.28 20:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.15 10:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006.11.15 05:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2005.07.07 16:26:04 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [2005.07.07 16:26:00 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2005.07.07 16:25:58 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011.06.17 00:21:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011.06.17 00:21:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011.06.17 00:21:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.17 11:05:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.17 11:02:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.06.17 11:09:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.06.17 11:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x\AppData\Roaming\mozilla\Extensions [2011.06.17 11:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2009.01.07 01:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable [2009.01.07 01:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011.06.17 23:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.06.17 23:00:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.06.16 23:49:13 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2011.06.16 23:49:10 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak File not found (No name found) -- [2011.06.17 00:21:43 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\KAVANTIBANNER@KASPERSKY.RU [2011.06.17 00:21:43 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\LINKFILTER@KASPERSKY.RU [2011.06.17 00:21:44 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU [2008.07.30 12:32:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009.03.01 19:49:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2011.06.17 23:00:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2009.06.27 21:16:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.06.17 22:59:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.03.29 00:00:11 | 000,303,871 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 10469 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - File not found O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O20 - AppInit_DLLs: (C:\PROGRA~2\AVP11\kloehk.dll) - C:\ProgramData\AVP11\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Users\x\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\x\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5446f506-158c-11dc-995f-0013773547ed}\Shell - "" = AutoRun O33 - MountPoints2\{5446f506-158c-11dc-995f-0013773547ed}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{83f56081-1530-11dc-b287-0013773547ed}\Shell - "" = AutoRun O33 - MountPoints2\{83f56081-1530-11dc-b287-0013773547ed}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{9eb4dff4-150a-11dc-9df7-0013773547ed}\Shell - "" = AutoRun O33 - MountPoints2\{9eb4dff4-150a-11dc-9df7-0013773547ed}\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: HSLAB Logger - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: HSLAB Logger Lite - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: msnmsgr - hkey= - key= - File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: swg - hkey= - key= - Reg Error: Value error. File not found MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vsmon - Service SafeBootNet: WinDefend - Service SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error. ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.WMV3 - C:\Windows\System32\wmv9vcm.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.06.18 01:14:18 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\runic games [2011.06.17 23:13:35 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3 [2011.06.17 23:09:38 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3 [2011.06.17 22:24:22 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steam [2011.06.17 22:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2011.06.17 22:24:10 | 000,000,000 | ---D | C] -- C:\Programme\Steam [2011.06.17 20:15:37 | 000,086,016 | ---- | C] (MindVision) -- C:\Windows\unvise32qt.exe [2011.06.17 20:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime [2011.06.17 20:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Happyneuron [2011.06.17 19:32:41 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\SKIDROW [2011.06.17 18:16:04 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.06.17 18:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.06.17 18:15:56 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.06.17 18:15:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.06.17 16:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2011.06.17 16:23:56 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab [2011.06.17 16:23:43 | 000,000,000 | ---D | C] -- C:\Users\x\SystemRequirementsLab [2011.06.17 15:16:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe [2011.06.17 13:43:37 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011.06.17 13:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages [2011.06.17 11:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.06.17 11:35:26 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.06.17 11:09:09 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\Thunderbird [2011.06.17 11:09:09 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\Thunderbird [2011.06.17 11:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird [2011.06.17 11:08:55 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2011.06.17 00:54:34 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2011.06.17 00:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.06.17 00:09:05 | 000,000,000 | ---D | C] -- C:\Users\x\Downloads\Documents\ForceField Shared Files [2011.06.17 00:08:45 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\CheckPoint [2011.06.17 00:07:26 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint [2011.06.17 00:07:01 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\System32\vsutil_loc0407.dll [2011.06.16 23:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011 [2011.06.16 23:49:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVP11 [2011.06.16 23:47:20 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab [2011.06.16 23:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.06.16 23:46:29 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2011.06.16 23:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2011.06.16 21:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.06.16 21:44:32 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2011.06.16 20:32:38 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~LS [2011.06.16 17:38:06 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\dvdcss [1 C:\Users\x\AppData\Local\*.tmp files -> C:\Users\x\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.21 10:52:53 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.21 10:52:53 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.21 10:52:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.18 15:06:04 | 000,010,278 | ---- | M] () -- C:\Users\x\Downloads\Documents\cc_20110618_150601.reg [2011.06.18 08:34:12 | 000,485,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.06.17 23:14:02 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2011.06.17 22:24:26 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2011.06.17 20:23:53 | 000,386,742 | ---- | M] () -- C:\Users\x\Downloads\Documents\cc_20110617_202345.reg [2011.06.17 18:16:05 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.17 15:16:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe [2011.06.17 13:45:57 | 000,000,020 | ---- | M] () -- C:\Users\x\defogger_reenable [2011.06.17 13:44:15 | 000,050,477 | ---- | M] () -- C:\Users\x\Desktop\Defogger.exe [2011.06.17 11:57:03 | 000,281,760 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys [2011.06.17 11:57:01 | 000,025,888 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.06.17 11:35:27 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.06.17 11:19:17 | 000,219,584 | ---- | M] () -- C:\Users\x\Downloads\Documents\cc_20110617_111911.reg [2011.06.17 11:09:02 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2011.06.17 11:05:45 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.06.17 10:29:26 | 000,001,642 | ---- | M] () -- C:\Users\x\Desktop\UseNeXT.lnk [2011.06.17 01:39:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.06.17 01:39:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.06.17 01:39:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.06.17 00:42:35 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2011.06.17 00:42:34 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2011.06.16 23:46:29 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2011.06.16 22:48:07 | 000,012,146 | -HS- | M] () -- C:\Users\x\AppData\Local\45462f571h6qfm66815ax6i08285hn3n8n12kclq364y2 [2011.06.16 22:23:00 | 000,012,134 | -HS- | M] () -- C:\ProgramData\45462f571h6qfm66815ax6i08285hn3n8n12kclq364y2 [2011.06.16 21:44:37 | 000,001,071 | ---- | M] () -- C:\Users\x\Desktop\Spybot - Search & Destroy.lnk [2011.06.16 20:48:15 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2011.06.16 20:48:15 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2011.06.16 18:38:33 | 000,637,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.16 18:38:32 | 000,678,092 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.16 18:38:32 | 000,147,050 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.16 18:38:32 | 000,120,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Users\x\AppData\Local\*.tmp files -> C:\Users\x\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.18 15:06:03 | 000,010,278 | ---- | C] () -- C:\Users\x\Downloads\Documents\cc_20110618_150601.reg [2011.06.18 12:30:04 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.06.17 23:14:02 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2011.06.17 22:24:26 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2011.06.17 20:23:47 | 000,386,742 | ---- | C] () -- C:\Users\x\Downloads\Documents\cc_20110617_202345.reg [2011.06.17 18:16:05 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.17 13:45:22 | 000,000,020 | ---- | C] () -- C:\Users\x\defogger_reenable [2011.06.17 13:44:10 | 000,050,477 | ---- | C] () -- C:\Users\x\Desktop\Defogger.exe [2011.06.17 11:57:03 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.06.17 11:57:01 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.06.17 11:35:27 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.06.17 11:19:13 | 000,219,584 | ---- | C] () -- C:\Users\x\Downloads\Documents\cc_20110617_111911.reg [2011.06.17 11:09:02 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2011.06.17 11:05:45 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.06.17 11:05:45 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.06.17 01:39:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.06.16 23:49:01 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2011.06.16 23:49:00 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011.06.16 21:44:37 | 000,001,071 | ---- | C] () -- C:\Users\x\Desktop\Spybot - Search & Destroy.lnk [2011.06.16 21:13:55 | 000,012,146 | -HS- | C] () -- C:\Users\x\AppData\Local\45462f571h6qfm66815ax6i08285hn3n8n12kclq364y2 [2011.06.16 21:13:55 | 000,012,134 | -HS- | C] () -- C:\ProgramData\45462f571h6qfm66815ax6i08285hn3n8n12kclq364y2 [2011.06.16 20:12:13 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2011.06.16 20:12:13 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2011.05.29 10:07:30 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe [2011.05.29 10:07:29 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe [2009.09.09 18:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2009.06.05 01:31:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.06.05 01:31:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.03.29 01:06:40 | 000,000,096 | ---- | C] () -- C:\Users\x\AppData\Local\fusioncache.dat [2008.11.14 16:46:53 | 000,001,356 | ---- | C] () -- C:\Users\x\AppData\Local\d3d9caps.dat [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.08.14 19:42:21 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.08.14 11:17:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.06.26 23:26:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.04.06 09:47:36 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2008.04.06 09:46:25 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.04.06 09:46:13 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.01.15 14:44:18 | 000,000,051 | ---- | C] () -- C:\Windows\ULEAD32.INI [2007.08.21 21:13:18 | 000,000,094 | ---- | C] () -- C:\Users\x\AppData\Roaming\AVSDVDPlayer.m3u [2007.06.24 15:42:16 | 000,000,066 | ---- | C] () -- C:\Windows\wininit.ini [2007.06.14 20:12:08 | 000,000,341 | ---- | C] () -- C:\Windows\SIERRA.INI [2007.06.07 17:25:07 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys [2007.05.21 18:48:35 | 000,117,284 | ---- | C] () -- C:\ProgramData\firstlsp.reg.dat [2007.05.11 15:29:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.05.06 11:03:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.05.06 10:27:10 | 000,000,000 | ---- | C] () -- C:\Windows\sys_mon.dat [2007.05.06 10:26:51 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini [2007.05.06 10:26:51 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2007.05.06 09:48:26 | 000,002,744 | R--- | C] () -- C:\Windows\System32\drivers\HDACfg.dat [2007.05.06 09:48:25 | 000,049,152 | R--- | C] () -- C:\Windows\System32\ChCfg.exe [2007.05.06 09:39:16 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.05.05 23:57:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.05.05 22:51:45 | 000,045,568 | ---- | C] () -- C:\Users\x\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.11.02 17:33:31 | 000,678,092 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,147,050 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,485,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,637,304 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,120,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll ========== LOP Check ========== [2008.12.09 14:17:26 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ASCOMP Software [2007.05.07 15:42:10 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\CH-Soft [2011.06.17 00:08:45 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\CheckPoint [2009.03.02 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Cimaware [2008.04.06 09:55:08 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DualCoreTuner [2007.06.28 21:51:53 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HSLAB [2008.04.06 09:50:55 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\MAGIX [2011.06.18 01:14:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\runic games [2009.11.19 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Serif [2011.06.17 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Thunderbird [2011.06.18 15:22:41 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\UseNeXT [2011.06.18 18:09:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.06.26 17:10:27 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Adobe [2007.05.09 21:08:11 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\AdobeUM [2009.06.12 21:02:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Ahead [2008.12.09 14:17:26 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ASCOMP Software [2007.05.06 10:47:49 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ATI [2007.05.07 15:42:10 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\CH-Soft [2011.06.17 00:08:45 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\CheckPoint [2009.03.02 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Cimaware [2007.06.10 17:19:27 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\CyberLink [2007.05.10 10:08:19 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DivX [2008.04.06 09:55:08 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DualCoreTuner [2011.06.16 17:38:06 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\dvdcss [2007.06.28 21:51:53 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HSLAB [2007.05.05 20:52:17 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Identities [2007.05.06 09:49:40 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\InstallShield [2007.05.06 10:55:08 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Macromedia [2008.04.06 09:50:55 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\MAGIX [2009.02.28 12:24:15 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Media Center Programs [2011.06.17 22:37:53 | 000,000,000 | --SD | M] -- C:\Users\x\AppData\Roaming\Microsoft [2011.06.17 11:06:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Mozilla [2009.06.12 21:02:05 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Nero [2011.06.18 01:14:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\runic games [2009.11.19 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Serif [2007.05.11 15:30:06 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Talkback [2009.06.27 23:56:33 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\teamspeak2 [2011.06.17 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Thunderbird [2009.03.27 23:54:39 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\tor [2011.06.18 15:22:41 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\UseNeXT [2009.03.27 23:55:03 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Vidalia [2007.08.18 21:07:52 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\vlc [2011.06.17 23:42:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Winamp < %APPDATA%\*.exe /s > [2007.05.09 21:22:09 | 001,696,768 | ---- | M] ( ) -- C:\Users\x\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe [2011.06.18 09:02:23 | 003,082,400 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\x\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2008.12.10 14:25:31 | 000,010,134 | R--- | M] () -- C:\Users\x\AppData\Roaming\Microsoft\Installer\{80B55F0E-5933-B1E8-4F05-4C386A2E61BD}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2007.05.06 10:31:46 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys [2007.05.06 10:31:46 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys [2007.05.06 10:31:46 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.01.03 13:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys [2007.01.03 13:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys [2007.01.03 13:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys [2008.03.16 20:58:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.03.16 20:58:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.03.16 20:58:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.05.05 22:53:54 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.05.05 22:53:54 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\adp94xx.sys [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\adpahci.sys [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\adpu160m.sys [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\adpu320.sys [2006.11.28 20:11:00 | 001,161,888 | ---- | M] (Agere Systems) Unable to obtain MD5 -- C:\Windows\System32\drivers\AGRSM.sys [2007.01.03 13:26:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\aliide.sys [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\arc.sys [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\arcsas.sys [2006.11.02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\athr.sys [2007.02.08 00:22:28 | 002,315,776 | ---- | M] (ATI Technologies Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\atikmdag.sys [2011.06.17 11:57:03 | 000,281,760 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\atksgt.sys [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) Unable to obtain MD5 -- C:\Windows\System32\drivers\BrFiltLo.sys [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) Unable to obtain MD5 -- C:\Windows\System32\drivers\BrFiltUp.sys [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\System32\drivers\BrSerId.sys [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\System32\drivers\BrSerWdm.sys [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\System32\drivers\BrUsbMdm.sys [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\System32\drivers\BrUsbSer.sys [2006.12.21 18:53:08 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) Unable to obtain MD5 -- C:\Windows\System32\drivers\CLBStor.sys [2007.01.05 01:14:58 | 000,153,984 | ---- | M] (CyberLink Corporation.) Unable to obtain MD5 -- C:\Windows\System32\drivers\CLBUDF.sys [2007.01.03 13:26:20 | 000,016,488 | ---- | M] (CMD Technology, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\cmdide.sys [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\djsvs.sys [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\E1G60I32.sys [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) Unable to obtain MD5 -- C:\Windows\System32\drivers\elxstor.sys [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) Unable to obtain MD5 -- C:\Windows\System32\drivers\HpCISSs.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) Unable to obtain MD5 -- C:\Windows\System32\drivers\iirsp.sys [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\iteatapi.sys [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\iteraid.sys [2005.07.07 16:26:04 | 000,055,216 | ---- | M] (MCCI) Unable to obtain MD5 -- C:\Windows\System32\drivers\k750bus.sys [2005.07.07 16:26:00 | 000,006,576 | ---- | M] (MCCI) Unable to obtain MD5 -- C:\Windows\System32\drivers\k750mdfl.sys [2005.07.07 16:25:58 | 000,089,872 | ---- | M] (MCCI) Unable to obtain MD5 -- C:\Windows\System32\drivers\k750mdm.sys [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl1.sys [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl2.sys [2011.06.16 23:46:29 | 000,488,536 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klif.sys [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\klim6.sys [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klmouflt.sys [2007.05.06 10:07:05 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) Unable to obtain MD5 -- C:\Windows\System32\drivers\KMDFMEMIO.sys [2011.06.17 11:57:01 | 000,025,888 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\lirsgt.sys [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) Unable to obtain MD5 -- C:\Windows\System32\drivers\lsi_fc.sys [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) Unable to obtain MD5 -- C:\Windows\System32\drivers\lsi_sas.sys [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) Unable to obtain MD5 -- C:\Windows\System32\drivers\lsi_scsi.sys [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\mbam.sys [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\mbamswissarmy.sys [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\megasas.sys [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\Mraid35x.sys [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\nfrd960.sys [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) Unable to obtain MD5 -- C:\Windows\System32\drivers\ntrigdigi.sys [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\nvraid.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\ql2300.sys [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\ql40xx.sys [2006.11.15 10:16:24 | 000,032,256 | ---- | M] (REDC) Unable to obtain MD5 -- C:\Windows\System32\drivers\rimmptsk.sys [2006.11.15 05:42:46 | 000,043,520 | ---- | M] (REDC) Unable to obtain MD5 -- C:\Windows\System32\drivers\rimsptsk.sys [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) Unable to obtain MD5 -- C:\Windows\System32\drivers\rixdptsk.sys [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\rmcast.sys [2006.11.08 12:09:00 | 001,647,976 | ---- | M] (Realtek Semiconductor Corp.) Unable to obtain MD5 -- C:\Windows\System32\drivers\RTKVHDA.sys [2006.12.19 10:01:00 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) Unable to obtain MD5 -- C:\Windows\System32\drivers\Rtnicxp.sys [2006.11.02 08:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) Unable to obtain MD5 -- C:\Windows\System32\drivers\secdrv.sys [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) Unable to obtain MD5 -- C:\Windows\System32\drivers\sisraid2.sys [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) Unable to obtain MD5 -- C:\Windows\System32\drivers\sisraid4.sys [2009.08.28 16:27:55 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys [2007.06.07 17:25:07 | 000,081,408 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\SSHDRV86.sys [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) Unable to obtain MD5 -- C:\Windows\System32\drivers\ssmdrv.sys [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) Unable to obtain MD5 -- C:\Windows\System32\drivers\symc8xx.sys [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) Unable to obtain MD5 -- C:\Windows\System32\drivers\sym_hi.sys [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) Unable to obtain MD5 -- C:\Windows\System32\drivers\sym_u3.sys [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\uliahci.sys [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\ulsata.sys [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\ulsata2.sys [2007.01.03 13:26:20 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) Unable to obtain MD5 -- C:\Windows\System32\drivers\viaide.sys [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) Unable to obtain MD5 -- C:\Windows\System32\drivers\vsmraid.sys < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2006.11.02 11:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\expsrv.dll [2011.06.17 01:39:00 | 000,353,584 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iedkcs32.dll [2010.10.05 20:27:04 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\klogon.dll [2008.01.19 09:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll < > < End of report > |
|
21.06.2011, 10:43
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vista Home Security 2012 Scareware restlos entfernt ? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5446f506-158c-11dc-995f-0013773547ed}\Shell - "" = AutoRun
O33 - MountPoints2\{5446f506-158c-11dc-995f-0013773547ed}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{83f56081-1530-11dc-b287-0013773547ed}\Shell - "" = AutoRun
O33 - MountPoints2\{83f56081-1530-11dc-b287-0013773547ed}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{9eb4dff4-150a-11dc-9df7-0013773547ed}\Shell - "" = AutoRun
O33 - MountPoints2\{9eb4dff4-150a-11dc-9df7-0013773547ed}\Shell\AutoRun\command - "" = F:\autorun.exe
[2011.06.16 21:13:55 | 000,012,146 | -HS- | C] () -- C:\Users\x\AppData\Local\45462f571h6qfm66815ax6i08285hn3n8n12kclq364y2
[2011.06.16 21:13:55 | 000,012,134 | -HS- | C] () -- C:\ProgramData\45462f571h6qfm66815ax6i08285hn3n8n12kclq364y2
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Vista Home Security 2012 Scareware restlos entfernt ? |
|
21.06.2011, 12:40
| #7 |
| | Vista Home Security 2012 Scareware restlos entfernt ? So hab ich gemacht. ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5446f506-158c-11dc-995f-0013773547ed}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5446f506-158c-11dc-995f-0013773547ed}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5446f506-158c-11dc-995f-0013773547ed}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5446f506-158c-11dc-995f-0013773547ed}\ not found. File F:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83f56081-1530-11dc-b287-0013773547ed}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83f56081-1530-11dc-b287-0013773547ed}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83f56081-1530-11dc-b287-0013773547ed}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83f56081-1530-11dc-b287-0013773547ed}\ not found. File F:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9eb4dff4-150a-11dc-9df7-0013773547ed}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9eb4dff4-150a-11dc-9df7-0013773547ed}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9eb4dff4-150a-11dc-9df7-0013773547ed}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9eb4dff4-150a-11dc-9df7-0013773547ed}\ not found. File F:\autorun.exe not found. C:\Users\x\AppData\Local\45462f571h6qfm66815ax6i08285hn3n8n12kclq364y2 moved successfully. C:\ProgramData\45462f571h6qfm66815ax6i08285hn3n8n12kclq364y2 moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.24.0 log created on 06212011_133742 |
|
21.06.2011, 13:18
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vista Home Security 2012 Scareware restlos entfernt ? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2011, 16:02
| #9 |
| | Vista Home Security 2012 Scareware restlos entfernt ? Hier das TDSS Log: 2011/06/21 16:58:33.0706 3752 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15 2011/06/21 16:58:34.0071 3752 ================================================================================ 2011/06/21 16:58:34.0072 3752 SystemInfo: 2011/06/21 16:58:34.0072 3752 2011/06/21 16:58:34.0072 3752 OS Version: 6.0.6002 ServicePack: 2.0 2011/06/21 16:58:34.0072 3752 Product type: Workstation 2011/06/21 16:58:34.0072 3752 ComputerName: x-PC 2011/06/21 16:58:34.0072 3752 UserName: x 2011/06/21 16:58:34.0072 3752 Windows directory: C:\Windows 2011/06/21 16:58:34.0072 3752 System windows directory: C:\Windows 2011/06/21 16:58:34.0072 3752 Processor architecture: Intel x86 2011/06/21 16:58:34.0072 3752 Number of processors: 2 2011/06/21 16:58:34.0072 3752 Page size: 0x1000 2011/06/21 16:58:34.0072 3752 Boot type: Normal boot 2011/06/21 16:58:34.0072 3752 ================================================================================ 2011/06/21 16:58:35.0154 3752 Initialize success 2011/06/21 16:58:53.0146 3652 ================================================================================ 2011/06/21 16:58:53.0146 3652 Scan started 2011/06/21 16:58:53.0146 3652 Mode: Manual; 2011/06/21 16:58:53.0146 3652 ================================================================================ 2011/06/21 16:58:53.0994 3652 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/06/21 16:58:54.0130 3652 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/06/21 16:58:54.0287 3652 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/06/21 16:58:54.0323 3652 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/06/21 16:58:54.0362 3652 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/06/21 16:58:54.0544 3652 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 2011/06/21 16:58:54.0652 3652 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys 2011/06/21 16:58:54.0821 3652 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/06/21 16:58:54.0857 3652 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/06/21 16:58:54.0909 3652 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys 2011/06/21 16:58:55.0051 3652 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/06/21 16:58:55.0100 3652 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys 2011/06/21 16:58:55.0257 3652 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/06/21 16:58:55.0290 3652 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/06/21 16:58:55.0454 3652 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/06/21 16:58:55.0497 3652 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/06/21 16:58:55.0701 3652 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/06/21 16:58:55.0747 3652 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/06/21 16:58:55.0855 3652 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys 2011/06/21 16:58:56.0051 3652 atikmdag (1fd94b167a03c4e9909f6e28a6320019) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/06/21 16:58:56.0255 3652 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys 2011/06/21 16:58:56.0530 3652 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/06/21 16:58:56.0731 3652 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/06/21 16:58:56.0777 3652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/06/21 16:58:56.0806 3652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/06/21 16:58:56.0939 3652 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/06/21 16:58:56.0999 3652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/06/21 16:58:57.0029 3652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/06/21 16:58:57.0159 3652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/06/21 16:58:57.0220 3652 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/06/21 16:58:57.0350 3652 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/06/21 16:58:57.0449 3652 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/06/21 16:58:57.0627 3652 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/06/21 16:58:57.0687 3652 CLBStor (3f6fd6ab34364d5ae54ee2e011123f4c) C:\Windows\system32\drivers\CLBStor.sys 2011/06/21 16:58:57.0831 3652 CLBUDF (474af5894ce5e507c80a687c5e5ded31) C:\Windows\system32\drivers\CLBUDF.sys 2011/06/21 16:58:57.0884 3652 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/06/21 16:58:58.0054 3652 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/06/21 16:58:58.0103 3652 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys 2011/06/21 16:58:58.0136 3652 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/06/21 16:58:58.0180 3652 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/06/21 16:58:58.0307 3652 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/06/21 16:58:58.0398 3652 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 2011/06/21 16:58:58.0563 3652 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/06/21 16:58:58.0632 3652 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/06/21 16:58:58.0712 3652 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/06/21 16:58:58.0885 3652 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/06/21 16:58:58.0972 3652 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/06/21 16:58:59.0133 3652 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/06/21 16:58:59.0333 3652 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/06/21 16:58:59.0385 3652 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/06/21 16:58:59.0451 3652 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/06/21 16:58:59.0625 3652 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/06/21 16:58:59.0669 3652 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/06/21 16:58:59.0717 3652 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/06/21 16:58:59.0863 3652 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/06/21 16:58:59.0950 3652 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/06/21 16:59:00.0120 3652 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/06/21 16:59:00.0298 3652 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/06/21 16:59:00.0360 3652 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/06/21 16:59:00.0524 3652 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/06/21 16:59:00.0570 3652 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/06/21 16:59:00.0720 3652 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/06/21 16:59:00.0772 3652 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/06/21 16:59:00.0826 3652 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/06/21 16:59:00.0970 3652 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/06/21 16:59:01.0038 3652 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/06/21 16:59:01.0183 3652 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/06/21 16:59:01.0227 3652 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/06/21 16:59:01.0348 3652 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys 2011/06/21 16:59:01.0530 3652 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys 2011/06/21 16:59:01.0602 3652 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/06/21 16:59:01.0794 3652 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/06/21 16:59:01.0865 3652 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/06/21 16:59:01.0897 3652 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/06/21 16:59:02.0046 3652 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/06/21 16:59:02.0093 3652 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/06/21 16:59:02.0155 3652 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/06/21 16:59:02.0303 3652 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/06/21 16:59:02.0349 3652 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/06/21 16:59:02.0697 3652 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\Windows\system32\DRIVERS\k750bus.sys 2011/06/21 16:59:02.0967 3652 k750mdfl (f44521f63c0c00364fa3d59db980de6a) C:\Windows\system32\DRIVERS\k750mdfl.sys 2011/06/21 16:59:03.0028 3652 k750mdm (e93323c3ed5e8923a177740a973c27b2) C:\Windows\system32\DRIVERS\k750mdm.sys 2011/06/21 16:59:03.0171 3652 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/06/21 16:59:03.0218 3652 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 2011/06/21 16:59:03.0374 3652 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys 2011/06/21 16:59:03.0412 3652 kl2 (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys 2011/06/21 16:59:03.0591 3652 KLIF (39920d69eaedb51757527aa54fe25216) C:\Windows\system32\DRIVERS\klif.sys 2011/06/21 16:59:03.0746 3652 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys 2011/06/21 16:59:03.0777 3652 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys 2011/06/21 16:59:03.0831 3652 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys 2011/06/21 16:59:03.0994 3652 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/06/21 16:59:04.0170 3652 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys 2011/06/21 16:59:04.0219 3652 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/06/21 16:59:04.0287 3652 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/06/21 16:59:04.0439 3652 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/06/21 16:59:04.0554 3652 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/06/21 16:59:04.0687 3652 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/06/21 16:59:04.0757 3652 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/06/21 16:59:04.0940 3652 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/06/21 16:59:05.0057 3652 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/06/21 16:59:05.0115 3652 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/06/21 16:59:05.0236 3652 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/06/21 16:59:05.0369 3652 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/06/21 16:59:05.0411 3652 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/06/21 16:59:05.0449 3652 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/06/21 16:59:05.0566 3652 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/06/21 16:59:05.0626 3652 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/06/21 16:59:05.0691 3652 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/06/21 16:59:05.0824 3652 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/06/21 16:59:05.0870 3652 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/06/21 16:59:05.0912 3652 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys 2011/06/21 16:59:06.0036 3652 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/06/21 16:59:06.0120 3652 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/06/21 16:59:06.0256 3652 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/06/21 16:59:06.0311 3652 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/06/21 16:59:06.0372 3652 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/06/21 16:59:06.0498 3652 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/06/21 16:59:06.0549 3652 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/06/21 16:59:06.0594 3652 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/06/21 16:59:06.0708 3652 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/06/21 16:59:06.0748 3652 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/06/21 16:59:06.0824 3652 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/06/21 16:59:06.0983 3652 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/06/21 16:59:07.0128 3652 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/06/21 16:59:07.0171 3652 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/06/21 16:59:07.0225 3652 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/06/21 16:59:07.0315 3652 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/06/21 16:59:07.0423 3652 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/06/21 16:59:07.0506 3652 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/06/21 16:59:07.0580 3652 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/06/21 16:59:07.0687 3652 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/06/21 16:59:07.0773 3652 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/06/21 16:59:07.0884 3652 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/06/21 16:59:08.0070 3652 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/06/21 16:59:08.0107 3652 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/06/21 16:59:08.0144 3652 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/06/21 16:59:08.0173 3652 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/06/21 16:59:08.0318 3652 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/06/21 16:59:08.0416 3652 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 2011/06/21 16:59:08.0574 3652 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/06/21 16:59:08.0622 3652 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/06/21 16:59:08.0651 3652 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/06/21 16:59:08.0695 3652 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/06/21 16:59:08.0865 3652 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 2011/06/21 16:59:08.0902 3652 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/06/21 16:59:09.0013 3652 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/06/21 16:59:09.0202 3652 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/06/21 16:59:09.0270 3652 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/06/21 16:59:09.0323 3652 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/06/21 16:59:09.0478 3652 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/06/21 16:59:09.0624 3652 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/06/21 16:59:09.0689 3652 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/06/21 16:59:09.0807 3652 R300 (1fd94b167a03c4e9909f6e28a6320019) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/06/21 16:59:09.0978 3652 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/06/21 16:59:10.0038 3652 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/06/21 16:59:10.0138 3652 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/06/21 16:59:10.0203 3652 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/06/21 16:59:10.0253 3652 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/06/21 16:59:10.0365 3652 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/06/21 16:59:10.0455 3652 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/06/21 16:59:10.0481 3652 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/06/21 16:59:10.0541 3652 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/06/21 16:59:10.0693 3652 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys 2011/06/21 16:59:10.0776 3652 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/06/21 16:59:10.0812 3652 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/06/21 16:59:10.0932 3652 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys 2011/06/21 16:59:11.0032 3652 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/06/21 16:59:11.0085 3652 RTL8023xp (f7a8c9024e82534cec50613d87e88645) C:\Windows\system32\DRIVERS\Rtnicxp.sys 2011/06/21 16:59:11.0197 3652 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/06/21 16:59:11.0303 3652 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 2011/06/21 16:59:11.0404 3652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/06/21 16:59:11.0446 3652 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/06/21 16:59:11.0478 3652 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/06/21 16:59:11.0554 3652 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/06/21 16:59:11.0690 3652 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/06/21 16:59:11.0747 3652 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/06/21 16:59:11.0880 3652 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/06/21 16:59:11.0919 3652 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/06/21 16:59:11.0971 3652 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/06/21 16:59:12.0088 3652 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/06/21 16:59:12.0134 3652 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/06/21 16:59:12.0201 3652 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/06/21 16:59:12.0356 3652 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/06/21 16:59:12.0468 3652 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\System32\Drivers\sptd.sys 2011/06/21 16:59:12.0626 3652 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/06/21 16:59:12.0702 3652 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 2011/06/21 16:59:12.0828 3652 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 2011/06/21 16:59:13.0146 3652 SSHDRV86 (b9e31f2a3640403b0ea3a867bb73b9f4) C:\Windows\system32\drivers\SSHDRV86.sys 2011/06/21 16:59:13.0394 3652 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/06/21 16:59:13.0477 3652 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys 2011/06/21 16:59:13.0660 3652 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/06/21 16:59:13.0702 3652 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/06/21 16:59:13.0736 3652 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/06/21 16:59:13.0768 3652 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/06/21 16:59:13.0981 3652 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys 2011/06/21 16:59:14.0192 3652 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys 2011/06/21 16:59:14.0369 3652 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys 2011/06/21 16:59:14.0420 3652 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/06/21 16:59:14.0561 3652 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/06/21 16:59:14.0617 3652 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/06/21 16:59:14.0659 3652 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/06/21 16:59:14.0846 3652 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/06/21 16:59:14.0910 3652 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/06/21 16:59:14.0969 3652 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/06/21 16:59:15.0119 3652 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/06/21 16:59:15.0175 3652 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/06/21 16:59:15.0268 3652 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/06/21 16:59:15.0386 3652 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/06/21 16:59:15.0438 3652 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/06/21 16:59:15.0493 3652 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/06/21 16:59:15.0615 3652 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/06/21 16:59:15.0821 3652 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys 2011/06/21 16:59:15.0856 3652 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/06/21 16:59:15.0898 3652 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/06/21 16:59:16.0045 3652 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/06/21 16:59:16.0100 3652 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 2011/06/21 16:59:16.0148 3652 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/06/21 16:59:16.0287 3652 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/06/21 16:59:16.0331 3652 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/06/21 16:59:16.0387 3652 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/06/21 16:59:16.0531 3652 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/06/21 16:59:16.0575 3652 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/06/21 16:59:16.0607 3652 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/06/21 16:59:16.0649 3652 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys 2011/06/21 16:59:16.0784 3652 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/06/21 16:59:16.0832 3652 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/06/21 16:59:16.0869 3652 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/06/21 16:59:17.0007 3652 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/06/21 16:59:17.0076 3652 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/06/21 16:59:17.0120 3652 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/06/21 16:59:17.0141 3652 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/06/21 16:59:17.0296 3652 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/06/21 16:59:17.0362 3652 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/06/21 16:59:17.0604 3652 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2011/06/21 16:59:17.0724 3652 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/06/21 16:59:17.0824 3652 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/06/21 16:59:17.0916 3652 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/06/21 16:59:17.0981 3652 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 2011/06/21 16:59:18.0006 3652 ================================================================================ 2011/06/21 16:59:18.0007 3652 Scan finished 2011/06/21 16:59:18.0007 3652 ================================================================================ 2011/06/21 16:59:18.0024 1252 Detected object count: 0 2011/06/21 16:59:18.0024 1252 Actual detected object count: 0 |
|
21.06.2011, 21:24
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vista Home Security 2012 Scareware restlos entfernt ? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.06.2011, 00:12
| #11 |
| | Vista Home Security 2012 Scareware restlos entfernt ? hier das combofixlog: Combofix Logfile: Code:
ATTFilter ComboFix 11-06-21.05 - x 22.06.2011 0:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1789.1207 [GMT 2:00]
ausgeführt von:: c:\users\x\Desktop\cofi.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Steam\Steam.exe
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-21 bis 2011-06-21 ))))))))))))))))))))))))))))))
.
.
2011-06-21 23:04 . 2011-06-21 23:04 -------- d-----w- c:\users\x\AppData\Local\temp
2011-06-21 22:53 . 2011-06-21 22:53 -------- d-----w- C:\32788R22FWJFW
2011-06-21 11:37 . 2011-06-21 11:37 -------- d-----w- C:\_OTL
2011-06-18 07:02 . 2011-06-18 07:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 23:14 . 2011-06-17 23:14 -------- d-----w- c:\users\x\AppData\Roaming\runic games
2011-06-17 23:13 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-06-17 23:13 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2011-06-17 23:13 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-06-17 23:13 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-06-17 23:13 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2011-06-17 23:13 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-06-17 23:13 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-06-17 23:13 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-06-17 23:13 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-06-17 23:13 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-06-17 23:13 . 2008-07-31 08:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2011-06-17 21:09 . 2011-06-17 21:11 -------- d-----w- c:\program files\OpenOffice.org 3
2011-06-17 20:24 . 2011-06-18 06:35 -------- d-----w- c:\program files\Common Files\Steam
2011-06-17 20:24 . 2011-06-21 23:04 -------- d-----w- c:\program files\Steam
2011-06-17 18:15 . 2000-01-04 21:20 86016 ----a-w- c:\windows\unvise32qt.exe
2011-06-17 18:15 . 2011-06-17 18:15 -------- d-----w- c:\programdata\QuickTime
2011-06-17 17:32 . 2011-06-17 17:32 -------- d-----w- c:\users\x\AppData\Local\SKIDROW
2011-06-17 16:16 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-17 16:15 . 2011-06-17 16:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-17 16:15 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-17 14:27 . 2011-06-17 14:27 -------- d-----w- c:\programdata\Solidshield
2011-06-17 14:23 . 2011-06-17 14:23 -------- d-----w- c:\program files\SystemRequirementsLab
2011-06-17 14:23 . 2011-06-17 14:23 -------- d-----w- c:\users\x\SystemRequirementsLab
2011-06-17 11:43 . 2011-06-17 11:43 -------- d-----w- c:\windows\Internet Logs
2011-06-17 11:35 . 2011-06-17 11:36 -------- d-----w- c:\programdata\Tages
2011-06-17 09:57 . 2011-06-17 09:57 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-06-17 09:57 . 2011-06-17 09:57 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-06-17 09:56 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2011-06-17 09:56 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2011-06-17 09:56 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-06-17 09:56 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2011-06-17 09:56 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2011-06-17 09:56 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2011-06-17 09:56 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-06-17 09:56 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-06-17 09:56 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-06-17 09:35 . 2011-06-17 09:35 -------- d-----w- c:\program files\CCleaner
2011-06-17 09:09 . 2011-06-17 09:09 -------- d-----w- c:\users\x\AppData\Roaming\Thunderbird
2011-06-17 09:09 . 2011-06-17 09:09 -------- d-----w- c:\users\x\AppData\Local\Thunderbird
2011-06-17 09:08 . 2011-06-17 09:09 -------- d-----w- c:\program files\Mozilla Thunderbird
2011-06-16 23:39 . 2011-06-16 23:39 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-16 22:54 . 2011-06-16 22:54 -------- d-----w- c:\program files\7-Zip
2011-06-16 22:08 . 2011-06-16 22:08 -------- d-----w- c:\users\x\AppData\Roaming\CheckPoint
2011-06-16 22:07 . 2011-06-16 22:07 -------- d-----w- c:\program files\CheckPoint
2011-06-16 22:07 . 2011-02-18 15:28 46592 ----a-w- c:\windows\system32\vsutil_loc0407.dll
2011-06-16 22:06 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-06-16 21:49 . 2010-10-05 18:26 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak\components\abhelperxpcom.dll
2011-06-16 21:49 . 2011-06-16 21:49 -------- d--h--we c:\programdata\AVP11
2011-06-16 21:49 . 2010-10-05 18:27 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak\components\kavlinkfilter.dll
2011-06-16 21:49 . 2011-06-16 22:42 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-06-16 21:49 . 2011-06-16 22:42 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-06-16 21:47 . 2011-06-21 22:48 -------- d-----w- c:\programdata\Kaspersky Lab
2011-06-16 21:47 . 2011-06-16 21:47 -------- d-----w- c:\program files\Kaspersky Lab
2011-06-16 21:42 . 2011-06-16 21:42 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-06-16 19:44 . 2011-06-16 19:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-16 18:32 . 2011-06-16 18:32 -------- d-----w- C:\$WINDOWS.~LS
2011-06-16 16:47 . 2011-05-24 17:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0221549-CAB0-45EA-9394-57DA644082DB}\mpengine.dll
2011-06-16 15:38 . 2011-06-16 15:38 -------- d-----w- c:\users\x\AppData\Roaming\dvdcss
2011-06-15 08:08 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 08:07 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 08:07 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 08:07 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 08:07 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 08:06 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 08:06 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-15 08:06 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 08:06 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 08:06 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-29 08:07 . 2007-01-15 17:02 40960 ----a-w- c:\windows\system32\IhDEV.exe
2011-05-29 08:07 . 2006-11-02 05:21 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2011-05-29 08:07 . 2006-11-21 09:15 24576 ----a-w- c:\windows\system32\IhINF.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-03 10:22 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-19 15:49 . 2011-05-19 15:49 0 ----a-w- c:\users\x\AppData\Local\BIT72C8.tmp
2011-05-04 02:52 . 2010-04-26 09:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-14 16:40 . 2011-06-17 09:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\AVP11\kloehk.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSLAB Logger
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSLAB Logger Lite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 11:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 16:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Bcfilter;Jetico Personal Firewall Network Monitor;c:\windows\system32\DRIVERS\bcfilter.sys [x]
R3 BcfilterMP;BcfilterMP;c:\windows\system32\DRIVERS\bcfilter.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-28 721904]
S0 CLBStor;InstantBurn Storage Helper Driver; [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S1 SSHDRV86;SSHDRV86;c:\windows\system32\drivers\SSHDRV86.sys [2007-06-07 81408]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-05-06 13312]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\x\AppData\Roaming\Mozilla\Firefox\Profiles\9ciqrqne.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Steam - c:\program files\Steam\Steam.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
AddRemove-Steam App 18500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 240 - c:\program files\Steam\steam.exe
AddRemove-Steam App 4540 - c:\program files\Steam\steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-22 01:04
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{23362141-af3e-42ab-883b-6ee55a7b0612}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:090016e3
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{3ba37628-efc2-4c5e-9878-4c49c2fbcb7d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{bf3c77c7-bfd9-42d1-8e1e-b1bc6d5616d3}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1a000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c5c0ec18-2608-44b7-8a77-23de68320466}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:090016e3
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d2a478c1-6294-49a4-ad86-1672bad319da}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001377
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Zeit der Fertigstellung: 2011-06-22 01:08:36
ComboFix-quarantined-files.txt 2011-06-21 23:08
.
Vor Suchlauf: 15 Verzeichnis(se), 30.742.257.664 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 30.554.456.064 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 51C858135162652C114A1E03409A3386
|
|
22.06.2011, 10:49
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vista Home Security 2012 Scareware restlos entfernt ? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.06.2011, 18:20
| #13 |
| | Vista Home Security 2012 Scareware restlos entfernt ? Hier einmal die Logs: Gmer: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-22 19:05:52
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541616J9SA00 rev.SB4OC70P
Running: 3t4rpm7l.exe; Driver: C:\Users\x\AppData\Local\Temp\uglcikow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8DE1FDAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8DE21FE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8DE22262]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8DE224D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8DE206BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8DE214F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8DE21A3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8DE2099A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8DE21922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8DE1F998]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8DE217F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8DE1FB40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8DE21B5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8DE20344]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8DE2188C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8DE2324A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x8DE20E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8DE24458]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8DE20C2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8DE2333C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8DE23AA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8DE21AD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8DE20740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8DE219B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8DE1FFE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8DE2383E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8DE21BF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8DE1FED8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8DE227DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8DE23DDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8DE236D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x8DE1E652]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8DE21F56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8DE21E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8DE22FE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x8DE1E9CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8DE242FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x8DE1E5EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8DE21238]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8DE20560]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8DE2287E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8DE234DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8DE23F2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8DE24020]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8DE2415A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8DE2316E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8DE2018E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8DE200E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8DE23C82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8DE2027A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8DE20442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x8DE22722]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!KeInsertQueue + 309 82CA2900 4 Bytes [AA, FD, E1, 8D] {STOSB ; STD ; LOOPZ 0xffffffffffffff91}
.text ntoskrnl.exe!KeInsertQueue + 32D 82CA2924 8 Bytes CALL E5580B48
.text ntoskrnl.exe!KeInsertQueue + 371 82CA2968 4 Bytes JMP E224D882
.text ntoskrnl.exe!KeInsertQueue + 399 82CA2990 2 Bytes [BE, 06]
.text ntoskrnl.exe!KeInsertQueue + 39C 82CA2993 1 Byte [8D]
.text ...
.text C:\Windows\system32\drivers\SSHDRV86.sys section is writeable [0x8DE77000, 0x26354, 0xE8000020]
.pklstb C:\Windows\system32\drivers\SSHDRV86.sys entry point in ".pklstb" section [0x8DEAC000]
.relo2 C:\Windows\system32\drivers\SSHDRV86.sys unknown last section [0x8DEC3000, 0x8E, 0x42000040]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x996A3300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x996E6300, 0x1BEE, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7414A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [740FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74128395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [740FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7417CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7411C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [740E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [740F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\udfs \UdfsCdRom CLBUDF.SYS (UDF File System Driver /CyberLink Corporation.)
Device \FileSystem\udfs \UdfsDisk CLBUDF.SYS (UDF File System Driver /CyberLink Corporation.)
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
Device \FileSystem\cdfs \Cdfs CLBUDF.SYS (UDF File System Driver /CyberLink Corporation.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0B 0xF2 0xD2 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{23362141-af3e-42ab-883b-6ee55a7b0612}@Dhcpv6Iaid 151000803
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{23362141-af3e-42ab-883b-6ee55a7b0612}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{3ba37628-efc2-4c5e-9878-4c49c2fbcb7d}@Dhcpv6Iaid 117571668
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{3ba37628-efc2-4c5e-9878-4c49c2fbcb7d}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid 117445666
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{bf3c77c7-bfd9-42d1-8e1e-b1bc6d5616d3}@Dhcpv6Iaid 436207616
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{bf3c77c7-bfd9-42d1-8e1e-b1bc6d5616d3}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{c5c0ec18-2608-44b7-8a77-23de68320466}@Dhcpv6Iaid 151000803
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{c5c0ec18-2608-44b7-8a77-23de68320466}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{d2a478c1-6294-49a4-ad86-1672bad319da}@Dhcpv6Iaid 201331575
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{d2a478c1-6294-49a4-ad86-1672bad319da}@Dhcpv6State 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid 100668450
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0B 0xF2 0xD2 0x2C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0B 0xF2 0xD2 0x2C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0B 0xF2 0xD2 0x2C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0B 0xF2 0xD2 0x2C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0B 0xF2 0xD2 0x2C ...
Reg HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{23362141-af3e-42ab-883b-6ee55a7b0612}@Dhcpv6Iaid 151000803
Reg HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{23362141-af3e-42ab-883b-6ee55a7b0612}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{3ba37628-efc2-4c5e-9878-4c49c2fbcb7d}@Dhcpv6Iaid 117571668
Reg HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{3ba37628-efc2-4c5e-9878-4c49c2fbcb7d}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid 117445666
Reg HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{bf3c77c7-bfd9-42d1-8e1e-b1bc6d5616d3}@Dhcpv6Iaid 436207616
Reg HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{bf3c77c7-bfd9-42d1-8e1e-b1bc6d5616d3}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{c5c0ec18-2608-44b7-8a77-23de68320466}@Dhcpv6Iaid 151000803
Reg HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{c5c0ec18-2608-44b7-8a77-23de68320466}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{d2a478c1-6294-49a4-ad86-1672bad319da}@Dhcpv6Iaid 201331575
Reg HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{d2a478c1-6294-49a4-ad86-1672bad319da}@Dhcpv6State 1
Reg HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid 100668450
Reg HKLM\SYSTEM\ControlSet006\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State 0
---- EOF - GMER 1.0.15 ----
|
|
22.06.2011, 18:21
| #14 |
| | Vista Home Security 2012 Scareware restlos entfernt ? osam: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:13:08 on 22.06.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 4.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~2\AVP11\kloehk.dll [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - ? - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl (File not found) [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile USB Driver" (USBAAPL) - ? - C:\Windows\System32\Drivers\usbaapl.sys (File not found) "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "BcfilterMP" (BcfilterMP) - ? - C:\Windows\System32\DRIVERS\bcfilter.sys (File not found) "catchme" (catchme) - ? - C:\Users\x\AppData\Local\Temp\catchme.sys (File not found) "CyberLink InstantBurn UDF Filesystem" (CLBUDF) - "CyberLink Corporation." - C:\Windows\system32\drivers\CLBUDF.sys "InstantBurn Storage Helper Driver" (CLBStor) - "Cyberlink Co.,Ltd." - C:\Windows\system32\drivers\CLBStor.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Jetico Personal Firewall Network Monitor" (Bcfilter) - ? - C:\Windows\System32\DRIVERS\bcfilter.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "SSHDRV86" (SSHDRV86) - ? - C:\Windows\system32\drivers\SSHDRV86.sys "ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "uglcikow" (uglcikow) - ? - C:\Users\x\AppData\Local\Temp\uglcikow.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll "Exec" - ? - C:\Windows\bdoscandel.exe (File not found) {CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
22.06.2011, 18:22
| #15 |
| | Vista Home Security 2012 Scareware restlos entfernt ? MBRCheck: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD. BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: SAMSUNG ELECTRONICS CO., LTD. System Product Name: R40P/R41P Logical Drives Mask: 0x0000001c Kernel Drivers (total 142): 0x82C35000 \SystemRoot\system32\ntoskrnl.exe 0x82C02000 \SystemRoot\system32\hal.dll 0x80C08000 \SystemRoot\system32\kdcom.dll 0x80C0F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80C7F000 \SystemRoot\system32\PSHED.dll 0x80C90000 \SystemRoot\system32\BOOTVID.dll 0x80C98000 \SystemRoot\system32\CLFS.SYS 0x80CD9000 \SystemRoot\system32\CI.dll 0x8800C000 \SystemRoot\system32\DRIVERS\kl1.sys 0x8852E000 \SystemRoot\system32\drivers\Wdf01000.sys 0x885AA000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x885B7000 \SystemRoot\system32\drivers\acpi.sys 0x885FD000 \SystemRoot\system32\drivers\WMILIB.SYS 0x88606000 \SystemRoot\system32\drivers\msisadrv.sys 0x8860E000 \SystemRoot\system32\drivers\pci.sys 0x88635000 \SystemRoot\System32\drivers\partmgr.sys 0x88644000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x88647000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x88651000 \SystemRoot\system32\drivers\volmgr.sys 0x88660000 \SystemRoot\System32\drivers\volmgrx.sys 0x886AA000 \SystemRoot\system32\drivers\pciide.sys 0x886B1000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x886BF000 \SystemRoot\system32\DRIVERS\pcmcia.sys 0x886EC000 \SystemRoot\System32\drivers\mountmgr.sys 0x886FC000 \SystemRoot\system32\drivers\atapi.sys 0x88704000 \SystemRoot\system32\drivers\ataport.SYS 0x88722000 \SystemRoot\system32\drivers\fltmgr.sys 0x88754000 \SystemRoot\system32\drivers\fileinfo.sys 0x88764000 \SystemRoot\System32\Drivers\CLBStor.sys 0x88767000 \SystemRoot\System32\Drivers\ksecdd.sys 0x80DB9000 \SystemRoot\system32\drivers\ndis.sys 0x80EC4000 \SystemRoot\system32\drivers\msrpc.sys 0x80EEF000 \SystemRoot\system32\drivers\NETIO.SYS 0x88807000 \SystemRoot\System32\Drivers\Ntfs.sys 0x88917000 \SystemRoot\system32\drivers\volsnap.sys 0x88950000 \SystemRoot\System32\Drivers\spldr.sys 0x88958000 \SystemRoot\System32\Drivers\mup.sys 0x88967000 \SystemRoot\System32\drivers\ecache.sys 0x8898E000 \SystemRoot\system32\drivers\disk.sys 0x8899F000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x889C0000 \SystemRoot\system32\drivers\crcdisk.sys 0x889E9000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x889F4000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x889FD000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x88A0C000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8C808000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x88A10000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8CF90000 \SystemRoot\System32\drivers\watchdog.sys 0x8CF9C000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x8CFA6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8CFE4000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x88AB0000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x88AC8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x88B55000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8CFF3000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x88B68000 \SystemRoot\system32\DRIVERS\klmouflt.sys 0x88B71000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x88B7C000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys 0x80F2A000 \SystemRoot\system32\DRIVERS\athr.sys 0x88B8D000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x88BA7000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x88BB5000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x80FA0000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x8C800000 \SystemRoot\system32\DRIVERS\serscan.sys 0x88BC9000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8D404000 \SystemRoot\system32\DRIVERS\storport.sys 0x8D445000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8D450000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8D467000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8D472000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8D495000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8D4A4000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8D4B8000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8D4CD000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8D4DD000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8D4DF000 \SystemRoot\system32\DRIVERS\ks.sys 0x8D509000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8D513000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8D520000 \SystemRoot\System32\drivers\vga.sys 0x8D52C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8D54D000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8D582000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8D593000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0x8D6AF000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8D6B1000 \SystemRoot\system32\drivers\modem.sys 0x8DC01000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8DD92000 \SystemRoot\system32\drivers\portcls.sys 0x8DDBF000 \SystemRoot\system32\drivers\drmk.sys 0x8DDF3000 \SystemRoot\system32\DRIVERS\klif.sys 0x8DE76000 \??\C:\Windows\system32\drivers\SSHDRV86.sys 0x8DEC4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8DECD000 \SystemRoot\System32\Drivers\Null.SYS 0x8DED4000 \SystemRoot\System32\Drivers\Beep.SYS 0x8DEDB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8DEE3000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8DEEB000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8DEF6000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8DF04000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8DF0D000 \SystemRoot\System32\drivers\tcpip.sys 0x8D6BE000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8D6D9000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8DFFA000 \SystemRoot\system32\DRIVERS\kl2.sys 0x8D6EF000 \SystemRoot\system32\DRIVERS\smb.sys 0x8D703000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8D735000 \SystemRoot\system32\drivers\afd.sys 0x8D77D000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8D793000 \SystemRoot\system32\DRIVERS\klim6.sys 0x8D79B000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8D7A9000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8D7BC000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8D7C2000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x887D8000 \SystemRoot\system32\drivers\nsiproxy.sys 0x887E2000 \SystemRoot\System32\Drivers\dfsc.sys 0x889C9000 \SystemRoot\System32\Drivers\crashdmp.sys 0x889D6000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x889E1000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x97480000 \SystemRoot\System32\win32k.sys 0x88000000 \SystemRoot\System32\drivers\Dxapi.sys 0x976A0000 \SystemRoot\System32\TSDDD.dll 0x976C0000 \SystemRoot\System32\cdd.dll 0x99408000 \SystemRoot\system32\drivers\luafv.sys 0x99423000 \SystemRoot\System32\Drivers\CLBUDF.SYS 0x99449000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x9945F000 \SystemRoot\system32\DRIVERS\udfs.sys 0x9949A000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys 0x994AA000 \SystemRoot\system32\drivers\spsys.sys 0x9955A000 \SystemRoot\system32\DRIVERS\RMCAST.sys 0x9958A000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9959A000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x995AD000 \SystemRoot\system32\drivers\HTTP.sys 0x9961A000 \SystemRoot\system32\DRIVERS\bowser.sys 0x99633000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x99652000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9968B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x996A3000 \SystemRoot\system32\DRIVERS\atksgt.sys 0x996E6000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0x996EB000 \SystemRoot\system32\drivers\peauth.sys 0x997C9000 \SystemRoot\System32\Drivers\secdrv.SYS 0x997D3000 \SystemRoot\System32\drivers\tcpipreg.sys 0x997DF000 \??\C:\Users\x\AppData\Local\Temp\uglcikow.sys 0x8DDE4000 \SystemRoot\system32\DRIVERS\monitor.sys 0x77180000 \Windows\System32\ntdll.dll Processes (total 47): 0 System Idle Process 4 System 532 C:\Windows\System32\smss.exe 600 csrss.exe 640 C:\Windows\System32\wininit.exe 648 csrss.exe 684 C:\Windows\System32\services.exe 700 C:\Windows\System32\lsass.exe 708 C:\Windows\System32\lsm.exe 756 C:\Windows\System32\winlogon.exe 896 C:\Windows\System32\svchost.exe 960 C:\Windows\System32\svchost.exe 1024 C:\Windows\System32\svchost.exe 1088 C:\Windows\System32\svchost.exe 1104 C:\Windows\System32\svchost.exe 1224 C:\Windows\System32\audiodg.exe 1248 C:\Windows\System32\svchost.exe 1268 C:\Windows\System32\SLsvc.exe 1444 C:\Windows\System32\svchost.exe 1456 C:\Windows\System32\svchost.exe 1640 C:\Windows\System32\spoolsv.exe 1696 C:\Windows\System32\svchost.exe 1772 C:\Windows\System32\taskeng.exe 1780 C:\Windows\explorer.exe 1864 C:\Windows\System32\taskeng.exe 1996 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe 2016 C:\Windows\System32\taskeng.exe 476 C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe 540 C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe 676 C:\Windows\RtHDVCpl.exe 904 C:\Program Files\Common Files\Java\Java Update\jusched.exe 1056 C:\Windows\ehome\ehtray.exe 1112 C:\Program Files\Windows Media Player\wmpnscfg.exe 1328 C:\Windows\System32\agrsmsvc.exe 1364 C:\Windows\ehome\ehmsas.exe 1692 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 1316 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2080 C:\Windows\System32\svchost.exe 2188 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2264 C:\Windows\System32\SearchIndexer.exe 2928 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3200 C:\Program Files\Windows Media Player\wmpnetwk.exe 1584 C:\Windows\System32\svchost.exe 3496 C:\Windows\System32\SearchProtocolHost.exe 3672 C:\Windows\System32\SearchFilterHost.exe 3528 C:\Users\x\Desktop\MBRCheck.exe 2864 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`c3300000 (NTFS) PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
|
| Themen zu Vista Home Security 2012 Scareware restlos entfernt ? |
| angeblich, anti-malware, autostart, destroy, disabled, entferne, entfernen, entfernt, home, kaufen, konnte, malwarebytes, melde, melden, nicht sicher, popups, reboot, required, scareware, search, security, software, spybot, verseucht, vista, wirklich |
Textbox.
.
Linear-Darstellung
