|
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLLWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.06.2011, 09:22 | #1 |
| TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL Hallo, Avira hat auf meinem DELL-Laptop mit Vista 32 Bit den Trojaner TR/Crypt.XPACK.Gen2 in der Datei OART.DLL gefunden. Hab den auch gleich in Quarantäne verschoben. Danach liefen allerdings Word, Excel und Outlook nicht mehr (da diese Programme diese DLL benötigen) Hab mir dann diese DLL aus dem Internet neu besorgt und die Programme laufen wieder. Was ist das für ein Trojaner? Was macht der? Muss ich mir Sorgen machen (ich mache mit dem Rechner auch Homebanking und Einkäufe)? Hier mal die Daten von Avira: Typ: Datei Quelle: C:\Program Files\Microsoft Office\Office12\OART.DLL Status: Infiziert Quarantäne-Objekt: 4a51694e.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows 2000/XP/VISTA Workstation Suchengine: 8.02.05.20 Virendefinitionsdatei: 7.11.10.12 Meldung: Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2 Datum/Uhrzeit: 18.06.2011, 18:09 Hab dann Spyboot Search and Destroy installiert. Das Programm hat aber nichts gefunden. Hab nach meinem Urlaub gestern dann bei der Suche was dieser Trojaner so anrichten kann dieses tolle Forum hier entdeckt. Deshalb hab ich auch Malwarebytes runter geladen und das ist das Ergebnis eines vollständigen Scans. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 6949 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19088 26.06.2011 00:38:43 mbam-log-2011-06-26 (00-38-26).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 346213 Laufzeit: 1 Stunde(n), 46 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\MegaDev\md-trainers\MT-X\mt-experience.exe (Trojan.AVKiller.Gen) -> No action taken. c:\Users\ms\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\GQDPVB90\OTL[1].exe (Trojan.Dropper.PGen) -> No action taken. Ich hab bis jetzt bei den zwei Funden noch keine Gegenmaßnahmen eingeleitet. Hab jetzt über das Forum hier defogger und OTL runtergeladen. Defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 10:25 on 26/06/2011 (ms) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Geändert von speedrunner (26.06.2011 um 09:30 Uhr) |
26.06.2011, 11:48 | #2 |
| TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL OTL.txt:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.06.2011 12:26:13 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\ms\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 65,61% Memory free 7,18 Gb Paging File | 6,04 Gb Available in Paging File | 84,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285,47 Gb Total Space | 19,66 Gb Free Space | 6,89% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,22 Gb Free Space | 52,19% Space Free | Partition Type: NTFS Computer Name: MS-LAPTOP | User Name: ms | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 360 Days ========== Processes (SafeList) ========== PRC - [2011.06.26 09:31:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.04.29 14:53:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.04.07 22:43:20 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.04.07 22:43:04 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.03.18 10:08:58 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.04 21:37:31 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.06.03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe PRC - [2009.05.07 02:01:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe PRC - [2009.05.07 02:01:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Programme\maxdome\DCBin\DCService.exe PRC - [2009.04.23 14:50:44 | 004,640,445 | ---- | M] () -- C:\Programme\AVSKey-Lock\AVSKey.EXE PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe PRC - [2008.11.06 18:47:50 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.02 06:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2008.01.02 06:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe PRC - [2007.12.03 07:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe PRC - [2007.09.24 11:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe PRC - [2007.09.24 11:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2007.09.24 11:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2007.09.24 11:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2006.11.03 18:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe ========== Modules (SafeList) ========== MOD - [2011.06.26 09:31:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.06.03 19:22:12 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.04.29 14:53:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.03.18 10:08:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.07 02:01:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files\maxdome\DCBin\DCService.exe -- (Prosieben) SRV - [2009.04.23 14:50:44 | 004,640,445 | ---- | M] () [Auto | Running] -- C:\Programme\AVSKey-Lock\AVSKey.EXE -- (AvskeyService) SRV - [2009.01.30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) SRV - [2008.06.09 14:07:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.02 06:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2008.01.02 06:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.04.08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.03.18 10:08:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.12.31 18:49:47 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2010.12.01 21:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.11.23 22:54:22 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.06.22 20:01:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.22 19:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.06.22 19:26:06 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.07 02:01:00 | 000,440,832 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn) DRV - [2009.05.07 02:01:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008.11.05 01:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104}) DRV - [2008.01.02 06:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.12.03 07:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2007.12.03 07:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007.09.26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.09.24 11:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2006.11.27 09:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.27 09:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.27 09:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006.11.21 14:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2006.08.05 02:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.web.de/hxxp://www.zdf.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2011.06.19 23:00:05 | 000,435,149 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14978 more lines... O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (SplitButtonBHO Class) - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Mit FRITZ!Box Anrufen - C:\Programme\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Search Image on TinEye - C:\Users\ms\Documents\TinEye 1.0\TinEye.js () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: FRITZ!Box AddOn - {328ECD19-C167-40eb-A0C7-16FE7634105F} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB (WMI Class) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{18baba85-6f1d-11e0-b00b-001e101f9843}\Shell - "" = AutoRun O33 - MountPoints2\{18baba85-6f1d-11e0-b00b-001e101f9843}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{55b14f1b-11df-11de-92f7-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{55b14f1b-11df-11de-92f7-806e6f6e6963}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{82f910be-8980-11df-b18a-001c4afdc29c}\Shell - "" = AutoRun O33 - MountPoints2\{82f910be-8980-11df-b18a-001c4afdc29c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{82f910c2-8980-11df-b18a-001e101f82a7}\Shell - "" = AutoRun O33 - MountPoints2\{82f910c2-8980-11df-b18a-001e101f82a7}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 360 Days ========== [2011.06.26 09:31:04 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe [2011.06.25 22:33:16 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Roaming\Malwarebytes [2011.06.25 22:33:09 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.06.25 22:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.06.25 22:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.06.25 22:33:04 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.06.25 22:33:04 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.06.25 21:20:49 | 000,000,000 | ---D | C] -- C:\Users\ms\Desktop\balabolka_portable [2011.06.25 20:54:14 | 000,000,000 | ---D | C] -- C:\Programme\ScanSoft [2011.06.25 20:35:40 | 000,000,000 | ---D | C] -- C:\Windows\Lhsp [2011.06.25 20:06:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.06.25 17:08:13 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.06.25 17:08:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.06.25 17:08:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.06.21 05:06:55 | 000,000,000 | ---D | C] -- C:\Users\ms\Desktop\Kochen [2011.06.20 13:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.06.18 12:14:06 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Roaming\QuickScan [2011.06.18 12:08:28 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8 [2011.06.17 09:50:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.06.17 09:50:05 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.06.17 09:50:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.06.17 09:50:05 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.06.17 09:50:05 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.06.17 09:50:04 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.06.17 09:50:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.06.17 09:50:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.06.17 09:50:04 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.06.17 09:50:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.06.17 09:50:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.06.17 09:50:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.06.17 09:50:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.06.17 09:50:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.06.17 09:50:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.06.17 09:50:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.06.17 09:50:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.06.03 12:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.05.24 06:37:45 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.15 19:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2011.05.15 19:29:30 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2011.05.15 19:29:30 | 013,007,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2011.05.15 19:29:30 | 010,690,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2011.05.15 19:29:30 | 006,299,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll [2011.05.15 19:29:30 | 005,180,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2011.05.15 19:29:30 | 002,765,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2011.05.15 19:29:30 | 002,074,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2011.05.15 19:29:30 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220140.dll [2011.05.15 19:29:30 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322060.dll [2011.05.15 19:29:30 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2011.05.15 19:29:30 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd [2011.05.15 19:28:48 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2011.05.08 10:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDev [2011.05.08 10:50:46 | 000,000,000 | ---D | C] -- C:\Programme\MegaDev [2011.05.07 14:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.04.30 13:47:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.30 13:47:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.30 13:46:50 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.13 09:20:33 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.13 09:20:33 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.13 09:20:31 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.13 09:20:28 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.13 09:20:28 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.13 09:20:18 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.13 09:20:16 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.13 09:20:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.07 22:43:36 | 000,580,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\easyUpdatusAPIU.dll [2011.04.07 22:43:34 | 002,582,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll [2011.04.07 22:43:34 | 000,293,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhotkey.dll [2011.04.07 22:43:34 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2011.04.07 22:43:20 | 003,701,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2011.04.07 22:43:04 | 002,565,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll [2011.03.27 21:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Balton Design [2011.03.27 21:24:44 | 000,000,000 | ---D | C] -- C:\Programme\BaltonDesign [2011.03.25 00:29:33 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.25 00:29:33 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.03.09 13:49:21 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 13:49:21 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 13:49:21 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 13:49:21 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.02.28 08:36:02 | 000,000,000 | ---D | C] -- C:\Users\ms\Desktop\Geschäft_Zeugnisaffaire [2011.02.14 00:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft [2011.02.12 09:32:13 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonMF Uninstaller Information [2011.02.12 09:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon [2011.02.12 09:30:54 | 000,126,976 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSD11.DLL [2011.02.12 09:30:54 | 000,114,688 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSI11.DLL [2011.02.12 09:30:54 | 000,110,592 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLST11.DLL [2011.02.12 09:30:54 | 000,098,304 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSU11.DLL [2011.02.12 09:30:54 | 000,077,824 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSC11.DLL [2011.02.12 09:30:54 | 000,049,152 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCILSC.dll [2011.02.12 09:30:53 | 000,548,864 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNCC3110.DLL [2011.02.12 09:30:53 | 000,389,180 | ---- | C] (Canon) -- C:\Windows\System32\UCS32P.DLL [2011.02.12 09:30:53 | 000,090,112 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNCI3110.DLL [2011.02.12 09:30:53 | 000,065,536 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNCL3110.DLL [2011.02.12 09:30:49 | 000,000,000 | ---D | C] -- C:\Programme\Canon [2011.02.12 08:59:51 | 000,000,000 | ---D | C] -- C:\Users\ms\Desktop\Canon_MF3110 [2011.02.11 18:11:22 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.11 18:11:22 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.11 18:11:13 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.02.11 18:11:13 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.02.11 18:11:13 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.02.11 18:11:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.02.11 18:11:12 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.02.11 18:11:12 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.02.11 18:11:12 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.02.11 18:11:12 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.02.11 18:11:12 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.02.11 18:11:12 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.02.11 18:11:12 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.02.11 18:11:12 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.02.11 18:11:11 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.02.11 18:11:11 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.02.11 18:11:11 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.02.11 18:11:10 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.02.11 18:11:10 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.02.11 18:11:10 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.02.11 18:11:09 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.02.11 18:11:09 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.02.11 18:11:08 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.01.20 16:22:36 | 000,000,000 | ---D | C] -- C:\Programme\MSECache [2011.01.16 23:10:38 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.16 23:10:35 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2010.12.31 18:50:04 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys [2010.12.31 18:50:04 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll [2010.12.31 18:50:04 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box [2010.12.31 18:49:30 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Local\Deployment [2010.12.15 19:26:54 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.15 19:26:39 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.12.15 19:26:31 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.15 19:26:31 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.15 19:26:31 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.15 19:26:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.01 21:06:29 | 000,108,104 | ---- | C] (SlySoft, Inc.) -- C:\Windows\System32\drivers\AnyDVD.sys [2010.11.25 20:29:05 | 000,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\Windows\System32\ElbyCDIO.dll [2010.11.14 12:55:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.10.27 13:55:55 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010.10.27 08:24:39 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Roaming\vlc [2010.10.17 21:14:34 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.17 21:14:32 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.17 21:14:31 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.17 21:14:11 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.17 21:13:52 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.17 21:13:50 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.17 21:13:39 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.09 14:00:48 | 000,000,000 | ---D | C] -- C:\Users\ms\Documents\Firaxis Live Tuner [2010.09.27 20:13:31 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2010.09.27 19:57:12 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steam [2010.09.27 19:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2010.09.27 19:57:08 | 000,000,000 | ---D | C] -- C:\Programme\Steam [2010.09.27 19:56:07 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2010.09.27 19:56:06 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2010.09.27 19:56:06 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2010.09.27 19:56:06 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010.09.27 19:56:06 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2010.09.27 19:56:06 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2010.09.27 19:56:06 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2010.09.27 19:56:06 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2010.09.27 19:56:06 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2010.09.27 19:56:05 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2010.09.27 19:56:05 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2010.09.27 19:56:05 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2010.09.27 19:56:05 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2010.09.27 19:56:05 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2010.09.27 19:56:05 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2010.09.27 19:56:05 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2010.09.27 19:56:05 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2010.09.27 19:56:04 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2010.09.27 19:56:04 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2010.09.27 19:56:04 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2010.09.27 19:56:04 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2010.09.27 19:56:04 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2010.09.27 19:56:04 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2010.09.27 19:56:04 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2010.09.27 19:56:04 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2010.09.27 19:56:04 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2010.09.27 19:56:04 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2010.09.27 19:56:04 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2010.09.27 19:56:03 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2010.09.27 19:56:03 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2010.09.27 19:56:03 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2010.09.27 19:56:03 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2010.09.27 19:56:03 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2010.09.27 19:56:03 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2010.09.27 19:56:03 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2010.09.27 19:56:03 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2010.09.27 19:56:03 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2010.09.27 19:56:03 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2010.09.27 19:56:03 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2010.09.27 19:56:02 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2010.09.27 19:56:02 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll [2010.09.27 19:56:02 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll [2010.09.27 19:56:02 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2010.09.27 19:56:02 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll [2010.09.27 19:56:02 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2010.09.27 19:56:02 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll [2010.09.27 19:56:02 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll [2010.09.27 19:56:01 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2010.09.27 19:56:01 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll [2010.09.19 13:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2010.09.19 13:29:53 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.09.19 13:22:24 | 000,000,000 | ---D | C] -- C:\Programme\Windows Installer Clean Up [2010.08.11 10:54:49 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.11 10:54:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.07.26 09:22:07 | 000,000,000 | ---D | C] -- C:\DGQ [2010.07.07 06:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BILDmobil [2010.07.07 06:55:09 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys [2010.07.07 06:55:09 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2010.07.07 06:55:09 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys [2010.07.07 06:55:09 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys [2010.07.07 06:54:52 | 000,000,000 | ---D | C] -- C:\Programme\BILDmobil [2010.07.03 06:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardcopy - Bildschirmausdruck [2010.07.03 06:24:22 | 000,000,000 | ---D | C] -- C:\Programme\Hardcopy [2010.07.03 06:23:41 | 000,501,760 | ---- | C] (www.sw4you.de Siegfried Weckmann) -- C:\Windows\SwSetupu.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 360 Days ========== [2011.06.26 12:22:12 | 007,602,176 | -HS- | M] () -- C:\Users\ms\ntuser.dat [2011.06.26 12:06:28 | 001,453,716 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011.06.26 12:06:28 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.26 12:06:28 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.26 12:06:28 | 000,127,270 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.26 12:06:28 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.26 12:00:10 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.26 11:59:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.26 11:59:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.26 11:59:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011.06.26 11:59:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.26 11:59:40 | 3756,044,288 | -HS- | M] () -- C:\hiberfil.sys [2011.06.26 11:51:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.06.26 11:51:04 | 000,524,288 | -HS- | M] () -- C:\Users\ms\ntuser.dat{41437b0d-f040-11de-995a-001c4afdc29c}.TMContainer00000000000000000001.regtrans-ms [2011.06.26 11:51:04 | 000,065,536 | -HS- | M] () -- C:\Users\ms\ntuser.dat{41437b0d-f040-11de-995a-001c4afdc29c}.TM.blf [2011.06.26 11:38:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.26 11:31:34 | 004,407,909 | -H-- | M] () -- C:\Users\ms\AppData\Local\IconCache.db [2011.06.26 11:11:00 | 000,256,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.06.26 10:25:46 | 000,000,000 | ---- | M] () -- C:\Users\ms\defogger_reenable [2011.06.26 10:24:40 | 000,050,477 | ---- | M] () -- C:\Users\ms\Desktop\Defogger.exe [2011.06.26 09:31:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe [2011.06.26 08:09:35 | 000,055,944 | ---- | M] () -- C:\Users\ms\AppData\Local\GDIPFONTCACHEV1.DAT [2011.06.25 21:20:43 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{82350D19-8E30-415B-A8A5-6501626AE35C}.job [2011.06.25 20:06:36 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.06.21 06:48:39 | 000,000,141 | ---- | M] () -- C:\Users\ms\Desktop\index.html.url [2011.06.21 05:34:44 | 000,240,128 | ---- | M] () -- C:\Users\ms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.19 23:00:05 | 000,435,149 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.06.08 07:58:11 | 002,657,713 | ---- | M] () -- C:\Users\ms\Desktop\Maus_Lasik_Broschüre.pdf [2011.06.08 07:08:07 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.06.05 11:37:40 | 000,762,687 | ---- | M] () -- C:\Users\ms\Desktop\32pfl8404h_12_fin_deu.pdf [2011.06.04 11:50:08 | 000,380,140 | ---- | M] () -- C:\Users\ms\Desktop\FOCUS_Augen_Aerzteliste_2010.pdf [2011.06.04 11:12:03 | 000,020,291 | ---- | M] () -- C:\Users\ms\Desktop\Anreise_CityLasik_Stuttgart.pdf [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.28 08:05:27 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.05.28 08:04:56 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.05.28 08:04:56 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.05.28 08:04:30 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.05.28 08:04:22 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.05.28 08:04:17 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.05.28 08:04:03 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.05.28 08:04:03 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.05.28 08:04:03 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.05.28 08:04:02 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.05.28 08:04:02 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.05.28 08:03:58 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.05.28 07:10:26 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.05.28 06:33:03 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.05.28 06:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.05.28 06:32:15 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.05.28 06:31:44 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.05.24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2011.05.23 18:18:02 | 000,000,680 | ---- | M] () -- C:\Users\ms\AppData\Local\d3d9caps.dat [2011.05.15 17:59:30 | 000,319,354 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.05.15 17:59:30 | 000,319,354 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.05.15 13:13:45 | 000,353,548 | ---- | M] () -- C:\Users\ms\Desktop\t200108088_Leistenbruch.pdf [2011.05.08 10:50:52 | 000,001,973 | ---- | M] () -- C:\Users\ms\Desktop\MegaTrainer eXperience.lnk [2011.05.08 10:44:22 | 000,015,779 | ---- | M] () -- C:\Users\ms\Desktop\Cheatuebersicht~Civilization~V~Version~1_0_1_275-p-detail.pdf.html [2011.05.04 04:52:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.05.04 04:52:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.05.04 04:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.05.04 04:52:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.04.08 07:14:00 | 015,227,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2011.04.08 07:14:00 | 013,007,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2011.04.08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2011.04.08 07:14:00 | 010,071,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2011.04.08 07:14:00 | 006,299,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll [2011.04.08 07:14:00 | 005,180,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2011.04.08 07:14:00 | 002,765,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2011.04.08 07:14:00 | 002,074,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2011.04.08 07:14:00 | 002,034,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2011.04.08 07:14:00 | 000,944,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220140.dll [2011.04.08 07:14:00 | 000,855,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322060.dll [2011.04.08 07:14:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2011.04.08 07:14:00 | 000,010,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd [2011.04.08 07:14:00 | 000,004,755 | ---- | M] () -- C:\Windows\System32\nvinfo.pb [2011.04.07 22:43:36 | 000,580,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\easyUpdatusAPIU.dll [2011.04.07 22:43:34 | 002,582,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll [2011.04.07 22:43:34 | 000,293,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvhotkey.dll [2011.04.07 22:43:34 | 000,111,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2011.04.07 22:43:20 | 003,701,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2011.04.07 22:43:04 | 002,565,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll [2011.03.27 21:24:56 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\Balton Design.lnk [2011.03.27 21:24:20 | 008,250,802 | ---- | M] () -- C:\Users\ms\Desktop\configura_installer.exe [2011.03.27 11:39:45 | 388,758,941 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.03.26 16:38:17 | 003,563,000 | ---- | M] () -- C:\Users\ms\Desktop\balton_broschuere.pdf [2011.03.18 10:08:59 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.03.12 23:55:52 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.03.10 19:03:51 | 001,162,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.03.10 19:03:51 | 001,136,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.03.09 10:32:07 | 000,058,874 | ---- | M] () -- C:\Users\ms\Documents\verbrauchsStrom_2004-2011.do.pdf [2011.03.03 17:40:13 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.03.03 15:35:36 | 004,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.03.03 15:25:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.03.01 20:00:30 | 000,009,365 | ---- | M] () -- C:\Users\ms\Documents\balton.om [2011.03.01 16:41:58 | 000,504,948 | ---- | M] () -- C:\Users\ms\Desktop\BIII-Preisliste.pdf [2011.02.22 16:13:01 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.02.22 15:33:12 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.02.17 08:23:50 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.02.17 08:19:43 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.02.16 18:16:37 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.16 16:02:23 | 000,292,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.14 00:42:12 | 006,669,808 | ---- | M] () -- C:\Users\ms\Desktop\AnyDVD_HD_v6.7.8.0_Final_Multi_Incl_Key.rar [2011.02.12 09:34:54 | 000,001,855 | ---- | M] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk [2011.02.11 15:14:56 | 000,183,370 | ---- | M] () -- C:\Users\ms\Desktop\FRITZ.Box Fon WLAN 7390 (UI) 84.04.90_11.02.11_1415.export [2011.02.11 09:40:50 | 000,005,755 | ---- | M] () -- C:\Users\ms\Desktop\FRITZ.Box_Telefonbuch_11.02.11_0840.xml [2011.02.11 09:39:59 | 000,216,353 | ---- | M] () -- C:\Users\ms\Desktop\FRITZ.Box Fon WLAN 7270 v2 (UI) 54.04.88_11.02.11_0839.export [2011.02.10 10:52:10 | 000,349,669 | ---- | M] () -- C:\Users\ms\Documents\Stromwechsel_Vattenfall_Onlineabschluss_Easy_Privatstrom_12474622.pdf [2011.02.05 11:52:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf [2011.02.05 10:24:19 | 001,272,848 | ---- | M] () -- C:\Users\ms\Desktop\Xperia_X1__UG_DE_1218_2861_3.pdf [2011.01.20 20:23:17 | 012,182,117 | ---- | M] () -- C:\Users\ms\Desktop\AVM_DSL_DE.pdf [2011.01.20 18:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.01.20 18:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.01.20 18:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.01.20 18:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.01.20 18:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.01.20 18:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.01.20 18:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.01.20 18:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.01.20 18:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.01.20 18:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.01.20 16:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.01.20 16:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.01.20 16:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.01.20 16:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.01.20 16:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.01.20 16:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.01.20 16:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.01.20 16:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.01.20 16:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.01.20 16:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.01.20 15:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.01.02 12:26:05 | 000,000,000 | -H-- | M] () -- C:\Users\ms\Documents\Default.rdp [2011.01.01 21:37:42 | 003,539,737 | ---- | M] () -- C:\Users\ms\Desktop\MANUAL_MM-HDRTV.pdf [2010.12.31 18:49:47 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys [2010.12.31 18:49:46 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll [2010.12.31 12:06:00 | 000,000,408 | ---- | M] () -- C:\Users\ms\Documents\Downloads - Verknüpfung.lnk [2010.12.29 21:25:19 | 000,046,721 | ---- | M] () -- C:\Users\ms\Desktop\FRITZ. WLAN Repeater N_G (UI) 68.04.84_29.12.10_2025.export [2010.12.29 20:28:45 | 000,322,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2010.12.29 20:28:45 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2010.12.29 20:28:28 | 000,429,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2010.12.29 20:26:47 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.12.29 10:28:50 | 000,000,402 | ---- | M] () -- C:\Users\ms\Documents\Kontakte - Verknüpfung.lnk [2010.12.28 17:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2010.12.28 12:41:39 | 016,390,204 | ---- | M] () -- C:\Users\ms\Desktop\Firmware_FANTEC_MM-HDRTV_Rev06_BETA.zip [2010.12.27 20:58:08 | 000,005,755 | ---- | M] () -- C:\Users\ms\Desktop\FRITZ.Box_Telefonbuch_27.12.10_1958.xml [2010.12.18 22:51:10 | 000,098,776 | ---- | M] () -- C:\Users\ms\Documents\Kündigung Mobilfunk-Option 1und1.pdf [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2010.12.07 22:55:39 | 000,000,510 | ---- | M] () -- C:\Users\ms\Desktop\Öffentliche Videos - Verknüpfung.lnk [2010.12.01 21:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) -- C:\Windows\System32\drivers\AnyDVD.sys [2010.11.25 20:29:05 | 000,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\System32\ElbyCDIO.dll [2010.11.23 22:54:22 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.04 20:56:07 | 000,345,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.11.04 20:55:38 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.11.04 20:55:38 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.10.28 15:20:12 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.10.18 15:37:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.10.15 16:08:12 | 003,602,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.10.15 16:08:12 | 003,550,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.10.03 14:12:04 | 000,000,215 | ---- | M] () -- C:\Users\ms\Desktop\Sid Meier's Civilization V SDK.url [2010.09.27 20:22:22 | 000,001,275 | ---- | M] () -- C:\Users\ms\Desktop\Sid Meier's Civilization V (DirectX 11).lnk [2010.09.27 20:13:31 | 000,000,214 | ---- | M] () -- C:\Users\ms\Desktop\Sid Meier's Civilization V.url [2010.09.27 20:02:05 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2010.09.13 15:56:41 | 008,147,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.09.06 18:19:06 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.08.31 17:46:37 | 000,954,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.08.31 17:46:37 | 000,954,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.08.26 18:37:45 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.08.26 18:34:50 | 001,696,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010.08.20 18:05:07 | 000,867,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.07.20 20:46:52 | 000,020,645 | ---- | M] () -- C:\Users\ms\Desktop\Segway.jpg [2010.07.20 20:46:15 | 000,011,371 | ---- | M] () -- C:\Users\ms\Desktop\Poweriser.jpg [2010.07.07 06:55:14 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\BILDmobil.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.26 10:25:46 | 000,000,000 | ---- | C] () -- C:\Users\ms\defogger_reenable [2011.06.26 10:24:40 | 000,050,477 | ---- | C] () -- C:\Users\ms\Desktop\Defogger.exe [2011.06.25 20:06:36 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.06.21 06:48:39 | 000,000,141 | ---- | C] () -- C:\Users\ms\Desktop\index.html.url [2011.06.08 07:58:11 | 002,657,713 | ---- | C] () -- C:\Users\ms\Desktop\Maus_Lasik_Broschüre.pdf [2011.06.05 11:37:37 | 000,762,687 | ---- | C] () -- C:\Users\ms\Desktop\32pfl8404h_12_fin_deu.pdf [2011.06.04 11:50:08 | 000,380,140 | ---- | C] () -- C:\Users\ms\Desktop\FOCUS_Augen_Aerzteliste_2010.pdf [2011.06.04 11:12:03 | 000,020,291 | ---- | C] () -- C:\Users\ms\Desktop\Anreise_CityLasik_Stuttgart.pdf [2011.05.15 19:29:30 | 000,004,755 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2011.05.15 13:13:42 | 000,353,548 | ---- | C] () -- C:\Users\ms\Desktop\t200108088_Leistenbruch.pdf [2011.05.08 10:50:52 | 000,001,973 | ---- | C] () -- C:\Users\ms\Desktop\MegaTrainer eXperience.lnk [2011.05.08 10:44:22 | 000,015,779 | ---- | C] () -- C:\Users\ms\Desktop\Cheatuebersicht~Civilization~V~Version~1_0_1_275-p-detail.pdf.html [2011.03.27 21:24:56 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\Balton Design.lnk [2011.03.27 21:24:13 | 008,250,802 | ---- | C] () -- C:\Users\ms\Desktop\configura_installer.exe [2011.03.26 16:38:16 | 003,563,000 | ---- | C] () -- C:\Users\ms\Desktop\balton_broschuere.pdf [2011.03.09 10:32:07 | 000,058,874 | ---- | C] () -- C:\Users\ms\Documents\verbrauchsStrom_2004-2011.do.pdf [2011.03.01 16:41:58 | 000,504,948 | ---- | C] () -- C:\Users\ms\Desktop\BIII-Preisliste.pdf [2011.02.14 00:42:07 | 006,669,808 | ---- | C] () -- C:\Users\ms\Desktop\AnyDVD_HD_v6.7.8.0_Final_Multi_Incl_Key.rar [2011.02.12 09:34:54 | 000,001,855 | ---- | C] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk [2011.02.12 09:30:53 | 000,000,281 | ---- | C] () -- C:\Windows\System32\CNCMFP11.INI [2011.02.11 15:14:56 | 000,183,370 | ---- | C] () -- C:\Users\ms\Desktop\FRITZ.Box Fon WLAN 7390 (UI) 84.04.90_11.02.11_1415.export [2011.02.11 09:40:50 | 000,005,755 | ---- | C] () -- C:\Users\ms\Desktop\FRITZ.Box_Telefonbuch_11.02.11_0840.xml [2011.02.11 09:39:59 | 000,216,353 | ---- | C] () -- C:\Users\ms\Desktop\FRITZ.Box Fon WLAN 7270 v2 (UI) 54.04.88_11.02.11_0839.export [2011.02.10 10:52:09 | 000,349,669 | ---- | C] () -- C:\Users\ms\Documents\Stromwechsel_Vattenfall_Onlineabschluss_Easy_Privatstrom_12474622.pdf [2011.02.05 11:52:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf [2011.02.05 10:24:18 | 001,272,848 | ---- | C] () -- C:\Users\ms\Desktop\Xperia_X1__UG_DE_1218_2861_3.pdf [2011.01.20 20:22:34 | 012,182,117 | ---- | C] () -- C:\Users\ms\Desktop\AVM_DSL_DE.pdf [2011.01.20 16:23:29 | 000,002,539 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk [2011.01.02 12:26:05 | 000,000,000 | -H-- | C] () -- C:\Users\ms\Documents\Default.rdp [2011.01.01 21:37:40 | 003,539,737 | ---- | C] () -- C:\Users\ms\Desktop\MANUAL_MM-HDRTV.pdf [2010.12.31 12:06:00 | 000,000,408 | ---- | C] () -- C:\Users\ms\Documents\Downloads - Verknüpfung.lnk [2010.12.29 21:25:18 | 000,046,721 | ---- | C] () -- C:\Users\ms\Desktop\FRITZ. WLAN Repeater N_G (UI) 68.04.84_29.12.10_2025.export [2010.12.29 10:28:50 | 000,000,402 | ---- | C] () -- C:\Users\ms\Documents\Kontakte - Verknüpfung.lnk [2010.12.28 12:40:41 | 016,390,204 | ---- | C] () -- C:\Users\ms\Desktop\Firmware_FANTEC_MM-HDRTV_Rev06_BETA.zip [2010.12.27 20:58:07 | 000,005,755 | ---- | C] () -- C:\Users\ms\Desktop\FRITZ.Box_Telefonbuch_27.12.10_1958.xml [2010.12.18 22:50:03 | 000,098,776 | ---- | C] () -- C:\Users\ms\Documents\Kündigung Mobilfunk-Option 1und1.pdf [2010.12.07 22:55:39 | 000,000,510 | ---- | C] () -- C:\Users\ms\Desktop\Öffentliche Videos - Verknüpfung.lnk [2010.10.03 14:12:04 | 000,000,215 | ---- | C] () -- C:\Users\ms\Desktop\Sid Meier's Civilization V SDK.url [2010.09.27 20:22:22 | 000,001,275 | ---- | C] () -- C:\Users\ms\Desktop\Sid Meier's Civilization V (DirectX 11).lnk [2010.09.27 20:13:31 | 000,000,214 | ---- | C] () -- C:\Users\ms\Desktop\Sid Meier's Civilization V.url [2010.09.27 19:57:11 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2010.09.19 13:22:24 | 000,001,858 | ---- | C] () -- C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk [2010.08.28 08:10:37 | 000,000,420 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{82350D19-8E30-415B-A8A5-6501626AE35C}.job [2010.07.20 20:51:17 | 000,011,371 | ---- | C] () -- C:\Users\ms\Desktop\Poweriser.jpg [2010.07.20 20:50:15 | 000,020,645 | ---- | C] () -- C:\Users\ms\Desktop\Segway.jpg [2010.07.07 06:55:14 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\BILDmobil.lnk [2010.06.29 05:50:47 | 004,407,909 | -H-- | C] () -- C:\Users\ms\AppData\Local\IconCache.db [2010.06.11 06:02:50 | 000,008,828 | ---- | C] () -- C:\Users\ms\AppData\Local\de.ini [2009.12.24 06:32:03 | 000,000,680 | ---- | C] () -- C:\Users\ms\AppData\Local\d3d9caps.dat [2009.08.04 11:11:31 | 000,319,354 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.08.04 11:11:31 | 000,319,354 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.04 10:29:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.04 10:29:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.04 10:29:05 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.05.07 02:01:00 | 000,016,037 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin [2009.04.18 10:33:48 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.03.23 01:27:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.03.14 19:27:45 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2009.03.13 20:55:49 | 000,240,128 | ---- | C] () -- C:\Users\ms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.13 20:42:06 | 000,027,050 | ---- | C] () -- C:\Users\ms\AppData\Roaming\nvModes.001 [2009.03.13 18:47:54 | 000,027,050 | ---- | C] () -- C:\Users\ms\AppData\Roaming\nvModes.dat [2009.03.13 17:15:39 | 000,055,944 | ---- | C] () -- C:\Users\ms\AppData\Local\GDIPFONTCACHEV1.DAT [2009.01.05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe [2009.01.05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini [2008.06.09 21:30:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.06.09 13:55:14 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin [2008.06.09 13:38:18 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.07.25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2006.11.15 20:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 17:33:31 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,127,270 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,256,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 001,453,716 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2006.11.02 12:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006.11.02 12:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\win.ini [2006.11.02 12:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe [2006.11.02 09:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2006.11.02 09:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2006.11.02 09:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2006.11.02 09:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2006.11.02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2006.11.02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2006.11.02 09:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2006.11.02 09:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2006.11.02 09:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2006.11.02 09:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2006.11.02 09:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2006.11.02 09:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2006.11.02 09:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2006.11.02 09:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2006.11.02 09:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2006.11.02 09:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2006.11.02 09:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006.11.02 09:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006.11.02 09:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006.11.02 09:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006.11.02 09:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006.11.02 09:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006.11.02 09:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006.11.02 09:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006.11.02 09:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006.11.02 09:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006.11.02 09:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006.11.02 09:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006.11.02 09:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006.11.02 09:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006.11.02 09:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006.11.02 08:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2011.06.18 12:14:14 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\QuickScan [2010.10.09 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\SYNCING.NET [2009.03.13 19:41:20 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\tmp [2009.03.21 09:43:32 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\UBitMenu [2011.06.26 11:51:05 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.06.25 21:20:43 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{82350D19-8E30-415B-A8A5-6501626AE35C}.job ========== Purity Check ========== < End of report > |
26.06.2011, 11:56 | #3 |
| TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL Extras.txtOTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 26.06.2011 12:26:13 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\ms\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 65,61% Memory free 7,18 Gb Paging File | 6,04 Gb Available in Paging File | 84,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285,47 Gb Total Space | 19,66 Gb Free Space | 6,89% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,22 Gb Free Space | 52,19% Space Free | Partition Type: NTFS Computer Name: MS-LAPTOP | User Name: ms | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 360 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1289FECB-4BE5-48BD-966F-6884D365762A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{25767E52-D726-400E-835C-AACB6D3B10BC}" = rport=445 | protocol=6 | dir=out | app=system | "{2D18C054-5CA9-4854-BC8D-A21550C04FE4}" = lport=139 | protocol=6 | dir=in | app=system | "{4366F99F-33AA-4F3E-84F9-81353B4F82B8}" = lport=445 | protocol=6 | dir=in | app=system | "{4FD021FC-138C-4DC7-9AB4-16259729D5D5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5D22A296-AE90-4576-8A61-5437DF494F55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{60F74495-1F03-4CDE-B07B-3E69B44A4C1F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6776B484-AD18-4425-BAA2-9E1DA32E23C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{67A1E885-DF4C-434E-BFCA-751784A98024}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{69AF0CD8-0574-47B5-8ECF-8C887075D1CD}" = rport=10243 | protocol=6 | dir=out | app=system | "{72DDF50C-9E77-4D80-B678-C977C2E26F83}" = lport=138 | protocol=17 | dir=in | app=system | "{738D6DCB-326B-4BDE-A61B-078D0851DBE1}" = rport=137 | protocol=17 | dir=out | app=system | "{765D5A35-713B-4D61-BA96-29EF8F39BD15}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{795200F5-B3E0-4B0D-BD22-3BB68967DCA6}" = lport=137 | protocol=17 | dir=in | app=system | "{80229CC1-AFE0-4975-BC6A-91F7E24A6DD5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{889B2D86-F0FF-4294-BFC6-1284CFBA2AE8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8A2F3806-67C9-4414-909E-E1CA5995A378}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8EE18C5A-E95E-43D6-8A60-CEB2C611D5D5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{99E47868-5F3B-464E-B077-7D745B134D83}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{A8704C79-4ED2-44CF-89C8-AB8137E45A17}" = lport=2869 | protocol=6 | dir=in | app=system | "{B4F3BDDB-1B98-4336-AC99-2FC11AE68611}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{BD70C133-DBF7-4251-B0E4-771237A8621E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C6B8709A-EC49-4C11-AB89-A8D894DEA783}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C72515DC-38FD-42E8-A33B-13461E8952E8}" = lport=10243 | protocol=6 | dir=in | app=system | "{CDF04C66-6311-404A-9430-9EAC9BB5CAF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D86056C5-2CC2-46A9-AFB4-40D7F232DCFB}" = rport=138 | protocol=17 | dir=out | app=system | "{D9A00F65-A7A0-4D99-AE0C-9AB447DA6D18}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{E9EBBE00-D9BC-4A89-B1D1-56C267F34188}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{EEAF2989-C007-4109-AB19-6650BC760484}" = rport=139 | protocol=6 | dir=out | app=system | "{F702BF32-5DDE-4531-94CB-35B290665146}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08DCC713-0912-48A0-95D8-546F37B39735}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{09EDFF2D-06D2-4468-A3E1-639EBA1EDF5D}" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe | "{0A1D34D7-792A-46C3-90EE-F5614D2D8B9E}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | "{0D838566-C879-42AC-B5E5-4924722DFFB1}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | "{12C73333-A532-47B1-B5D2-DCDD7807908D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | "{160BA720-9A9B-4B3B-808E-80F20E9D5CAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | "{203069F4-B2EE-4EC5-BFEC-5E150421F106}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{30572048-5610-4EBE-9DBF-B82FC8BC7047}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | "{34F7935F-7EC4-4B10-B112-1981BEB31535}" = protocol=6 | dir=out | app=system | "{432784E8-A43A-4CC6-96D1-AE9E9B237CD0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | "{45911C6B-54A4-4138-B563-C0691B697D90}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{45CF406F-EC9F-417C-8AD7-74346B8E9683}" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe | "{47EF45B1-3A87-441D-BBFF-5F1291C009C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{50115472-F2EC-4103-B92B-5CF7BF88E31B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5723F2F3-1934-4270-B4C2-4CC216517D2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6110B96E-0CF8-45DA-B5A2-F2F4FFF05F81}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6744E8E0-A2B0-4277-A1D9-386068354675}" = protocol=6 | dir=in | app=c:\users\ms\appdata\local\apps\2.0\5yyp6c1m.ddt\ojowgd11.xqn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | "{7215E26D-7B15-4046-B3A8-7F918DD73CFC}" = protocol=17 | dir=in | app=c:\users\ms\appdata\local\apps\2.0\5yyp6c1m.ddt\ojowgd11.xqn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | "{7BAC4219-F7D5-4447-890A-ABB9DE3B44C5}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | "{8747C935-C677-4362-BA0C-57098E6ABEB4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | "{896B4B04-8084-4065-B1E4-A9D0FBAEE663}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8D4164C1-BEA1-49CA-8B1D-AB60CB8F46BA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8EC24D1E-C399-4415-B4AB-BC5A25E9541B}" = protocol=17 | dir=in | app=c:\users\ms\appdata\local\apps\2.0\5yyp6c1m.ddt\ojowgd11.xqn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | "{8EEC820F-C8F8-4EC5-AD49-8B51AE2B95B3}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | "{98177A8E-D187-445C-965D-5A69FF220EDC}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | "{99CD44CE-F624-4D6A-BFEE-34DFC7FB3D12}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{9B11E34C-F053-4A0A-9F65-CFC445E618AC}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | "{9CFE704A-E7B3-4BB8-BF8D-5ACF663F7C2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A0065EA5-9F8B-465F-961B-6F43166164A6}" = protocol=6 | dir=in | app=c:\users\ms\appdata\local\apps\2.0\5yyp6c1m.ddt\ojowgd11.xqn\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | "{AFBD7F37-5FFA-44DD-848A-0671D14128B8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{B30C3CCC-2A11-4289-BEBE-F1A657E512B5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{B6583FF9-5775-469D-8A5A-E2A24152F30B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B7CECDBC-DE8B-4261-A960-239ABC67AD92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B80C01DE-285A-4D97-A00A-A0FAB7BECDEC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | "{B8B0FE07-8877-4C15-8340-78838D26D784}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | "{C18BFBE6-71FF-4C9C-8EF8-21460393D84E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C462DA0F-5800-4B31-9458-4BAD085AEAAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C82B7A4F-3639-4FA2-9581-A1695DAE2BD6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CD06360F-CFA6-401D-B6D2-52C670E84F00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D3C26FE9-2EAD-439E-A796-54D1679F01A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DC4AEAEB-58E9-4539-90C2-A48FED239677}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{DC4FDC0A-2583-4B18-91FE-DD41A8DA3A52}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | "{DDD9045B-9EC3-43C9-A481-B8FA8CB95AA8}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | "{DECE562C-827E-46D7-829E-D7364B7EAD30}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | "{FB7C6678-4969-42C2-9E36-9EE866776EE7}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{FCE28334-E6FF-4379-990A-CE657CD01140}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "TCP Query User{1B8E80AD-CC72-48C3-B753-84A4DB808CD9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{4DD278FD-6BEC-4B39-B94D-CD0212C51325}G:\opera10\operausb1051\opera.exe" = protocol=6 | dir=in | app=g:\opera10\operausb1051\opera.exe | "TCP Query User{691B9960-F4CB-4F41-9595-D01752946929}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{841AD731-AF5A-4EA0-8D3D-140DA591FE92}C:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe" = protocol=6 | dir=in | app=c:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe | "TCP Query User{941DC9E6-10EA-4D87-99DD-9B7CA8079C71}C:\laptop\sicherung 8gb usb\portableapps\freecivportable\app\freeciv\freeciv-server.exe" = protocol=6 | dir=in | app=c:\laptop\sicherung 8gb usb\portableapps\freecivportable\app\freeciv\freeciv-server.exe | "TCP Query User{9421CBA5-EB1E-4828-A5E2-35D883C389B9}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{964FDB82-3BFA-4954-8CD2-04B9440077C4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{C3C6784D-6FC8-4522-8C4F-181C8E0D0AC3}C:\program files\fritz!box\addon (ie)\upnpbroker.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box\addon (ie)\upnpbroker.exe | "TCP Query User{DCBDBCCB-977B-4503-BBC3-3D77901B01CA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{DD7909FE-63E4-4D2D-A132-C461188FFE40}C:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe" = protocol=6 | dir=in | app=c:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe | "TCP Query User{E9EE9E8D-E156-4417-8BEA-071E3534F1C4}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{0986BCB4-CFB9-4B41-95D9-76E21F363F40}C:\laptop\sicherung 8gb usb\portableapps\freecivportable\app\freeciv\freeciv-server.exe" = protocol=17 | dir=in | app=c:\laptop\sicherung 8gb usb\portableapps\freecivportable\app\freeciv\freeciv-server.exe | "UDP Query User{0C78FC08-E755-4D59-9567-6760FADE72BD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{0D9EFEC5-1128-4C73-A0FD-25E8FBBC9A81}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{0EBFA376-058C-4E7D-BF21-C7FAAD320072}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{1E5BF38F-2438-460F-8FC8-984A1708042D}G:\opera10\operausb1051\opera.exe" = protocol=17 | dir=in | app=g:\opera10\operausb1051\opera.exe | "UDP Query User{2124D1C0-7857-46F8-B58C-A972CE496B9E}C:\program files\fritz!box\addon (ie)\upnpbroker.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box\addon (ie)\upnpbroker.exe | "UDP Query User{2F2A315B-94D1-4844-AE62-47F43E3BA8BE}C:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe" = protocol=17 | dir=in | app=c:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe | "UDP Query User{593DE7A2-23B1-4F1E-B3CA-EF05A5798F4A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{5B124443-6F81-4AF5-B178-6F4D8BF335FA}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{72EE6A07-1E3F-46F1-A486-E6D397BE9DB4}C:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe" = protocol=17 | dir=in | app=c:\program files\syncing.net technologies\syncing.net\bin\syncservice.exe | "UDP Query User{A2A2E955-E89A-42DA-B894-F3F7B7906208}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf11 "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_BASICR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_BASICR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_BASICR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_BASICR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_BASICR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007 "{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{96F51932-0944-4D62-945F-E6837E510462}" = AVM FRITZ!Box AddOn (IE) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B8ACEA2-BA21-4A91-A950-144FED3ED133}" = TinEye Internet Explorer plugin 1.0 "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 270.61 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs "{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1" = UBitMenuDE "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6411A0B-EA6A-4cf7-8A31-94A2C187D662}" = Canon MF3110-Serie "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78 "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool "{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Advanced Audio FX Engine" = Advanced Audio FX Engine "Advanced Video FX Engine" = Advanced Video FX Engine "AnyDVD" = AnyDVD "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMWLANCLI" = AVM FRITZ!WLAN "AVSKey-Lock_is1" = AVSKey-Lock 1.08 "Balton Design.EXE" = Balton Design "BASICR" = Microsoft Office Basic 2007 "BILDmobil" = BILDmobil "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) "Dell Webcam Center" = Dell Webcam Center "Dell Webcam Manager" = Dell Webcam Manager "GoToAssist" = GoToAssist 8.0.0.514 "Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy) "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200 "MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.4.6 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MuVo Series Media Explorer" = MuVo Series Media Explorer "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "ProInst" = Intel(R) PROSet/Wireless Software "Steam App 16830" = Sid Meier's Civilization V SDK "Steam App 8930" = Sid Meier's Civilization V "VLC media player" = VLC media player 1.1.9 "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
04.07.2011, 14:43 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL Hast du keinen OTL-CustomScan gemacht? Wenn nicht nachholen, Anleitung unten. Da der letzte Scan mit Malwarebytes auch länger her, am besten auch noch einen neuen Vollscan mit aktuellen Signaturen machen. CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
06.07.2011, 04:07 | #5 |
| TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL Hallo cosinus, anbei der gewünschten Scan. OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.07.2011 04:23:21 - Run 2 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\ms\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 66,25% Memory free 7,18 Gb Paging File | 5,98 Gb Available in Paging File | 83,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285,47 Gb Total Space | 39,00 Gb Free Space | 13,66% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,22 Gb Free Space | 52,19% Space Free | Partition Type: NTFS Computer Name: MS-LAPTOP | User Name: ms | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.04 21:19:29 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.07.02 11:37:45 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe PRC - [2011.06.26 09:31:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.05.28 08:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2011.04.29 14:53:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.04.07 22:43:20 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.04.07 22:43:04 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.11.04 21:37:31 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.06.03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe PRC - [2009.05.07 02:01:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe PRC - [2009.05.07 02:01:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Programme\maxdome\DCBin\DCService.exe PRC - [2009.04.23 14:50:44 | 004,640,445 | ---- | M] () -- C:\Programme\AVSKey-Lock\AVSKey.EXE PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe PRC - [2008.11.06 18:47:50 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.02 06:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2008.01.02 06:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe PRC - [2007.12.03 07:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe PRC - [2007.09.24 11:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe PRC - [2007.09.24 11:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2007.09.24 11:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2007.09.24 11:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2006.11.03 18:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe ========== Modules (SafeList) ========== MOD - [2011.06.26 09:31:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.04 21:19:29 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.03 19:22:12 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.04.29 14:53:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.05.07 02:01:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Program Files\maxdome\DCBin\DCService.exe -- (Prosieben) SRV - [2009.04.23 14:50:44 | 004,640,445 | ---- | M] () [Auto | Running] -- C:\Programme\AVSKey-Lock\AVSKey.EXE -- (AvskeyService) SRV - [2009.01.30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) SRV - [2008.06.09 14:07:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.02 06:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2008.01.02 06:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV - [2011.07.04 21:19:30 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.04 21:19:29 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.04.08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.12.31 18:49:47 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2010.12.01 21:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.06.22 20:01:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.22 19:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.06.22 19:26:06 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.07 02:01:00 | 000,440,832 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn) DRV - [2009.05.07 02:01:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008.11.05 01:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104}) DRV - [2008.01.02 06:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.12.03 07:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2007.12.03 07:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007.09.26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.09.24 11:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2006.11.27 09:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.27 09:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.27 09:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006.11.21 14:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2006.08.05 02:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.web.de/hxxp://www.zdf.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2011.06.19 23:00:05 | 000,435,149 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14978 more lines... O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (SplitButtonBHO Class) - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Mit FRITZ!Box Anrufen - C:\Programme\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Search Image on TinEye - C:\Users\ms\Documents\TinEye 1.0\TinEye.js () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: FRITZ!Box AddOn - {328ECD19-C167-40eb-A0C7-16FE7634105F} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB (WMI Class) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{18baba85-6f1d-11e0-b00b-001e101f9843}\Shell - "" = AutoRun O33 - MountPoints2\{18baba85-6f1d-11e0-b00b-001e101f9843}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{55b14f1b-11df-11de-92f7-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{55b14f1b-11df-11de-92f7-806e6f6e6963}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{82f910be-8980-11df-b18a-001c4afdc29c}\Shell - "" = AutoRun O33 - MountPoints2\{82f910be-8980-11df-b18a-001c4afdc29c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{82f910c2-8980-11df-b18a-001e101f82a7}\Shell - "" = AutoRun O33 - MountPoints2\{82f910c2-8980-11df-b18a-001e101f82a7}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.03 08:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.06.27 15:04:42 | 000,000,000 | ---D | C] -- C:\Users\ms\Desktop\krank-Dateien [2011.06.26 09:31:04 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe [2011.06.25 22:33:16 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Roaming\Malwarebytes [2011.06.25 22:33:09 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.06.25 22:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.06.25 22:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.06.25 22:33:04 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.06.25 22:33:04 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.06.25 21:20:49 | 000,000,000 | ---D | C] -- C:\Users\ms\Desktop\balabolka_portable [2011.06.25 20:54:14 | 000,000,000 | ---D | C] -- C:\Programme\ScanSoft [2011.06.25 20:35:40 | 000,000,000 | ---D | C] -- C:\Windows\Lhsp [2011.06.21 05:06:55 | 000,000,000 | ---D | C] -- C:\Users\ms\Desktop\Kochen [2011.06.20 13:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.06.18 12:14:06 | 000,000,000 | ---D | C] -- C:\Users\ms\AppData\Roaming\QuickScan [2011.06.18 12:08:28 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.06 03:52:58 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.06 03:52:58 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.06 03:52:58 | 000,127,270 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.06 03:52:58 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.07.06 03:47:39 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.06 03:46:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.06 03:46:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.06 03:46:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.06 03:46:14 | 3756,044,288 | -HS- | M] () -- C:\hiberfil.sys [2011.07.05 23:53:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.07.05 23:38:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.05 20:24:56 | 000,245,248 | ---- | M] () -- C:\Users\ms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.05 13:41:10 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{82350D19-8E30-415B-A8A5-6501626AE35C}.job [2011.07.04 21:19:30 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.07.04 21:19:29 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.07.04 06:52:03 | 000,028,784 | ---- | M] () -- C:\Users\ms\Desktop\Angesicht_Verbrechens_DVD1-xfakbdlrue0k.dlc [2011.07.03 12:41:21 | 000,023,192 | ---- | M] () -- C:\Users\ms\Desktop\Angesicht_Verbrechens_DVD1-q8llbdl4j924s.dlc [2011.07.03 08:17:00 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.07.02 17:40:16 | 000,256,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.06.27 21:42:38 | 000,849,509 | ---- | M] () -- C:\Users\ms\Desktop\Münchenvlp11stadt.pdf [2011.06.27 15:04:42 | 000,200,011 | ---- | M] () -- C:\Users\ms\Desktop\krank.htm [2011.06.26 22:25:27 | 134,918,069 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.06.26 13:01:01 | 000,302,592 | ---- | M] () -- C:\Users\ms\Desktop\h5jwz35c.exe [2011.06.26 10:25:46 | 000,000,000 | ---- | M] () -- C:\Users\ms\defogger_reenable [2011.06.26 10:24:40 | 000,050,477 | ---- | M] () -- C:\Users\ms\Desktop\Defogger.exe [2011.06.26 09:31:07 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\ms\Desktop\OTL.exe [2011.06.25 20:06:36 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.06.21 06:48:39 | 000,000,141 | ---- | M] () -- C:\Users\ms\Desktop\index.html.url [2011.06.19 23:00:05 | 000,435,149 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.06.08 07:58:11 | 002,657,713 | ---- | M] () -- C:\Users\ms\Desktop\Maus_Lasik_Broschüre.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.04 06:52:03 | 000,028,784 | ---- | C] () -- C:\Users\ms\Desktop\Angesicht_Verbrechens_DVD1-xfakbdlrue0k.dlc [2011.07.03 12:41:20 | 000,023,192 | ---- | C] () -- C:\Users\ms\Desktop\Angesicht_Verbrechens_DVD1-q8llbdl4j924s.dlc [2011.07.03 08:17:00 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.06.27 21:42:38 | 000,849,509 | ---- | C] () -- C:\Users\ms\Desktop\Münchenvlp11stadt.pdf [2011.06.27 15:04:42 | 000,200,011 | ---- | C] () -- C:\Users\ms\Desktop\krank.htm [2011.06.26 22:25:29 | 3756,044,288 | -HS- | C] () -- C:\hiberfil.sys [2011.06.26 13:01:00 | 000,302,592 | ---- | C] () -- C:\Users\ms\Desktop\h5jwz35c.exe [2011.06.26 10:25:46 | 000,000,000 | ---- | C] () -- C:\Users\ms\defogger_reenable [2011.06.26 10:24:40 | 000,050,477 | ---- | C] () -- C:\Users\ms\Desktop\Defogger.exe [2011.06.25 20:06:36 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.06.21 06:48:39 | 000,000,141 | ---- | C] () -- C:\Users\ms\Desktop\index.html.url [2011.06.08 07:58:11 | 002,657,713 | ---- | C] () -- C:\Users\ms\Desktop\Maus_Lasik_Broschüre.pdf [2011.02.12 09:30:53 | 000,000,281 | ---- | C] () -- C:\Windows\System32\CNCMFP11.INI [2010.06.11 06:02:50 | 000,008,828 | ---- | C] () -- C:\Users\ms\AppData\Local\de.ini [2009.12.24 06:32:03 | 000,000,680 | ---- | C] () -- C:\Users\ms\AppData\Local\d3d9caps.dat [2009.08.04 11:11:31 | 000,319,354 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.08.04 11:11:31 | 000,319,354 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.04 10:29:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.04 10:29:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.05.07 02:01:00 | 000,016,037 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin [2009.04.18 10:33:48 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.03.23 01:27:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.03.13 20:55:49 | 000,245,248 | ---- | C] () -- C:\Users\ms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.13 20:42:06 | 000,027,050 | ---- | C] () -- C:\Users\ms\AppData\Roaming\nvModes.001 [2009.03.13 18:47:54 | 000,027,050 | ---- | C] () -- C:\Users\ms\AppData\Roaming\nvModes.dat [2009.01.05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe [2009.01.05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini [2008.06.09 21:30:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.06.09 13:55:14 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin [2008.06.09 13:38:18 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.07.25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2006.11.15 20:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 17:33:31 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,127,270 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,256,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2011.06.18 12:14:14 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\QuickScan [2010.10.09 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\SYNCING.NET [2009.03.13 19:41:20 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\tmp [2009.03.21 09:43:32 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\UBitMenu [2011.07.05 23:53:34 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.07.05 13:41:10 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{82350D19-8E30-415B-A8A5-6501626AE35C}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.03.13 20:58:40 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Adobe [2010.04.18 11:23:08 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Avira [2009.03.13 22:18:44 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Creative [2009.03.13 20:54:02 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\CyberLink [2011.06.18 19:50:25 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\dvdcss [2009.03.13 17:34:44 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Google [2009.03.13 17:15:22 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Identities [2009.03.13 20:53:12 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\InstallShield [2009.03.13 17:19:30 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Intel [2009.03.13 22:04:35 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Macromedia [2011.06.25 22:33:16 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Malwarebytes [2009.03.13 21:41:57 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Media Center Programs [2010.09.19 13:22:27 | 000,000,000 | --SD | M] -- C:\Users\ms\AppData\Roaming\Microsoft [2011.06.18 12:14:14 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\QuickScan [2009.03.13 19:41:20 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Reallusion [2011.07.06 04:18:46 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\Skype [2010.10.09 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\SYNCING.NET [2009.03.13 19:41:20 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\tmp [2009.03.21 09:43:32 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\UBitMenu [2011.07.03 08:12:13 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\vlc [2010.06.10 06:23:04 | 000,000,000 | ---D | M] -- C:\Users\ms\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2009.04.04 23:16:33 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\ms\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2010.09.19 13:22:27 | 000,003,584 | R--- | M] () -- C:\Users\ms\AppData\Roaming\Microsoft\Installer\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}\Icon386ED4E3.exe [2009.03.21 09:43:10 | 000,696,341 | ---- | M] () -- C:\Users\ms\AppData\Roaming\UBitMenu\unins000.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2008.06.09 21:14:00 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys [2008.06.09 21:14:00 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys [2008.06.09 21:14:00 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys [2008.06.09 21:14:00 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2008.06.09 21:14:39 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_e6b2949c\atapi.sys [2008.06.09 21:14:39 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20544_none_dbb443eb3d9db847\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.06.09 21:14:28 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys [2008.06.09 21:30:27 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys [2008.06.09 21:30:27 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys [2008.06.09 21:30:27 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys [2008.06.09 21:30:27 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys [2008.06.09 21:13:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys [2008.06.09 21:13:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys [2008.06.09 21:14:28 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys [2008.06.09 21:14:28 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys [2008.06.09 21:25:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.06.09 21:25:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.06.09 21:25:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.06.09 21:25:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2007.02.12 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\storage\R154200\iastor.sys [2007.02.12 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys [2007.02.12 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys [2007.02.12 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.06.09 21:24:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2008.06.09 21:24:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
06.07.2011, 07:02 | #6 |
| TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL und hier der aktuelle Malwarebytes-Bericht: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 7030 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19088 06.07.2011 06:55:51 mbam-log-2011-07-06 (06-55-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 360478 Laufzeit: 1 Stunde(n), 43 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\MegaDev\md-trainers\MT-X\mt-experience.exe (Trojan.AVKiller.Gen) -> No action taken. |
06.07.2011, 12:24 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{18baba85-6f1d-11e0-b00b-001e101f9843}\Shell - "" = AutoRun O33 - MountPoints2\{18baba85-6f1d-11e0-b00b-001e101f9843}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{55b14f1b-11df-11de-92f7-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{55b14f1b-11df-11de-92f7-806e6f6e6963}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{82f910be-8980-11df-b18a-001c4afdc29c}\Shell - "" = AutoRun O33 - MountPoints2\{82f910be-8980-11df-b18a-001c4afdc29c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{82f910c2-8980-11df-b18a-001e101f82a7}\Shell - "" = AutoRun O33 - MountPoints2\{82f910c2-8980-11df-b18a-001e101f82a7}\Shell\AutoRun\command - "" = G:\AutoRun.exe :Commands [purity] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
07.07.2011, 09:14 | #8 |
| TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL Hallo Cosinus, hab alles ausgeführt. Hier noch folgende Infos zu meinem System: C ist dies Systempartition und Speicher ca. 285 GB D ist die Wiederherstellungspartition von Dell ca. 10 GB E ist das DVD Laufwerk F,G,H, usw sind USB Sticks und Festplatten welche ich ab und an anstöpsele. ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18baba85-6f1d-11e0-b00b-001e101f9843}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18baba85-6f1d-11e0-b00b-001e101f9843}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18baba85-6f1d-11e0-b00b-001e101f9843}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18baba85-6f1d-11e0-b00b-001e101f9843}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55b14f1b-11df-11de-92f7-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55b14f1b-11df-11de-92f7-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55b14f1b-11df-11de-92f7-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55b14f1b-11df-11de-92f7-806e6f6e6963}\ not found. File G:\pushinst.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82f910be-8980-11df-b18a-001c4afdc29c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82f910be-8980-11df-b18a-001c4afdc29c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82f910be-8980-11df-b18a-001c4afdc29c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82f910be-8980-11df-b18a-001c4afdc29c}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82f910c2-8980-11df-b18a-001e101f82a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82f910c2-8980-11df-b18a-001e101f82a7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82f910c2-8980-11df-b18a-001e101f82a7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82f910c2-8980-11df-b18a-001e101f82a7}\ not found. File G:\AutoRun.exe not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.24.1 log created on 07072011_100656 |
07.07.2011, 09:56 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
08.07.2011, 08:04 | #10 |
| TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL Hallo Cosinus, hab nun mal alle Festplatten die ich habe angesteckt und dieses Tool laufen lassen. Kein Fund. 2011/07/08 09:00:16.0626 4856 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21 2011/07/08 09:00:16.0852 4856 ================================================================================ 2011/07/08 09:00:16.0853 4856 SystemInfo: 2011/07/08 09:00:16.0853 4856 2011/07/08 09:00:16.0853 4856 OS Version: 6.0.6002 ServicePack: 2.0 2011/07/08 09:00:16.0853 4856 Product type: Workstation 2011/07/08 09:00:16.0853 4856 ComputerName: MS-LAPTOP 2011/07/08 09:00:16.0853 4856 UserName: ms 2011/07/08 09:00:16.0853 4856 Windows directory: C:\Windows 2011/07/08 09:00:16.0853 4856 System windows directory: C:\Windows 2011/07/08 09:00:16.0853 4856 Processor architecture: Intel x86 2011/07/08 09:00:16.0853 4856 Number of processors: 2 2011/07/08 09:00:16.0853 4856 Page size: 0x1000 2011/07/08 09:00:16.0853 4856 Boot type: Normal boot 2011/07/08 09:00:16.0853 4856 ================================================================================ 2011/07/08 09:00:18.0434 4856 Initialize success 2011/07/08 09:00:21.0757 5648 ================================================================================ 2011/07/08 09:00:21.0757 5648 Scan started 2011/07/08 09:00:21.0757 5648 Mode: Manual; 2011/07/08 09:00:21.0757 5648 ================================================================================ 2011/07/08 09:00:22.0642 5648 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/07/08 09:00:22.0750 5648 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/07/08 09:00:22.0818 5648 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/07/08 09:00:22.0854 5648 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/07/08 09:00:22.0890 5648 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/07/08 09:00:23.0133 5648 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 2011/07/08 09:00:23.0227 5648 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys 2011/07/08 09:00:23.0274 5648 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/07/08 09:00:23.0358 5648 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys 2011/07/08 09:00:23.0472 5648 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys 2011/07/08 09:00:23.0516 5648 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys 2011/07/08 09:00:23.0581 5648 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/07/08 09:00:23.0616 5648 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/07/08 09:00:23.0762 5648 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\Windows\system32\Drivers\AnyDVD.sys 2011/07/08 09:00:23.0813 5648 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys 2011/07/08 09:00:23.0876 5648 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/07/08 09:00:23.0938 5648 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/07/08 09:00:24.0006 5648 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/07/08 09:00:24.0063 5648 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/07/08 09:00:24.0181 5648 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/07/08 09:00:24.0243 5648 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 2011/07/08 09:00:24.0337 5648 avmaudio (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaudio.sys 2011/07/08 09:00:24.0386 5648 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys 2011/07/08 09:00:24.0475 5648 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 2011/07/08 09:00:24.0538 5648 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/07/08 09:00:24.0675 5648 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/07/08 09:00:24.0736 5648 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/07/08 09:00:24.0790 5648 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/07/08 09:00:24.0852 5648 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/07/08 09:00:24.0890 5648 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/07/08 09:00:24.0921 5648 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/07/08 09:00:24.0962 5648 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/07/08 09:00:25.0039 5648 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/07/08 09:00:25.0116 5648 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/07/08 09:00:25.0202 5648 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 2011/07/08 09:00:25.0310 5648 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys 2011/07/08 09:00:25.0362 5648 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys 2011/07/08 09:00:25.0423 5648 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys 2011/07/08 09:00:25.0487 5648 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys 2011/07/08 09:00:25.0532 5648 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys 2011/07/08 09:00:25.0585 5648 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/07/08 09:00:25.0648 5648 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/07/08 09:00:25.0735 5648 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/07/08 09:00:25.0854 5648 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/07/08 09:00:25.0992 5648 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/07/08 09:00:26.0065 5648 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys 2011/07/08 09:00:26.0101 5648 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/07/08 09:00:26.0141 5648 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/07/08 09:00:26.0197 5648 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/07/08 09:00:26.0413 5648 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 2011/07/08 09:00:26.0652 5648 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/07/08 09:00:26.0753 5648 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/07/08 09:00:26.0818 5648 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/07/08 09:00:26.0903 5648 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys 2011/07/08 09:00:26.0964 5648 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/07/08 09:00:27.0054 5648 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/07/08 09:00:27.0152 5648 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys 2011/07/08 09:00:27.0230 5648 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/07/08 09:00:27.0465 5648 ewusbnet (82e7eb9f12321052cd9a904b13724ee2) C:\Windows\system32\DRIVERS\ewusbnet.sys 2011/07/08 09:00:27.0528 5648 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/07/08 09:00:27.0610 5648 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/07/08 09:00:27.0674 5648 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/07/08 09:00:27.0764 5648 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/07/08 09:00:27.0805 5648 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/07/08 09:00:27.0883 5648 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/07/08 09:00:27.0948 5648 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/07/08 09:00:28.0035 5648 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/07/08 09:00:28.0102 5648 fwlanusbn (161f20685595eddc06c0ea1f1d7bc92b) C:\Windows\system32\DRIVERS\fwlanusbn.sys 2011/07/08 09:00:28.0143 5648 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/07/08 09:00:28.0255 5648 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/07/08 09:00:28.0300 5648 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/07/08 09:00:28.0391 5648 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/07/08 09:00:28.0497 5648 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/07/08 09:00:28.0590 5648 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/07/08 09:00:28.0704 5648 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/07/08 09:00:28.0743 5648 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2011/07/08 09:00:28.0885 5648 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/07/08 09:00:29.0005 5648 hwdatacard (348c3a9d01e68a0222a246346924aa55) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2011/07/08 09:00:29.0087 5648 hwusbdev (460b1945c3e6b0419a76e1b507b90b71) C:\Windows\system32\DRIVERS\ewusbdev.sys 2011/07/08 09:00:29.0196 5648 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/07/08 09:00:29.0278 5648 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/07/08 09:00:29.0348 5648 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys 2011/07/08 09:00:29.0402 5648 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/07/08 09:00:29.0460 5648 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/07/08 09:00:29.0571 5648 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys 2011/07/08 09:00:29.0697 5648 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/07/08 09:00:29.0781 5648 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/07/08 09:00:29.0916 5648 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/07/08 09:00:29.0984 5648 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/07/08 09:00:30.0044 5648 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/07/08 09:00:30.0157 5648 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys 2011/07/08 09:00:30.0242 5648 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/07/08 09:00:30.0283 5648 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/07/08 09:00:30.0359 5648 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/07/08 09:00:30.0434 5648 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/07/08 09:00:30.0497 5648 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/07/08 09:00:30.0587 5648 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/07/08 09:00:30.0647 5648 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/07/08 09:00:30.0745 5648 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/07/08 09:00:30.0804 5648 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/07/08 09:00:30.0892 5648 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/07/08 09:00:30.0960 5648 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/07/08 09:00:31.0018 5648 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys 2011/07/08 09:00:31.0111 5648 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/07/08 09:00:31.0179 5648 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/07/08 09:00:31.0256 5648 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/07/08 09:00:31.0389 5648 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/07/08 09:00:31.0438 5648 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/07/08 09:00:31.0494 5648 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/07/08 09:00:31.0566 5648 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/07/08 09:00:31.0608 5648 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/07/08 09:00:31.0662 5648 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/07/08 09:00:31.0720 5648 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/07/08 09:00:31.0780 5648 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/07/08 09:00:31.0866 5648 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/07/08 09:00:31.0923 5648 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/07/08 09:00:32.0023 5648 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/07/08 09:00:32.0091 5648 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys 2011/07/08 09:00:32.0152 5648 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/07/08 09:00:32.0233 5648 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/07/08 09:00:32.0353 5648 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/07/08 09:00:32.0415 5648 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/07/08 09:00:32.0463 5648 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/07/08 09:00:32.0527 5648 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/07/08 09:00:32.0600 5648 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/07/08 09:00:32.0688 5648 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/07/08 09:00:32.0736 5648 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/07/08 09:00:32.0777 5648 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/07/08 09:00:32.0889 5648 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/07/08 09:00:33.0031 5648 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/07/08 09:00:33.0111 5648 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/07/08 09:00:33.0165 5648 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/07/08 09:00:33.0231 5648 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/07/08 09:00:33.0294 5648 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/07/08 09:00:33.0388 5648 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/07/08 09:00:33.0481 5648 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/07/08 09:00:33.0658 5648 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys 2011/07/08 09:00:33.0773 5648 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/07/08 09:00:33.0828 5648 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/07/08 09:00:33.0889 5648 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/07/08 09:00:34.0028 5648 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/07/08 09:00:34.0082 5648 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/07/08 09:00:34.0166 5648 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/07/08 09:00:34.0548 5648 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/07/08 09:00:34.0669 5648 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/07/08 09:00:34.0718 5648 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/07/08 09:00:34.0877 5648 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys 2011/07/08 09:00:34.0989 5648 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys 2011/07/08 09:00:35.0008 5648 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys 2011/07/08 09:00:35.0077 5648 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/07/08 09:00:35.0154 5648 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/07/08 09:00:35.0219 5648 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/07/08 09:00:35.0257 5648 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/07/08 09:00:35.0418 5648 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms 2011/07/08 09:00:35.0533 5648 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/07/08 09:00:35.0628 5648 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 2011/07/08 09:00:35.0717 5648 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/07/08 09:00:35.0805 5648 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/07/08 09:00:35.0945 5648 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/07/08 09:00:35.0995 5648 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/07/08 09:00:36.0118 5648 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/07/08 09:00:36.0199 5648 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys 2011/07/08 09:00:36.0288 5648 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/07/08 09:00:36.0333 5648 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/07/08 09:00:36.0446 5648 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/07/08 09:00:36.0580 5648 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/07/08 09:00:36.0763 5648 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/07/08 09:00:36.0839 5648 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/07/08 09:00:36.0913 5648 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/07/08 09:00:36.0970 5648 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/07/08 09:00:37.0043 5648 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/07/08 09:00:37.0118 5648 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/07/08 09:00:37.0193 5648 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys 2011/07/08 09:00:37.0212 5648 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/07/08 09:00:37.0271 5648 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/07/08 09:00:37.0332 5648 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/07/08 09:00:37.0380 5648 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys 2011/07/08 09:00:37.0420 5648 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/07/08 09:00:37.0467 5648 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/07/08 09:00:37.0545 5648 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/07/08 09:00:37.0611 5648 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/07/08 09:00:37.0688 5648 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 2011/07/08 09:00:37.0757 5648 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/07/08 09:00:37.0823 5648 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/07/08 09:00:37.0872 5648 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/07/08 09:00:37.0936 5648 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/07/08 09:00:38.0001 5648 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/07/08 09:00:38.0086 5648 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys 2011/07/08 09:00:38.0150 5648 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/07/08 09:00:38.0229 5648 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/07/08 09:00:38.0296 5648 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys 2011/07/08 09:00:38.0339 5648 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/07/08 09:00:38.0388 5648 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/07/08 09:00:38.0480 5648 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/07/08 09:00:38.0561 5648 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/07/08 09:00:38.0661 5648 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/07/08 09:00:38.0737 5648 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 2011/07/08 09:00:38.0813 5648 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 2011/07/08 09:00:38.0920 5648 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/07/08 09:00:39.0057 5648 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys 2011/07/08 09:00:39.0127 5648 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/07/08 09:00:39.0199 5648 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/07/08 09:00:39.0236 5648 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/07/08 09:00:39.0284 5648 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/07/08 09:00:39.0428 5648 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/07/08 09:00:39.0506 5648 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/07/08 09:00:39.0587 5648 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/07/08 09:00:39.0652 5648 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/07/08 09:00:39.0704 5648 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/07/08 09:00:39.0779 5648 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/07/08 09:00:39.0845 5648 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/07/08 09:00:39.0928 5648 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/07/08 09:00:39.0997 5648 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/07/08 09:00:40.0058 5648 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/07/08 09:00:40.0144 5648 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/07/08 09:00:40.0197 5648 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/07/08 09:00:40.0272 5648 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys 2011/07/08 09:00:40.0307 5648 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/07/08 09:00:40.0351 5648 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/07/08 09:00:40.0393 5648 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/07/08 09:00:40.0456 5648 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/07/08 09:00:40.0503 5648 UmPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys 2011/07/08 09:00:40.0607 5648 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2011/07/08 09:00:40.0659 5648 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/07/08 09:00:40.0720 5648 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/07/08 09:00:40.0795 5648 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/07/08 09:00:40.0879 5648 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/07/08 09:00:40.0914 5648 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/07/08 09:00:40.0974 5648 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/07/08 09:00:41.0074 5648 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/07/08 09:00:41.0125 5648 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/07/08 09:00:41.0201 5648 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/07/08 09:00:41.0259 5648 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys 2011/07/08 09:00:41.0350 5648 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/07/08 09:00:41.0427 5648 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/07/08 09:00:41.0496 5648 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys 2011/07/08 09:00:41.0550 5648 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/07/08 09:00:41.0627 5648 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys 2011/07/08 09:00:41.0700 5648 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/07/08 09:00:41.0791 5648 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/07/08 09:00:41.0871 5648 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/07/08 09:00:41.0945 5648 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/07/08 09:00:42.0003 5648 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/07/08 09:00:42.0064 5648 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/08 09:00:42.0085 5648 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/08 09:00:42.0138 5648 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/07/08 09:00:42.0204 5648 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/07/08 09:00:42.0315 5648 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/07/08 09:00:42.0455 5648 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys 2011/07/08 09:00:42.0517 5648 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/07/08 09:00:42.0642 5648 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/07/08 09:00:42.0733 5648 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/07/08 09:00:42.0778 5648 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys 2011/07/08 09:00:42.0913 5648 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 2011/07/08 09:00:43.0347 5648 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1 2011/07/08 09:00:43.0358 5648 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk3\DR3 2011/07/08 09:00:43.0374 5648 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk4\DR4 2011/07/08 09:00:43.0440 5648 Boot (0x1200) (b5ef6fc5f59610cbf27921c7373968c7) \Device\Harddisk0\DR0\Partition0 2011/07/08 09:00:43.0458 5648 Boot (0x1200) (022e48e33d1fbda8ab82b4f0637da9cd) \Device\Harddisk0\DR0\Partition1 2011/07/08 09:00:43.0475 5648 Boot (0x1200) (8fd79b902559e481d4765f0b78b4e9dc) \Device\Harddisk1\DR1\Partition0 2011/07/08 09:00:43.0508 5648 Boot (0x1200) (83673c77137130d57fb37d922865f1bf) \Device\Harddisk1\DR1\Partition1 2011/07/08 09:00:43.0526 5648 Boot (0x1200) (4db6bdb64fb7012149812ca0a14934ab) \Device\Harddisk3\DR3\Partition0 2011/07/08 09:00:43.0544 5648 Boot (0x1200) (fa9b2131de9993acbe27bd58b25d3279) \Device\Harddisk4\DR4\Partition0 2011/07/08 09:00:43.0549 5648 ================================================================================ 2011/07/08 09:00:43.0549 5648 Scan finished 2011/07/08 09:00:43.0549 5648 ================================================================================ 2011/07/08 09:00:43.0561 3784 Detected object count: 0 2011/07/08 09:00:43.0561 3784 Actual detected object count: 0 Geändert von speedrunner (08.07.2011 um 08:30 Uhr) |
08.07.2011, 15:53 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
10.07.2011, 20:41 | #12 |
| TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL Hallo Cosinus, anbei der gewünschte Bericht. Gruß Speedrunner Combofix Logfile: Code:
ATTFilter ComboFix 11-07-10.03 - ms 10.07.2011 21:18:36.1.2 - x86 ausgeführt von:: c:\users\ms\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2011-06-10 bis 2011-07-10 )))))))))))))))))))))))))))))) . . 2011-07-10 19:23 . 2011-07-10 19:24 -------- d-----w- c:\users\ms\AppData\Local\temp 2011-07-10 19:23 . 2011-07-10 19:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-07-10 19:23 . 2011-07-10 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-08 06:51 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E72CC1D-090C-4EDA-A0F7-A0A96E4211F8}\mpengine.dll 2011-07-07 08:06 . 2011-07-07 08:06 -------- d-----w- C:\_OTL 2011-07-02 15:32 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll 2011-06-25 20:33 . 2011-06-25 20:33 -------- d-----w- c:\users\ms\AppData\Roaming\Malwarebytes 2011-06-25 20:33 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-25 20:33 . 2011-06-25 20:33 -------- d-----w- c:\programdata\Malwarebytes 2011-06-25 20:33 . 2011-07-06 04:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-25 20:33 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-25 18:54 . 2011-06-25 18:54 -------- d-----w- c:\program files\ScanSoft 2011-06-25 18:35 . 2011-06-26 09:29 -------- d-----w- c:\windows\Lhsp 2011-06-18 10:14 . 2011-06-18 10:14 -------- d-----w- c:\users\ms\AppData\Roaming\QuickScan 2011-06-18 10:08 . 2011-06-18 10:17 -------- d-----w- c:\windows\BDOSCAN8 2011-06-17 07:49 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-17 07:49 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-17 07:49 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-17 07:49 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-17 07:48 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-04 19:19 . 2010-04-18 09:19 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-07-04 19:19 . 2009-12-24 04:42 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-02 09:37 . 2011-05-24 04:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-24 17:14 . 2009-10-03 07:12 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-04 02:52 . 2010-05-06 21:04 472808 ----a-w- c:\windows\system32\deployJava1.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768] "AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2009-05-07 1904640] "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-07 293992] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-06 184320] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-06-09 12:07 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R2 AvskeyService;AVSKey-Lock;c:\program files\AVSKey-Lock\AVSKey.exe [2009-04-23 4640445] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 136176] R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2009-05-07 4352] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-22 112128] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 136176] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736] R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600] S2 Prosieben;maxdome Download Manager;c:\program files\maxdome\DCBin\DCService.exe [2009-05-01 77032] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472] S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2010-12-31 101248] S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2009-05-07 440832] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Inhalt des "geplante Tasks" Ordners . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 17:18] . 2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 17:18] . 2011-07-10 c:\windows\Tasks\User_Feed_Synchronization-{82350D19-8E30-415B-A8A5-6501626AE35C}.job - c:\windows\system32\msfeedssync.exe [2011-06-17 04:32] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ mWindow Title = Internet Explorer Spezialversion MS IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Mit FRITZ!Box Anrufen - c:\program files\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm IE: Mit FRITZ!Box Anrufen\Contexts - 16 (0x10) IE: Mit FRITZ!Box Anrufen\Flags IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Search Image on TinEye - file://c:\users\ms\Documents\TinEye 1.0\TinEye.js IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{328ECD19-C167-40eb-A0C7-16FE7634105F} - {CC68A724-B5F7-4bd3-865C-7D97141A140F} - c:\program files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll TCP: DhcpNameServer = 192.168.178.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-07-10 21:24 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Prosieben] "ImagePath"="\"c:\program files\maxdome\DCBin\DCService.exe\" /accountid:Prosieben" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}] "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,ee,1f,32,b5,11,91,44,9a,5d,3d,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,ee,1f,32,b5,11,91,44,9a,5d,3d,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2011-07-10 21:27:09 ComboFix-quarantined-files.txt 2011-07-10 19:26 . Vor Suchlauf: 20 Verzeichnis(se), 27.107.381.248 Bytes frei Nach Suchlauf: 24 Verzeichnis(se), 27.855.839.232 Bytes frei . - - End Of File - - 3431BE6765387CE399F86D6022E461B6 |
11.07.2011, 08:35 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
12.07.2011, 09:10 | #14 |
| TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL Hallo Cosinus, anbei die gewünschten Daten. OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 10:05:21 on 12.07.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BACSCPL.cpl" - ? - C:\Windows\system32\BACSCPL.cpl "DMdm32.cpl" - ? - C:\Windows\system32\DMdm32.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "iPROSet.cpl" - "Intel Corporation" - C:\Windows\system32\iPROSet.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "PROSet Tools" - "Intel Corporation" - C:\Windows\System32\iPROSet.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\Users\ms\AppData\Local\Temp\catchme.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver" (PCD5SRVC{3F6A8B78-EC003E00-05040104}) - "PC-Doctor, Inc." - C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {42B57B62-BC0A-47F0-A3E9-79D461D255A3} "MuVo Series Media Explorer" - "Creative Technology Ltd" - C:\Program Files\Creative\MuVo Series Media Explorer\CTMVNSu.Dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CC68A724-B5F7-4bd3-865C-7D97141A140F} "FRITZ!Box AddOn" - "AVM Berlin" - C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "BitDefender" - C:\Windows\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} "BitDefender QuickScan Control" - "BitDefender LLC" - C:\Windows\DOWNLO~1\qsax.dll / hxxp://quickscan.bitdefender.com/qsax/qsax.cab {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} "WMI Class" - ? - C:\Windows\system32\Dell\SYSTEM~1\SysPro.exe / hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm "Exec" - ? - C:\Windows\bdoscandel.exe (File found, but it contains no detailed information) {CC68A724-B5F7-4bd3-865C-7D97141A140F} "FRITZ!Box AddOn" - "AVM Berlin" - C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Program Files\Dell\BAE\BAE.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {C0C86BBE-9509-4296-8459-FDBFDAF4B673} "SplitButtonBHO Class" - "AVM Berlin" - C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DellSupportCenter" - "SupportSoft, Inc." - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "AVMWlanClient" - "AVM Berlin" - C:\Program Files\avmwlanstick\wlangui.exe "DELL Webcam Manager" - "Creative Technology Ltd." - "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s "dellsupportcenter" - "SupportSoft, Inc." - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "NVHotkey" - "NVIDIA Corporation" - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start "PCMService" - "CyberLink Corp." - "C:\Program Files\Dell\MediaDirect\PCMService.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files\avmwlanstick\WlanNetService.exe "AVSKey-Lock" (AvskeyService) - ? - C:\Program Files\AVSKey-Lock\AVSKey.exe (File found, but it contains no detailed information) "Creative Service for CDROM Access" (Creative Service for CDROM Access) - "Creative Technology Ltd" - C:\Windows\system32\CTsvcCDA.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoToAssist" (GoToAssist) - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "maxdome Download Manager" (Prosieben) - "Entriq, Inc." - C:\Program Files\maxdome\DCBin\DCService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe "SupportSoft Sprocket Service (DellSupportCenter)" (sprtsvc_DellSupportCenter) - "SupportSoft, Inc." - C:\Program Files\Dell Support Center\bin\sprtsvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "GoToAssist" - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBRCheck, version 1.2.3(c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Dell Inc. BIOS Manufacturer: Dell Inc. System Manufacturer: Dell Inc. System Product Name: Inspiron 1720 Logical Drives Mask: 0x0000001c Kernel Drivers (total 160): 0x8201C000 \SystemRoot\system32\ntkrnlpa.exe 0x823D6000 \SystemRoot\system32\hal.dll 0x80603000 \SystemRoot\system32\kdcom.dll 0x8060A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8067A000 \SystemRoot\system32\PSHED.dll 0x8068B000 \SystemRoot\system32\BOOTVID.dll 0x80693000 \SystemRoot\system32\CLFS.SYS 0x806D4000 \SystemRoot\system32\CI.dll 0x82601000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8267D000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8268A000 \SystemRoot\system32\drivers\acpi.sys 0x826D0000 \SystemRoot\system32\drivers\WMILIB.SYS 0x826D9000 \SystemRoot\system32\drivers\msisadrv.sys 0x826E1000 \SystemRoot\system32\drivers\pci.sys 0x82708000 \SystemRoot\System32\drivers\partmgr.sys 0x82717000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8271A000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x82724000 \SystemRoot\system32\drivers\volmgr.sys 0x82733000 \SystemRoot\System32\drivers\volmgrx.sys 0x8277D000 \SystemRoot\system32\DRIVERS\intelide.sys 0x82784000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x82792000 \SystemRoot\system32\drivers\pciide.sys 0x82799000 \SystemRoot\System32\drivers\mountmgr.sys 0x8B60C000 \SystemRoot\system32\drivers\iastorv.sys 0x8B6AC000 \SystemRoot\system32\drivers\iastor.sys 0x8B76A000 \SystemRoot\system32\drivers\atapi.sys 0x8B772000 \SystemRoot\system32\drivers\ataport.SYS 0x8B790000 \SystemRoot\system32\drivers\fltmgr.sys 0x8B7C2000 \SystemRoot\system32\drivers\fileinfo.sys 0x8B7D2000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8B80E000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B87F000 \SystemRoot\system32\drivers\ndis.sys 0x8B98A000 \SystemRoot\system32\drivers\msrpc.sys 0x8B9B5000 \SystemRoot\system32\drivers\NETIO.SYS 0x8BA0A000 \SystemRoot\System32\drivers\tcpip.sys 0x8BAF4000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8BC04000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8BD14000 \SystemRoot\system32\drivers\volsnap.sys 0x8BD4D000 \SystemRoot\System32\Drivers\spldr.sys 0x8BD55000 \SystemRoot\System32\Drivers\mup.sys 0x8BD64000 \SystemRoot\System32\drivers\ecache.sys 0x8BD8B000 \SystemRoot\system32\drivers\disk.sys 0x8BD9C000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8BDBD000 \SystemRoot\system32\drivers\crcdisk.sys 0x8BDD3000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8BDDE000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8BDE7000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8F80F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x90240000 \SystemRoot\System32\Drivers\nvBridge.kmd 0x90242000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x902E2000 \SystemRoot\System32\drivers\watchdog.sys 0x902EE000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x902F9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x90337000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x90346000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x9040E000 \SystemRoot\system32\DRIVERS\NETw4v32.sys 0x9063D000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys 0x9064D000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x9065D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x9066B000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x90685000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x90693000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x906A7000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x906F8000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x9070B000 \SystemRoot\system32\DRIVERS\Apfiltr.sys 0x90737000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x90742000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x9074D000 \SystemRoot\System32\Drivers\AnyDVD.sys 0x90766000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x9077E000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x90782000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x9078B000 \SystemRoot\system32\DRIVERS\avmaudio.sys 0x907A4000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x907AF000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x827A9000 \SystemRoot\system32\DRIVERS\storport.sys 0x907DE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x907F5000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x903D3000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8F800000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8BBCD000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8BBE1000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8B9F0000 \SystemRoot\system32\DRIVERS\termdd.sys 0x90400000 \SystemRoot\system32\DRIVERS\swenum.sys 0x807B4000 \SystemRoot\system32\DRIVERS\ks.sys 0x90402000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8B800000 \SystemRoot\system32\DRIVERS\umbus.sys 0x90A08000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x90A3D000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x90A4E000 \SystemRoot\system32\drivers\stwrt.sys 0x90AA3000 \SystemRoot\system32\drivers\portcls.sys 0x90AD0000 \SystemRoot\system32\drivers\drmk.sys 0x90AF5000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x90C01000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x90D04000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x90DB8000 \SystemRoot\system32\drivers\modem.sys 0x90DC5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x90DCE000 \SystemRoot\System32\Drivers\Null.SYS 0x90DD5000 \SystemRoot\System32\Drivers\Beep.SYS 0x90DE5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x90DEC000 \SystemRoot\System32\drivers\vga.sys 0x90B32000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x90DF8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x90DDC000 \SystemRoot\system32\drivers\rdpencdd.sys 0x90B53000 \SystemRoot\System32\Drivers\Msfs.SYS 0x90B5E000 \SystemRoot\System32\Drivers\Npfs.SYS 0x90B6C000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x90B75000 \SystemRoot\system32\DRIVERS\tdx.sys 0x90B8B000 \SystemRoot\system32\DRIVERS\smb.sys 0x90B9F000 \SystemRoot\system32\drivers\afd.sys 0x91202000 \SystemRoot\System32\DRIVERS\netbt.sys 0x91234000 \SystemRoot\system32\DRIVERS\pacer.sys 0x9124A000 \SystemRoot\system32\DRIVERS\netbios.sys 0x91258000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x9126B000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x91271000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x912AD000 \SystemRoot\system32\drivers\nsiproxy.sys 0x912B7000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0x912C1000 \SystemRoot\System32\Drivers\dfsc.sys 0x912D8000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x91318000 \SystemRoot\System32\Drivers\crashdmp.sys 0x91325000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x913E3000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x913FA000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8BB0F000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys 0x913FC000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys 0x93A30000 \SystemRoot\System32\win32k.sys 0x912FF000 \SystemRoot\System32\drivers\Dxapi.sys 0x8BB49000 \SystemRoot\system32\DRIVERS\fwlanusbn.sys 0x91309000 \SystemRoot\system32\DRIVERS\monitor.sys 0x93C50000 \SystemRoot\System32\TSDDD.dll 0x93C70000 \SystemRoot\System32\cdd.dll 0x90BE7000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x8B7DB000 \SystemRoot\system32\drivers\luafv.sys 0xA1A03000 \SystemRoot\system32\drivers\spsys.sys 0xA1AB3000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xA1AC3000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xA1AED000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA1AF7000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA1B0A000 \SystemRoot\system32\drivers\HTTP.sys 0xA1B77000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA1B94000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA1BAD000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA1BC2000 \SystemRoot\system32\drivers\mrxdav.sys 0x807DE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA2E0A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA2E43000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA2E5B000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA2E83000 \SystemRoot\System32\DRIVERS\srv.sys 0xA2EEA000 \SystemRoot\System32\Drivers\fastfat.SYS 0xA2F12000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xA2F16000 \SystemRoot\system32\drivers\peauth.sys 0xA2FF4000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA2ED2000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA2EDE000 \SystemRoot\system32\DRIVERS\xaudio.sys 0xA1BE3000 \SystemRoot\system32\drivers\tdtcp.sys 0xA1BEE000 \SystemRoot\System32\DRIVERS\tssecsrv.sys 0xA4E0E000 \SystemRoot\System32\Drivers\RDPWD.SYS 0xA4E7D000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA4E93000 \??\C:\Windows\system32\drivers\mbam.sys 0x778F0000 \Windows\System32\ntdll.dll Processes (total 81): 0 System Idle Process 4 System 492 C:\Windows\System32\smss.exe 624 csrss.exe 688 C:\Windows\System32\wininit.exe 700 csrss.exe 732 C:\Windows\System32\services.exe 748 C:\Windows\System32\lsass.exe 756 C:\Windows\System32\lsm.exe 908 C:\Windows\System32\svchost.exe 948 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 988 C:\Windows\System32\winlogon.exe 1024 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1152 C:\Windows\System32\nvvsvc.exe 1180 C:\Windows\System32\svchost.exe 1220 C:\Windows\System32\svchost.exe 1316 C:\Windows\System32\svchost.exe 1352 C:\Windows\System32\svchost.exe 1368 C:\Windows\System32\svchost.exe 1484 C:\Windows\System32\audiodg.exe 1520 C:\Windows\System32\svchost.exe 1536 C:\Windows\System32\SLsvc.exe 1604 C:\Windows\System32\svchost.exe 1744 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe 1764 C:\Windows\System32\nvvsvc.exe 1808 C:\Windows\System32\svchost.exe 2012 C:\Windows\System32\wlanext.exe 332 C:\Windows\System32\spoolsv.exe 428 C:\Program Files\Avira\AntiVir Desktop\sched.exe 512 C:\Windows\System32\svchost.exe 964 C:\Windows\System32\AEstSrv.exe 1364 C:\Program Files\avmwlanstick\WLanNetService.exe 2052 C:\Program Files\AVSKey-Lock\AVSKey.EXE 2072 C:\Windows\System32\svchost.exe 2092 C:\Windows\System32\CTSVCCDA.EXE 2212 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 2276 C:\Windows\System32\svchost.exe 2308 C:\Program Files\maxdome\DCBin\DCService.exe 2416 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 2444 C:\Windows\System32\stacsv.exe 2648 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 2668 C:\Windows\System32\svchost.exe 2704 C:\Windows\System32\svchost.exe 2740 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2824 C:\Windows\System32\SearchIndexer.exe 2876 C:\Windows\System32\drivers\XAudio.exe 3416 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3436 C:\Windows\System32\taskeng.exe 3980 C:\Windows\System32\dwm.exe 4044 C:\Windows\explorer.exe 4060 C:\Windows\System32\taskeng.exe 3880 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 4076 C:\Program Files\DellTPad\Apoint.exe 3536 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3016 C:\Program Files\avmwlanstick\WLanGUI.exe 4028 C:\Windows\OEM02Mon.exe 2628 C:\Program Files\Dell\MediaDirect\PCMService.exe 1864 C:\Program Files\Common Files\Java\Java Update\jusched.exe 1556 C:\Program Files\Dell Support Center\bin\sprtcmd.exe 2964 C:\Windows\ehome\ehtray.exe 3124 C:\Program Files\Windows Media Player\wmpnscfg.exe 2248 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 896 C:\Windows\ehome\ehmsas.exe 3900 C:\Program Files\Windows Media Player\wmpnetwk.exe 4448 C:\Program Files\DellTPad\ApMsgFwd.exe 4472 C:\Program Files\DellTPad\hidfind.exe 4480 C:\Program Files\DellTPad\ApntEx.exe 4576 C:\Windows\System32\svchost.exe 6068 C:\Windows\System32\svchost.exe 3172 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 3712 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 5756 C:\Program Files\Dell Support Center\bin\sprtsvc.exe 5532 C:\Program Files\Internet Explorer\iexplore.exe 684 C:\Program Files\Internet Explorer\iexplore.exe 2228 C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe 5760 C:\Windows\System32\SearchProtocolHost.exe 4800 C:\Windows\System32\SearchFilterHost.exe 5700 dllhost.exe 5828 dllhost.exe 4984 C:\Users\ms\Desktop\MBRCheck.exe 5632 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`87600000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`07600000 (NTFS) PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT1, Rev: 11.01A11 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
12.07.2011, 13:48 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu TR/Crypt.XPACK.Gen2 in C:\Program Files\Microsoft Office\Office12\OART.DLL |
.dll, 32 bit, anti-malware, appdata, datei, dateien, ergebnis, excel, explorer, forum, gegenmaßnahmen, homebanking, internet, malwarebytes, maßnahme, microsoft, neu, nicht mehr, office, programme, quarantäne, rechner, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojan.avkiller.gen, trojan.dropper.pgen, trojaner, trojaner?, trojanische pferd, vista, vista 32, vista 32 bit |